Glock Talk

Glock Talk (
-   Tech Talk (
-   -   1-stop Answers here: Spyware, Secret Installs, Popups & related (

MB-G26 10-12-2003 12:15

1-stop Answers here: Spyware, Secret Installs, Popups & related
One stop info reply for all (the typical and most frequently posted problems :)

If you use IE for your browser:
1. IE -> Tools -> Internet Options -> Advanced tab.

A. UNtick the boxes for "Enable Install On Demand"
B. DISable ActiveX(ploit) for ALL "zones", or if you MUST allow it for certain sites, put those sites in the "Trusted" zone and set all ActiveX entries to "Prompt".
C. DISable all entries java & javascript for ALL zones except "Trusted", or at least set them to "Prompt" for zones other than the "Internet" zone.
D. DISable "all installation of desktop items" for ALL zones

2. Go to and read the paragraphs about the "Hijack This!"**** program. Then go to the "Nice Files" page there and download and install the program. This will keep your homepage in IE from being hijacked.

An alternative that performs same/similar function is StartPage Guard (

A similar and effective program is SpywareGuard: Also free, although donations are appreciated.

Browser Hijack Blaster
Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
3. While on the "Nice Files" page at LH, download and install Spybot Search & Destroy. Run it every few days to detect and discombobulate any spyware/crapware that you may have picked up and not realized it.

4. Go to and download and install SpywareBlaster. "SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed." The program is free, and you can help support it (dev'ing and hosting it does cost money) with a donation, if you chose.

5. Go to and then to their "free tools" subsection, which is at
Download and install these:
A. HTAstop (in the prevention section, about 1/2 down the page)
B. WSH Anti-Polymorphism Patch
C. DSOStop v2
D. Windows Media Player Scripting Fix v1.0

And from the "monitoring" section there, get and install:
E. ScriptSentry or AnalogX Script Defender (depending upon whether you have MS VBS installed)
H. StartUp Monitor

and from the "misc" section there, download and install:
I. BHO Captor or BHOCop

"Messenger" Problems; Popup Problems & Programs

For "Messenger" popup problems, go here: as this section of the forum gives information about programs that will tame the darn thing, as well as gives specific instructions to manually tame it with a step-by-step procedure for each OS.

Review and comparison of current, popular Popup killer programs is located at and is a pretty comprehensive site regarding the 'science' of pupups, how they function and how killer programs are defeated, and of popup killers themselves.

Oh, the *sigh* at the beginning isn't directed at you - it's directed at the scumburgers that create and foist this crap over and over again onto unsuspecting computer users.

PS. IE-SPYADS HAS A NEW URL. See updating post in this thread dated 8/7/04. There is an easy way to keep probably 90% of the crap sites from even being able to touch your machine to begin with: install "IE-SPYAD" - what it does is put a huge list of bad and universally-undesireable sites into the "Restricted" zone of IE. Go here: to read what it is and how it works. This is a good alternative to learning to use the HOSTS file to do the same thing, and some Windows OSs (Xp and 2000, I think) reportedly slow to a crawl if the HOSTS file is large. is severely curtailing what, if any forums will remain available after 2/14-2/15/04. This post has therefore been edited to remove the reference to the various sections/forums.

(originally posted here:

***UPDATE: mando updates to HiJackTHIS! & CWShredder, due to new (as of 11/16/03) variant of the CWS Trojan.

Update Your Copies of HijackThis and CWShredder
If you have ever downloaded HijackThis or CWShredder, it is urgent that you upgrade to the latest versions before using them again. If you mirror these programs on your own site, it is extremely urgent that you update the files.

Due to a new variant of the CWS Trojan (, using either HijackThis or CWShredder on an infected Win98 or WinME computer may lead to severe damage to that computer. You must update to the very newest versions of these programs before using either of them again....

To upgrade these programs, you merely delete the old files and replace them with the new. The links are below.
See the Spywareinfo URL above for download links to the updated versions. is having hosting problems at the moment. Here's an alternative DL location:

CWShredder 1.59.1
Date: 2004-06-28
Size: 137 Kb
License: Freeware
Requires: Win All

Added 3/13/04- A growing spyware problem, incredibly, is self-proclaimed "anti-spyware" applications that actually CONTAIN spyware and often this is NOT appropriately disclosed. While not a previously-unknown problem, it IS become a rather prolific one. For examples, this article is worth reviewing:

Spyware cures may cause more harm than good
Last modified: February 4, 2004, 1:21 PM PST
By John Borland
Staff Writer, CNET

Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. ...
See also
"Spyware Warrior
Waging the war against spyware"
There are several areas which list phoney "anti-spyware" apps which are actually spyware themselves.

ArestiaFL 10-12-2003 12:52

Another very effective spyware tool is Ad-Aware, downloadable from I also HIGHLY recommend you install a virus scanner. In the event you don't want to pay outlandish prices for programs that slow your computer to a crawl, go download AVG Anti-Virus for FREE ( AVG is implemented on my corporate network and has kept out Gaobot, Melissa, Swen and The BLASTER virus. I highly recommend them, they're good people, and the program sits quietly on your system eating up a mere 2 MB of virtual memory (compared to Norton at 36 and McAfee at 21).

Finally, if you have a high speed connection and aren't being a router or a firewall, PLEASE download the latest Microsoft patches from! You also may want to invest in a router or firewall software. It will save you many many headaches! Good luck!

Texas T 10-12-2003 14:04

Re: 1-stop Answers here: Spyware, Secret Installs, Popups & related

Originally posted by MB-G26
Disclosure: I am part of the Admin at
Geez... only six people have voted. At least I got the correct answer. :)


NetNinja 10-12-2003 14:52

Very Nice
Nice Post MB-G26.

As always a wealth of Knowledge.

MB-G26 10-12-2003 18:11

This will be stickies when Aeolus gets to it
So definately add your 'one-stop' fix/prevention tricks and such.

DWavs 10-12-2003 21:56

Re: This will be stickies when Aeolus gets to it

Originally posted by MB-G26
So definately add your 'one-stop' fix/prevention tricks and such.



David_G17 10-12-2003 22:48

if none of the above work.

run linux ;a

HerrGlock 10-14-2003 05:32


if none of the above work.

run linux
As I've often said:

Step One: Remove all Microsoft products from your computer...

THEN we can talk about locking it down.


lomfs24 12-25-2003 23:02

I agree with David. SuSe 9 is looking good.

I downloaded and installed all the things in the original post and now I have no room left on my harddrive to do any work.

CMA G21 12-26-2003 11:15

In addition to MB-G26's suggestions, you may want to consider (strongly consider!) using something other than Internet Explorer for browsing, and Outlook (or Outlook express) for email.

You might want to consider Mozilla ( ) or Opera ( ) .

lomfs24 12-26-2003 20:03

Anti-virus software is a must. I have used and really liked f-prot on Linux. They also have versions for nearly every operating system. Windows, Linux, FreeBSD, Unix... etc.

It is very reasonalby priced and at least with the Linux version there were new definitions available every 12 to 24 hours.

They can be found at

Shoeless 12-26-2003 20:30

Mel, you are unbelievable. Almost every post you write seems like it has hours of tedious research behind it. Girl, you are one valuable resource!


streeter69 01-02-2004 20:28


Originally posted by Shoeless
Mel, you are unbelievable. Almost every post you write seems like it has hours of tedious research behind it. Girl, you are one valuable resource!



Blast 03-04-2004 00:59

Your posts are highly appreciated, MB-G26. You have provided me with tools that saved my rickity old computer.;f
Keep up the good work.^c

MB-G26 04-23-2004 14:28

UPDATE: re-arranged, expanded, and more info
The recent attempted hack of GT's servers got me thinking, as did several inquiry threads. So.... here's an expanded and rearranged update - takes more than 1 posts:

The follow is focused on users of Windows 9.x and up, and of Internet Explorer. IE 6.x users - achieve the same things but you will have to look for where 6.x puts these options w/in IE Internet Tools.

1. DISable virtually everything in ALL "Zones" in IE-> Tools -> InternetOptions ->Security except for the "Trusted Zones", including specifically:
A. All ActiveX entries (1st 5 entries in IE5.5)
B. Cookies (both entries)
C. File and Font download (one entry each)
D. MS VM - Java Permissions (DISable java)
E. Misc: (Access Data Source.... etc., (9 entries, including Installation of Desktop Items...)
(set to HIGH Software Channel Permissions)
F. DISable all scripting entries (3 java/java script entries, Active, Paste & Scripting Java Applets)
D. Set User Authentication to "Annonymous logon"

E. A bit outdated, but for background info re the "Zones" "Internet Explorer Security Zones, by Scott Schnoll"

F. See "Accidental Trojan Horses - Security Problems in Windows 98 PCs" regarding ActiveX issues.

G. Advisable to change the default settings in "My Computer" zone - which can't be done straight manually since it isn't displayed like the other zones. See "Changing settings in the My Computer security zone"

H. Put "*" (w/o quote marks) in your Trusted Zone so it will work properly. Ditto for any other sites you need the otherwise disabled functionalities for.

I. ENSURE each & every single option is DISabled or set to "HIGH" (if that is the most disabling option offered) in the Restricted Zone.

2. DISable/UNtick the following in IE -> Tools -> Internet Options -> Advanced tab.
A. UNtick the boxes for "Enable Install On Demand"

3. Protection from browser high-jackers and others, including silent-download invaders:
A. SpywareGuard: Also free, although donations are appreciated.

B. Browser Hijack Blaster:

C. Go to & look at info re: "Hijack This!" program. Download is mirrored @"Nice Files" page there. Installation will keep your homepage in IE from being hijacked. It "includes a copy of StartupList, that can be run from the HijackThis interface. Updated August 15th, 2004"

4. Protect against Start Page hijacks: StartPage Guard (

5. Protect against infections of spyware: locate, download & install & keep updated the following:
A. Spybot Search & Destroy: also at and a variety of other mirror sites. Home page: Official support forums:

B. SpywareBlaster:

C. HTAstop (in the prevention section, about 1/2 down the page) also on

D. Robin Keir Script Trap

E. WSH Anti-Polymorphism Patch (Wilders)
F. DSOStop v2 (Wilders)
G. Windows Media Player Scripting Fix v1.0 (Wilders)

From the "monitoring" section there at Wilders, get and install:
H. ScriptSentry or AnalogX Script Defender (depending upon whether you have MS VBS installed)
J. StartUp Monitor

from the "misc" section @ Wilders, download and install:
K. BHO Captor or BHOCop

L. Obtain/install Ad-Aware, and use it as a backup to Spybot Search & Destroy. Start w/their main page (AA products require frequent updates, have pay & free versions, & are often the subject of problem complaints immediately after updates/upgrades are issued.)

M. Considering installing EBURGER Windows Security Utility, "a menu-driven batch file utility that allows you to disable, re-enable, or otherwise configure the following aspects of Windows", and his "Windows Script (Host) Uninstaller".

*EBERGER Windows Security Utility:
NetBIOS Over TCP/IP (File & Printer Sharing)
Microsoft DCOM
Microsoft Jet security
Microsoft Windows Script
BHO's (Browser Helper Objects)
HOSTS file
There is an extensive ReadMe.txt included."
This is the same Eric Howe that writes IE-SPYAD (see below- URLs have changed as of 6/04)

Windows Script (Host) Uninstaller
Last Updated: Apr 28 '01
"The Windows Script (Host) Uninstaller is a batch file utility that will uninstall any version of Windows Script, sometimes known as the Windows Scripting Host. It will uninstall Windows Script (Host) no matter the original source of the installation...

Windows Script 5.6 (from
Windows Script 5.5 (from
Windows Script 5.1 (from
Windows Script 5.0 (from
Visual Basic Scripting Support (any version of IE 5)
Windows Scripting Host 2.0 beta
Windows Scripting Host 1.0 (Windows 98 SE)
Windows Scripting Host 1.0 (Windows 98)
Windows Scripting Host 1.0
This batch file will NOT uninstall Windows Script (Host) from Windows ME or Windows 2000 due to the System File Protection scheme that these versions of Windows employ."
N. Consider UNinstalling Windows's "VBS Script" from Add/Remove Programs/Windows Components.

O. Consider changing the "association" of "dangerous file types" to something harmless, like Notepad. (WSH, HTA, SHS-scrap files, MSHTA, etc.) See (Privacy Software Corporation Security Advisory, Friday, April 13, 2001, "EXE2HTML HTA Exploit Generator" - authored by the coders of commercial AT programs BOClean, IECLean, and the freeware HTASTOP.) See also: "Scrap Files Can Tear Your Up",

6. Ensure your "bindings" are properly configured.

Network Bondage
Discipline your network bindings in the privacy of your own home.

Microsoft's networking technology is only required for sharing files and printer services with other Microsoft-based PC's. It is not needed for connecting to the Internet or for using any Internet services. ... exposing Microsoft's weak password protection system to password crackers over the Internet... .

Understanding Adapter, Protocol, and Service Binding

The key to taming your computer's network configuration is understanding what is meant by "binding". For example, we say that a network adapter is bound to TCP/IP or that NetBEUI is bound to File and Printer sharing. ...

The process known as "binding" bridges the layer boundaries to interconnect pairs of individual components residing in adjacent layers. . . . In other words ... By default EVERYTHING [as set up by Microsoft in its OSs] on each layer is BOUND to EVERYTHING on the adjacent layer!
. . .
You don't need to be a rocket scientist to easily see why this is unsafe: The insecure Microsoft networking components the Client for Microsoft Networks and File and Printer Sharing are bound to the Internet's worldwide routable TCP/IP protocol, and the TCP/IP protocol is bound to ALL of the system adapters! Thus, anytime this system has any contact with the Internet, the machine's guts are spilling out for the whole world to access! . . .
(to rearrange your bindings, follow Gibson's step-by-step)

7. DISable Windows Messenger (not the same as the other Messenger)
A. Read and follow: (link out of date - currently culling new ones)

8. Obtain/install a pop-up blocker:
A. Review & comparison of current, popular Popup killer programs is located at

9. Prevent 'bad' websites from effectuating things on your computer:
A. A huge list of bad and universally-undesireable sites into the "Restricted" zone of IE. See Eric Howe's pages which provide IE-SPYAD, a self-installing add-in to the IE Restricted Zone which adds a choice of undesirable websites to that zone.

new home page is:

Protecting Your Privacy & Security (UIUC)

Note the https (SSL) instead of the standard http. The new URL for the IE-SPYAD/AGNIS page is:

IE-SPYAD/AGNIS can convert the URLs ... because the internal structure of the site has remained the same. ... change [old to new] ...
The rest of the URL remains the same.
10. Obtain and install CW Shredder (CoolWebSearch trojan killer program)

11. Ensure no phoney, 'pretending' "anti-spyware" programs are installed. See details here:

12. Ensure machine is running a good, updated ANTI-VIRUS PROGRAM "resident". Obtain an additional AV, such as the freeware AVG6,, and while keeping the 2nd one updated DO NOT RUN IT RESIDENT - RUN IT WEEKLY ON MANUAL LOAD DEMAND.
12(A) Good, reliable, and frequently updated free Anti-Trojan programs are almost impossible to find anymore, but SERIOUSLY CONSIDER spending the $40 for a good AT program. An AV program is NOT any guarantee in the least against a trojan - too much difference between the beasts. I recommend BOClean AT - about $40, & have used it for several years. Tho not affiliated in any way with PSC company or its coders, this is the only AT I have ever recommended.
12(B) If you won't run an AT, next best idea is implementing various fixes and work-arounds to combat trojan infections. Example: SubSeven Trojan info & fix page. also has a TON of 'trojan' and exploit fix tools indexed - free & downloadable, altho dated.

12(C). Anti-Virus programs (not a complete list):

(i) AVG (Anti-Virus Grisoft)
(ii) Trend Micro (including Online virus scan)

13. Ensure the appropriate patches installed from ; ; . There are alternative source sites for MS's patches if for some reason you have trouble w/the MS update pages. (You will have to RE-ENABLE all the ActiveX, Java, Script, Cookies, Download, etc., settings for whatever zone the MS page you use is in.)
D. (back up the URL or use links on page for updates for non win98 updates)

14. Ensure the FIREWALL is updated, if applicable, properly configured, and learn to utilize "Advanced" or "Special" Rules.
A. Consider using a different FW if you believe the one you have is being successfully penetrated.
(A)(1) Sygate Personal Firewall STD and PRO Versions. See the Sygate site for most updated version info. You may be able to download from here

Sygate Personal Firewall (free)
Protects against Trojans, spyware, worms and other known & unknown threats Prevents unauthorized or malicious applications from bypassing the firewall. Enables even inexperienced users to easily customize and fine-tune security policies... Easiest-to-use PC firewall and still free for personal/home use.
If you use Zone Alarm do some research into ZA's various downsides - including false alerts and issues regarding alert sensitivity settings. If you have ZA and choose to go w/a different FW, thoroughly research the UNinstall steps before UNinstalling ZA.

(B). If concerned with FW "alerts" and log entries, Learn to understand WHAT your FW logs are actually indicating.
"Firewall Foresics, What Am I Seeing?"

"Internet Firewalls: Frequently Asked Questions"

(3) Sygate products - FireWall, forums:

(4) Intrusion Detection Services

(5) (firewall) Intrusion & Attack Reporting Center (helpful tips, explanations, FW help, Trojan Ports list, AV Tools, Security Patches, Security News, etc.)

(6) FAQ

Internet Primer
This introduction is intended to provide a basic understanding of how the Internet works and how this applies to firewalls.... This page will just provide a brief definition of many of the terms used on this site.

IP Address
DNS / Domain Name / Host Name
IP (Internet Protocol)
TCP (Transmission Control Protocol)
ICMP (Internet Control Message Protocol
(7) "Firewall Basics"
(8) Firewall Exploits:

"The term 'exploit' refers to a well-known bug/hole that hackers can use to gain entry into the system. This section contains extensive reference information on common exploits and intrusion methods that hackers use to break into systems."
(9) Beyond-Security's

(10) Intrusion Detection Tools:

go to part 2

MB-G26 04-23-2004 14:29

Part 2
15. Utilize a reporting organization for serious intrusion attempts.
This is an excellent site to become familiar with. It is part of the Internet Storm Center/SANS ("SysAdmin, Audit, Network, Security" Institute, established 1989) and has an IP number registration lookup interface - useful for IP numbers reflected in the FW log as attempted intrusions, as well as a recent port useage/exploit lookup. ( Both the ISC and SANS sites are WELL worth perusing. For example, see not only the graphic on the main Dshield page which depicts current threat traffic, but also the "Trends" page on Sans:

If implemenation of 'special' Rules is desired, consider utilizing Dshield's recommended "block list" of offending IP blocks:
Quote: is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized [via reports through their "Fight Back" reporting and cataloging function]. It can be used to discover trends in activity and prepare better firewall rules.

FightBack is now helping users to fight back against attackers. We will analyze submitted log reports and pick a number of strong cases to forward them to the ISP from which the attack originated. A copy of the abuse report will be forwarded to the user.

You have to sign up for 'Fightback'. We will not forward any of your log submissions unless you agree to by using the fightback option.

The user that submitted the log report will be copied on all correspondence. The ISP will receive all relevant log excerpts and we will include the e-mail address registered with, in order to allow the ISP to contact the victim directly.

To sign up for the 'FightBack' program, go to the login page, log in and then check the 'FightBack' box. We'll do the rest.

Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.
(A)(1) Download and install CVT, the a freeware reporting client which processes and sends appropriate log entries to Dshield.

How to submit your firewall logs to DShield

DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.

If you use a firewall, please submit your logs to the DShield database. You may either download one of our ready to go client programs, or use our Web Interface to manually submit your firewall logs. Registration is encouraged, but is not required.
Everybody is welcome to use the information in the DShield reports and database summaries to protect their network from intrusion attempts.
More information about how DShield works is on our home page.
Prewritten clients

DShield "Universal" CVTWIN Client
8Signs Firewall
Agnitum Outpost
AnalogX PortBlocker
Asante FriendlyNET, D-Link, U.S. Robotics, and SMC Barricade routers using RouterLog
Billion Router
BlackIce Defender
eSoft Instagate Firewall
Kerio (formerly Tiny) Personal Firewall
Kerio (formerly Tiny) Software WinRoute Pro
Kiwi Syslog Daemon
Asante FriendlyNet VR2004AC, VR2004C
Cisco ACL (IOS)
Cisco PIX
Clavister Firewall
D-Link Router
Gentek Router
Linksys Router
Netgear Router
Netopia Router
SMC Router
Zyxel Zywall Routers
Linksys Etherfast Cable / DSL router
Microsoft ISA
McAfee Firewall
Norton Personal Firewall
Sygate Personal Firewall
Symantec VelociRaptor Firewall
Tiny Personal Firewall 4.0 and 5.0
Vicom Internet Gateway
Trend Micro PC-Cillin
VisNetic (formerlly Ambra) Firewall
Wingate Proxy Server
Windows XP Internet Connection Firewall (ICF)

"myNetWatchman is a:
Security Event Aggregator
Centralized, web-based firewall log analyzer
Fully automated abuse escalation/management system
. . .
Q: I uploaded an attack report that I know is a false positive, what do I do?
A: Most escalations require multiple agents to report the same source IP address before any action is taken. Moreover, the escalation thresholds for services that generate a lot of false positives (e.g. streaming audio, file sharing, etc.) have been set to very high values.
Therefore, if you upload a false positive, don't worry about it, it will normally be filtered.
If you actually see something get escalated that shouldn't, then please send an email to support."
B. See "Tool leaky - Why Your Firewall Sucks"

16. There are a variety of sites which offer free infection scanning. A word search in TechTalk will result in several threads listing these.

Quick Test
Stealth Test
Browser Test
Trojans Test
Advanced Port Scanner
Exploits Test
B. Security Space Security Audits

Home PC Users
Desktop Audit $9.95 USD/yr
A comprehensive audit package suitable for desktop systems not running server software. Includes a 1500+ TCP port scan and 631 vulnerability tests in the Denial of Service, Windows, Backdoors (Trojans), Firewalls, and Misc. categories.

Basic Audit ( Free ) Run Audit
Our classic port scan - scans 1500+ known service ports looking for services hackers might use to get in.

Single Test ( Free ) Run Audit
Run any of our 2088 vulnerability tests. Unlimited use
C. GRC's "Shield's Up!" Security Analysis

D. Security Analysis Service

E. Firewall Test, Port Scan....

Free Online Security Check
Port Scanning Explained:
Vulnerabilities, Incidents & Fixes

G. Port Scan Security Check

H. Sygate Security Probe page


17. Various utilities would be helpful to have on board, including process viewers (which will show you EVERYTHING that is running - far beyond what the TaskManager - Cntrl-Alt-Del - box shows.) There is at least one freely available at

A. This is another free one - PrcView. There are many payware programs, also.

PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc.
18. Get to know Regedit and your Registry and the Windows Regedit program. Always, ALWAYS keep full, current, manual backups of your full registry stored on removable media.
(A) A Registry info site:

19. Learning to put the HOSTS file to good use is also helpful, but this is limited to certain MS OS's as a nice, fat HOSTS file does NOT play well with some OS's above 9.x
Gorilla Design Studio Presents: Using the Hosts File
(This site is very comprehensive and also links to basically the best HOSTS file sites I know of, so I didn't post them all individually.)


rhikdavis 05-21-2004 17:19

How much to fly you out to my place and just set my computer up. ;f

MB-G26 06-13-2004 00:52

Ah...... but I am in BabyLand.......

Originally posted by rhikdavis
How much to fly you out to my place and just set my computer up. ;f
hehehe..... in fact, I'm temporarily at my sister's in Kali, where all things computer sometimes kinda sort work and Winblows is a rare commodity, lol!

MB-G26 08-07-2004 16:44

Help in totally removing AOHell
Just came across this and thought I'd add it to the 'helpful info' list:
Conferences Windows 98 Family ( )
Topic #983
"Uninstalling AOL" Jul-28-04, 09:09 AM (EDT)


1. "RE: Uninstalling AOL"
Jul-28-04, 10:55 AM (EDT)
I would use the Add/Remove entry.
Then I would look for any AOL related folders in Explorer and run any 'unwise' or 'uninstall' files I found.

Then I'd settle in and get nice and comfy cozy for one of the most rewarding exersizes a computer user can attain, the systematic hunt and destroy of anything AOL in a System Registry.

May want to export one (a copy of the Reg) first, JIC. ...

Then, dump all your Temps and TIF's and defrag that sucker.

2. "RE: Uninstalling AOL"
Jul-28-04, 11:03 AM (EDT)
LAST EDITED ON Jul-28-04 AT 11:06 AM (EDT) by ADZIRK (moderator)

This lists the step you can take. It is a bit old and may be missing some steps for AOL 8 or 9.

How To Uninstall AOL ( )

IMHO the only way you can completely eradicate the AOL virus is to wash your hands with an antibacterial soap for 60 seconds and then perform a clean installation of Windows ... there must NOT be any AOL disks in the home or your chances of reinfection become very high.
(re using IE Repair tool to fix problems after a removal of aoHell which has tampered w/other needed files) ... a file you need has been toyed with when AOL was being shutdown, shut out, or removed.

AOL does not standalone, it fusses with too many other things.

MB-G26 08-07-2004 18:09

IE-Spyads users: new URLs
Jun-21-04, 05:09 AM (EDT)
Note from the much admired Mr.Eric L Howes:

IE-SPYAD/AGNIS Home Page Moved

Hi All:

Over the past year the University of Illinois at Urbana-Champaign has been migrating all of its student and staff accounts to new servers. This weekend my time to migrate finally came (I had no choice in the matter). That means my privacy & security web site has moved to a new location at UIUC with a new URL. My new home page is:

Protecting Your Privacy & Security (UIUC)

Note the https (SSL) instead of the standard http. The new URL for the IE-SPYAD/AGNIS page is:


Unfortunately, there is no automatic re-direct (or even a placeholder notice) from the old web site ( ). The old address is now simply broken.

At this time I have migrated all of my files, and the new web site should, for the most part, work as it did before. Most internal links within the site should work just fine, although there undoubtedly are some which are now broken and which I will be fixing over the next few days.

If you bookmarked particular pages at my site, you can convert the URLs rather easily because the internal structure of the site has remained the same. For every URL or bookmark you had before, change...
The rest of the URL remains the same.

I will be posting this notice at many forums over the next few days. Obviously, I cannot possibly notify everyone on the Net who might be using my web site or IE-SPYAD/AGNIS. If you happen to be a regular at a particular forum and suspect that I'm not, please do pass along the new URL for my web site.

Finally, my regular email has not changed: (munged by MB) if you have questions or problems with IE-SPYAD or AGNIS, you can continue to contact me at that email address with no problem whatsoever.

All the best,
Eric L. Howes

All times are GMT -6. The time now is 04:13.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2015, vBulletin Solutions, Inc.
Copyright 2015, Glock Talk, All Rights Reserved.