The New York Bass Forums banner
1 - 10 of 10 Posts

·
The Anti-Senko
Joined
·
8,857 Posts
Discussion Starter · #1 ·
I got some kinda freakin' virus on my computer. I think the file that is causing me these problems in winservn.exe.

I can't delete it. Some f'n autoexec program keeps running itself a replicating all kinds of shit on my computer. It is overriding my Home Page with some other web page:

http://www.startium.com/index.php?dst=DIST1

and keeps trying to send me to a sandboxer.com.

I am freakin" screwed!:cussing:
 

·
Registered
Joined
·
38 Posts
Huge,

You may actually have spyware loaded. Even if you delete the file there are settings in your computer that will reload them. Go to this website, download and run this software Adaware. This will clean up any spyware you might have. At times spyware can run and take over your system similar to the way a virus does. Although it will not damage your files it can make your system slow and practically unusable.

http://www.lavasoft.de/software/adaware/

Good luck,
Anthony.
 

·
Administrator
Joined
·
11,529 Posts
My favorite anti spyware is spybot great freeware program that does the job. run it TWICE, run it it will make you reboot at the end then run it again after reboot.
 

·
The Anti-Senko
Joined
·
8,857 Posts
Discussion Starter · #5 ·
Anthony, I wish I would have read that before! LOL! Instead after about $100 dollars worth of McAfee products and advice I did dowload Ad-Aware 6.0. I think the problem may be solved. Unfortunately, I still have a problem that existed before this incident. Typing text on the internet is painfully slow. I am not sure if it is a browser of cable connection problem. Typing this paragraph was a pain.:cussing:
 

·
It's been a long time...
Joined
·
899 Posts
Ready???

John,

Both Ad-Aware and Spybot are excellent programs. I have BOTH installed, and run them both on occasion. Sometimes one sees a problem that the other misses on differing occasions. You MUST make sure each one is updated before running them. Just like antivirus software, new "definitions" for ad/spyware are issued almost daily.

Here are a couple more suggestions. Follow them with CAUTION.

First, check your "Startup" folder for a possible shortcut that doesn't belong there. This folder can be found at START > PROGRAMS > STARTUP. Any icons you see in that folder are shortcuts to programs which will run once Windows is booted up.

Normally, a few shortcut icons WILL be there, pointing to programs which, in whole or in part, are to be run at system startup. One or more of them could be pointing to spyware or a culprit file which is corrupting your system (unbeknownst to any antivirus software, because it appears like a "normal" system operation). Right-clicking the various shortcuts and choosing PROPERTIES will reveal where they are pointing. If one seems suspect, move it to your Recycle Bin, change your browser homepage URL to the one you prefer, and restart your computer. If your problem(s) no longer present themselves, go ahead and empty your Recycle Bin of the offending shortcut for good.

Slightly off the subject, often times, there are so many various applications running in the background that are NOT associated with ad/spyware that slow a computer down substantially. Many of these are associated with the "safe" shortcuts found in the Startup folder. You can delete those, restart, and check that the programs they are associated with are not affected. Most of the time, they are not. But don't delete those shortcuts permanently from the Recycle Bin until you are absolutely sure you are having no problems.

This is a rather simple thing to try. There are other places within your operating system which instruct files to be run upon system startup as well (for example, the Windows "Run" Registry Key accessible through MSCONFIG), but for now, just check the Startup folder.

*************

Second thing to try. This is a bit more advanced, but you seem to have the gist of computer knowledge down, and it applies to you if you are running Internet Explorer as your web browsing program. I once had my browser homepage "hijacked" to where even if I correct the homepage URL back to what I wanted, it could go back to the changed webpage after every restart. This was FRUSTRATING! Sad thing, it wasn't a virus, so it went undetected by a scan - perplexing!

I did a little research, and found the direct solution for my problem. What someone did was design an executable HTA file and wrote some net code to insert this small file (about 1KB) into the C:\Windows\Fonts folder. You see, at every system startup, all the contents of the fonts folder are executed in order for the system to recognize all the typefaces installed. Unfortunately, the clever programmers of the HTA file figured out that an HTA file, too, will be executed as well when inserted into the fonts folder, and it changes the Windows Registry Key for Internet Explorer's Start Page to change to a URL it's programmed with!

Here's the fix. Run a search on your entire C drive for "*.hta" (less quotes) and see what you find. HTA files normally are associated with HTML - the language of the web, and the code can be used to change Windows Registry/browser settings.

You may find several HTA files on your system - some are normal. Look carefully at each file's DATE and LOCATION (right-click and choose PROPERTIES to see the date in the Search Results window). If there is a culprit HTA file, then it will have a file date which matches when your browser hijacking took place, and it will VERY likely be located in your C:\Windows\Fonts folder OR there will be a Startup Shortcut pointing to it.

Rename the file extension ".hta" to ".hta_" (thus eliminating any recognizable association with the file), change your browser's homepage URL to the one you prefer, and restart your computer. You might be pleasantly surprised. Delete the file permanently upon ferreting it out.

*************

Once you scan and clear your system of all the spyware, bad registry keys, bad cookies, etc. using the programs above, and your browser hijacking problem is solved, visit www.windowsupdate.com and get the latest Critical Updates from Microsoft. You probably will see quite a few that you will need, and they will solve the security holes which allow system compromise. Check for new Critical Updates regularly - say once a month.

A couple more things to consider. I don't get many instances of Ad/Spyware/System takeover because I am a fairly careful web surfer (and I even have a broadband connection at home).

One of the things I do is use the Custom Privacy Settings in Internet Explorer 6, which allows a user to allow only selected sites to place "Cookie" files on my system (NYBass is safe to allow for Cookies, by the way - it's necessary for log-in purposes). Assuming you are using IE6, you can access these privacy controls by clicking on IE's Tools Menu, then clicking Internet Options. Whereas most are benign and no threat, some cookies are "3rd Party Cookies" which are designed to track your online habits.

Also, avoid the vast majority of so-called "free" programs out there (Gator, Comet Cursor Plus, etc). Be careful what you accept when it comes to the "automatic downloads" window often appearing on web pages. Many contain spyware or are adware. This means they contain code which the programmers allow 3rd party developers to place in there for the purpose of tracking your online habits, or to display advertisements, including those dreaded "pop-up" ads - some of which will appear even when you are not surfing the internet! And whether you mind that sort of thing or not, as they run, they are robbing your system of processor clock-cycles, slowing it down little by little as all of them start adding up over time.

Wow, I hope that wasn't overwhelming for you - there's actually a LOT more that could be discussed on Windows operation/application management, but I think were off to a good start here. I wish I could spend just 15 minutes at your computer, John. I'll bet I could get it back up to snuff in that time - like you bought a brand new one!

Or, maybe, we could all give up our PCs and get Macs.......HA! :p

Good luck!

Tight Lines...
 

·
The Anti-Senko
Joined
·
8,857 Posts
Discussion Starter · #7 ·
Rob, thanks....this damn thing is still haunting me. The files just keep replicating themselves after I delete them. I'll have to see what the situation is tomorrow or is that later today. LOL! It is getting late and this Yankee game is going on forever.
 

·
Smile, and enjoy life!!
Joined
·
2,160 Posts
look for winservn.exe and any variation. like winservx.exe. they are all removable. rob j's advice is right on.

also aeio.exe and aei.exe

these are loaded by webpages theoughout the net.

let adaware remove all cookies everyday. use it EVERYDAY!!!

there are some bad spyware programs out there, and you must keep on top of them if you have cable and are leaving all port unchecked and open.

rob j
gregg
and a few others are well versed in internet tech and security, and i consider myself to be pretty well informed.

your other problem baffles alot of guys i have posed it to. we all still fall back on spellcheck overrides in microsoft products that are preloading. a complete format and reinstall of windows, and all hardware/ software... with a systematic install.. keeping records and testing after each program will do you wonders. sounds really bad, but can make a machine work really well.

keep up on defrags, disk scans and try not to install crap you will be taking back out.

clutter kills.


1227am yeah marlins win game 4

sorry
anyway

clutter kills.. keep it clean and organized.

robbie
 

·
Administrator
Joined
·
11,529 Posts
Great advice from Rob & Rob

I would like to ad that with all these problems I hope you have started updating your back ups of any important data on your computer! and not just the obvious remember to copy bookmarks, e-mail addys everything. Make sure you have good copies of all your programs and their key codes. You never know when you might choose to or be forced into a reload of windows.
 

·
Registered
Joined
·
429 Posts
Huge did you install that patch ?

If not, follow that link I posted above and download the patch for whatever version OS you are running.

It fixed a stubborn problem for me.
 
1 - 10 of 10 Posts
Top