I typed www.spybot.com in the address bar and was taken to PC Security news. Is this normal? The two sites are not related and it appears that the latter is also trying to sell security software.

I then Googled spybot and got to their site here. I then got this message.....CGI-limits reached, please try again later! (What does it mean, please?)

When looking at the Google page, each supposedly correct Spybot homepage has a different URL. Is someone re-routing their traffic?

nerdqueendeluxe,

Go to this page, and download 'Hijack This!'.

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Launch Hijack This, then press Scan, and press Save Log

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

open that file
Go to Edit | Select all
Now click Edit | copy to copy it

Do not change anything just yet
Come back to the forum, Right Click and paste its contents here

Someone will come along and have a look at it, and advise you what still needs to be removed.

Thanks, putasolutions. Those were easy directions.

ogfile of HijackThis v1.97.7
Scan saved at 11:54:18 AM, on 5/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Exploder - http://download.games.yahoo.com/games/clients/y/vtk_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37717.7305555556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

cgi limits reached means that their site is being overwhelmed

The very latest version has just come out and all the security freaks have been downloading it

have you by any chance managed to download and run it?
The reason I ask is that there is no evidence of serious hijacking activity

Close all windows and restart Hijack this

Put a check mark against the following

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

The one in italics needn't be checked, unless you don't want Mavis beacon to start at boot

Click Fix Checked

restart your computer

Post back if it still redirecting

As a matter of interest spybot.com is not affiliated with SPYBOT search and destroy

There is an article on the Spybot search and destroy http://www.safer-networking.org/ which details a long drawn out battle with spybot.com for trying to con users into believing that they were the REAL spybot

Ok, I printed out the instructions and followed them. I still end up with this page when I type in www.spybot.com. When I Google that address I only find links for Spybot S&D. Which is the "real one"? Should I be wanting to download from the link you just provided? Thanks for all the help.

The real one is Spybot S&D, it is mirrored for download from majorgeeks or from the original place here

Unfortunately, due to the success of spybot S&D, Ad-aware and various websites that deal with removing such scumware, these sites have become victims of Denial of Service attacks, designed to prevent people obtaining the tools and knowledge to remove the malware that is installed.

The site you first linked to takes you to a product, which a) you have to pay for and b) installs further spyware

Both ad-ware and Spybot S&D are free (or donationware) and will remain so

Have a read of this interview with Patrick Kolla, the developer of Spybot S&D.

Nqd fell into the Web address trap (as I call it) slight variations in spelling take you some times to Adult sites
The most prolific is off the Yahoo name
also seen graphic copies of Lycos.albeit under other titles Only thing is their searchengines is not Google or Yahoo,who seem to be the only players left after www.alltheweb.com lost their own engine and are now powered by Yahoo(who brought the company)

If you're looking for spybot search and destroy, you can also access it at spybot.info.

As had been said, there are a lot of sites out there with no other purpose than to take you from a mispelled site name or something you might assume is the site name to be. I found a list someone had compiled of this once, and it was quite a long one.

As for search engines, there's a lot more than Yahoo and Google out there, most of them just haven't made much progress while Google, and (to a lesser extent) MSN and Yahoo, have advanced. Expect MSN and Yahoo to gain on Google's quality soon, hopefully pushing all three higher, and probably giving one of them clear dominance Right now, Yahoo has more searchers, Google has more searches, and MSN has plans to begin using their operating system to funnel searchers through.

Here is a link to SPYBOT 1.3

I assume that you are meaning a HOSTS file, methos.

This site has a regularly updated file, and instructions on how to protect your computer

Of course if you use Spybot, this is automatically done for you when you update

No, although I do have a program doing that. It was simply a list on a web page that someone had compiled, for no apparent reason. It included only misspellings and not other sites that would be blocked such as doubleclick.

quote:

---

Originally posted by methos:


As had been said, there are a lot of sites out there with no other purpose than to take you from a mispelled site name or something you might assume is the site name to be.

As for search engines, there's a lot more than Yahoo and Google out there

---

2 points 1st The search engine part what I was saying was not about the sites, but the technology behind them, If you look up the background search engine, all the major sites are split between Google and Yahoos engines (under licence)
It has become more difficult to find an engine outside this Duopoly to find some different answers as Yahoo brought out Alltheweb (only near rival) and replaced that sites almost Google sized engine with its own which is about Half the size of Google Didn't think of the possibility of merging the 2 engines which would have made it about quarter as big as Googles current size

For Putasolutions
As regards the other observation about misspelling site names.A lot of us From the Uk(& World wide) would never have been answerers if it wasn't for something we'd do out of habit.
When I first started searching I had (and still have) the habit of typing".com"instead of".co.uk" But whatever was typed we'd arrive at the site. and we could get the same information.
I'd go sometimes to www.askjeeves.co.uk but I'd type www.askjeeves.com . also www.ask.com gets you to the same place check it out
The lay outs were identical bar a small link
on the page which said Ask other people or Answerpoint
The curiosity drew us in, we browsed around and we signed up, there are several topics somewhere with tales from the old Answerpoint boards both here and on Discussionpool .
This is the oldest front page I can find of the route into our Secret Garden off the www.archive.org site dated Feb 29th 2000
No internal screenshots exists Unless somebody has one saved somewhere?
And here is the original door to this site plus several variations.
And one to post on the other site
http://web.archive.org/web/20030522103611/http://webuser.co.uk/(May 22nd 2003)

Thanks everyone! I guess I really had no real problem in the first place but now I feel a bit more secure about it all. I apologize for the commotion.

I never really liked browser hijack either. But I get the same PCsecuritynews page so apparently they switched form spybot.com.com to something else. But for the correect page go HERE.

ivnj