Spyware Problem

[Eric H.]

My dad is having a huge problem here with spyware.

His regular startup page is yahoo, but everytime he restarts its changed to '69.50.184.52/find4u' which is a search page. I ran the latest versions of adaware and spybot, I updated norton 2004 and ran that. Didn't get rid of the problem. So, I saw that in his startup folder was an unusual file called winlogon.exe. I couldn't delete it, because the file was running. I tried ending its process, but its a critical windows file. Okay, so I go into msconfig, looked through the win.ini - nothing illregular. I disabled EVERYTHING in his startup list, including that winlogon file. Restarted, yahoo was changed back to the stupid website again. I went back into msconfig, and it turns out that winlogon.exe file rechecked itself in the startup menu.

I went to my XP computer upstairs, and I don't have winlogon. Could that be the problem?? Should I try deleting it in safe mode?

His computer is a compaq laptop, connected to our home network. I even unplugged the network cable during all of this mess. Please help!

[not important]

Try Spybot S&D.
http://www.safer-networking.org/inde...&page=download

[el_novato]

it may be a problem with the HOSTS file. Do a search for HOSTS file on forums. You'll find links to other software that might help you fix the problem. Good luck.

http://www.accs-net.com/hosts/what_is_hosts.html

[SARGE]

http://www.spywareinfo.com/downloads/spg/

Then, read over this:

http://www.computing.net/security/ww...orum/7737.html

[fanaddict]

Had a similar problem myself. Now I have an "unknown" file in my startup all the time listed as c:\windows\system (win9x) and I can't get rid of that. I was infected by some Malsoft that created pop-ups. I ran ad-aware and that took care of all of it except this remaining bugger. Now instead of pop-up ads my system folder pops up once in a while when I click the address area of the tool bar. Any ideas?

[Eric H.]

not important: i did run spybot

I found out the problem was a virus norton never picked up.

[SARGE]

Quote:

Originally posted by fanaddict Had a similar problem myself. Now I have an "unknown" file in my startup all the time listed as c:\windows\system (win9x) and I can't get rid of that. ... Now instead of pop-up ads my system folder pops up once in a while when I click the address area of the tool bar. Any ideas?

Did you try SpyBot along with AdAware, do a virus scan? Hit ctrl alt del and write down all items running, then do a Find for unfamiliar ones, right click and look under properties. Do the same in msconfig startup tab. Delete in both places, reboot and see if it reappears. If so, try deleting it in Safe Mode. If it has a name in ctrl alt del, you can do a search on Google for fixes.