In message , tony sayer
writes
In article , Tim Lamb
scribeth thus
In a momentary fit of insanity I allowed an offering of Explorer 8.0 (I
think) to download.

The only visible consequence is an overnight firing up of Explorer such
that I am greeted each morning with a Windows related advert.
Curiously the screen is prevented from entering sleep mode.

Today's offering was for a Windows driver scanner for a Brother printer.

I am using XP with service pack 3. I know this system is about to be
unsupported so am becoming very nervous about anything uninvited!

Any thoughts?

Did you download it from the real Microsoft website as sometimes down
loads for such aren't the real thing and come packages with other
"wares"...


Like Firefox that can come from other then the Mozzie foundation site..

Yes - beware of where you download Firefox from.

As my existing Firefox was not quite behaving as normal, I decided to do
a fresh install. The first site that Google brings up is:
http://preview.tinyurl.com/o7n6tro
BIG MISTAKE!
I was a bit suspicious when I was offered various additional 'extras' -
which I rejected. But despite rejecting the kind offers, I was left with
ZoneAlarm searchbar on all of my browsers, and ZoneAlarm as the home
page. I'm still busy getting rid of it. Why Goog£e to££erate these bogu$
website$ is $ure£y my$tery (or i$ it?).
--
Ian

In message , John
Rumm writes
On 29/01/2014 13:23, Tim Lamb wrote:
In message , John
Rumm writes
On 29/01/2014 11:08, Tim Lamb wrote:

Excellent Fred! I do use Firefox as default browser but keep Explorer as
an alternative for sites that limit your access.

I am going to struggle recognising what can safely be removed. Anyway no
online purchases or bank access FTTB.

Work on the principle that if malwarebytes flags it, have it delete
it. Keeps it simple.

er.. It flagged about 15 but only ticked 2 for removal. I should have a
fresh list tomorrow and plan to post some examples here for comment.

It will not automatically tick the "potentially unwanted" programs
(i.e. some browser search engine replacements etc). However its still a
safe bet to right click on the check box list and choose "select all"
from the popup.

Right. The full scan list on photo bucket. Looks totally confusing to
me!
http://s828.photobucket.com/user/TimLamb/library/
--
Tim Lamb

On 30/01/2014 18:33, Tim Lamb wrote:
In message , John
Rumm writes
On 29/01/2014 13:23, Tim Lamb wrote:
In message , John
Rumm writes
On 29/01/2014 11:08, Tim Lamb wrote:

Excellent Fred! I do use Firefox as default browser but keep
Explorer as
an alternative for sites that limit your access.

I am going to struggle recognising what can safely be removed.
Anyway no
online purchases or bank access FTTB.

Work on the principle that if malwarebytes flags it, have it delete
it. Keeps it simple.

er.. It flagged about 15 but only ticked 2 for removal. I should have a
fresh list tomorrow and plan to post some examples here for comment.

It will not automatically tick the "potentially unwanted" programs
(i.e. some browser search engine replacements etc). However its still
a safe bet to right click on the check box list and choose "select
all" from the popup.

Right. The full scan list on photo bucket. Looks totally confusing to me!
http://s828.photobucket.com/user/TimLamb/library/

Like I said, have it nuke the lot of them ;-)

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

In article , John
Rumm writes
On 30/01/2014 18:33, Tim Lamb wrote:

Right. The full scan list on photo bucket. Looks totally confusing to me!
http://s828.photobucket.com/user/TimLamb/library/

Like I said, have it nuke the lot of them ;-)

If any additional confirmation were required, totally agree, junk, junk
& more junk, bin em :-)

--
fred
it's a ba-na-na . . . .

In message , fred writes
In article , John
Rumm writes
On 30/01/2014 18:33, Tim Lamb wrote:

Right. The full scan list on photo bucket. Looks totally confusing to me!
http://s828.photobucket.com/user/TimLamb/library/

Like I said, have it nuke the lot of them ;-)

If any additional confirmation were required, totally agree, junk, junk
& more junk, bin em :-)

Hooray! No morning firing up of Explorer and no advert!

Well done chaps:-)

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


--
Tim Lamb

On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

--
Tciao for Now!

John.

In message , John Williamson
writes
On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

Actually it has returned without intervention from me!


--
Tim Lamb

In message , John Williamson
writes
On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

Should I strip out Malwarebytes or will it depart naturally when I fail
to sign up for the paid version?


--
Tim Lamb

In article , Tim Lamb
writes
In message , John Williamson
writes
On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

Should I strip out Malwarebytes or will it depart naturally when I fail
to sign up for the paid version?

No harm in leaving it, it will only run if you invoke it and as you've
picked up junk in the past it would be worth running periodically to
check for unseen naughties.

Also, you'll be re-running it in a few days to check for re-infection,
right :-?

It's slightly worrying that your browser google search prefs returned on
their own, that implies something has run in order to change them which
looks suspicious to me. Anything dodgy will get picked up on your re-run
later (with updated defs) and it may have been a prefs click you made.

While your infection appears to have been pretty benign adware, it
wouldn't do any harm to download and run Malwarbytes beta anti rootkit
scan (details in my first post) overnight to make a clean sweep.
--
fred
it's a ba-na-na . . . .

In message , fred writes
In article , Tim Lamb
writes
In message , John Williamson
writes
On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

Should I strip out Malwarebytes or will it depart naturally when I fail
to sign up for the paid version?

No harm in leaving it, it will only run if you invoke it and as you've
picked up junk in the past it would be worth running periodically to
check for unseen naughties.

Also, you'll be re-running it in a few days to check for re-infection,
right :-?

OK:-)

It's slightly worrying that your browser google search prefs returned
on their own, that implies something has run in order to change them
which looks suspicious to me. Anything dodgy will get picked up on your
re-run later (with updated defs) and it may have been a prefs click you
made.

Yes. Anything naughty seems to happen overnight. I did nothing to
re-instate.

While your infection appears to have been pretty benign adware, it
wouldn't do any harm to download and run Malwarbytes beta anti rootkit
scan (details in my first post) overnight to make a clean sweep.

OK again. I have used an MS anti rootkit scan in the past. Nothing found
on this machine with active Norton but my wife's laptop running Vista
and no paid protection turned up something.

--
Tim Lamb

On 01/02/2014 10:26, Tim Lamb wrote:
In message , John Williamson
writes
On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

Should I strip out Malwarebytes or will it depart naturally when I fail
to sign up for the paid version?

It will sit there doing nothing til you run it next time. The non paid
for version is not "active" or resident as such - its just a single shot
scanner.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 01/02/2014 11:55, fred wrote:
In article , Tim Lamb
writes
In message , John Williamson
writes
On 01/02/2014 09:36, Tim Lamb wrote:

The only changes noticed so far is that I've lost Google (UK): in
explorer where you could restrict searches to your local country. The
icon is still there on the toolbar but just opens up a general search.
Who wants pricing in dollars?


:-? Americans. If you don't, you can set the search engine to
google.co.uk or anything else you wish either by using the right click
menu on the search engine button or going into the setup program.

Should I strip out Malwarebytes or will it depart naturally when I fail
to sign up for the paid version?

No harm in leaving it, it will only run if you invoke it and as you've
picked up junk in the past it would be worth running periodically to
check for unseen naughties.

Also, you'll be re-running it in a few days to check for re-infection,
right :-?

It's slightly worrying that your browser google search prefs returned on
their own, that implies something has run in order to change them which
looks suspicious to me. Anything dodgy will get picked up on your re-run
later (with updated defs) and it may have been a prefs click you made.

Just visiting the google.co.uk site can set a cookie indicating that is
your preference - then visits to the the .com automatically redirect.


While your infection appears to have been pretty benign adware, it
wouldn't do any harm to download and run Malwarbytes beta anti rootkit
scan (details in my first post) overnight to make a clean sweep.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/