bitamo, nexoa, xitamo showing up in IE history

The above mentioned sites, and a few other (mostly to do with airline tickets, but not limited to) keep showing up in my IE browser history. I don't even use IE anymore, have been using firefox...

I've scanned with zone alarm internet security suite, and spybot s&d, but don't have much faith that it's been removed... i've tried searching google for info on these sites, but come up with nothing... anyone have any idea as to how they keep coming back or what they are? (obviously adware, yes, but why only in IE?)

also, when i downloaded adobe reader, it comes with and installs adobe gamma loader, which i dont need or want; it unnecessarily takes up resources... how can i get rid of this??

thanks

 

To stop adobe gamma loading go to start/run, typre msconfig. Go to the startup tab. Find it in there & untick it. That will stop it loading.

 

I don't know if you've found the reason for these sites showing up in your IE history, but I did yesterday when I got the same thing.

I kept hearing the "clicks" that IE does when you click on links and such, and I use Firefox. Then IE opened on intrade.com while I was installing the latest XP security patches (!). When I checked the IE history, I saw all those weird sites I'd never been to:

nexoa.com/rankboost.php?KHJUK
nexoa.com/deliver/cs.php?16
bitamo.com/search/x.php?qry_str=codes
xitamo.com/search/x.php?qry_str=codes
nexoa.com/deliver/cs2.php?kw=codes&140

Sorry about the long list, I figured it might be useful.

I scanned my system with Spybot, Ad-Aware and I also have Spyware Blaster. They're updated weekly. I also use PC-cillin, and that gets updated automatically, usually daily. They didn't find anything. I also have a firewall and a (wired) router.

Then I scanned with PestPatrol and it spotted it, and identified it as TrojanClicker.Win32.VB.lj (Pest Patrol site).

There's not a whole lot of information on it yet (it's new), but thankfully it's easy to get rid of. I found %profile%\local settings\temp\cserver.exe on my hard drive. How it got in, I don't know yet. After the scan, it cleaned the offender, I rebooted and I checked my firewall log, and it was nice and clean.

If you don't have PestPatrol, at least visit the link I posted for a bit more info about that particular trojan.


Claude

 

>>The above mentioned sites, and a few other (mostly to do with airline tickets, but not limited to) keep showing up in my IE browser history. I don't even use IE anymore, have been using firefox... <<ClaudeM

Speaking of which - Did you know that there is a gaping hole in the default setup for IE which allows the very "last entry" of your Clipboard Contents (text) to be clearly seen by other sites out there on the WEB?

Malevolent websites can use this to very easily steal potentially sensitive data still stored on your Windows clipboard. Additionally, any browser that is a 'child' of Internet Explorer [for example Maxthon], will also reveal the last "text item" you copied onto your clipboard!!!

Check it out here: http://projectip.com/
[Scroll all the way down to: "Miscellaneous Info]"​

Anyhow - Here's the Fix: Go to Tools > Internet Options > Security > Select a security zone > Custom Level > Scripting > Allow paste operations via script and set it to Disabled or Prompt.

Good Luck!

 

Thanks for the detailed fix, I've set mine from Enabled (default, I guess) to Prompt, and will see what happens. Bazza

===

 

>>Thanks for the detailed fix, I've set mine from Enabled (default, I guess) to Prompt, and will see what happens. Bazza << bigbazza

Oh anytime, my pleasure bigbazza! : )

I was actually researching something else on Google and accidentally happened across that ProjectTip.com website. It was a great tip so I thought I’d pass it along in here!

Good Luck - and a 'belated' happy birthday to you, bigbazza!

 

Just clicked on the projecttip.com website. It told me lots of stuff about my PC. How come Zone Alarm didn't even flicker to warn me that someone was accessing my laptop?

PS; Thanks for the birthday wishes. Bazza

===

 

Re;www.Nexoa.com This w/s tried to connect every time I switch on my computer.I've tried the fix suggested by "big bazza" and "computable"to no avail.
Whether I set to promp or disable, it makes no difference.I've down loaded pest patrol and scanned with the lastest updates.It dosent find it.How do I get rid of this annoying pest?Thanks "whatthe.."

 

Looks like a trojan. Thanks Google.

 

Guys

Can you all please stop posting live links to possible adware/spyware sites. If these sites are behaing in this manner then we obviously don't want our less savvy users visiting them, we are already busy enough in the Malware forum thanks

 

Sorry Matt, you're quite right, I'll delete the links next time.

 

No problem I think Halo has got most of the worse ones now.

 

RE nexoa etc.I found "iewind.exe" in C:\Documents and Settings\\Start Menu\Programs\Startup which i beleive to be a trojan.However it wont allow me to delete it.(access denied)I also found ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf in C:\WINDOWS\prefetch.So; a. How do I get rid of iewind.exe and b.should I delete the prefetch file? Thanks.Whatthe..

 

Clearing out your Prefetch entry is only the equivalent of deleting a shortcut.
The original entry is still on your PC and has to be deleted separately.

Maybe post your query in the malware forum, would get you a more informed solution.
http://forums.majorgeeks.com/forumdisplay.php?f=35 Bazza

===

 

A funny thing about this bitamo, nexoa thing. People have made comments about the Adobe Gamma Loader being the culprit however, I believe I've found another. As soon my computer starts up, and zonealarm initialized, I always got the messgase, "You computer has been prevented from accessing www.bitamo.com." ZoneAlarm actually works! After trying to solve this problem on my home computer, today I have the same problem at work. Right click on "Start menu" "Explore" "Programs" "Startup Folder" reveals a program called "iexplore.exe" It's 20.0 kb and listed as version 1.0.0. This is crap and ultimately proved to be the cause of the bitamo, nexoa crap on both comps. Although you cant delete the program directly from the folder. I cut and pasted it from the folder to the desktop, then restarted the computer and cut and pasted it from the desktop to the recycle bin and deleted it. Now it works great. No "bitamo" alerts from ZoneAlarm and IE works fine.

Hope this helps,

xplaner800