Spyware, Browser Hijacks, or other Yuckware? Check here 1st

Reply Mon 22 Mar, 2004 05:59 pm
Update: See also THIS TOPIC and THIS TOPIC

Please start a new topic if you need further help. Don't post your help request to this thread, or to an existing help thread. There's no other way to keep things sorted out and provide for individual attention

Yuckware ... viruses, trojans, worms, browser hijackers, spyware, redialers, and the like ... has become one of the biggest problems on the internet. Removing it from your computer will be quite a bit more time consuming than putting it there was. We'll be glad to help, if you'll take the time and effort to go through all the following steps first. Please read, understand, and follow this list ... it is the starting point for yuckware removal, and in most cases will do the trick all by itself!!!

Do ALL of this, don't skip over anything. Every step is necessary, and the order in which they are performed is important to the success of the plan. This process will call for you to find and delete some things and to download and install a variety of updates and/or applications, in a particular order, and to execute certain of the applications in a particular order. If done as detailed, none of this will harm your system. If any step is skipped, or performed out of order, the desired fix likely will not be achieved. Please read, understand, and be prepared to exactly follow these instructions before beginning. If you have any questions, feel free to ask before taking any chances. Know what you're going to have to do before you start to do it. If you do have questions, it is best to open a new topic with your particular concern rather than asking on this thread - you're more likely to get attention that way.

Note: the bold, italicized, underlined blue items are links that will take you to the appropriate pages for necessary downloads and/or instructions. Just click on them to get to where you have to go. Save all downloads to separate, appropriately named folders on your desktop or to your root drive as directed. To create a folder on your dektop, just right-click on any area of the desktop not occupied by icons, select "New>Folder", then type a distinctive, decriptive name in the highlighted box beneath the icon for the folder that will appear as "New Folder"on your desktop. To create a folder on your root drive, open "My Computer", select your root dive - the drive on which Windows resides (usually "C:\") - go to the toolbar, select "Files", select "New", select "Folder", and name the folder accordingly.

First, if you are using WinME or XP, DISABLE SYSTEM RESTORE!
When ALL the following have been done, re-enable it by following the same instructions, and replacing the checkmark you removed. Doing any of the rest of this with Restore enabled likely will be useless. Note: You will lose your saved restore points when you do this.

Now, look for "TwainTech" , one of the most common hijackers, and if its on your system, get rid of it. Go to Start>SETTINGS>CONTROL PANEL>ADD/REMOVE PROGRAMS, and look for a program named "twain-tec", "TwainTech", or some close variant. If its there, click ADD/REMOVE and confirm you want to uninstall it.

If there is no entry entry in ADD/REMOVE PROGRAMS, it still may be there. Assume it is, and do the following:

For Win95, Win98 and WinXP users:

a) To permanently disable the software click "Start" and then "Run" and type the following command which unregisters the software:

regsvr32 c:\windows\twaintec.dll
(Note: Be sure to include the space between "regsvr32" and "c:\windows")

You then should see a confirmation the operation was successful, or a notification " ... The specified module could not be found". In either case, move on as appropriate.

b) To completely remove the software: reboot and then go to Sart>Run>Search>For Files and Folders, enter "xtarget.dll" (without the quotes), and click "Find (or Search) Now". It will take a while, but wait untill either it finds the file, or says "There are no files to display". If found, right-click on the file, then select-and-confirm delete. Find-and-delete any other files or folders with "twaintec" or "xtarget" in the name.
Don't delete "Twain" files or folders ... just "TwainTech", "twain-tec", or very similar variations. The "Twain" files and folders are needed by your camera or scanner.

For Win2K, WinME and WinNT users:

a) To permanently disable the software click "Start" and then "Run" and type the following command which unregisters the software:

regsvr32 c:\winnt\twaintec.dll
(Note: Be sure to include the space between "regsvr32" and "c:\winnt")

You then should see a confirmation the operation was successful, or a notification " ... The specified module could not be found". In either case, move on as appropriate.

b) To completely remove the software: reboot and then Find and Delete the file twaintec.dll, and find-and-delete any other file or folder with "twaintec*" (without the quotes, but include the *) in its name. Reboot.

Next, in your browser's toolbar, select Tools>Internet Options>Delete Files>Apply>OK. Then, empty your recycle bin. Next, go to Windows Update[/i] and fully update your Windows and your browser. If you primarily use a browser other than Internet Explorer, be sure it too is fully updated.

Then, download and run the latest version of Network Associate's free STINGER before doing anything else.

Next, update your own antivirus program to the latest files, and run a full system scan. If you don't have a currently subscribed antivirus, a few free ones are available, such as Trend Micro's HOUSECALL , Panda's Active Scan, Grisoft's AVG Free[/i][/u], or Symantec's Security Check Free Virus Scan, among others. Whatever you use, do a full system scan, and follow any repair or removal instructions to the letter.

When ALL those steps have been accomplished, download CoolWWWSearch.SmartKiller removal tool and
CWSHREDDER. Note: These files are perfectly safe, and will not harm your system. Save each to your desktop, into separate, dintinctively named folders you will be able to locate easily.

If you are running Win 95 or 98, you'll need a zip utility to extract the files. If you're running Win ME, 2K, or XP, a zip utility is unneeded. Install the apps and run them, CoolWWWSearch.SmartKiller removal tool FIRST, then CWSHREDDER, letting them fix whatever, if anything, they find.

Next, download and install both
Spybot S&D and AdAwareSE , but DO NOT RUN THEIR SEARCHES untill you have opened each one and updated it using its web update function, as explained in the help file for each.

When both products have been updated, disconnect from the internet and reboot your machine into safemode. If you are running Win95, Win98, or some versions of WinME, and customarily use a USB keyboard and/or mouse, you will need to substitute a standard PS2 Keyboard and/or mouse for the rest of this procedure, as the USB devices will not be recognized. If you are running any version of XP, thiat will not be a consideration. On most systems, you can enter safemode from a reboot by tapping F8 as soon as the machine begins to boot up, before any other screen appears. You may hear a beeping noise, and/or see a "Keyboard Error" message. Ignore them and keep tapping. You should soon be presented with a black-and-white boot choice screen. Select the #3 option, "Safe Mode", either by typing the numeral 3 or by using the up/down arrows of your keyboard, and hit enter. Your machine will boot up with only the barest necessities, and no background applications, running. Your display will probably look very different. Ignore that. If the F8 method does not work, another possibility is to tap, or sometimes to hold down, the "Esc" key as soon as the system begins to boot. If methods don't work for you, consult the User Support documentation that came with your machine or as available on the website of its manufacturer.

Once in Safemode, go to Start>Programs>LavaSoft AdawareSE>AdawareSE.exe . When it opens, select "start" from its splashpage and let it run to completion. It may take quite a while. When it has finished, let it "Fix" anything it has found.

Now, go to Start>Programs>Spybot Search and Destroy, and open it. Select "Immunize" , then click "Install". Then select "Permanently running bad download blocker for Internet Explorer", and click "Install". DO NOT place checks in any of the three "Recommended miscellaneous protections" panel at this time. Now, select "Search and Destroy", then select, down at the bottom of the page "Search for problems". Let it run to completion, which also may take quite a while, and let it "Fix" anything it finds. Run it one more time. It should find nothing.

Once again, empty your recycle bin, then, while still in safemode, defragment your drive. That too will likely take quite a while.

Now, open a browser (If necessary, choose "Work off line" and pay no attention to the "Cannot Display Page" message, and, from the browser's toolbar, select Tools>Internet options, and on the General, Security, and Privacy tabs, select the defaults and apply, then click "OK" and close the browser.

Finally, reboot normally. Before doing any other browsing, messaging, chat, email checking or downloading, run HijackThis with no other browsers open or apps running, and save the log.

Now go out on the web as you normally would, being careful what you click on. DO NOT reactivate System Restore unless and untill your machine is behaving properly.

If you insist on things like opening attachments from unknown senders, hooking yourself up with "Exciting Free Browser Add-Ons", "Incredible Search Enhancers", or any other "Amazing Helpers", P2P file sharing, Porn, and surfing without up-to-date security and privacy software, you're on your own. If not, and you're still having problems, start a new topic in The Computers Forum, detailing exactly what you did, what the results were, and paste your Hijack This log into your post.

Remember, do everything listed, in the order listed, and please start a new thread if you need further help. Don't post your help request to this thread, or to an existing help thread. There's no other way to keep things sorted out and provide for individual attention.

Edited occasionally to update links and/or info as needed
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 3 • Views: 39,174 • Replies: 53
No top replies

Reply Fri 26 Mar, 2004 11:32 am
The following was written by Tony Klein and has been posted in numerous Security Forums. I wouldn't necessarily recommend running all the software mentioned below, but there is some good info to be had here.


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Windows Update:

3) Adjust your security settings for ActiveX

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install Javacool's SpywareBlaster.


SpywareBlaster will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects. Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so. Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.

Download Spybot Search and Destroy

5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.


An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!

6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.

They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
0 Replies
Reply Thu 1 Apr, 2004 11:34 pm
0 Replies
Reply Fri 2 Apr, 2004 12:43 am
Bookmarking, thank you
0 Replies
Reply Tue 6 Apr, 2004 03:41 am
thank you for the Info,

I found this by googling omegasearch. What a bunch of crap this Spyware is, People who develop this stuff need to be lined up and shot.

Anyway, I just thought that I would throw in what I found while going through the steps.

When I got to Add/Remove Programs I did not find
or any variation there of.

What I did find which I think is important for future readers is a file called
Window Search[/b][/color]

the reason I find this IMPORTANT[/b] is because it was in the midst of the Windows update files and had the same icon, it made it look like it was a standard update.

After Googling and making sure that this was not an update file. I removed the Parasite, but not before it asked me to verify the uninstallation, by putting in a Code to make sure I was a human user attempting to remove the culprit. Looks like, Parasite removal software may not be able to remove this file. Sad

Just thought I would add what I found,
Thank you very much for the Post it helped me remove this parasite from my PC, Awsome Post.

0 Replies
Reply Tue 6 Apr, 2004 09:31 am
Thx Guys for all the info and help. Cool I was finally able to stop xads offer optimizer from popping up each time i started IE. The solution was when i downloaded BHO Demon(free), it found twaintec.dll being started with IE, i knew that was the culprit there and I disabled it. I restarted IE went to google.com and no pop-ups, its on idle now and still no popups from xads offeroptimizer. Cool

THX GUYS! Very Happy
0 Replies
Reply Sat 10 Apr, 2004 11:00 am
Re: omegasearch browser hijack
thx for all the tips guys. I followed all the steps posted except for one step which was missing in my case. There was a "WINDOW SEARCHING" parasite in the "ADD/REMOVE" programs which I had to delete to completely clean my computer of the OMEGASEARCH BUG. That was the last and final step to end that parasite for good!
0 Replies
Reply Sat 10 Apr, 2004 01:15 pm
timmer2002, NOSVeilsideSupra and dthresh, good on ya. Nice job. Wink And thanks, Timber, fer posting this.
0 Replies
Reply Sun 11 Apr, 2004 09:19 am
This is not directly related to problems with spyware/adware/hijacks/trojans/etc, but for those who need an excellent popup blocker for IE, try the free Google Toolbar. (note: popup-blockers will only prevent popups spawned by webpages you're viewing, not popups from "yuckware".)
0 Replies
Reply Sun 11 Apr, 2004 09:32 am
I'll second Monger's recommendation of Google's toolbar; I find it handy as all gitout for lots of stuff.
0 Replies
Reply Sun 11 Apr, 2004 09:47 am
i'm actually just posting here to absorb this thread for future reference; but i did want to mention that i use Opera, not I.E., and have no problem with pop-ups, and little trouble with various forms of spyware, most of which seem to be innocuous, unless 'privacy' is paramount.

any comments?
0 Replies
Reply Sun 11 Apr, 2004 10:43 am
Bo, it all depends on how innocuous you figure folks you don't know tracking your entire browsing history, both on the 'net and within your own machine and/or network, being able to log every keystroke you make, being able to redirect you to, or restrict you from, any website of their choosing using triggers of their choosing, shoving their idea of what ads are best for you to see right into your face, having access to and control of all your files and folders, including passwords, personal, and financial data, and the ability to remotely control your machine without your knowledge or consent, even using it to distribute spam or conduct DDOS attacks, might be. If that sort of stuff doesn't bother you, feel free to cavort nakedly on the web.

Now, of course, not all yuckware does all of that, but just about all of it does some of that. No browser, operating system, or prayer scheme grants anyone total immunity from exploits. That's why there's an expanding market for security/privacy software, and it is the impetus behind any number of intitiatives, both corporate and governmental, and lawsuits in the court systems of just about every developed nation on the planet. Its also why threads like this are all over the internet. Hell, there are entire forums, as large as or larger than A2K devoted to nothing but, and there are any number of UseNet newsgroups which concern themselves either in part or exclusively with the problem. Its real.
0 Replies
Reply Sun 11 Apr, 2004 11:28 am
timber; thanks for the generous response; i agree that such abuse is not to be ignored, and probably overstated my lack of alarm over such beligerance. i do of course use a digital condom (Avast), and purge what i can periodically; i don't 'ever' have popups (except Avast anounces it has upgraded is viral database, and then dissappears, occassionally). Should i be doing more?
0 Replies
Reply Sun 11 Apr, 2004 11:54 am
I think a firewall is a must ... even WinXP's built in one is better than nothing. Just for gigglse, you might wanna see what AdAware and SpyBot tell you about your machine, where its been, and what its picked up; you'll probably be astonished.

BTW, I'd suggest using the download links provided here, by either Monger or myself, to go get them, SpyBot S&D in particular; unscrupulous baddies use its great reputation against it and fraudulently weight their "Buy my full version to solve the problems my teaser scan-only version just scared hell out of you with" to overwhelm searchlist rankings for the real SpyBot. SpyBot S&D is free, although you can donate if you wish, and Patrick does offer some software and plugins you may purchase if so inclined.
0 Replies
Reply Sun 11 Apr, 2004 05:19 pm
I just got offeroptimizer Friday. Never had it before and I had a 2 year old version of Norton and Google's pop up blocker for a while. I had just bought Norton Internet Security, followed all the instructions, registered it and whammo. Now I get offeroptimizer. I think I got it from taking down XP's firewall (as instructed by Norton while installing) or by registering at Norton site. I say this because within seconds of finishing my installation of Norton I got my first offeroptimizer pop up. Until now Google has done a great job blocking these and apparently Norton disabled Google. Now it looks like I'm in for major surgery . . .
0 Replies
Reply Wed 5 May, 2004 01:26 am
I tried doing the steps as described, but I quickly hit a wall when I was searching my computer for "twaintec.dll." I went into files and folders, did a search, and sure enough it was there. But when I right clicked and said delete all of a sudden this little sign comes up that says my access is denied and I don't have permission to do this? What's going on here?
0 Replies
Reply Wed 5 May, 2004 08:57 am
What operating system are you using, jora?
0 Replies
Reply Thu 6 May, 2004 10:28 pm
Ooops--I figured out what my problem was. But thanks anyway, timberlandko!
0 Replies
Reply Sun 9 May, 2004 06:15 pm
Thank you
Thank you very much. I was infested bad. Followed your directions and all is well so far. Just wanted to express my grattitude for all your help, never could have done it alone. Thank you again and keep up the good work.
0 Replies
Reply Mon 17 May, 2004 07:57 pm
First off, sorry for replying to a thread that hasn't had a reply in a week or so.

Whilst attempting to update Windows and IE, I found that I had to (according to the scan) download 47 different apps/patches/updates (whatever they're called), and that's just including critical updates. The total download size came out to almost 60 MB. Now, as a dial-up user, that is extremely daunting. Frankly, I cannot keep my computer on that long, let alone while connected to the internet (part of it is cost, part of it is just personal uneasiness). Now, I don't mean to sound unappreciative or lazy, but is there any way to shorten the list of the things I need to download? Here's the list:

Windows XP Service Pack 1 (Express)
Cumulative Security Update for Internet Explorer 6 (KB832894)
Security Update, February 14, 2002 (Internet Explorer 6)
Security Update for Windows XP (KB840374)
Security Update for Windows XP (KB837001)
Security Update for Windows XP (KB828741)
Security Update for Microsoft Data Access Components (KB832483)
Security Update for Microsoft Windows XP (KB828035)
Security Update for Microsoft Windows XP (KB825119)
811630: Critical Update (Windows XP)
810577: Security Update
Security Update for Windows XP (815021)
Critical Update for Windows Media Player Script Commands (KB828026)
Q329441: Critical Update
Q329390: Security Update
329170: Security Update
Q329115: Security Update (Windows XP)
Q329048: Security Update
Security Update for Microsoft Windows XP (KB328940)
Q323255: Security Update (Windows XP)
Security Update for Windows XP (KB817606)
Security Update for Microsoft Windows (KB824105)
823559: Security Update for Microsoft Windows
Security Update for Windows XP (KB821557)
Security Update for Microsoft Windows (KB823182)
Security Update for Microsoft Windows (KB824141)
Security Update for Windows XP (819696)
816093: Security Update Microsoft Virtual Machine (Microsoft VM)
814078: Security Update (Microsoft Jscript version 5.6, Windows 2000, Windows XP)
Q324096: Security Update (Windows XP)
Q323172: Security Update (Windows XP)
Q326830: Security Update (Windows XP)
Q324380: Security Update (Windows XP)
Q318138: Security Update (Windows XP)
Q313450: Security Update
Q320920: Security Update (Windows Media Player for Windows XP)
Q311967: Security Update
Windows XP Application Compatibility Update, April 2002
System Recovered Error Message Update
Security Update, February 13, 2002 (MSXML 2.6 and 3.0)
Critical Update, February 10, 2002
Critical Update, February 9, 2002
Security Update, December 17, 2001
Remote Assistance Connection
Windows XP Update Package, October 25, 2001
811493: Security Update (Windows XP)
Cumulative Security Update for Outlook Express 6 (KB837009)

Any feedback would be ridiculously appreciated.
0 Replies

Related Topics

So I just joined Facebook.... - Discussion by DrewDad
YouTube Is Doomed - Discussion by Shapeless
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Internet Explorer 8? - Question by Pitter
  1. Forums
  2. » Spyware, Browser Hijacks, or other Yuckware? Check here 1st
Copyright © 2023 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 03/20/2023 at 11:02:12