spyware trouble

[bilateralrope]

Recently I had a friend over msn (I connect using gaim) start spamming y with some link while his nick was "Don't download Block-Checker". First time I saw the link I clicked it and firefox started up only to offer to download an .exe file from that link. I click cancel and told my friend tell me more about the link, then closed the window. A few minutes later I got the same message with the same link, so I assumed his computer was infected with something, and it was trying to spread.

The next day, spyware doctor on my computer starts telling my I have some spyware called Block-Checker, however since I only have the free version (I can't afford to buy it, even if I actually had some way to buy stuff online) it won't remove it. I am also running Adaware, Spybot and AVG, but they don't detect anything. The suspisous link was the only activity that differes from my usual activity, so unless its a false alarm, it is somehow the cause

This leaves 3 questions:

How can I remove this spyware ?

Since neither gaim or firefox are known for being stupidly insecure, and i didn't download the file, how did it get in ?

What other free anti-spyware programs should I look at ?

[Master of Ossus]

Find out what the file is called, then go into safemode and delete its registry to get rid of it. I'm afraid I can't help you with how you managed to become infected.

[bilateralrope]

All I'm given by spyware doctor are registry entries. Here is the infomation from its log:

Infection Name Location Risk
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com## High

edited to add: when I check the quarantine list, I found entries for block checker there, but I keep getting the warnings every time it does a scan

[Faram]

Use this thread!

http://bbs.stardestroyer.net/viewtopic.php?t=54586

[bilateralrope]

That would be useful, if I could find the hyjack this homepage, but google just finds me various sites, some that offer a mirror for downloading hijackthis, some offering their own anti-spyware software. None have any links to anything that looks like thehijack this homepage, so I don't know if they have the latest version of not

[General Zod]

That would be useful, if I could find the hyjack this homepage, but google just finds me various sites, some that offer a mirror for downloading hijackthis, some offering their own anti-spyware software. None have any links to anything that looks like thehijack this homepage, so I don't know if they have the latest version of not

Hmm, there -was- a tools and utilities thread which had the Hijack this! homepage link, but it seems to have been taken out of sticky status.

[Datana]

It was folded into the FAQ thread.

[Dalton]

Go straight to the source: www.merijn.org

And all the links you're looking for are in the very first announcement. I'll edit the title to be clearer.