Block-Checker

Discussion in 'Malware Help (A Specialist Will Reply)' started by Stonekiller, Sep 4, 2005.

  1. Stonekiller

    Stonekiller Private E-2

    Hi,
    I am having serious difficulty in removing 12 persistent registry entries that Spyware Doctor picks up as the High Risk "Block-Checker" Hijacker.

    I have carefully read the suggested spyware removal tips and done everything you say I should do on your page http://forums.majorgeeks.com/showthread.php?t=35407 but the problem still persists. Notably the only thing I couldnt do to the letter was the two online scans under Safe mode with Networking as I have a dial up connection and I couldnt get it to work in safe mode.In normal mode neither picked up a thing.(although in the process I managed to get infected with Alexa..removed now though!)

    I can remove the registry entries using Spyware Doc but after a reboot they reappear. I have also noticed that in Spyware Blaster 6 cookies manage to unrestrict themselves after each reboot. Details as follows:

    The persistent Registry entries:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com##
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings\P3P\History\commission-junction.com
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com##
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com##
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net##
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com##
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net##

    and the 6 cheeky cookies in Spyware blaster are:
    LinkSynergy, FastClick, Fastclick (2), Commission Junction, Commision Junction (4), BFast (This is as much info as I can seem to find)

    Bearing in mind I only have a slow dial up and this whole process has taken me all night to no avail, I would very much appreciate any fixes you may be able to suggest as my patience is running very thin!

    Please let me know if you want a HJT log or anything as I also have this available to use.

    Many kind regards
     
    Stonekiller, Sep 4, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    They are false positives (i/e., not problems). All the items in the

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

    registry key are put there to protect you. Personally I do not care for Spyware Doctor too much. It has too many problems like this. However make sure you are running the current version with current updates before condeming it completely.

    This is the reason you keep losing your SpywareBlaster protection. Stop having SpywareDoctor fix them.
     
    chaslang, Sep 5, 2005
    #2
  3. Stonekiller

    Stonekiller Private E-2

    Oh, thats a shame, I kind of liked it....thought it was quite easy to use and yes I do update it on a regular basis.

    Well I guess from what you said I can put the 12 entries on some kind of ignore list so they dont keep coming back...I'd be interested to know if The guys who wrote Spyware doctor know about this problem...

    Thanks very much for your speedy reply by the way - its appreciated.

    Just one last thing - I've downloaded all the suggested Spyware tools from the page I mentioned above, which one would you recommend I use permanently and also...even though I said just one last thing... do I have to leave Spyware Blaster active in a minimised window or can I close it once it's done its job?

    Thanks again.
     
    Stonekiller, Sep 5, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are many, many items in this P3P\History registry key path. All put there to protect you by SpywareBlaster but let's be safe and double check the values of data at those registry keys. Run the windows registry editor and navigate to each of those registry keys and see what value is there for each key.

    If the Data value is 5, you are OK!

    SpywareBlaster only needs to be run to setup the protections and to get updates (periodically). Other than that, it does not need to be left running.

    Things we recommend are in the below sticky thread:

    How to Protect yourself from malware!
     
    chaslang, Sep 5, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds