I just compiled this from several different articles for a friend. He was having nasty Spyware issues, and he wanted more information. I thought i would share it here as well.

Edited October 31, 2004: (Included some very nice suggestions from Palimax)

-------------------------------------------------------
Spyware 101
-------------------------------------------------------
(Original Article written by Joanna Gurnitsky can be found here (http://netforbeginners.about.com/cs/viruses101/a/spyware101.htm?terms=spyware))

What is “Spyware”?
Spyware is software (program) that gets installed in your computer, often without your knowledge or permission. Once in place, spyware program will send personal information stored in your computer to external parties on the Internet, also without your knowledge or permission.

Where does Spyware come from?
Spyware is often built into otherwise benign software such as game demos, MP3 players, etc. Spyware can also enter your system though unpatched holes in your operating system and internet browser. It is very important to keep your sytem up-to-date with regular patches for your operating system and to run Anti-Virus software such as AVG (http://www.grisoft.com/us/us_index.php).

What does Spyware do to my computer?
1) Steals your information (Identity Theft)
2) Floods your browser with Pop-ups
3) Spams your Inbox
4) Slows down your connection
5) Slows down or crashes your computer

What kind of personal information does Spyware transmit?
This varies. It might be as simple as a listing of your MP3s or a list of the websites you have recently visited. It might also harvest email addresses from your computer, or even your passwords or banking information.

How can I protect my computer from Spyware?
Avoiding spyware is not an easy task. Stay away from the known spyware-infested programs (see the short list below). Take some preventive steps - install a spyware-removal program, or run an online scan to rid your computer of the unwelcome additions.

The most popular anti-spyware programs are Spybot Search and Destroy (http://www.safer-networking.org/en/index.html), AdAware (http://clk.about.com/?zi=1/XJ&sdn=netforbeginners&zu=http%3A%2F%2Fwww.lavasoftusa.com%2Fsoftware%2Fa daware%2F), andPestPatrol. (http://clk.about.com/?zi=1/XJ&sdn=netforbeginners&zu=http%3A%2F%2Fwww.pestpatrol.com) Spybot is highly recommened, and is available for free. One other program definitely worth mentioning is SwatIt (http://clk.about.com/?zi=1/XJ&sdn=netforbeginners&zu=http%3A%2F%2Fswatit.org%2F). It is a very useful and completely free program that scans your computer for Trojans, Worms, Bots and other Hacker programs. AVG (http://www.grisoft.com/us/us_index.php) is a popular virus scanner, they are worth checking out and I highly reccomend them.

Be suspicious if someone gives you something for free; it may be doing more that just promising to “enhance” something. Also worth remembering: every time you supply your email address to anyone on the Internet, you risk having that email address used by the junk email senders.

-------------------------------------------------------
Spyware Prevention Software
-------------------------------------------------------
(Original Article written by the Intranet Journal can be found here (http://www.intranetjournal.com/spyware/preventsoft.html))

Much like anti-virus software that scans e-mail attachments as you go, there are anti-spyware software packages that aim to keep you safe as you surf. Many of these programs will detect cookies from advertisements or Web sites that may be helpful, so once again their effectiveness depends on your tolerance and how you use the software.

Spyware prevention software includes:

Spyware Inoculator (http://www.camtech2000.net/Pages/Spyware_Inoculator.html)
SpySites (http://www.camtech2000.net/Pages/SpySites_Program.html)
SpyStopper (http://www.itcompany.com/spystop.htm)
SpyBlocker (http://www.spyblocker-software.com/spyblocker/index.shtm)
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareGuard (http://www.wilderssecurity.net/spywareguard.html)
Anti-keylogger (http://www.anti-keyloggers.com/)
Secure Computing
By keeping up with the latest security patches and service packs, you will be plugging holes in your Windows operating system that could be used my malicious programs. While many people suspicious of spyware and controlling their privacy online do not like Microsoft's Automatic Updates feature, a visit to WindowsUpdate.com will keep you up to date with what patches your computer needs.

Firewalls
Many organizations already employ firewalls that are all but unseen to their computer users. Personal firewalls are also a good way to stop malicious computers and programs on the vast Internet from contacting your system.
Microsoft included a firewall it calls the Internet Connection Firewall in Windows XP. When enabled, it prevents would-be hackers from scanning your computer's ports and resources -- including file and printer shares. It will also prevent RATs from contacting other computers if they are on your system. Enabling the firewall was essential to stopping the Blaster virus of 2003 and is also recommended for stopping Messenger Spam.

To enable the Windows XP Internet Connection Firewall:

In Windows XP: Control Panel --> Click Network and Internet Connections. Click Network Connections. Right-click your Internet connection, and then click Properties. Click the Advanced tab of your connection's Properties dialog box. Check box next to "Protect my computer and network by limiting or preventing access to this computer from the Internet."

Firewall software includes:

Kerio Personal Firewall (http://www.kerio.com/kpf_home.html)
Zone Alarm (http://www.zonelabs.com/store/content/home.jsp)
Outpost Personal Firewall (http://www.agnitum.com/download/outpostfree.html)
Sygate Personal Firewall (http://smb.sygate.com/)
eTrust EZ Armor (http://www.my-etrust.com/microsoft/)
-------------------------------------------------------
More Spyware, Adware and Trojan Resources
-------------------------------------------------------
(Original Article written by the Intranet Journal can be found here (http://www.intranetjournal.com/spyware/resources.html))

Spybot Search and Destroy (http://www.safer-networking.org/en/index.html)
Safe Hex, Safe Computing Tips (http://www.claymania.com/safe-hex.html)
Pestware 101 (http://www.intranetjournal.com/articles/200309/ij_09_12_03a.html)
Anti-Mal 101 (http://www.enterpriseitplanet.com/security/features/article.php/3099611)
eSecurityPlanet (http://www.esecurityplanet.com/)
CEXX.org Spyware Discussion Boards (http://boards.cexx.org/)
Anti-Virus Protection 101 (http://www.intranetjournal.com/articles/200210/ij_10_29_02a.html)
Fending Off a Vicious Attack (http://itmanagement.earthweb.com/secu/article.php/3109751)
Deflecting Assaults on Privacy (http://www.enterpriseitplanet.com/security/features/article.php/11321_3313571_1)
Dealing with Sneaky, Slimy Malware (http://www.practicallynetworked.com/qa/qa20040219.shtml)
AntiOnline Spyware/Adware Forum (http://www.antionline.com/forumdisplay.php?s=&forumid=677)
Spyware and Adware Resources from About.com (http://antivirus.about.com/cs/adwarespyware/)
Malware: Is Your Workstation at Risk? Part 1 (http://www.developer.com/security/article.php/3322711)
Malware: Is Your Workstation at Risk? Part 2 (http://www.developer.com/security/article.php/3322931)
PCs Monitored, E-mail Bugged (http://itmanagement.earthweb.com/secu/article.php/3341831)
A Web of Electronic Denial (http://www.wired.com/news/business/0,1367,63240,00.html?tw=wn_story_page_prev2)
Ad-Aware Review from WinPlanet.com (http://www.winplanet.com/article/2333-.htm)
AntiOnline Spotlight: Spyware Protection for Networks (http://www.enterpriseitplanet.com/security/features/article.php/3347311)
Spyware Solutions Not So Simple (http://www.internetnews.com/dev-news/article.php/3354571)
Spybot Search & Destroy Review (http://www.winplanet.com/article/2347-.htm)
An Arsenal to Combat Spyware (http://www.wired.com/news/infostructure/0,1377,63978,00.html?tw=wn_tophead_4)
Spyware Sneaking into the Enterprise (http://www.internetnews.com/security/article.php/3375661)

i like spyware, they keep me in business

btw, nice write up

We don't have a great forum to sticky this in, but It'd be nice to create a FAQ forum at the top, make it moderator access only, and stick this in there near the board rules.

Good work Arisen.

That said,

I would suggest ammending the "Where does Spyware come from" section to be more complete. I'd include "Spyware can also enter your system though unpatched holes in your operating system and internet browser."

I would also add, "It is also important to keep your sytem up-to-date with regular patches for your operating system" and "run anti-virus software." Include the windowsupdate.microsoft.com address, and the housecall.trendmicro.com addresses. The Free AVC antivuris page at http://www.grisoft.com/us/us_index.php is probably important as well.

I'd also give Spybot Search and Destroy a higher billing. http://www.safer-networking.org/en/index.html

(The os/browser updates are especially important, the ADODB.Stream exploit was the number one malware installer for years. Considering the current IE exploit in the wild, it's very important. http://it.slashdot.org/article.pl?sid=04/10/30/1555251&tid=113&tid=128&tid=172&tid=1 )

Thanks for the feedback Palimax, I have updated my post to include your suggestions.

theres alot of threads out there that do something similar to this, not directly on this topic


a person like arisensun spends alot of time and puts together a well informed post on a major subject, and over time other people bring in new information or the person finds out more stuff to put into the topic (or take out) and just edits the post as time goes on

theres no reason to keep the thread locked, its a good place to post new information, keeping down spam

another thing is, i would recommend trendmicro's pc-cillin over norton or mcafee

This question gets answered CONSTANTLY on the main forum by the handful of us that answer most "my computer is teh broken!11" posts. It'd be nice to reference it.

Also, I only mentioned AVG becuase it's free. From a for-purchase standpoint, I prefer McAfee's enterprise line.

Same with spyware like Spybot, Adaware and others. I prefer Spy Sweeper due to the reliability on my machine and through my own testing of other programs. Although, Spy Sweeper costs cept for the trial version. Trial version is full version just time frame of use I believe.

unless you absolutely have to use Internet Exploder, I'd suggest using Mozilla Firefox as well, between that, the firewall on my wirelss router, and winblows firewall, I find maybe one or two bits of spyware a month with adaware, and spybot search and destroy.

Maybe I do not search enough porn or something but I have not seen spyware in about a year.

unless you absolutely have to use Internet Exploder, I'd suggest using Mozilla Firefox as well, between that, the firewall on my wirelss router, and winblows firewall, I find maybe one or two bits of spyware a month with adaware, and spybot search and destroy.I keep saying this, and it's mostly true, but after the ADODB.Stream exploit was closed and XP SP2 was released, IE is secure enough that suggesting people switch isn't necessary.

before sp2 i hardly had any problems, and had very little in the line of protection

the only times i had a problem with IE was me just being careless, honestly i have rarely had if ever had any severe problems with IE

Good post. I will sticky this for future reference.

I keep saying this, and it's mostly true, but after the ADODB.Stream exploit was closed and XP SP2 was released, IE is secure enough that suggesting people switch isn't necessary.
I'd still tell people that they should try Mozilla before sticking with IE.. its just 100 times better.

100x better? That's not exactly informative. If you want tabbed browsing and most of the other FEATURES in the Moz/FF alternative, but still need an IE engine to conform with the rest of the world, try MyIE2 (now Maxtheon (http://www.maxthon.com/en/index.htm)), Avant (http://www.avantbrowser.com/), SlimBrowser (http://www.flashpeak.com/), or a dozen others.

Maxtheon offers nearly all of the features in Moz/FF (Tabbed browsing, Mouse Gestures, AD and pop-up removal, standard toolbol support, etc.)

Anyway, if you've used Opera/Moz/FF/Something-Else as a browser, you're going to have to get used to the fact that it's still an IE world. Patch your IE, and then use Maxtheon, Avant, or Slimbrowser to get the features you want and not have IE-Only pages be screwed up on your alternative browser.

I'm going to start a thread on another thing that no geek should be without.

Ok, this is somewhat germane to the topic, so I'm going to keep it here.

Because we had a kiosk project at work, and since we chose to simply use IE as our Kiosk provider (and I know a bit about securing IE now), I took a big interest in PERSONAL PROXY SERVERS.

A lot of you think of proxy servers as either that thing at work that doesn't let you view porn, or that thing you found on the internet that lets you post here from an anonymous IP.

In this case, I wanna talk about a proxy server called Privoxy (http://sourceforge.net/projects/ijbswa/).

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious junk. It is based on the Internet Junkbuster.
Here's what Privoxy does, in a nutshell. It allows you to define lists of sites that you want filtered, and it allows you to define lists of CONTENT that you want filtered. With a little configuration, out of the box, you install it on your own machine, point your web-browser to proxy on 127.0.0.1:8118 (or any port of your choosing) and it filters all the content that you see. It'll strip out all "annoying" Javascript, leaving the good stuff, but not allowing any page to resize windows, bounce around or pop-up anything.

It eats spammer cookies, strips the big AD companies, and you can modify the living crap out of it.

It handles normal REGEX searches in it's filters; and as I mentioned Pop-Ups, it has filters like this:

s/((\W\s*)(window|this|parent)\.)open\s*\\?\(/$1concat(/ig # JavaScript
s/\starget\s*=\s*(['"]?)_?(blank|new)\1?/ notarget/ig # HTML

Target=Blank and Target=New HTML get replaced inline, before they get to your browser!

Feel free to make your own:

s/EverQuest/EverCrack/g

...and the word EverQuest is always replaced inline with EverCrack. Not exactly useful, but it's fun.

Here's me connecting to Slashdot through Privoxy (with advanced Google turned on):

(Scroll to the right to see the CRUNCHing).


Nov 02 21:21:36 Privoxy(00232) Request: www.slashdot.org/ (http://www.slashdot.org/)
Nov 02 21:21:38 Privoxy(03948) Request: slashdot.org/
Nov 02 21:21:40 Privoxy(03560) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=O;141&ch=64254248962&iqrn=SX0B&orig=03FNS&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2Eslashdot%2Eorg%2F
Nov 02 21:21:40 Privoxy(04044) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=P;0&ch=62831928083&iqrn=EUdD&orig=0h0Fd&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fslashdot%2Eorg%2F
Nov 02 21:21:40 Privoxy(01244) Request: images.slashdot.org/title.gif
Nov 02 21:21:40 Privoxy(01160) Request: ads.osdn.com/?ad_id=4848&alloc_id=10351&site_id=1&request_id=4102434&1099455700656 crunch!

Notice the CRUNCH? Ad eaten. :)

Here's me going to CDCOVERS.CC (a site I strongly recommend if you copy DVDs)

Nov 02 21:22:49 Privoxy(03564) Request: cdcovers.cc/
Nov 02 21:22:51 Privoxy(03500) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=O;203&ch=6210894508&freshness_check=4eY7fIa0T5PZ2gTQqiAEZ&iqrn=fXoC&orig=0HBV3&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fcdcovers%2Ecc%2F
Nov 02 21:22:51 Privoxy(02980) Request: cdcovers.cc/images/paypal.gif
Nov 02 21:22:51 Privoxy(02988) Request: cdcovers.cc/images/pixel.gif
Nov 02 21:22:51 Privoxy(02560) Request: cdcovers.cc/images/logo_new3.gif
Nov 02 21:22:51 Privoxy(03872) Request: srs.targetpoint.com/resources/inc/banner.js crunch!
Nov 02 21:22:51 Privoxy(00856) Request: cdcovers.cc/images/home.gif
Nov 02 21:22:52 Privoxy(02104) Request: cdcovers.cc/images/covers.gif
Nov 02 21:22:52 Privoxy(02796) Request: cdcovers.cc/images/download.gif
Nov 02 21:22:52 Privoxy(04076) Request: cdcovers.cc/images/mobile2.gif
Nov 02 21:22:52 Privoxy(01340) Request: cdcovers.cc/images/forum.gif
Nov 02 21:22:52 Privoxy(03868) Request: cdcovers.cc/images/unregistered.gif
Nov 02 21:22:52 Privoxy(00772) Request: cdcovers.cc/images/top.gif
Nov 02 21:22:52 Privoxy(03928) Request: config.privoxy.org/send-banner?type=auto cgi call
Nov 02 21:22:52 Privoxy(03928) Request: config.privoxy.org/send-banner?type=auto crunch!
Nov 02 21:22:52 Privoxy(02664) Request: cdcovers.cc/images/shadow.gif
Nov 02 21:22:52 Privoxy(03140) Request: cdcovers.cc/images/coverXP1.gif
Nov 02 21:22:53 Privoxy(02208) Request: adserver1.cdcovers.cc/adjs.php?n=176436371&what=zone:66&source=top&target=_blank&exclude=, crunch!
Nov 02 21:22:53 Privoxy(03312) Request: forums.cdcovers.cc/images/icons/icon1.gif
Nov 02 21:22:53 Privoxy(03448) Request: forums.cdcovers.cc/images/icons/icon7.gif
Nov 02 21:22:53 Privoxy(02944) Request: adserver1.cdcovers.cc/adjs.php?n=185999529&what=zone:66&source=bottom&target=_blank&exclude=, crunch!
Nov 02 21:22:53 Privoxy(02504) Request: cdcovers.cc/
Nov 02 21:22:53 Privoxy(03484) Request: adserver1.cdcovers.cc/adjs.php?n=260145788&what=zone:68&target=_blank&exclude=, crunch!
Nov 02 21:22:53 Privoxy(00312) Request: adserver1.cdcovers.cc/adjs.php?n=260635632&what=zone:67&source=index&exclude=, crunch!
Nov 02 21:22:55 Privoxy(02580) Request: cdcovers.cc/favicon.ico
Nov 02 21:22:57 Privoxy(03844) Request: www.cdcovers.cc/covers.php (http://www.cdcovers.cc/covers.php)
Nov 02 21:22:59 Privoxy(02296) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=O;156&ch=63458281363&freshness_check=4IIyascXnz6Y3IDCLiIff&iqrn=OkFD&orig=0w3Fq&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2Ecdcovers%2Ecc%2Fcovers%2 Ephp
Nov 02 21:22:59 Privoxy(03548) Request: www.cdcovers.cc/images/paypal.gif (http://www.cdcovers.cc/images/paypal.gif)
Nov 02 21:22:59 Privoxy(02852) Request: www.cdcovers.cc/images/pixel.gif (http://www.cdcovers.cc/images/pixel.gif)
Nov 02 21:22:59 Privoxy(02852) Request: www.cdcovers.cc/images/pixel.gif (http://www.cdcovers.cc/images/pixel.gif)
Nov 02 21:22:59 Privoxy(03192) Request: srs.targetpoint.com/resources/inc/banner.js crunch!
Nov 02 21:22:59 Privoxy(02072) Request: www.cdcovers.cc/images/home.gif (http://www.cdcovers.cc/images/home.gif)
Nov 02 21:22:59 Privoxy(02512) Request: www.cdcovers.cc/images/covers.gif (http://www.cdcovers.cc/images/covers.gif)
Nov 02 21:22:59 Privoxy(03620) Request: www.cdcovers.cc/images/download.gif (http://www.cdcovers.cc/images/download.gif)
Nov 02 21:22:59 Privoxy(02956) Request: www.cdcovers.cc/images/mobile2.gif (http://www.cdcovers.cc/images/mobile2.gif)
Nov 02 21:23:00 Privoxy(03904) Request: www.cdcovers.cc/images/forum.gif (http://www.cdcovers.cc/images/forum.gif)
Nov 02 21:23:00 Privoxy(01492) Request: www.cdcovers.cc/images/unregistered.gif (http://www.cdcovers.cc/images/unregistered.gif)
Nov 02 21:23:00 Privoxy(03284) Request: www.cdcovers.cc/images/top.gif (http://www.cdcovers.cc/images/top.gif)
Nov 02 21:23:00 Privoxy(03004) Request: www.cdcovers.cc/images/shadow.gif (http://www.cdcovers.cc/images/shadow.gif)
Nov 02 21:23:00 Privoxy(04004) Request: www.cdcovers.cc/images/coverXP1.gif (http://www.cdcovers.cc/images/coverXP1.gif)
Nov 02 21:23:00 Privoxy(02648) Request: adserver1.cdcovers.cc/adjs.php?n=264660933&what=zone:66&source=top&target=_blank&exclude=, crunch!
Nov 02 21:23:00 Privoxy(03036) Request: adserver1.cdcovers.cc/adjs.php?n=742733156&what=zone:66&source=bottom&target=_blank&exclude=, crunch!
Nov 02 21:23:01 Privoxy(03544) Request: www.cdcovers.cc/ (http://www.cdcovers.cc/)
Nov 02 21:23:01 Privoxy(02016) Request: adserver1.cdcovers.cc/adjs.php?n=527962705&what=zone:68&target=_blank&source=Xbox&exclude=, crunch!

Note a lot of crunching, and it gets better if I go to a populated full of JS junk page at CDCOVERS:

Nov 02 21:22:57 Privoxy(03844) Request: www.cdcovers.cc/covers.php (http://www.cdcovers.cc/covers.php)
Nov 02 21:22:59 Privoxy(02296) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=O;156&ch=63458281363&freshness_check=4IIyascXnz6Y3IDCLiIff&iqrn=OkFD&orig=0w3Fq&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2Ecdcovers%2Ecc%2Fcovers%2 Ephp
Nov 02 21:22:59 Privoxy(03548) Request: www.cdcovers.cc/images/paypal.gif (http://www.cdcovers.cc/images/paypal.gif)
Nov 02 21:22:59 Privoxy(02852) Request: www.cdcovers.cc/images/pixel.gif (http://www.cdcovers.cc/images/pixel.gif)
Nov 02 21:22:59 Privoxy(02852) Request: www.cdcovers.cc/images/pixel.gif (http://www.cdcovers.cc/images/pixel.gif)
Nov 02 21:22:59 Privoxy(03192) Request: srs.targetpoint.com/resources/inc/banner.js crunch!
Nov 02 21:22:59 Privoxy(02072) Request: www.cdcovers.cc/images/home.gif (http://www.cdcovers.cc/images/home.gif)
Nov 02 21:22:59 Privoxy(02512) Request: www.cdcovers.cc/images/covers.gif (http://www.cdcovers.cc/images/covers.gif)
Nov 02 21:22:59 Privoxy(03620) Request: www.cdcovers.cc/images/download.gif (http://www.cdcovers.cc/images/download.gif)
Nov 02 21:22:59 Privoxy(02956) Request: www.cdcovers.cc/images/mobile2.gif (http://www.cdcovers.cc/images/mobile2.gif)
Nov 02 21:23:00 Privoxy(03904) Request: www.cdcovers.cc/images/forum.gif (http://www.cdcovers.cc/images/forum.gif)
Nov 02 21:23:00 Privoxy(01492) Request: www.cdcovers.cc/images/unregistered.gif (http://www.cdcovers.cc/images/unregistered.gif)
Nov 02 21:23:00 Privoxy(03284) Request: www.cdcovers.cc/images/top.gif (http://www.cdcovers.cc/images/top.gif)
Nov 02 21:23:00 Privoxy(03004) Request: www.cdcovers.cc/images/shadow.gif (http://www.cdcovers.cc/images/shadow.gif)
Nov 02 21:23:00 Privoxy(04004) Request: www.cdcovers.cc/images/coverXP1.gif (http://www.cdcovers.cc/images/coverXP1.gif)
Nov 02 21:23:00 Privoxy(02648) Request: adserver1.cdcovers.cc/adjs.php?n=264660933&what=zone:66&source=top&target=_blank&exclude=, crunch!
Nov 02 21:23:00 Privoxy(03036) Request: adserver1.cdcovers.cc/adjs.php?n=742733156&what=zone:66&source=bottom&target=_blank&exclude=, crunch!
Nov 02 21:23:01 Privoxy(03544) Request: www.cdcovers.cc/ (http://www.cdcovers.cc/)
Nov 02 21:23:01 Privoxy(02016) Request: adserver1.cdcovers.cc/adjs.php?n=527962705&what=zone:68&target=_blank&source=Xbox&exclude=, crunch!
Nov 02 21:23:55 Privoxy(02900) Request: www.cdcovers.cc/dvd_g.php (http://www.cdcovers.cc/dvd_g.php)
Nov 02 21:23:57 Privoxy(02544) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=O;203&ch=62977273698&freshness_check=4-qdaaZ0bFvY-oDCLyQff&iqrn=Ze_C&orig=0gDZx&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2Ecdcovers%2Ecc%2Fdvd%5Fg% 2Ephp
Nov 02 21:23:57 Privoxy(03212) Request: srs.targetpoint.com/resources/inc/banner.js crunch!
Nov 02 21:23:57 Privoxy(01888) Request: adserver1.cdcovers.cc/adjs.php?n=865663429&what=zone:66&source=top&target=_blank&exclude=, crunch!
Nov 02 21:23:57 Privoxy(03972) Request: adserver1.cdcovers.cc/adjs.php?n=689095677&what=zone:66&source=limited_bottom&target=_blank&exclude=, crunch!
Nov 02 21:23:57 Privoxy(00392) Request: www.cdcovers.cc/main.js (http://www.cdcovers.cc/main.js)
Nov 02 21:23:58 Privoxy(02120) Request: www.cdcovers.cc/ (http://www.cdcovers.cc/)
Nov 02 21:23:58 Privoxy(01748) Request: adserver1.cdcovers.cc/adjs.php?n=069587015&what=zone:68&target=_blank&source=dvd&exclude=, crunch!
Nov 02 21:24:03 Privoxy(02888) Request: www.cdcovers.cc/downloadit.php (http://www.cdcovers.cc/downloadit.php)
Nov 02 21:24:05 Privoxy(00516) Request: toolbarqueries.google.com/search?client=navclient-auto&googleip=O;203&ch=61614385193&freshness_check=4BIS6uNWHzeY-gDBKyQfb&iqrn=j3u&orig=0Qm3v&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2Ecdcovers%2Ecc%2Fdownload it%2Ephp
Nov 02 21:24:05 Privoxy(00848) Request: adserver1.cdcovers.cc/adjs.php?n=222503379&what=zone:66&source=top&target=_blank&exclude=, crunch!
Nov 02 21:24:05 Privoxy(03556) Request: www.cdcovers.cc/transparent.gif (http://www.cdcovers.cc/transparent.gif)
Nov 02 21:24:05 Privoxy(02100) Request: images.amazon.com/images/P/1558908315.01.THUMBZZZ.jpg
Nov 02 21:24:05 Privoxy(03000) Request: images.amazon.com/images/P/6305101981.01.THUMBZZZ.jpg
Nov 02 21:24:05 Privoxy(03116) Request: images.amazon.com/images/P/B00008OM5C.01.THUMBZZZ.jpg
Nov 02 21:24:05 Privoxy(02884) Request: images.amazon.com/images/P/B000067DH5.01.THUMBZZZ.jpg
Nov 02 21:24:06 Privoxy(02240) Request: www.cdcovers.cc/ (http://www.cdcovers.cc/)
Nov 02 21:24:06 Privoxy(03964) Request: adserver1.cdcovers.cc/adjs.php?n=737086128&what=zone:68&target=_blank&source=dvd&exclude=, crunch!
Nov 02 21:24:12 Privoxy(01076) Request: covers.cdcovers.cc/show.php?name=G.I._Jane_Dutch-front&section=Dvd&id=bbfc64f201cfc4f4f0fa9a1057acda48&check=e8f0512278f4bff248f0df4cb73a9092


Free, open-source, easily editable, and works with EVERY browser.

Very interesting stuff. I'm gonna give it a shot this weekend. :)

Does anyone know how to get rid of the homepage hijacker that has pop ups from vv13.tempx.cc or some crap? I'll post logs/screen shots later, my friend was using my Thinkpad and I got everything off minus this homepage madness.

My favorite quote from said friend is "I don't need Anti-Virus software, all it does is take up memory and slow my computer down."

tempx.cc is a malicious BHO

Dunno if anyone has mentioned it yet but, If you are a Department of Defense employee (i.e. Active service, national guard, or reserve member) you're authorized to use a copy of the DoD's corporate versions of Symantec anti-virus, and firewall, while they might not be the best out there, they do a pretty damn good job. I don't know about the other services, but if you're any flavor of army, you can get it off AKO

I find it humorous to say the least, that you still bother with Windows.


hahaha, man i didn't bother to read the rest of your post, this is retarded

Really? I never have spyware plaguing my system. I have no viruses, and I don't need to defrag my hardrive every week. I can write and edit microsoft office documents, excel spreadsheats, powerpoints, etc.

EQ Runs perfectly fine in linux with a program called Cedega.

While you spend hundreds of dollars on an operating system, several third party virus scanners, spyware removers, and firewalls, just to keep your system running decently, my operating system cost me nothing.

Laugh all you want, your the one blowing your money.

wow what do you know? i'm doing the same exact thing on XP

no, i don't run any maintenance on it what so ever, it might go through a random scan during the night when im asleep and thats about it

how much did it cost me? $90 for a great operating system

do i like both, yes

do they both work, yes

will i continue to use both, yes

will i ever assume its lauphable that people still use one over the other, no

Travesty, how about you get the fuck off this useful thread about dealing with problems WHEN they happen and go crusade for Linux in a new one? This particular thread is meant to be a resource for people who need assistance and education.

If you have some useful links and factual information regarding open-source alternatives, please, by all means, post them.

If you're just going to preach from your soap-box to us Windows heathens, you're wasting valuable keystrokes.

Further off topic postings will be met with the heavy hand of moderation.

I found this gem posted in my rep with the grey box that the kids from the little table get.Linux is a viable alternative to spyware in windows. Get over it.And, we need not guess who it's from, so I'll address your concerns.

I work, for a living, managing a cross-platform inventory management and software distribution product called Marimba (http://www.marimba.com/products/). Marimba is a platform independant (Java-based) solution, and while I primarily oversee 20,000 some-odd Windows boxes, my transmitter infrastructure is entire Redhat 7.2 Linux and Suse 9.0 Enterprise. Those boxes report to Suse 8 backend machines running Oracle and Windows 2003 machines running our AD and DNS environment. The Suse 8 boxes have their storage on NetApp filers - which are also *nix-based devices.

One of the charters of our IT organization is to promote the use of products based on open standards (not open source, necessarily).

This thread is about providing information for casual computer users to help with preventing and dealing with problems that can occur as a resule of both the flaws in Windows, and careless use. The vast majority of people that this thread is intended to help simply aren't in a position to switch to Linux.

Windows has flaws. Linux has flaws.

Mozilla/Firefox has flaws too.
http://secunia.com/product/4227/

And guess what? People don't patch them either (see attachment).

So, like I said, provide some useful information for the vast majority of people on these forums using Windows, or start another thread and tell us how great Linux is -- just don't do it here.

Oh, and, in case I forgot. This thread includes links to numerous free resources, and several open-source resources for maintaining your Windows machine.

Heh, damn right Firefox has flaws. I loaded it up, went to CNN.com and MSN.com and VOILA, 122 items detected in MS Anti-Spyware and 11 of them Trojans detected with Sophos.

The only way to combat spyware, adware and viruses is to educate the casual computer user. Since I have sent out weekly bulletins to the users in my company, the amount of infections from any malicious software has decreased exponentially. It's easier to teach casual users to avoid items than it is to try and rework an entire enterprise with a new NOS.

Don't know what moron sent that in your feedback Palimax, but apparently he has no idea wtf he is talking about. Linux is a viable alternative to windows for an advanced user, but for the average housewife or the average 13 year old surfing the web, it's really not an option.

BTW, while we are on the subject, the appliance our company currently uses for spam filtering is at EOL, any suggestions for a good spam filter appliance? Before you go suggesting integrated options, we are still on NT4.0 and Exchange 5.5 due to my cheap boss.

thanks in advance....

Me, I'm outbound through:

You're using HTTP/1.1 on port 80 from 206.132.94.6, Via: 1.0 PHX-CACHE2 (NetCache NetApp/5.5R6), websense-test, 1.0 PHX-CACHE2 (NetCache NetApp/5.5R6).

Does anyone have a good utility that will remove the VX2 Malware? I've got a client who has a machine infected with this thing and I don't have time to sit down and dig through a couple of zillion lines of registry entries to find the offending lines.

I've tried Webroot's SpySweeper and AdAware Professional version. Neither of them can seem to completely remove VX2. It removes the registry entires and associated programs, but they come right back. This machine has CWS (Cool Web Search) on it as well. SpySweeper and AdAware can't get rid of this one either.

Does anyone know what is regenerating this thing? I'm sure there is a registry entry or program running somewhere, but it doesn't show up in the program manager. Computer is running Windows 2000 Pro with service pack 4 and all the Microsoft updates.

Any help would be appreciated.

Adaware will remove it. You need to go to the Lavasoft site and get the VX2 plugin for Adaware.

Spybot and MCAntiSpyware will also remove this infectious turd.

MCAntiSpyware = MSAntiSpyware

You can also get CWS Shredder, just google it. It does a great job at removing CWS variant toys.

Ok, both my network connection and router show I am sending and recieveing data of somekind. I am on DSL btw. I have used all of my spy/ad/virus programs to no avail. Could there be something hidden sending data off or is it just packets of info for the ISP. I have never noticed it being active with out purposfully using the net. Here is my HIJACKTHIS log... See anything in there?

Logfile of HijackThis v1.99.1
Scan saved at 7:56:32 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MIKEBA~1\LOCALS~1\Temp\Rar$EX15.187\Hi jackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120759021296
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.37/ttinst.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18.34.test/tt_test.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

I see the Biggest Virus of all, it's called Microsoft :P
What is that egames reference? Is that something you installed?

I noticed that my self. I could not find any reference to that on my comp. Not that I really know much and where to look. I ran both my AVG and then a TrendMicro scan and they picked up 2 Java based trojans. My comp is still x-mitting back and forth. Also at about this same time as I noticed this I have another "network" connection icon showing traffic.

Can you see IP addresses for the external machine that you're communicating with? Several of those programs you've got running could be legitimately phoning home, without signifying anything unusually evil.

If however you're monitoring activity doesn't give you that, try running netstat from a command line right after you notice the activity.

Ok ran a "netstat". I have no idea what that is, but it shot up a VERY quick dosbox window thing and disappeared. Where did it go? God I wish I knew more about comps. Thanks for at least helping out a trolling comp newb..=/

Ok dis-regard. I found a hudge program..Netstat Live. This sould help. Thanks Snachek.. It is appreciated. I shal update with what I find.

From start->run, type CMD. Then, run netstat in the command prompt window. It won't close at the end that way.

Ok it tossed up two IP's #1 is 192.168.1.1 WTf is it? According to WHOIS it is these folks which does not tell me much. Should I look it up somehwhere else?

OrgName: Internet Assigned Numbers Authority
OrgID: IANA (http://ws.arin.net/whois/?queryinput=O%20!%20IANA)
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 (http://ws.arin.net/whois/?queryinput=192.168.0.0) - 192.168.255.255 (http://ws.arin.net/whois/?queryinput=192.168.255.255)
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1 (http://ws.arin.net/whois/?queryinput=N%20.%20IANA-CBLK1)
NetHandle: NET-192-168-0-0-1 (http://ws.arin.net/whois/?queryinput=N%20!%20NET-192-168-0-0-1)
Parent: NET-192-0-0-0-0 (http://ws.arin.net/whois/?queryinput=N%20NET-192-0-0-0-0)
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN (http://ws.arin.net/whois/?queryinput=P%20!%20IANA-IP-ARIN)
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN (http://ws.arin.net/whois/?queryinput=P%20!%20IANA-IP-ARIN)
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2006-03-16 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database

The second one is 64.233.163.104
That apperantly is Google calling home. Why? No idea. Thanks again for any info you can share. According to Netstat Live it's a constant 6kb in and out. On a second thought could 192.168.1.1 be my frigg'n router? /sigh sorry im such a newb at this.

192.168.1.1 is an internal network address, typically the interface on your router serving as the gateway IP.

From the same command prompt (CMD) type in "ipconfig" You may see this as the gateway.

Additionally you could type in "ipconfig /all" and see your DNSand WINS servers as well.

Sorry, finished reading your post. Google calling home could very well be the Google tool bar or the desktop app they offer. Are you running either?

Your Google toolbar, more than likely.

The 192.168.x.x address is nothing to worry about.

Yea I will just chalk this up to newbness. It is apperantly Google calling home...constantly thought. That is what had me baffled in the first place. That and I did find a couple trojans so that had me worried a bit. Thanks guys.