1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

tracking cookies that won't permanently go away ... (incl. 2o7)

Discussion in 'General Security' started by angdall, Apr 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. angdall

    angdall Thread Starter

    Joined:
    Apr 20, 2010
    Messages:
    3
    i am having trouble permanently getting rid of several tracking cookies. i know that they are relatively harmless and they are easy to get rid of but my issue is that it seems like no matter what method i use to get rid of them they keep coming back.

    this started about a month ago when i got hit with a handful of viruses which at least one of them installed malware / spyware onto my system and i was finding them attached to normally trustworthy programs and even programs that when you are hit with malicious software you turn to to fix the problem (spybot, AVG, webroot spysweeper, etc).

    and lots of browser hijackers and whatnot...

    after about a weeks worth of research and fruitless efforts to permanently solve the problem i resorted to reformatting and starting over.

    i was problem free until i imported my saved bookmarks from in firefox using the restore option (JSON file) and then i started getting bombarded with tracking cookie alerts from resident shields, etc.

    long story shorter, i haven't had a recurrence of the initial virus(es) but one cookie in particular - 2o7 - & a handful of others were going ape@&*!

    2o7
    yieldmanager
    revsci
    atdmt
    tribalfusion
    realmedia
    webtrends

    so my issue is this ... none of the software / sites i've tried or forums i've read have been able to tell me what is causing this, why i can't permanently get rid of it, where it hides or how it remanifests itself when AVG, spybot, webroot, malware, etc all tell me it's gone.

    it's not the cookies i'm concerned about as much as it's the fact that something somewhere is pulling my PC's strings and i'm powerlesss to stop it. and i know that some malicious software can sit dormant for months until triggered by an action or on a timer or whatever.

    at this point i'd be happy just to finally be permanently rid of this SOB but i'd REALLY like to know the what and where of it if i could because IMHO the creator is a genius. i've been DIY of my personal geeky universe for about 15 yrs and i haven't had something give me this much trouble since back in the early days when i was still learning or was playing with fire and got burned.

    to wrap up, i have logs for: AVG, hijackthis, and webroot spysweeper just begging to be viewed ;)

    thanks in advance

    angdall

    oh and the virus that i think might have been the culprit was SHeur3.GPZ if that's any help
     
  2. angdall

    angdall Thread Starter

    Joined:
    Apr 20, 2010
    Messages:
    3
    i'm not sure why i didn't go ahead and post the hijackthis log since that is generally the 1st thing most ppl want to see ... also since i posted i have dl'd & run SUPERAntispyware Free Edition as well as malwarebytes (FYI)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:04:37 AM, on 4/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\SOUNDMAN.EXE
    C:\Program Files\ImageShack\QuickShot\QuickShot.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\windows\system32\taskmgr.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\windows\system32\dumprep.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
    O4 - HKLM\..\Run: [ImageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [HPHUPD08] "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /S
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 9649 bytes
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,831
    cookies are harmless and you will get tracking cookies whenever you surf the net

    moved to general security as not a malware issue
     
  4. golferbob

    golferbob

    Joined:
    May 18, 2004
    Messages:
    3,896
  5. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    56,816
  6. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear Hewee,
    Quote" Get a hosts file and that will block most bad and tracking sites" Unquote. That's it!(y)(y)

    My thought exactly!

    Dear angdall,
    kindly visit this site to download the MVPS Hosts file : http://www.mvps.org/winhelp2002/hosts2.htm If you peruse the Hosts file ,you will see many of the sites like "tribalfusion"etc, which will be prevented fro playing again in your "pool".

    As advised before, kindly install SpywareBlaster from :http://www.javacoolsoftware.com/spywareblaster.html
    Best wishes.:)
     
  7. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    Since you say you are kind of techie, you should look into Privoxy. I use it routinely. It enables you to block all kinds of internet annoyances.
     
  8. hogndog

    hogndog

    Joined:
    Jan 22, 2007
    Messages:
    227
    [​IMG]

    Thanks he wee and perfume I've saved your information its top drawer.. (y)


    Hogndog
     
  9. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    56,816
    You're welcome.

    I never worry about cookies.

    Well only now in then if I have trouble getting a site to set a cookie because I block things so many ways from hosts file, NoScript, Cookie safe.
     
  10. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear hogndog,
    Most welcome! It was hewee who made me take the first "infant steps" into understanding and putting "Hosts File" to good use! One can manually update the Hosts file or go the automatic route. Hosts Man is one such tool. BUT, when in the right-click context it did not score well, i am not having it in my arsenal. Kindly see my next post, which will follow immediately.:p(y)
     
  11. EmilyRTM

    EmilyRTM

    Joined:
    Apr 21, 2010
    Messages:
    3
    I am using Privoxy to speed up my internet connection. I really didn't know it can do others for me.
     
  12. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear jimI8,
    Since your post followed mine, i am wearing the "Boss Suit" if a techie, which i am not:D! It's Hewee who's the guy, most unpretensious and ever helpful who is the tech-boss!(y)

    I have used Privoxy! I have used Tor! I have used Vidalia! The internet slows down so much , that you feel like you are on your way back home in Bangkok at rush time! Now, i am using Ultra VPN, an open source and free tool which is a"Chunnel", propelling your Bentley along! But, i have seen some connectivity probs. with "Ultra". Don't try any other free VPNs, as all of them are compromised by every kind of"ware". I am chugging along fine and phantom010 already says i have "overkill in real-time and otherwise too". He knows what he's saying, so i have to dump some! Best wishes.

    PS: This, i promised in the previous post! Get WinPatrol! It is a gem for which you need not dig deep! Site : http://www.winpatrol.com/download.html
     
  13. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear EmilyRTM,
    Ah! We meet again! This particular part about Privoxy should be of interest! " You can verify that Privoxy is running, and your browser is correctly configured by entering the special URL: http://p.p/. This should take you to a page titled "This is Privoxy.." with access to Privoxy's internal configuration. If you see this, then you are good to go. If you receive a page saying "Privoxy is not running", then the browser is not set up to use your Privoxy installation. If you receive anything else (probably nothing at all), it could either be that the browser is not set up correctly, or that Privoxy is not running at all" http://www.privoxy.org/faq/misc.html

    Have you gone to the site mentioned above by the developers to check out whether you are actually running "Proxy"?
    Now, here's something to smile about(some may guffaw!) "
    "4.25. I've noticed that Privoxy changes "Microsoft" to "MicroSuck"! Why are you manipulating my browsing?

    We're not. The text substitutions that you are seeing are disabled in the default configuration as shipped. You have either manually activated the "fun" filter which is clearly labeled "Text replacements for subversive browsing fun!" or you are using an older Privoxy version and have implicitly activated it by choosing the "Advanced" profile in the web-based editor. Please upgrade ".

    Now that makes my day! I have learnt that there is a "fun" filter somewhere! You see, dear Emily, if you enter as a novice ( which i still am, but improving daily), you will learn things which nobody can teach you anywhere! This much i can promise you! But some people come to teach and will usually fall flat, because the knowledge base of this site is gigantic! You will make friends and some, you will learn to respect for their knowledge and more importantly"WISDOM". This site has saved my physical health and mentally propped me up many a times, in ways which only i know!:)(y)Best wishes!
     
  14. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    Actually, I think that microsoft/microsuck thing was in direct response to me.

    I've use Privoxy since shortly after it was released, and I used internet junkbuster (Privoxy's direct ancestor) before that.

    Time was, that "fun" filter was set to "on" by default, and I encountered that microsoft/microsuck thing. When I encountered it, I contacted the website owner and suggested his site had been compromised. He checked, and told me that it hadn't been. So I did some simple tests and found that privoxy had done it.

    I then flamed Privoxy all over the net, and blasted the developers directly, both publicly and in email, for doing that. Their response was rather huffy, that I should have known enough to turn off the filter...

    I let 'em have it for that too, and wondered aloud what other insidious things that rogue software was doing. So now, it is shipped with the filter turned off as it should be.

    But Privoxy won't slow down your internet connection. If anything, it will speed it up because it blocks the download of advertisements and prevents a lot of the javascript annoyances that suck up bandwidth (such as predictive downloading).
     
  15. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    56,816
    perfume, I used the hosts file foe years before it hit me that I was not controlling cookies the best way and after I changed so I use the Exceptions list to control the cookies I said wow what took you so long to make the change. The Exceptions list only has sites listed that I need to be there so all others do not.

    With spywareblaster the blocking for Firefox I have disabled because it is not needed. For Firefox all spywareblaster does is add all those sites it blocks to the Exceptions list and marks them as block.
    But my cookies setting all sites are blocked by default so no need to add them to the Exceptions list.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918188