Anyone knows how I get rid of tracking cookie?
Have one locaeted c:\documents and settings\eier\cookies\eier@cgi-bin[1].txt
That seems to be a hard one to get rid of, this one makes a lot of other cookies... (and now a folder called or located c:\windows\mslagent\)
Anyone knows what this cookie does? I really appreciate all help I can get
Jump to PostHave you tried deleting it in safe mode !
C:\windows\mslagent\mslagent.exe is added as the results of the SIMCSS.B virus.,is there any EXE files in the C:\windows\mslagent folder
http://securityresponse.symantec.com/avcenter/venc/data/trojan.simcss.b.html
Jump to PostTry Going into tools /internet options /privacy and click ,advanced and override auto cookie handling and check off block 3rd party cookies
Jump to PostSeems to be OK now... Thnx,
but can you tell me what DSO Exploit is, when I´m running spyboot search and destroy it always find something called DXO Exploit and when I remove it, and restart and run SD again it´s back again...What is DXO Exploit?
Its is a …
Jump to PostTry this. Follow this path & delete the contents of the folder.
C:\Documents and Settings\Administrator\Cookies
Have you tried deleting it in safe mode !
C:\windows\mslagent\mslagent.exe is added as the results of the SIMCSS.B virus.,is there any EXE files in the C:\windows\mslagent folder
http://securityresponse.symantec.com/avcenter/venc/data/trojan.simcss.b.html
I got rid of the mslagent in safe mode, but now I get a tracking cookie callet @cgi-bin still comming in the map called cookies...
Need to get rid of that one, it keeps collecting some other spyware as mslagant..
Someone who knows what to do, need some help on that one. Please
Heres a linkk from Pestpatrol... don´t tell me much except that it is a tracking cookie..
Try Going into tools /internet options /privacy and click ,advanced and override auto cookie handling and check off block 3rd party cookies
Seems to be OK now... Thnx,
but can you tell me what DSO Exploit is, when I´m running spyboot search and destroy it always find something called DXO Exploit and when I remove it, and restart and run SD again it´s back again...
What is DXO Exploit?
Its back again... The tracking cookie...
Sorry, but it did´t work.
Anything else I can do to get rid of the cookie?
Pleease help me further :)
Seems to be OK now... Thnx,
but can you tell me what DSO Exploit is, when I´m running spyboot search and destroy it always find something called DXO Exploit and when I remove it, and restart and run SD again it´s back again...What is DXO Exploit?
Its is a bug in the new spybot ,nothing to worry about .You can set spybot to ignore it so that it doesn't report it all the time .
Run spybot in advanced mode ,go to settings /ignore products/security ,and check off dso exploit.
Hi Crunchie...
Nice site, but I have a problem downloading from it.. Is there anything else I can do to remove the tracking cookie.. and what about DSO Exploit? Know what that is?
JaY2
Thnx caperjack...
I didn´t get rid of the cookie anyway... Maybe you or crunchie have som other ideas to help me out with the tracking cookie.... (im really tired of that cookie)
Heres my log from HJT:
Logfile of HijackThis v1.98.0
Scan saved at 14:37:34, on 12.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
C:\Programfiler\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Eier\Mine dokumenter\My Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Open Image in New Window - res://C:\Programfiler\PopUpCop\popupcop.dll/imagenew
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
Try this. Follow this path & delete the contents of the folder.
C:\Documents and Settings\Administrator\Cookies
Deleted only one file (index) in the path.
Still got the tracking cookie cgi-bin
Make sure all browser windows are close and fix these .
O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE
Also if it were my computer i would uninstall the Incredimail program pronto.
If you know what site you are geting the cookie from you can block it in your security settings .
And if you haven't all ready install these programs .
After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .
Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.
also check how i got infected in the first place .
Hi Crunchie...
Nice site, but I have a problem downloading from it.. Is there anything else I can do to remove the tracking cookie.. and what about DSO Exploit? Know what that is?
JaY2
I just went to that site and clicked on the download link and in a bout 8 seconds i had that program ,what problems were you having !
Removed the files you pointed and will post my new log...
About that site, i got it now... earlier I had the message: cannot display this page
The HJT log:
Logfile of HijackThis v1.98.0
Scan saved at 20:36:17, on 12.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\updatev01.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Eier\Mine dokumenter\My Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe
O4 - HKLM\..\Run: [UVDesktop] C:\Programfiler\Ultra Networks Software\Ultra Virtual Desktop\UVDesktop.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Open Image in New Window - res://C:\Programfiler\PopUpCop\popupcop.dll/imagenew
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
But when i´m running adaware I still get a tracking cookie (data miner), get headace of this problem... It is not a problem in first plase but, after som hours or a day, the tracking cookie leave som spywares (last time mslagent) Seems like this is a hard one to get rid of.
Right click on Internet Explorer then left click on properties. Go to Privacy & under settings click on advanced. Select over-ride automatic cookie handling & select prompt for both. You then get to select what cookies you want & what cookies you do not want.
This is working now.. Thnx a lot to you both... owe you guys big time!
(something that is still bugging my mind, when I turn off the settings the cookie returns.. It comes right back when I turn on or go searching IE) So I guess I can´t put the settings back. Have you heard about this tracking cookie before? Is it a big Issue?
from a very grateful JaY_2
Thank you, Thank you, Thank you, Thank you....
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.