[AT] Off topic, computer related.

[Steve W.]

charliehill wrote:
> Update.
> 
> I've gotten this thing beat down to two files that I can't remove 
> .....YET....   I was finally able to download Spybot search and destroy but 
> it won't get these files either or even find them.  I've found some web 
> sites dedicated to this problem but the solutions are manual solutions that 
> require going into a particular folder and substituting an instruction 
> stream that has to be cut and pasted from the web site.  First I have to get 
> comfortable that the web sites are legit and then get comfortable with the 
> proceedure but I'm gonna do it.
> 
> If any of you ever do a web seach, click on a link and then think to 
> yourself that the link took you somewhere different than what you thought 
> you might have the problem.   Look for these files:
> 
> Now it's comming up clean except two files:  C:Documents and settings\All
>>> Users\applications Data\Temp:A8ADE5D8:$Data
> 
> and  C:Documents and
>>> settings\All Users\applications Data\Temp:DFC5A2B2:$Data
>>>
> 
> If you have either of these files or a similar file with a differerent 
> alpha/numeric stream but in applications data\Temp or if you find any files 
> that have the extension $DATA then you need to figure out how to get rid of 
> them.  I don't know how long I've had this problem but for months, maybe 
> over a year my computer has been slow and I've often gone to web sites where 
> I thought the link was a misrepresentation of what the web site really was. 
> If they hadn't gotten greedy and started doing stuff that made my computer 
> unusable there's no telling how  long they would have gotten away with it.
> 
> By the way,  I run anti-virus and anti-spyware software and keep my drive 
> cleaned up.  I don't know exactly when or how the problem got started.  I 
> guess there must have been a period of time that my protection was off for 
> some reason.
> 
> Thanks to all that helped me on the list and especially to Mike Sloane for 
> repeatedly helping me off list.
> 
> Charlie
> 

You will find a lot of temp files. Those are usually windows swap files.

BUT there is a way to eliminate them.

First shut off system restore. Shut down the machine. When it comes back
up enter safe mode. While in safe mode use search and just type in temp.
Run it and then delete the files.
Next type in .tmp and then delete those.

That will clean up your temp files.

Shut down and let the machine come back up.
Go in and turn system restore back on.

The reason you got hit is that a redirector isn't really a virus or
spyware. Many programs won't see it because it essentially drops a
simple command in the registry that goes down a list of sites at random
whenever you go online. It then substitutes that url in place of the one
you selected. Sort of fits into a malware definition except that other
than causing apoplexy in computer owners it really doesn't hurt you...

-- 
Steve W.