| Author |
Topic: editing WIN Registry to disable spyware/pop-ups? |
John Pelz
From:
Kettering, Ohio, USA
|
Posted 6 Nov 2004 10:12 am |
|
Can editing my computer's registry disable spyware and/or popups?
All hell broke loose the other day when I somehow managed to get a bunch of spyware on my computer. I'm not sure, but I think it may have been from a link I may have inadvertently clicked at a web-page w/chord changes to C&W tunes. Next thing I know, there's "Ad Destroyer" in my system startup icons, and many, many pop-ups. Not just the occasional annoying pop-up, but so many at one time that IE was rendered essentially useless.
In addition to my normal router firewall, I've got up-to-date Norton AV running, and have downloaded ZoneAlarm since the other day. Zone Alarm has been catching spywares, etc. (like EYTVMO.EXE) as they try to send info from my computer, and I've been able to zap a few that way. I have run Ad-Aware, Spybot, Spyware blaster and other anti-spyware programs numerous times, and got good results from this fix-process recommended by majorgeeks.com. While majorgeek's recommendations cleaned up most of my computer's problems, it hasn't fixed all of them: DSO Exploit keeps coming back, no matter how many times I run the above spyware-killing programs.
Why does DSO Exploit keep returning? Why do the many above programs not quite get everything? (Spybot occasionally turns up new results -- like n-Case -- upon subsequent scans, but DSO Exploit always remains. In fact, it's the only one that never gets zapped.) I suppose that I really can't complain that much, as the above programs have cleaned up most everything, but still, the spyware/popups that do remain are driving me fairly nuts!
Anyhow, to get to my main question (finally), can I go to the offending registries that Spybot indicates and somehow edit or delete the entries to eliminate or at least incapacitate these remaining spywares? I don't know much about the registry, so I really don't mess with it. Frankly, I'm stumped on how to get rid of this remaining junk.
My computer runs Win ME. Unfortunately, dumping IE for more secure browsers like Mozilla or Opera is not an option on this computer.
Thanks in advance for any help![This message was edited by John Pelz on 06 November 2004 at 10:15 AM.] |
|
|
 |
Cal Sharp
From:
the farm in Kornfield Kounty, TN
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 9 Nov 2004 4:11 am
|
|
The reason that the DSO Exploit keeps returning in Spybot S&E, after you "Fix" the problem, is because Spybot is trying to write a String Value, instead of a DWord, named 1004, to the Trusted Sites Zone. I have been manually editing these entries since being made aware of the problem.
As is mentioned in the referenced article, a properly patched Windows machine should not allow this exploit to run, but I assume nothing! Find all occurences of the key named 1004 and make sure that they are all DWords, with a vaule of 3 typed into the input field. If you find any string values, rename the key to something like 1004x, create a New DWord, label it 1004, type in a value of 3, click OK, then delete the old key. You may find this Zones value multiple times in the Registry.
BTW: Go to the Spywareinfo.com forums to learn how to rid your computer of any known bad guys.
Wiz[This message was edited by Wiz Feinberg on 09 November 2004 at 04:13 AM.] |
|
|
|
Ray Minich
From:
Bradford, Pa. Frozen Tundra
|
Posted 9 Nov 2004 5:59 am
|
|
| Wiz, you got any info on that annoying "WebRebates" infestation. Just when I think I've got my OS cleaned up (using Hijack This and various other cleaners) I get another WebRebates0 in my task list. Any ideas? |
|
|
|
John Pelz
From:
Kettering, Ohio, USA
|
Posted 9 Nov 2004 5:56 pm
|
|
Thanks a lot for the info, Wiz, and thank you for the tip on Spywareinfo.com. This is just what the doctor ordered! 
Spyware -- grrrrrrr...  |
|
|
|
John Pelz
From:
Kettering, Ohio, USA
|
Posted 9 Nov 2004 6:23 pm
|
|
| Thanks again, Wiz -- to the best of my knowledge, my computer is now 100% spyware-free. |
|
|
|
David Cobb
From:
Chanute, Kansas, USA
|
Posted 10 Nov 2004 7:51 pm
|
|
Last night I downloaded a free version of GRR. ,www.greyware.com
It's a registry watcher that alerts you when an attempt is made to change your registry.
It shows a screen shot of your present config. and the change that's being attempted.
It's already alerted me twice. |
|
|
|
