well, if you haven't adjusted your security settings, several web sites will sneak software on your system.. it is called hijacking...
here are some preventatinge methods..
use with what I posted above :
using IE :
to help prevent Hijacking Spyware :
hijacking Spyware is spyware that self installs toobars to your browser, changes your search engine defaults, changes your home page, and possibly changes your DNS settings to route through a new source, or even tried to force you to use a new dialer instead of the one you are use to.
In IE there are ways to prevent Hijacking software... and ways to clean out hijacking spyware.
First, Right click on Internet Explorer icon and select Properties.
Click on privacy tab
click on Advanced tab adn then put a check mark in Override Automatic Cookie Handeling.. then set First Party Cookies to Always Accept, 3red party cookies to Never, and check Always allow session cookies, then click apply...
this will eliminate 90% of new spyware cookies coming on to your system..
Now go into Security tab
click Internet in the box at the top and click Custom Level button.. first set everything to enable and click OK.. it will ask if you want to change the settings.. say yes.
now click custom level again and go through all the one's that says anything about Active X
for all of them that say Unsigned or Not Signed.. set to disable
the one's that state Signed set to Prompt
the ones that say not marked as safe, disable.
the one that says "Run Active X Controls and Plug-ins" and has an Administrator Approved setting.... set this to Enabled (otherwise some sites just don't work like Window's updates)
the one's that say marked as safe, set for Prompt.
click Ok and say yet to changing settings...
now what this does is that any page that uses active X controls will now have unsigned controlls blocked (usually hijackers) and the one's that are signed it will ask for your permission to run...
now sites like Microsoft Windows Update are safe to run and is necessary otherwise you can't update your system
Other sites, you can take your chances.. i usually say NO unless the page looks funky or will not load, then I refresh the page and say yes...
Now with these settings, some sites will start poping up Install Verifiers asking do you want to install X software.. These things are 90% of the time the Hijacking or Spyware software trying to get on your system...
I would then go back into Internet Explorer and go to Security settings and click on Restricted Sites and add the site trying to instal stuff on your system... this site will no longer be allow to do anything but display information from the page .. you get No More Download boxes.
Spyware and Hijacking Reemoval :
There are 3 programs that I use to remove Hijackers..
First is Spybot search and destroy..
i let this run through and remove all the registry keys that are invalid along with files and folders added by the hijacking software..
then it finishes scanning, I only remove things that are red titled, nothing else.
after using it and removing the red titled spyware objects.. it may state unable to remove all objects.. at this time I would allow it to scan one time at system boot.. and restart system.
after it runs through again, and if no red objects come up.. then just close it down.. if red objects pop up, all them to be fixed as well.
now when your done doing this and back in full windows mode.. I like using Ad-Aware 6... this will catch items missed by Spybot S&D.. Check everything that Ad-Awae shows and remove them..
Always check for updates.. the updates come out like Virus Definitions.. once or twice a day...
once you have internet Explorer set with the settings above, all these thing shoud ever find is 1 or 2 cookies.. no more than 5 in a week... Unless you say Yes to an active X control on a strange site by accident....
now if you have experienced a Hijacker software...
I use HijackThis.. it is a fantastic utility that scans IE settings and software running on your system and Active X controls...
if it lists anything for IE.. then remove them all.. (make note that you will need to eset your normal home page afterwards)
then delete the back up files...
now look through all the other stuff listed .. compare to what is in MSCONFIG Startup tab...
check anything not listed in MS Config ....
i would also check anything that says Quick time, real player, Real One, Sun Microsystems, Java, Jushed, and any un necessary software not needed at system start up...
Now before clicking fixed... Look for Acrobat Reader Axtive X control in the listing.. this is needed to display Acrobat reader in your browser window...
also look for anti-virus.. if you are using antivirus from any company, make sure that all these are unchecked...
check anything that says Tool Bar except the Anti Virus tool bar
now at the bottom, you will see 016 - DPF .. these are the actual Active X controls.. there are only 4 that I know of that are safe...
Shockwave Flash Object
Shockwave Active X control
Macromedia Authorware Web Player Control
Update Class -
http://v4.windowsupdate.com/cCAB/x386/unicode/iuctl.CAB?38096.5954282407those are the only 4 items that should be left as they are safe ... anything else.. i can't say if it is safe or not.. and I would remove it.. if a site you go to requires a control you removed.. it will ask to reinstall.. that is up to you to do so..
also refer to the above posting for the guide to HijackThis for better instructions and methods.
once you click Fix Checked.. it will list all the items as backup files in the same area as HijackThis.exe.. select all the backups and delete them...
Now finally to get Internet Explorer back to default settings.. right click IE once again and go to Properties.. click on Programs.. Whether or not IE is your default search engine... you can check or uncheck for IE to check to se if it is default or not...
now click Reset web settings and click OK..
IE is now back in it's default state free of hijackers...
Now I usually go into the Advanced tab and make sure of a few settings...
such as :
always send URL as UTF-8
Disable Script Debugging
Enable Install on Demand (internet Explorer)
Enable Install on Demand (other)
I uncheck Folder View of FTP sites
i check Use passive FTP (for firewall and DSL modem compatability)
I check use HTTP 1.1 and Use HTTP 1.1 through Proxy connections
if you have Sun Java, make sure it is checked
make sure Microsoft MV Java Console and JIT Compiler are both checked.. uncheck logging
skip down to Search from Adress Bar and choose which you like the best.. I prefer Display results and go to most likely site.
and at the bottom I have under security checked :
Do not save Encripted pages
Empty Temp internet Files
Enable Profile Asistant
use SSL 2.0
use SSL 3.0
use TLS 1.0
Warn if submitttal is being redirected and warn if changing between secure and non secure modes...
then i click Apply and OK..
Then i reset my home page.
now i can go into Internet Explorer, click on the search button.. and use customize and set up my search assistant and default search engine to what I want, usually Google.
Now hopefully, you will no longer need Hijack This... but the Spyware removal will be needed and should be used once a week...
and as a final thing just to keep the system clean... Registry Mechanic (paid version) will fix a lot of registry problems that may be on your system...
anyhow... just some suggestions to fix up your machine.. and it is a 1 time deal with exception of scanning for Viruses and checking for spyware once a week....
hope that this helps you all out... it will eliminate 90% of spyware getting on your system ever again, with exception of a few cookies which you eliminate once a week.
Topic: Sure I am being hacked? (Read 8084 times)