Hi ,

I have been searching everywhere (Snopes, Symantec, Google, etc.) for information on the following files, which have invaded one of my clients’ computers:

winfixid.exe (I suspect this might be some kind of “sniffer” to reveal an IP address, but have no proof. Most of the hits on Google are in Chinese, which I cannot read.)

“drpepper.ath.c4” and “dirtyshack” (these seem to be dialers. I have disable the autoconnect feature on the lady’s computer, but I have to go back now to her house now that I have the complete file name.)

She is running XP with Norton AV, ZoneAlarm, Spybot, and AdAware, and they are not finding any problems. I’ve removed a bunch of junk, but these weird windows are still popping up.

Any ideas would be appreciated.

Sue

Sue,

Spyware can be difficult to track down and destroy, but there is a method for purging the computer of these unwanted guests. Now you need to stop internet access on the machine, once you have disconnected the machine from the internet follow the steps listed below.


Go to Start | All Programs | Accessories | System Tools and select Disk Clean-up, after it has analyzed the computer you will be at the Disk Cleanup main menu. Below you will see a box that says “files to delete”. Put a checkmark in the following boxes “Temporary Internet Files” and “Temp Files”, click on the OK button and this will clean out the files in those temporary directories, this is where MOST of the spyware is left even after you run the spybot programs, this should clear it out. Now run Norton Antivirus and Spybot again to make sure the computer is clean, Spybot should ask you to reboot the computer if it finds anything that it needs to purge and it cannot while you are running windows, at this point the computer should be clean, let us know of this has helped.


Note: You should make sure that you have the latest AV and Spyware definition files loaded, this will help in detecting the latest threats. Moreover, to protect the computer from further intrusions get the latest Windows XP updates from Microsoft and install a Firewall, this will help keep your computing experience a safe one.

Thanks, Denman, for the great suggestions. Unfortunately, I have already done all that you suggested, including the Disk Cleanup. I use it routinely whenever I go to work on a computer because residual internet files often cause trouble. I have also used several of the malware/spyware removal tools to no avail.

As noted in the first post, she has a firewall, anti-virus, etc. etc....all updated. I personally put every utility on the machine and made sure it was up to date before I started my work. I'm going back to her place on Saturday to dig a little deeper.

I will continue the quest for a solution. Again, thanks for the suggestions. Let me know if you think of anything else.

Sue

Susan,

If you cannot locate the Ads please see this website, it has a ton of information on spyware..

http://inetexplorer.mvps.org/Darnit.htm

Also...this might be coming from another source, such as the messenger service (Not MSN messenger) it is different. You can download a program from GRC that will check for this vulnerabilty.

http://www.grc.com/stm/shootthemessenger.htm