hiya,

for 2 weeks running, i do a spyware scan every day and everyday i have an instance of gator. i block the program, and go to bed. next day, same infestation.

i have not gone to any sites except here and poker clients. any ideas where this is coming from every time i turn my PC on, and any idea how to stomp it out for good? i've had it before, and blocking it did the trick. this no longer seems to have a permanent effect.

ty

http://bestanimations.com/Animals/Reptiles/Alligator-02.gif

There's probably some code on the whatchamacallit startup file on your PC, and it goes out and retrieves Gator whenever it finds you have deleted it.

I think you should get a program called "Hijack This" It will scan your computer and let you delete anything, there must be some sort of auto gator installer in there somewhere. Be careful, though, deleting the wrong things will have dire consequences.

Do you have a Divx-player? I think the free version have Gator spyware. The same goes for Kazaa (the original, not the lite version).

Christina is probably right and the program I mentioned will let you see all the startup programs. You should then be able to delete the culprit.

Weatherbug also installs Gator spyware each time it runs. No matter how much spyware protection you choose to use if you are utilizing a free program on your PC which installs additional spyware upon running you will be chasing your tail until you uninstall the offending program.

[ QUOTE ]
Weatherbug also installs Gator spyware each time it runs. No matter how much spyware protection you choose to use if you are utilizing a free program on your PC which installs additional spyware upon running you will be chasing your tail until you uninstall the offending program.

[/ QUOTE ]

This is definitely not true. I have Weatherbug running on my computer all the time and I have no instances of Gator on my computer.

"Hijack This" It will scan your computer and let you delete anything, there must be some sort of auto gator installer in there somewhere.

no divix, kazaa or weatherbug. only changes i have made is installing SP-2. also, i have purposely not gone to any commercial sites so i can try and limit it down to the suspected culprit.

i just read an article here http://www.broadbandreports.com/shownews/34679 that says gator sues people for calling it spyware, and it is really OK.

that's BS, cuz i used to be able to purge it.

anyhooo, if i do the hijack this thing and find the gator auto-installer, can i remove it?

ty

http://smilies.sofrayt.com/%5E/0/newsaw.gif

Yep, it will scan, and then show you everything. You can then choose what you would like to delete. If you aren't sure that what you've found is the problem, you may want to post the log at a hijackthis forum to make sure you don't delete something crucial. I think that it will be fairly obvious what it is when you see it, though. It will probably be an item at the very top (under the startup stuff, I think these are 04s).

ok, here is my log from hijack this.

any idea which one of these running processes is causing this?

Logfile of HijackThis v1.98.2
Scan saved at 5:39:19 PM, on 9/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\GetSmile\GetSmile.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

[ QUOTE ]
This is definitely not true. I have Weatherbug running on my computer all the time and I have no instances of Gator on my computer.



[/ QUOTE ]

Are you running the freeware version or the paid version?

I'm running the freeware version and have no instances of gator. Granny, can you post the rest of the log (the ones that have the numbers in front of them?). I'm not 100% sure which one it is, but I will post the log on a couple forums I know and see what they say. Also, someone else here might have an idea.

The spyware usually hides itself in system32 folder, because most people are afraid to delete anyting there.

Try
Run "regedit" enter
HKEY current user
Software
Microsoft
Windows
Run

You should see Default, all that other SH.. you dont need. You can delete it ir do a search on your computer and find where it is hiding in other locations, be especially weary of those files that are series of #'s or letters that make up no important information for you. I also found a great program called xsetup pro which is basically the old version of Tweak but with newer features like hijackings ans spyware etc etc... I have also heard that Hijack this works great but never used myself.

tobdog

Would you mind looking in your add/remove programs folder and see if you have something called either OfferCompanion, Trickler, or GAIN? If so they are Gator spyware entities and can be safely deleted.

i looked for gain etc in the add/remove and saw nada.

i just sent thythe my log, so hopefully he will get me some feedback.

ty everyone

You're in the middle of a nightmare, I know I had the same problem for months and at the end I had to reinstall windows. That did the trick.

Of course, I lost everything in my harddisk.

GL,
William

Go to www.download.com (http://www.download.com) and just run every single spyware and adware removal system they offer, one at a time, until you have cleanliness achieved.

It's funny--you run one, and it removes 143 items, then run another, which removes 29, then another which removes 51, etc.

One of 'em will get it.

What is Gator?
Gator is your smart online companion that fills out forms and remembers passwords. Gator comes with the OfferCompanion application, the premier application for saving money on the web. Yet Gator and OfferCompanion are extremely polite, staying out of sight, popping up only when they can help you.

Although Gator isn't much of a nuisance, it does fall into a group of software known as spyware, sending information about buying habits, etc. for information purposes. For this reason, many people won't use it and want to remove it. The Gator company recently changed their name to Claria.

How to I Remove Gator?

1) Right click on the Gator icon in the System Tray and click on Exit.

2) From the Windows Start button select Settings and then Control Panel.

3) When the Control Panel window opens, double-click on the Add/Remove Programs icon.

4) When the Add/Remove Programs Properties window opens, locate Gator in the list of installed programs. Click on it one time and then click on the Add/Remove button.

5) Follow the on screen instructions.
Place a check in the box for "Delete User Information" if you want user information removed from the Registry. DO NOT place a check in this box if you want the user data retained for a new install of Gator.

This will remove the Gator program from your computer.

Although the above instructions will remove the Gator E-Wallet information, you may still have GAIN (Gator Advertiser Information Network) software installed. GAIN helps keep many popular software applications and services free in exchange for delivering ads, information, and software based on the web sites you view.

Unfortunately, GAIN can only be removed by uninstalling the GAIN supported application. You cannot uninstall GAIN directly. Once the GAIN supported application has been uninstalled, GAIN will uninstall itself as well.

To see the GAIN supported applications on your computer, click on the following link and then continue down the page and click on the link to show you the GAIN support apps on your computer.


Of course, this wasnt taken from this (http://www.pchell.com/support/gator.shtml) site as you all know I'm a PC genius.

Lori

How to Remove Gator Adware?

1) Right click on the Gator icon in the System Tray and click on Exit.

2) Click the Windows Start button select Settings and then Control Panel.

3) When the Control Panel window opens, double-click on the Add/Remove Programs icon.

4) When the Add/Remove Programs Properties window opens, find the entry 'Gator' or 'Gator eWallet' in the list of installed programs. Select it and then click on the Remove button.

5) Follow the on screen instructions.
Place a check in the box for "Delete User Information" if you want user information removed from the Registry. DO NOT place a check in this box if you want the user data retained for a new install of Gator.

However, if you can't find the removal entry in Add/remove Programs options, you need to remove it manually:

1) Open the registry editor ( click Start > Run, and type 'RegEdit' ), select the key HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run. In the right pane, find the entry 'CMESys' , 'GMT', or 'trickler', right click it and click 'Delete'.

2) Restart Windows.

3) Open the Common Files folder inside Program Files. Delete the 'CMEII' and 'GMT' folders.

Another instance of me knowing it all and not stealing at all. (http://www.spyany.com/program/article_ad_rm_Gator.html)

Lori

(I've spent all night removing random gibberish, so I'm quite handy on all these removal programs for about the next ten minutes until I go back to the poker table)

One of 'em will get it.

i had uninstalled adaware a month ago because AOL came out with a spyware program that found a ton of stuff that adaware never found. i made the incorrect assumption that the AOL program was superior, so have only been using that.

just now i reintalled adaware and it found 69 critters!!

while i find that number to be charming, it certainly backs up in a big way what you have just stated. i guess i will use both from now on.

http://smilies.sofrayt.com/%5E/_950/ie5.gif

I've run something like six different programs tonight, and they kept finding different stuff between them.

Of course, I was really happy until I bothered to do all this and suspect there's -EV in me finding I have stuff that needs removing and then learning to remove it rather than just leaving it all there to do whatever it's doing and me being none-the-wiser.

Oh well, at least I'm now a temporary expert in removing things that I don't understand.

Lori

tyr www.pcpitstop.com (http://www.pcpitstop.com) It will help with getting it off of your pc.

1) Open the registry editor ( click Start > Run, and type 'RegEdit' ), select the key HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run. In the right pane, find the entry 'CMESys' , 'GMT', or 'trickler', right click it and click 'Delete'.

HA!! i have about as much nerve to try this as... well, YOU.

the only thing i know about my registry is not to go there.

http://smilies.sofrayt.com/%5E/3/nono.gif

HA!! i have about as much nerve to try this as... well, YOU.

the only thing i know about my registry is not to go there.

Yep, but I looked clever for all of five minutes.

Lori

try this too. run msconfig. startup tiems. That shows you what programs launch on start up.

Granny,

Here's the easiest way to get that stuff off your computer (Short of paying someone $50 or so to do it):

1. Download and install Adaware. Download the updates! <----Do not skip that step.
2. Run a CUSTOM SCAN and check all the options so its scanning everything. EVERYTHING. Reboot into safe mode.
3. Run another custom scan while in safe mode. Reboot.
4. Run another custom scan after rebooting. You should not get anything at this point. If you still are, proceed.

5. Download another program called Spybot search and destroy. Run updates for that, and run it on search everything.
6. Reboot into safemode and run again. Reboot and run again.

At this point, you should have gotten most everything. If you still have not, run Hijack this and post the log again. Also change your IE security settings to MEDIUM.

As a side note, if you surf the internet for 5 hours, then run adaware, it will find some "things" that it notes are "data miners" but you'll see that they are in your cookies folder and are most likely harmless cookies. That does not mean your computer is infected.

Also, if all the scanning with Adaware and Spybot has not fixed the problem, when you run another adaware scan, it should note the program that the files it is finding belong to. Post that. Some of those require specific changes to your registry or specific uninstall programs to finally rid your computer.

Do not reformat your hard drive.

Nick

i have about 18 things there, and no way to copy it to a clipboard that i know of. i only recognize half of them

[ QUOTE ]
ok, here is my log from hijack this.

any idea which one of these running processes is causing this?

Logfile of HijackThis v1.98.2
Scan saved at 5:39:19 PM, on 9/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\pornforoldladies.exe



[/ QUOTE ]

I'm no computer genius but this might be a possibility.

print screen. paint copy on to there and post it here. i think thats how u print a screen.

have you nothing better to do?

http://imagehost.bizhat.com/files/hat.jpg

got to paint edit and paste it there. If need be u can e-mail me the scrren shot. I got 4 things running on start up.

http://imagehost.bizhat.com/files/mscon1.JPG
http://imagehost.bizhat.com/files/mscon2.JPG


thx doc.

http://www.rzitup.com/grannymae.gif

I will be honest I dont know what some of the programs are.

Start with get smile. and qttask. reboot twice. tell me how it goes.

What will happen is the programs will not start on start up. to make them run u will have to click on them. I know qtt is quick time. post it and tell me how it goes. this will also speed up ur pc.

DONT mess with the aols or the rundll

http://imagehost.bizhat.com/files/grannymae2.jpg

not nice



http://smilies.sofrayt.com/%5E/a0/finger.gif

Start with get smile

my smiley programs are all i live for.

i would rather have a worm than lose them.

http://smilies.jeeptalk.org/contrib/owen/council.gif

gator uses a combination of regular files, multiple hidden files (in multiple directories) and REGISTRY key entries to insinuate itself permanently onto your PC.

If you go to the Symantec site, you will find manual step-bystep instructions for removing this piece of junk.

Most times you need to start Windows in 'safe mode' so only the stuff Windows absolutely **needs** to run gets loaded at startup. From there you follow the Symantec/Norton removal instructions. Carefully.

Careful on Google. Some web sites claim to help and then load more crap on your PC. Set your IE security to 'high' (Tools/Internet Options on IE) before you visit any sites with links about anti-Gator removal options.

It's a cruel world.

Here's a link that may help jump-start you:

http://news.com.com/2100-1032_3-5095051.html

I did a search on some of those files. Do you use RealPlayer at all as realsched is related to it. It doesn't seem like something you would want. Also DLHelper is spyware associated with Casino on Net. I don't think that has anything to do with your Gator problems, though. I think Qttask is OK and is related to quick time.

Wow Granny! You have alot of crap loading at startup. Do you have like 2 gig of RAM?

Thank you,

Jim Kuhn
Catfish4U
/images/graemlins/spade.gif /images/graemlins/diamond.gif /images/graemlins/club.gif /images/graemlins/heart.gif

Granny,

I'll take a stab at this. First off, out of all the spyware you could have gator is a pretty tame one. Second, The reason it might be showing up is a false alarm. I believe it is gator that puts in a reg entry that can't be deleted(It gets corrupted is the registry and is just there).

I do have a few questions. Did you try Spy Bot Search and Destroy? Second, If you want you could speed up your computer alittle bit by getting rid of some of the things that are in your startup, esp. DirectCD and from what I can see is Most of the startup item can go.

P.S. For anymore help I'll have to ask for a cash transfer. lol

Qttsak is quick time. The thing is you dont need it on SU. I will look into it more. Try www.pcpitstop.com. (http://www.pcpitstop.com.)

While trying all these spyware programs, try spysweeper as well, it is my favourite.

Dink

Thought I'd bump this up and see if others have any ideas. I can't figure out what would cause Gator to reinstall here, nothing seems to look too dangerous.

Granny have u tried pc pitstop? Also blocking the site on explorer. I had something that would load it everyday. I blocked the site and have yet to have it.

If Granny went through the steps I listed, it should be gone, and I'd be very surprised if it wasn't. Then again, if it wasn't, he should have posted another hijackthis and adaware log.

Nick

I would at least remove the following:
- SK9910DM
- DirectCD
- WKsSb
- WkDetect
- wkfud
- GetSmile
- realschd
- AOLSP Scheduler
- AOL Dial
- qttask
- Money Express
- HDDHealth
- America Online Tra..
- DLHelperEXE

Just a quick look. I would have to look some up the entries before I would remove them.

http://www.sysinfo.org/startuplist.php