Encased Collectors International

This page contains absolutely no commercial links. ECI does not endorse any of the following, our purpose is to possibility help you with combating the various scams that you will encounter while surfing the Internet. Try any of the remedies at your own risk.

Introduction
Very important : your hosts file can be hacked and modified
Free anti adware and spyware tool : Spybot, Search & Destroy
Free Spyware Protection : Spyware Guard
Better safe than sorry : update your Windows system and IE browser
The parasite test online : see if you are infected
Keyboard Tricks and Free Popups-Killer
MyDoom email virus : scan your system and remove it for free
How to remove libereco dialer from your system
Removal of the browser hijacker known as CoolWebSearch
Anti-adware/spyware/popups links

Surfing internet is becoming quite risky nowadays. You often have to browse through many unwanted popup windows, decline repetitive dialers install programs, sometimes your start page is changed without your consent, or new bookmarks are added without you knowing it.

Your computer can be infected by programs called adware (unsolicited advertising), spyware (recording your surfing activity to sell your information). Those programs come from many sources, WebPages can make you install them unknowingly, or popular software like Kazaa can install them onto your computer.

There is a way for bad honest webmasters to add popups and other nasty stuff to almost every page you visit. With the use of an exploit they can hack your computer files and modify a very important one :

- Windows 98: c:\windows\hosts
- Windows 2000: c:\winnt\system32\drivers\etc\hosts
- Windows XP: c:\WINDOWS\system32\drivers\etc\hosts

By editing this file they can steal traffic from any site they want, they can block your access to any site, or they can add advertising (popups, dialers) to them. To hack your hosts file cheaters only have to have you visit their page, be it a TGP or simply a thumbnail gallery! You don't have to click anywhere on the page, you don't have to install anything, it is a very malicious hack; you will not even notice that a flaw in your computer settings has just been exploited...

Open your hosts file (it has no extension) with notepad. It should contain only this line : 127.0.0.1 local host

If you see other domain names below it, it has been changed illegally. Just delete everything but 127.0.0.1 local host. Save the file and close it, and you should be fine again. If you are unsure, you can simply delete the file from your hard drive, it will be ok. I have heard that making your file read-only can protect you, but I am unsure.

If you really don't understand how to do this, or if you want a more advanced protection against this problem and others, read the next topic (Spybot can clean your host file too : advanced mode > tools > hosts file)

"Found your site about security after one of my clients had his online banking redirected by a modified host file. Very good that you point out the problem. There is a time when your suggestion of removing lines from host could be a problem. That is when static IP addresses are used for a local network. Usually 192.168.nn.nn or 10.0.nn.nn Removing them would break the network"

Do you have some crap toolbar installed on your explorer? Do most of the pages you visit contain annoying popups? Can't you access some of your favorite sites anymore? We have something for you, and it is totally free. It's called Spybot Search & Destroy. You will find download links from their homepage but here is a shortcut to the download link on download.com :

Click here to download Spybot It is very easy of use and will remove most of the adware, spyware and dialers from your computer. It will also tell you if your hosts file has been hacked and will automatically remove invalid entries. Even if your computer is fine, I highly recommend you to download and install Spybot, because if your hosts file happens to be hacked in the future, you might not even be able to access this page again.

This is NOT a commercial program, but feel free to support them by doing a donation. Their software is very helpful for everyone. Don't forget to update your Spybot frequently, you can find the update button on the first window when you launch the program.

From their website : SpywareGuard provides a real-time protection solution against spyware. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.

Cheaters use security flaws to install unwanted programs. Update your software frequently and you will be fine. We are talking about Microsoft systems and browsers because they are the target of cheaters, being the most popular.

Go to http://windowsupdate.microsoft.com/ and download the latest upgrades and security patches for Windows systems. Microsoft finally added a popup-killer into his service pack 2 for windows XP, you should definitely install it. However it cannot block all popups because their programs still have some security flaws that can be exploited to launch popups.

Click on this link (opens in a new window), this will launch the parasite test (javascript), then read the results below detection script. If your computer is infected they will tell you how to uninstall the parasite.

You might prefer to download and install Spybot, though, as it is much more simple of use and can detect much more unwanted programs; the parasite pages often only tells you how to remove the parasites manually, meaning editing the registry, typing dos commands, etc.

Microsoft finally added a popup-killer into his service pack 2 for windows XP, you should definitely install it (through windows update). However it cannot block all popups because their programs still have some security flaws that can be exploited to launch popups.

Against remaining popups your best and most easy-to-use weapon is a simple keyboard shortcut : ALT + F4. Press them simultaneously and it will immediately close the active window. You can do it fast enough to close very fast opening popups.

You might find some windows that you cannot close with AFT+F4, try another shortcut : control + w. If you still can't close them, use control + ALT + Suppr to open the task manager to select and kill the application manually.

But, if you prefer, we found that Google, the world #1 search engine has included a great popups-killer ability with its latest toolbar : Google Bar. With it you will be able to stop popups entirely, or allow popups only from specific sites (white list). Best of all, it is 100% free, and does not require any signup or anything.

Installation is extremely easy and only takes a few seconds : click here to visit Google Bar's Homepage and install it.

For a detailed help regarding their popups-blocker ability, just visit this page : Google Bar Popups Help.

MyDoom is a new email virus spreading fast and infecting all mailboxes with infected mails, etc... You receive them because some of our surfers are infected with it from various sources. Try to find more info on the way the virus is spreading and you will see you can receive infected emails from people who are not infected, simply because the infected emails came from other people, but it is not showing their true email address.

We found a cool free page where you can have your system scanned and if the virus is found, it will be removed.

This is a forwarded email a surfer sent to us because he couldn't get rid of the dialer; maybe other surfers will find the information useful.

"Dear Customer, here you'll find the latest update of the uninstall-tool: run the uninstall.exe - then delete the desktop icon and the Icon in the system tray in the lower right hand corner manually.- reboot your computer

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 3. On the right hand side, are all the programs that starts automatically. (You will see the path for the program as well, delete the entry out of the registry and please make sure to delete it also from your hard drive)

4. Delete links out of the start menu and from the desktop. Please check here HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run, too if the dialer still stays on.

If this still doesn't work, please check if there is a rdve.exe on your computer. If there is, please go ahead like this:

After using the uninstall program, re-start windows in MS-DOS mode. Then change to the directory where the file rdve.exe is located and delete the rdve.exe-file manually.

(To change into the directory use command: cd C:\exampledirectory1\exampledirectory2\and confirm with ENTER, then, when you are inside the directory, type in dir and confirm it with enter. Now you will see the files in that directory.

If you have found the rdve.exe, type in: del rdve.exe and ENTER to delete the file) Now please turn back to the Windows Mode it should be gone then."

This 'hijack ware' has many forms and is very hard to remove so the best we can do is point you to this complete information page :

If you surf TGPs a lot chances are you have encountered or will encounter a site run by a scammer that will use CWS to steal traffic (redirect you when you try to access some pages). Remember the best to keep safe is to always have your browser and operating system up to date.

Spyware Info, the spyware and hijack ware removal specialists, information and software download links.

Doxdesk, this site will help you detect adware and such on your computer and provides removal explanations.

Google Bar, their clean toolbar for internet explorer has the ability to block all unwanted popups, for free.