gwilks98
04-07-2003, 12:18 PM
This one's got me baffled. I became the unwilling donor of spyware software and it's chewed up most of my day trying to get rid of it. Ad-aware (up to date) got most of it, but it missed something that's re-occuring at every startup.
Here's what it's doing:
Something extracts an executable of a random name to my user specific temp directory. The executable is then run which pops up a windows input dialog box asking if I'm interested in receiving blah blah blah. I kill the process, but it's already too late.
Something, probably the executable or whatever extracts it, writes to my registry settings for IE, telling IE to load a "browser bar" with inappropriate adult and gambling links from random sub-addresses under this domain: tfil.com. Then the site redirects me to whatever page I was trying to access, happening so quickly that most people won't know why that bar is opening. This browser bar started installing malware of it's own so I was able to quick fix it by restricting the domain. (The registry settings will keep coming back until I can remove the first problem.)
In my brief experiences with spyware, I've come to realize that they hide in either a dll that IE is linked to or forced to link to or they hide in window's startup files. I've already searched for removal instructions and couldn't find anything up to date. Can anyone offer some pointers?
Here's what it's doing:
Something extracts an executable of a random name to my user specific temp directory. The executable is then run which pops up a windows input dialog box asking if I'm interested in receiving blah blah blah. I kill the process, but it's already too late.
Something, probably the executable or whatever extracts it, writes to my registry settings for IE, telling IE to load a "browser bar" with inappropriate adult and gambling links from random sub-addresses under this domain: tfil.com. Then the site redirects me to whatever page I was trying to access, happening so quickly that most people won't know why that bar is opening. This browser bar started installing malware of it's own so I was able to quick fix it by restricting the domain. (The registry settings will keep coming back until I can remove the first problem.)
In my brief experiences with spyware, I've come to realize that they hide in either a dll that IE is linked to or forced to link to or they hide in window's startup files. I've already searched for removal instructions and couldn't find anything up to date. Can anyone offer some pointers?