![[dr. bob]](/dr-bob-sm.gif)
Dr. Bob is Robert Hsiung, MD,
bob@dr-bob.orgShown: posts 1 to 16 of 16. This is the beginning of the thread.
Posted by anastasia56 on May 24, 2005, at 13:26:56
at first i thought, wow, we're allowed to use color in our posts now...and underlined. Then i clicked on one of the words and it took me to an ad. These green words are sprinkled thru-out the babble posts. Has anyone seen these or do i have a worm? I use internet explorer.
ana
Posted by Dinah on May 24, 2005, at 13:49:01
In reply to green words in babble posts, posted by anastasia56 on May 24, 2005, at 13:26:56
Posted by NikkiT2 on May 24, 2005, at 13:54:33
In reply to green words in babble posts, posted by anastasia56 on May 24, 2005, at 13:26:56
Ah,
You have a nasty little bug.. not a virus, but psyware (aka malware aka ad ware).
You'll need to use some software to remove it.. AdAware is really good, and nice and simple to use.. you can get this at http://www.lavasoft.com
First, you need to clear your cache in IE.. tools | internet options | delete files
Then, close all your explorer windows. make sure Adaware has all the most recent updates, and then run it.. You WILL get alot of stuff found, so don't panic by the sheer numbers of it!
Spy bot is also very good.. but not quite so simple to use..
let me know if you still have problems.
Nikki x
Posted by TamaraJ on May 24, 2005, at 16:35:21
In reply to green words in babble posts, posted by anastasia56 on May 24, 2005, at 13:26:56
I had the same thing recently, except the words were blue and underlined. On Sunday, I started having serious performance problems with my computer and had to have it serviced. The technician who worked on my laptop said that it was infested with viruses, worms and trojans. It took him over an hour to clean it up (he had to delete a lot of the viruses, etc. one by one). Anyway, I already had AVG virus protection, but had probably installed it too late (system had already been infected). So, the tech installed Norton and 3 different spyware programs. The blue, underlined words seem to have disappeared. Phew! Hope you can get your system cleaned up.
Posted by gardenergirl on May 24, 2005, at 16:56:02
In reply to Re: green words in babble posts » anastasia56, posted by NikkiT2 on May 24, 2005, at 13:54:33
I am always so impressed by your expertise!
gg
Posted by so on May 24, 2005, at 17:29:38
In reply to green words in babble posts, posted by anastasia56 on May 24, 2005, at 13:26:56
AdAware Personal Edition is one of the better rated spyware detection utilities, but is reported to find only about 54 percent of common spyware exploits. A virus protection software like Norton can find others. Some sources recommend using several utilities to find and manage the range of exploits known to exist.
Sometimes effective removal requires inactivating the program from the current windows session -- the close program utility in Windows can be activated by simultaneously entering ctrl+alt+delete once --- twice will start a shutdown of your system.
In the Close programs dialogue, if you are the target of some exploit, it will often show up on the list - probably near the bottom. You can cut-and-paste each item from the list into a google search form and usually get quick information online about what is running in your system. If you find information in Google that says it is an exploit, select the item and then the button labeled "end task".
Another freeware, RegCleaner, lets you manually delete programs other utilities might not find. RegCleaner offers about six tabs, some of which let you delete necessary components. But the "start-up" tab returns a list where it easy see what is loaded when you start your computer - you only need system tray (systray), Explorere and vital utilities -- such as the auto-protect feature of your anti-virus software and your audio system management.
I would be interested to read the name of this exploit, which I suspect will show up near the bottom of a list of active programs if you review the close program dialogue. Also, are the highlighted terms pharmacogical terms, hyperlinked to some on-line drug sales site?
Posted by anastasia56 on May 24, 2005, at 21:18:02
In reply to Re: green words in babble posts » anastasia56, posted by NikkiT2 on May 24, 2005, at 13:54:33
hi nikki,
thanks for trying!
i downloaded the personal version of ad-ware se and ran it like 800 times...ok maybe six, and i'm still seeing the green underlined words plus the addition of a gazillion ad popups. There are so many popups i can't see babbleland from here.
so i now have run pctuneup to get rid of the 'aurora' ads (but not the rest) and i also downloaded the beta microsoft spyware version and one by cox, my cable provider. no go on any of them.
let me know if you have any other ideas. whatever this is is also hijacking this as i try to type it.
ana
Posted by anastasia56 on May 24, 2005, at 21:20:54
In reply to Re: green words in babble posts » anastasia56, posted by TamaraJ on May 24, 2005, at 16:35:21
tamara,
that sounds like this! where did you find someone to work on it? i was thinking of the geek squad at best buy. i haven't heard if they are any good. i'm glad you were able to get yours fixed. i'll let you know if i have success.
ana
Posted by TamaraJ on May 24, 2005, at 21:31:06
In reply to Re: green words in babble posts » TamaraJ, posted by anastasia56 on May 24, 2005, at 21:20:54
I called a computer service place that makes house calls LOL. I am in Canada, but I am sure if you look in the yellow pages, you will find similar services. I called a few places to check prices before I picked one. Anyway, the one I chose was quite reasonable, and someone came the following morning and had everything cleaned up within a couple of hours or so. The spyware programs were free, but I had to pay for the Norton anti-virus program (you can get AVG for free, but I don't think it is the most current program). I was really pleased with the service, and will use them again if I have problems.
Good luck.
> tamara,
>
> that sounds like this! where did you find someone to work on it? i was thinking of the geek squad at best buy. i haven't heard if they are any good. i'm glad you were able to get yours fixed. i'll let you know if i have success.
>
> ana
Posted by anastasia56 on May 24, 2005, at 22:46:08
In reply to Re: green words in babble posts, posted by so on May 24, 2005, at 17:29:38
i tried your suggestions below and so far it is working. i deleted about five different programs. cvshost, osa and a few others. i tried to end program on csrss as it is listed in google as suspect but it isn't delete-able as it is considered a priority by windows.
the selected green words are not medical in nature. they don't seem to follow any particular pattern, just nouns.
thanks in advance for your help. i really appreciate it.
ana
Sometimes effective removal requires inactivating the program from the current windows session -- the close program utility in Windows can be activated by simultaneously entering ctrl+alt+delete once --- twice will start a shutdown of your system.
In the Close programs dialogue, if you are the target of some exploit, it will often show up on the list - probably near the bottom. You can cut-and-paste each item from the list into a google search form and usually get quick information online about what is running in your system. If you find information in Google that says it is an exploit, select the item and then the button labeled "end task".
Posted by so on May 25, 2005, at 0:17:13
In reply to Re: green words in babble posts » so, posted by anastasia56 on May 24, 2005, at 22:46:08
> i tried your suggestions below and so far it is working. i deleted about five different programs. cvshost, osa and a few others. i tried to end program on csrss as it is listed in google as suspect but it isn't delete-able as it is considered a priority by windows.
>
> the selected green words are not medical in nature. they don't seem to follow any particular pattern, just nouns.
>
> thanks in advance for your help. i really appreciate it.
>
> ana
>Well, by golly, at least I helped one person.
googling must've told you cvshost.exe is added by the Gaobot.AO worm, which opens machines to exploits when you use IRC.
Problem with csrss.exe is, it is the process that drives Microsoft Client/Server Runtime Server Subsystem, but it is also a file name for a W32.Netsky.AB@mm worm, the W32.Webus Trojan, Win32.Ladex.a and more. It is a significant threat, which arrives as an attachment to e-mail and can e-mail itself to other people, steal passwords and other personal data.
OSA could be "office start-up assistant" a legit component of MS Office XP, but you don't need it to run. But exploits can use familiar names, as does csrss.exe. Important thing is to shut down as much as you can before cleaning up the system with AdAware and Norton or whatever. If you just shut them down but don't clean up, they can come back. Also, even the best freeware spyware-cleanups only go so far -- most offer segue's to "pro" versions that cost.
A manual, google-informed housecleaning with RegClean is still a good idea if your comfortable pruning that close to your vital system registry, but you have to watch out for exploits that mimick legit processes.
Posted by anastasia56 on May 25, 2005, at 0:29:39
In reply to Re: green words in babble posts » anastasia56, posted by so on May 25, 2005, at 0:17:13
these guys certainly make it difficult to get rid of these things. Like that crcss program. The one spelled in lower case is credible and should be left alone. The CRCSS.EXE in upper case is the nasty one. Since your computer recognizes that crcss.exe is necessary to running windows, they won't let you delete it. Since the Capitalized version of that is basically the same, you can't get rid of the virus program either. very tricky to be picking on the names of programs that arent deletable.
Posted by so on May 25, 2005, at 0:38:14
In reply to Re: green words in babble posts » so, posted by anastasia56 on May 25, 2005, at 0:29:39
> these guys certainly make it difficult to get rid of these things. Like that crcss program. The one spelled in lower case is credible and should be left alone. The CRCSS.EXE in upper case is the nasty one. Since your computer recognizes that crcss.exe is necessary to running windows, they won't let you delete it. Since the Capitalized version of that is basically the same, you can't get rid of the virus program either. very tricky to be picking on the names of programs that arent deletable.
Your experitise is growing quickly. Thanks for filling me in on the case sensitivities.
Funny, it's a hassle to me and others, but I can sometimes appreciate the motivation and creativity of the folks who launch some of these things. Are your unwanted hypelinks gone now?
Posted by AuntieMel on May 25, 2005, at 9:15:51
In reply to Re: green words in babble posts » so, posted by anastasia56 on May 25, 2005, at 0:29:39
Can you do a search (find) on uppercase CRCSS.EXE and delete the file? Of course you would need to be sure the correct one also exists before deleting.
And while you are doing all this it might be helpful to be using netscape instead of IE. Many, many of these bad guys take advantage of IE security holes.
Posted by anastasia56 on May 25, 2005, at 13:59:24
In reply to Re: green words in babble posts » anastasia56, posted by AuntieMel on May 25, 2005, at 9:15:51
good idea i'll try that. i also have mozilla so i'll try it in that browser.
blast this thing is back, it seems to be propagating itself.
Posted by so on May 25, 2005, at 14:45:32
In reply to Re: green words in babble posts » AuntieMel, posted by anastasia56 on May 25, 2005, at 13:59:24
> blast this thing is back, it seems to be propagating itself.
That's probably because it is still embedded in the list of start-up programs. When one shuts it down with "close programs" it might stop it during that session, but if it's in the start-up menu, it will come back when you restart. That's why I recomend using the start-up list tab of RegCleaner. Sometimes the "Find" function of Explorer (not i.e. - Explorer the desk-top utility that is part of Windows) won't find hidden files, and Windows hides files for much of it's vital processes, ostensibly to protect uninformed users from their own mistakes.An interim fix is to close the program each time one starts the computer.
This is the end of the thread.
Psycho-Babble Administration | Extras | FAQ
Dr. Bob is Robert Hsiung, MD,
bob@dr-bob.org
Script revised: February 4, 2008
URL: http://www.dr-bob.org/cgi-bin/pb/mget.pl
Copyright 2006-17 Robert Hsiung.
Owned and operated by Dr. Bob LLC and not the University of Chicago.