Computer Knowledge. Gadget. Anime. Design. Dance. Hong Kong Life. Stuff like that.

11.12.2004

After witnessing a browser hijack situation on my IE last night (which some program installed some stupid serachbar on my IE), and then AVG Anti-virus reported a Trojan Horse inside a "System Volume Information" folder which I cannot remove it directly, I started a journey of fighting spyware and Trojan horse since last night. Oh boy was that fun.

First it was the Trojan application. For fix that, I moved all my stuff from that drive to another drive, and then I formatted the hard disk. Hopefully that will have the problem fixed.

The browser hi-jack was a much bigger a problem. I used Adaware and SpyBot Search and Destroy, and they have problem fixing all the problems! Adaware was, among the two, the least powerful in this case as it reported no spyware existed in my system while SpyBot could still allocate some (even though it had problem removing all of them). So I went to a site to get the free and latest spy audit ( http://www.webroot.com/services/spyaudit_03.htm ). Indeed I found the tool identified a few of spyware, including the WEbSerach toolbar crap. I then downloaded the hacked version of Spy Sweeper. It was a very bad heck which doesn't allow any update at all, but still managed to clean all the spyware. I knew it because I then used the legit latest spy audit to verify my system and it reported "Clean".

So I though the problem it over, but it's not.

SpyBot still reported the DSO Exploit problem no matter how many times I checked. Being frustrated, I checked the Net and found the following tips to manually clean up the DSO Exploit items:

(1) Run the "SpyBot - Search and Destroy" as usual.
(2) Once the scanning is done, expand then "DsO Exploit" entry.
(3) With each individual entry, select the item and then right click, select [More Detail]->[Jump to the location]. This will brings you to the system registry entry. Sometime you may need to select [Jump to location] one more time as the first time usually have the Regedit application brought up and but not pointing to the right registry entry.
(4) Do the rest for the other entries.
(5) The next you scan the machine using SpyBot, you will be the nice congratulation message.


Another thing: Don't use MacAfee Virus Scan if your system contains Chinese character filename. The active protection feature will turn off itself after a while and gives you a "NT Access error". Use the freeware AVG Anti-Virus instead. Go to http://free.grisoft.com/freeweb.php/doc/2/lng/us/tpl/v5 to download the latest version.

0 Comments:

Post a Comment

<< Home