I have a problem with an intrusive creepy diversion. My
privacy/firewall/anti-virus is all functioning (I think), but I Keep
getting shot off to:
http://srng05.srng.net/9899/search/searchcat.php?p=98569&source=3&id=200401280055172131226942&appId=41&keywords=http://www.bombayduck.co.uk/ShoppingCart.asp
(the www.bombayduck part is just the latest manefestation)
It's an intermittent irritant which sometimes happens when I try to
follow a link on a Google search, or just navigating between links
within a site, but I've also ended up there when I've typed a full
www.address in the address line. All very annoying, especially as
"back" and other exit attempts bring a string of effing
pop-ups/downers with them, and, having been shot-off where I was, I
have to retrace my steps to get back to where I want to be.
And today, although Google is my "home page", my PC bypassed this and
I got shot to the srng.net menace instead.
Sorry, this may be too much detail.
Please tell me how to stop this monster,
thank You |
Request for Question Clarification by
pinkfreud-ga
on
01 Jun 2004 15:45 PDT
This is a very pesky intruder indeed. The good news is that it can be removed.
Are you comfortable with editing the registry?
|
Request for Question Clarification by
aceresearcher-ga
on
01 Jun 2004 19:11 PDT
cherry,
What anti-virus program are you running?
|
Clarification of Question by
cherry-ga
on
02 Jun 2004 10:28 PDT
Hi Pinkfreud,
Good to hear that the intruder can be shifted. I'm not at all
comfortable with editing the registry, but if it's the only way, I'll
have a go. I would really need to have idiot-proof instructions
though.
Hi also Aceresearcher,
I use Symantec's Norton Anti-Virus (2002 version), and keep it updated
and scan weekly (no virus found).
Thank you,
Cherry
|
Request for Question Clarification by
pinkfreud-ga
on
02 Jun 2004 11:17 PDT
Cherry,
I can well understand your reluctance to edit the registry. There are
many "malware removers" out there, but I am aware of only one removal
tool that is known to handle the "srng" abomination (this intruder is
also known as "ShopNav.") You may want to try PestPatrol:
http://www.pestpatrol.com/PestInfo/s/shopnav.asp
Unfortunately, PestPatrol's removal tool comes at a price. The "home
user" version costs $39.95. There is a free "detector" tool, but it
does not clean the nasties out of your computer.
If you decide to go after the intruder yourself, there's more info here:
http://www.securemost.com/articles/trou_3_remove_shopnav.htm
And here:
http://securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.html
And also here:
http://www.doxdesk.com/parasite/ShopNav.html
Please let me know if any of my suggestions have done the trick for
you. I'm leaving your question fully open for other Researchers, but
if I've led you to a solution to your problem I'll be glad to post the
official answer and claim the fee.
Best wishes,
pinkfreud
|
Clarification of Question by
cherry-ga
on
04 Jun 2004 09:45 PDT
Hi Pinkfreud,
I?ve looked at the sites you suggest, with no success. Symantec?s
removal instructions (and the others) tell me what installation
folders, HKEY and .dll files to remove, but I can?t find any of them.
Pest Patrol?s on-line scan found 39 infestations, but not one that
looked like srng, and Symantec?s on-line scan didn?t find it either
(they posted the shopnav/srng definition last year, so it should?ve
been picked-up about 40 full system scans ago, but it hasn?t so far).
Windows Explorer only found two inexplicable items containing srng
(one in a Notepad file simon@srng05.srng[2], and one in documents and
settings bradshaw@srng[1], which look like email addresses).
So, it looks like srng but maybe isn?t? I could format my hard drive
and restore everything from scratch, but I?d like to keep the nuclear
option as a last resort. Other advice?
Thank you,
Cherry
|
Cherry,
Maybe the best thing to do is just start from scratch, without trying
to target any specific menace. So let's check for the presence of any
kind of scumware (also known as spyware or adware).
Please download, install, and run the following free utilities:
Spybot Search & Destroy
http://www.security.kolla.de
AdAware
http://www.lavasoft.de
*** IMPORTANT ***
The first time you run them, or if you already have Spybot and/or
AdAware installed on your PC, be sure to download the latest updates
first **each time you run them**.
*****************
Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.
Before Rating my Answer, if you have any Questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.
Please let me know whether you are able to resolve your problem, or
whether you need more assistance.
I hope that this Answer provides exactly the information you were seeking!
Regards,
aceresearcher |
Request for Answer Clarification by
cherry-ga
on
06 Jun 2004 14:11 PDT
Hi Aceresearcher,
Your answer isn?t entirely satisfactory.
I had already installed and run Spybot, which detected and removed a
whole load of vermin. I ran another PestPatrol scan, and it found
stuff Spybot had missed, but at least the total was down by half. I
liked the belt-and-braces approach you suggested, so also installed
and ran Ad-aware, hoping to scoop-off the other half; it was a bloody
disaster!
My computer wouldn?t let me login, even in Safe Mode, and I ended-up
having to boot from the XP CD, doing a fix with wsaupdater from there,
then editing my registry to restore the original userinit. I only got
this far because I happen to have a second computer, so could access
the Ad-aware user forum, and found someone with the same problem and a
geeky cousin.
A lovely sunny Sunday, and I?ve spent six hours wrestling with this
nightmare! Now, you couldn?t know that a pal had already suggested
Spybot, and I?m sure you wouldn?t have suggested Ad-aware if you
thought it would bollix my computer, but in view of my miserable
experience, I think the decent thing to do would be to give me some
advice about what to do next, and not treat it as a new question. Does
this sound like the problem?s fixed, and it?s safe to run a
scan-and-purge? Or (given that it?s obviously a known issue at
Ad-aware, even with the paid-for version, and they?re still offering
the iffy download) should I just uninstall it?
Thank you,
Cherry
|
Clarification of Answer by
aceresearcher-ga
on
06 Jun 2004 15:30 PDT
Cherry,
Computer problem Questions often require a few rounds of
Clarifications between Customer and Researcher; that's why I ended my
original Answer above with the following statements:
"Before Rating my Answer, if you have any Questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.
Please let me know whether you are able to resolve your problem, or
whether you need more assistance."
I am indeed very sorry that you've had such problems; I've had to do a
complete reformat from scratch and reinstall all software on my
computer a couple of times in the past, and I know it's time-consuming
and frustrating, and you have my deepest sympathies. I know quite a
few people -- including myself -- who run AdAware regularly, in
addition to all the Customers at Google Answers who have successfully
resolved their scumware problems using it, and your instance is the
first of which I've personally known where the user had this kind of a
problem.
Have you gotten your computer working again from the information
provided in the Forum Post you found? (If you can post the URL for
that post here, that would be helpful to me.)
ace
|
Request for Answer Clarification by
cherry-ga
on
08 Jun 2004 04:54 PDT
Hi Ace,
I think I just had the misfortune to download Ad-aware between them
finding the trouble and fixing it (the fix is now included in the
update).
If you want to look at the stuff on the user forum, it's at:
http://www.lavasoftsupport.com/index.php?showtopic=29752
Most of the posts gave advice about editing the registry from a
network, so this post was the one that helped me (don?t know what
you?d do if your version of XP was an OEM. With my laptop, I had to
fake a fire to get IBM to send me the recovery disks, which they only
do when it?s still under warranty):
LooseMoose Posted: Jun 3 2004, 03:45 AM
Newbie Group: MembersPosts: 1Member No.: 65873Joined: 3-June 04 I
have a solution to this. It happened to my dad earlier today and I've
been trying to correct it for 6 hours. After some searching and failed
attempts. I put my windows XP cd back in (home edition) and got to the
recovery prompt. You should be in C:\windows now follow from
here:C:\windowstype 'cd system32' the directory should now
beC:\windows\system32type 'copy userinit.exe wsaupdater.exe' 1 file
should be copied, now REBOOT!My login hung for about 15 seconds then
got to finishing with the ad-aware. My dad is now gladly running amok
in cyberspace again. Hope this helps anyone that can't access the pc
on a network like me. All thanks goes to my cousin Brian Meloche for
being the smartest computer geek I know. =)
Also, it was another post that said you had to edit your registry
after doing this, and change the HKEY back to the original userinit
(HKEY_LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\Current
Version\Winlogon and then right click to modify
C:\Windows\System32\wsaupdater.exe, back to
C:\Windows\System32\userinit.exe, and this last comma?s crucial).
Thanks for your help,
Cherry
|
Clarification of Answer by
aceresearcher-ga
on
08 Jun 2004 07:00 PDT
Cherry,
It sounds like you've got everything resolved -- I just want to
doublecheck to make sure that that's true. If it's not (or you start
having problems again), please let me know so that we can take care of
it.
Best Wishes!
ace
|
