32 users online (1 members and 31 guests)  

View Poll Results: I have unknowingly been hijacked by Gator...

Voters
1114. You may not vote on this poll
  • I have run Spybot search and destroy or Adaware and did not find Gator on my system at all

    248 22.26%
  • I have run Spybot search and destroy or Adaware 1 time and did find Gator

    146 13.11%
  • I run Spybot search and destroy or Adaware frequently and rarely find Gator on my computer

    84 7.54%
  • I run Spybot search and destroy or Adaware frequently and find Gator almost everytime has infected my computer

    636 57.09%

Thread: Delete Gator


Page 4 of 8 First 1 2 3 4 5 6 7 8 Last
  Results 46 to 60 of 117

Related

  1. how to delete duplicate row fom table    Forum: Databases
    Replies: 0
  2. cant delete/add my schools    Forum: Myspace Forum
    Replies: 3
  3. Confirmation box before delete    Forum: HTML Forum
    Replies: 4
  1. #46
    Mr. Blue's Avatar
    Evil twin of Dave

    Status
    Offline
    Join Date
    Jul 2001
    Location
    MA, USA
    Posts
    148
    I run Ad-Aware frequently and I've never found Gator on my system. I frequently get the pop ups that ask me to install it but I just say No.

  2. #47
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Sometimes, just saying no does not work! depends on how good your firewall is protecting you...

    nitewing
    Ann/nitewing

  3. #48
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    I found something much better than adaware and it is completely free.....read it well and you will have no problems!

    http://security.kolla.de/

    Below is part of a post I made in another forum...


    adaware could wipe out the prior version of xupiter but not the new and improved version!

    Spybot can handle it though.

    I understand that adaware has some problems in recognizing a problem related to commonname and may ruin dial up connections in trying to remove this when connected to some of the newer scumware....Lavasoft has abandoned the 5.8 and hasn't updated the ref file in months...they are working on a version 6 that, they admit, still falls short of the mark, and is already long past release date.....no beta testing on it either...we would have to be the giunea pigs.

    Anyway, I am still going to use 5.8 for cookie cleaning as there are some, log in, cookies I want to keep, so I just blocked spybot from my cookies.


    Guess you can tell I am excited about it!

    I had to do a complete reformat and install over xmas and believe me, I want no more of that!

    Something got through and messed some things up, bad went to worse, plus I found out afterwards that ms recovery had a bug and needed patching...suspect that is what caused the comp to bite the dust....

    And so on, and so on, and so on, or is it---etc., etc,.etc..

    Good luck with the newest app...let's hear it for the scumware fighters!!!
    Ann/nitewing

  4. #49
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    Ann,

    Besides adaware I have also been telling folks about SpyBot search and destroy. I use both, accepting that no single program can keep up with the current surge in scum, I feel a little more secure this way.

    It has been a long delay in updating the ref file, it seems lavasoft has been letting politics interfere with what is best for the consumer.

    I had not yet heard anything in regards to the dial ups, what have you heard on this?

    Dave
    AHFBWEB Less customers per server, more power for you!

    Business Class Shared Hosting

  5. #50
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    http://www.spywareinfo.com/newsletter/archives/december-2002/12312002.php

    There is a good starting point.

    Enjoy...if you are not paranoid now you will be when you find out how much spyware is after you!

    Ann/nitewing
    Ann/nitewing

  6. #51
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    I am not paranoid, it is the people watching me that are


    Here is a pretty nice list
    http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
    AHFBWEB Less customers per server, more power for you!

    Business Class Shared Hosting

  7. #52
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Yeah, and he has a forum on spywareinfo forums that is really really good...heck, if you run iinto a problem those people that hang out there can help and WILL help...FAST. Plus you learn about new spyware as it shows up!

    Case in point: Turbo tax and cdilla!

    The spyware detector writers are in there punching away helping get rid of spyware that is messing up the computers of others.

    I was amazed to find so many helpful people!

    Net-intergration boards are good too, run by the guy who is dedicated to keeping spybot up with all the latest....updates to Spybot S&D are almost daily as well as to Highjack This.

    This is a great board too, but I like finding places that are dedicated to one important thing like spyware removal...

    (still love ya, Dave!)

    Nitewing
    Ann/nitewing

  8. #53
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    The primary aspect of wire taps, spyware and other snooping activities by whomever that causes me not to get overly worked up is the fact that incomptence normally rules when more than two people try to get together to do anything.

    Now, since I've installed Adaware, I just disovered a whole bunch of Gator stuff on the last run - never had any before that.

  9. #54
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Just hope you don't run into anything newer! Lavasoft has not updated since the last ref file, months ago.

    Spybot is updated everytime one of the nasty devils rears it's head. I run the updater before checking just to be safe.

    Nitewing
    Ann/nitewing

  10. #55
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Here's the contents of the c:\windows\gatorplugin.log file found with some others and half-dozen registry entries removed by Adaware this morning.

    IEPlugin v3400 starts Mon Jan 13 17:51:41 2003
    Plugin file is "C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEGATOR.DLL"
    IEGator GUID is 4006E7B0-0FB2-4345-B388-083B138E80AF
    FixSwwApp(Gator): SWW setting not present.
    FixSwwApp(Offers): SWW setting not present.
    PIL_CreateInstance() returns 05260370
    Plugin function is "hd (OK)"
    Params:
    src="webpdp.gator.com/v3/download/trickler_3210.ex_"
    bgcolor="FFFFFF"
    aic="HIC_L90DT"
    rs="1"
    wuid="PIOczgr6AgYAAD7LXsQ"
    Validating SRC URL: OK
    Performing HD run-ability checks:
    1 secs since Registration... OK.
    IE is using HKCU (default) for security settings.
    IE's ActiveX security level is 0 (enable)...Aborting.
    Set end-msg: IEAXNOVS (SecLvl=0)
    Removing Trust entries....
    No Trust entries found.
    Uninstalling this plugin...
    Module 05110000 filename is "C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEGATOR.DLL"
    Unregistering DLL....SUCCEEDED
    HKCR\Interface\{4006E7B0-0FB2-4345-B388-083B138E80AF}... didn't exist.
    HKLM\Software\CLASSES\Interface\{4006E7B0-0FB2-4345-B388-083B138E80AF}...
    didn't exist.
    HKCR\TypeLib\{4006E7B1-0FB2-4345-B388-083B138E80AF}... didn't exist.
    HKCR\CLSID\{4006E7B2-0FB2-4345-B388-083B138E80AF}... didn't exist.
    HKCR\Software\Microsoft\Code Store Database\Distribution Units\{4006E7B2
    -0FB2-4345-B388-083B138E80AF}... deleted OK.
    Deleting "C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEGator.inf"... OK
    Deleting "C:\WINDOWS\Temporary Internet Files\Content.IE5\S1GF4V6R\iegator
    _3490_hd3ptdm[1].cab"... OK
    Displayed FrameMsg: "Invalid HD permissions"
    Done URL not specified.
    LogGS:
    LogGS: 200: gs.gator.com:80/Cmd/client_log_event
    "SETUP=MID%5fIEGATOR%05END%05D0B3307B%2d254E%2d11D7%2d99DC%2dE1531319F824%05HI
    PIL_DestroyInstance(05260370)
    Log closes Mon Jan 13 17:51:44 2003


    So, just what does all that mean. I also reaccessed this forum and MotleyFool and found another doubleclick cookie via Adaware.

  11. #56
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    So, just what does all that mean.
    Not sure really, may want to check out www.spywareinfo.com/yabbse/

    I also reaccessed this forum and MotleyFool and found another doubleclick cookie via Adaware
    No doubleclick cookie from me, I did get a contract from them but I decided not to sign it, they have since become maxworldwide.

    Dave

  12. #57
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    Actually, the more I look at it the more it makes sense.

    Give me a few minutes to break down what I can.

    D
    AHFBWEB Less customers per server, more power for you!

    Business Class Shared Hosting

  13. #58
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    I will only post the lines that I can figure out.

    src="webpdp.gator.com/v3/download/trickler_3210.ex_"
    This one is kind of amusing in that the file is called "trickler_3210" it has been reported that trickle is just what it does. If you disconnect before the download is complete it will continue when you log back on. All in the background of course.

    Plugin function is "hd (OK)"
    could hd(OK) actually be hide(OK)?

    IE is using HKCU (default) for security settings.
    IE's ActiveX security level is 0 (enable)...Aborting.
    Not sure what it is doing , especially with what I found later on down the page...
    Removing Trust entries....
    No Trust entries found.
    I could not figure out as much as I had hoped anybody else want to take a stab at it?

    Dave

  14. #59
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Actually, I'd just nuke the thing and be done with it....
    Ann/nitewing

  15. #60
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Yeah, that file's gone, but you can bet it's going to reappear until I discover the site I'm visiting that's installing it - I suspect any of the 0catch.com sites with all the pop-ups but am not sure.

    I'm just hoping someone else with much more experience in these matters than I can find a method within that documentation that might allow one to discover where the "installation" began - or maybe even a way to send that crap all back to 'gator' when any other attempt is made to install it.



Page 4 of 8 First 1 2 3 4 5 6 7 8 Last

Tags for this Thread