Miscellaneous Windows Tip - Things just aren't working?
Check for spyware
Problem - Things just aren't working:
In Internet Explorer, can't view web images? Or maybe entire pages? Or maybe search isn't working?
The first thing you should consider is you might have spyware on your computer. Other common symptoms are homepage hijackings, random popups, and strange processes running on your computer.
Read the following Microsoft Knowledge Base Article to get a better idea of the symptoms of spyware. It also includes some suggestions for eliminating unwanted programs.
- 827315 - Unexplained computer behavior may be caused by deceptive software
Recommended anti-spyware programs
Two good programs that I use:
Still can't get rid of some spyware?
Spyware writers are always coming up with new ways of getting around anti-spyware, so sometimes it's necessary to ask an actual person what to do. The tool of choice for checking all possible spyware symptoms is HijackThis, available at merijn.org. Important: Utilities like this will identify anything that could be spyware, including innocent items that you should not delete. When using a tool like this you want to make sure not to remove anything until someone can analyze the logs.
Many message boards are dedicated to looking at people's logs. If you're worried about posting your computer's information to a public place, then you could always just look through existing messages for something similar to your problem.
Here are a couple message boards where people will analyze logs
UMonitor error(external links open in a new window)
- RUNDLL error with the name of a .dll file that changes after every reboot.
- UMonitor at the end of the message.
Solution [last revised 2005-01-18]
The spyware causing this problem was most likely only partially removed by a spyware removal tool. The spyware is devious, because it mutates when you try to delete it. It may not be easy to remove, but here are your options, assuming you've already tried anti-spyware tools like Ad-Aware and Spybot. (Before trying the following advice, as a last-ditch effort try running your normal anti-spyware program in safe mode)
If the .dll name starts with msg, it is most likely Look2Me.
Refer to these pchell.com removal instructions. Warning: Advanced techniques are described in this link. Make sure you know what you're doing or post to a message board and ask for help. Here is my quick overview of their page.
- First try a specialized removal tool. Download and run Kill2Me from merijn.org
- If that doesn't work, try the manual removal instructions at the pchell.com link
If the .dll name is just random, then it may be a VX2 variation.
First try a removal tool like Lavasoft's Ad-Aware add-on VX2 Cleaner.
If that doesn't work, go to this lavasoftsupport.com topic and refer to the post by Option^Explicit at Dec 13 2004, 07:13 PM. Warning: Advanced techniques are described in this link. The instructions ask you to make a judgment call in determining which DLLs to delete. Also, the clean up step involves picking a registry entry to delete. Make certain you are not deleting the wrong registry entries. If you have any doubts, then ask someone in the lavasoftsupport.com message board. Here is my quick overview of their instructions.
- Download both Dllcompare and Killbox (available at subratam.org)
- Run Dllcompare to find potential DLLs to delete.
- Run Killbox to enter and delete the paths to the DLLs.
- Clean up some other damages VX2 might have caused.
Lost your internet connection?
If you have any of the above symptoms, there's also a chance you may also have some spyware integrated with your TCP/IP handler. Removing the spyware would cause your settings to get out of whack. This isn't necessarily the case, but as a precaution you might want to download LSP-Fix from cexx.org.