 |
|
|
|
Next: How to perform defragment on all drives?
|
| Author |
Message |
External
Since: Aug 07, 2005
Posts: 1013
|
(Msg. 16) Posted: Sun Dec 14, 2008 10:50 am
Post subject: Re: Trojan Flush.M [Login to view extended thread Info.]
Archived from groups: microsoft>public>windowsxp>perform_maintain (more info?)
|
|
|
"Ken Blake, MVP" wrote in message
> I don't know RemoveIt, and can't comment on how good it is, but it's
> not on my list of good anti-virus programs.
I'm pretty sure that it's that plagiarized app by PCbutts or whatever
he's calling himself these days. My understanding is that also alters
the Hosts file to prevent a person reaching reputable sites like
Bleeping Computer.
Does anyone know if that app produces any other undesireable effects? To
OP: it's important you delete your Hosts file. The location is:
C:\WINDOWS\system32\drivers\etc
If you wish, you may replace it with a *good* Hosts file:
http://www.mvps.org/winhelp2002/hosts.htm
But, yes, Gerry and Ken are correct; you still have malware (or at the
very least, you have damage that it has left in its wake). Many people
have had success running one or both of these programs in Safe Mode:
Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware
http://www.superantispyware.com/
The freeware versions are fine.
If you still have malware, you will have to post a HijackThis log to an
appropriate forum (courtesy of David H. Lipman):
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Note: If you don't delete the Hosts file, as I mentioned above, you will
have trouble reaching these forums! |
|
| Back to top |
|
 | |
External
Since: Feb 19, 2004
Posts: 2623
|
(Msg. 17) Posted: Sun Dec 14, 2008 11:19 am
Post subject: Re: Trojan Flush.M [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Sun, 14 Dec 2008 10:50:54 -0500, "Daave"
wrote:
> "Ken Blake, MVP" wrote in message
>
>
> > I don't know RemoveIt, and can't comment on how good it is, but it's
> > not on my list of good anti-virus programs.
>
> I'm pretty sure that it's that plagiarized app by PCbutts or whatever
> he's calling himself these days.
Ahh, thanks for that info. Then it's a clearly one to stay far away
from.
> My understanding is that also alters
> the Hosts file to prevent a person reaching reputable sites like
> Bleeping Computer.
Ugh!
> Does anyone know if that app produces any other undesireable effects? To
> OP: it's important you delete your Hosts file. The location is:
>
> C:\WINDOWS\system32\drivers\etc
>
> If you wish, you may replace it with a *good* Hosts file:
>
> http://www.mvps.org/winhelp2002/hosts.htm
>
> But, yes, Gerry and Ken are correct; you still have malware (or at the
> very least, you have damage that it has left in its wake). Many people
> have had success running one or both of these programs in Safe Mode:
>
> Malwarebytes' Anti-Malware
> http://www.malwarebytes.org/mbam.php
>
> SUPERAntiSpyware
> http://www.superantispyware.com/
>
> The freeware versions are fine.
>
> If you still have malware, you will have to post a HijackThis log to an
> appropriate forum (courtesy of David H. Lipman):
>
> NOTE: Registration is REQUIRED in any of the below before posting a log
>
>
> Suggested primary:
> http://www.thespykiller.co.uk/index.php?board=3.0
>
>
> Suggested secondary:
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
> http://www.malwarebytes.org/forums/index.php?showforum=7
>
>
> Suggested tertiary:
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
> http://www.atribune.org/forums/index.php?showforum=9
> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
> http://gladiator-antivirus.com/forum/index.php?showforum=170
> http://forum.networktechs.com/forumdisplay.php?f=130
> http://forums.maddoktor2.com/index.php?showforum=17
> http://www.spywarewarrior.com/viewforum.php?f=5
> http://forums.spywareinfo.com/index.php?showforum=18
> http://forums.techguy.org/f54-s.html
> http://forums.tomcoyote.org/index.php?showforum=27
> http://forums.subratam.org/index.php?showforum=7
> http://www.5starsupport.com/ipboard/index.php?showforum=18
> http://aumha.net/viewforum.php?f=30
> http://makephpbb.com/phpbb/viewforum.php?f=2
> http://forums.techguy.org/54-security/
> http://forums.security-central.us/forumdisplay.php?f=13
>
> Note: If you don't delete the Hosts file, as I mentioned above, you will
> have trouble reaching these forums!
>
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup |
|
| Back to top |
|
| |
External
Since: Aug 07, 2005
Posts: 1013
|
(Msg. 18) Posted: Sun Dec 14, 2008 1:27 pm
Post subject: Re: Trojan Flush.M [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"Ken Blake, MVP" wrote in message
> On Sun, 14 Dec 2008 10:50:54 -0500, "Daave"
> wrote:
>
>> "Ken Blake, MVP" wrote in message
>>
>>
>> > I don't know RemoveIt, and can't comment on how good it is, but
>> > it's
>> > not on my list of good anti-virus programs.
>>
>> I'm pretty sure that it's that plagiarized app by PCbutts or whatever
>> he's calling himself these days.
>
>
> Ahh, thanks for that info. Then it's a clearly one to stay far away
> from.
YW, Ken. >> Stay informed about: Trojan Flush.M |
|
| Back to top |
|
| |
External
Since: Oct 18, 2010
Posts: 1
|
(Msg. 19) Posted: Mon Oct 18, 2010 12:46 pm
Post subject: resycled/boot.com [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
How to remove resycled/boot.com
http://www.tips29.com/2009/01/how-to-remove-resycledbootcom.html
> On Friday, December 12, 2008 8:27 AM Belpric wrote:
> HI there,
>
> I am running Norton Anti - Virus and it has reported that i have a virus
> called Trojan Flush M and no matter what I try I can not remove this virus. I
> tried to follow the instructions for manual removal of this virus, however it
> instructed me to restart windows in safe mode and then a full scan. When I
> tried to do this I was asked for a administration password , but I bought
> this computer second hand and have no idea what this pasword is!
>
>
> Also my computer is now acting very strange , programs are disappearing when
> I re start the computer and when I try to view the c drive I get an error
> message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
> RESYCLED/BOOT.COM
>
> I am desperate not to lose the many important family files on this computer,
> such as photos and videos, can someone please help me with this very annoying
> problem.
>
> Thanks in advance.
> Ta
>> On Friday, December 12, 2008 9:30 AM Gerry wrote:
>> Are you just running Norton Anti-Virus? What anti-spyware programme are
>> you running?
>>
>> Trojan Flush M from the Norton report sounds to relatively minor but it
>> could be a symptom of other malware. Some will change passwords.
>>
>> I would download and run Spybot S & D (freeware version) and see if it
>> finds anything like a Trojan. If Spybot S & D finds anything significant
>> ( other than cookies) you need to be wary. If it removes something and
>> it returns or another nasty pops up it can be an indication that there
>> is another hidden nasty not being detected by Norton or Spybot.
>> Spybot S & D. There is a freeware version buried in this link:
>> http://www.safer-networking.org/en/spybotsd/index.html
>>
>> If you still have problems you might try Malwarebytes. This is currently
>> making a considerable impact, although I have not tried it myself. I
>> believe it is shareware ( purchase after trial ). You should not run
>> two anti-virus programmes at the same time so you will need to turn off
>> Norton before running Malwarebytes.
>> http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572...ml--Hop this helps.Gerry~~~~FCAStourport, EnglandEnquire, plan and execute~~~~~~~~~~~~~~~~~~~Belprice wrote:> HI there,>> I am running Norton Anti - Virus and it has reported that i have a> virus called Trojan Flush M and no matter what I try I can not remove> this virus. I tried to follow the instructions for manual removal of> this virus, however it instructed me to restart windows in safe mode> and then a full scan. When I tried to do this I was asked for a> administration password , but I bought this computer second hand and> have no idea what this pasword is!>>> Also my computer is now acting very strange , programs are> disappearing when I re start the computer and when I try to view the> c drive I get an error message which states " WINDOWS CANNOT FIND> RESYDED /BOOT.COM OR RESYCLED/BOOT.COM>> I am desperate not to lose the many important family files on this> computer, such as photos and videos, can someone please help me with> this very annoying problem.>> Thanks in advance.> Ta
>>> On Friday, December 12, 2008 11:14 AM Daave wrote:
>>> "Belprice" wrote in message
>>>
>>>
>>> Unless the previous owner of the PC set a different password for
>>> Administrator, that password is usually blank.
>>>
>>> The bigger issue is the fact that you neglected to perform a clean
>>> install of the operating system when you first started to use this PC,
>>> which is always preferred whenever someone obtains a second-hand
>>> computer. What is the make and model of this PC? What method do you have
>>> to reinstall Windows? Hopefully, if there is a disk, you obtained it
>>> along with the PC! Otherwise, you was robbed.
>>>> On Friday, December 12, 2008 12:47 PM Gerry wrote:
>>>> Daave
>>>>
>>>> That's strong language! It does depend on what was paid for the computer
>>>> and whether the lack of a Windows XP CD ( if the new owner does not have
>>>> one ) was covered in negotiations before purchase?
>>>>
>>>> --
>>>> Regards.
>>>>
>>>> Gerry
>>>> ~~~~
>>>> FCA
>>>> Stourport, England
>>>> Enquire, plan and execute
>>>> ~~~~~~~~~~~~~~~~~~~
>>>> Daave wrote:
>>>>> On Friday, December 12, 2008 1:14 PM Daave wrote:
>>>>> Good point. Still, it's good practice to include the proper way to
>>>>> return a PC to its original state. Many people have been burned and I
>>>>> suspect they didn't factor that inconvenience into the negotiations
>>>>> because they were simply unaware that they are normally entitled to it.
>>>>>
>>>>>
>>>>> "Gerry" wrote in message
>>>>>
>>>>>> On Friday, December 12, 2008 1:41 PM Gerry wrote:
>>>>>> Daave
>>>>>>
>>>>>> True.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards.
>>>>>>
>>>>>> Gerry
>>>>>> ~~~~
>>>>>> FCA
>>>>>> Stourport, England
>>>>>> Enquire, plan and execute
>>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>> Daave wrote:
>>>>>>> On Friday, December 12, 2008 3:14 PM MickMurph wrote:
>>>>>>> Install the 2 programs below, and scan with them in Safe mode, as well as
>>>>>>> with your Anti-virus.
>>>>>>> When you go to Safe Mode, you don't need to be in the Admin account; just
>>>>>>> sign in with your User Account.
>>>>>>> If there is no option for that, usually the Admin account password is left
>>>>>>> blank.
>>>>>>>
>>>>>>> http://www.spybot.info/en/index.html
>>>>>>>
>>>>>>> Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
>>>>>>> Download, install, update, and immunize your System with it.
>>>>>>> Then SCAN with it.
>>>>>>> Update it, and scan your System once a fortnight.
>>>>>>>
>>>>>>> http://www.malwarebytes.org/mbam.php
>>>>>>>
>>>>>>> Malwarebytes is as the name says, a Malware Remover!
>>>>>>> For the Free version scroll down their page to either download from
>>>>>>> Download.com, or Major Geeks.com
>>>>>>>
>>>>>>> Download, install, and update.
>>>>>>>
>>>>>>> Important re: Safe Mode
>>>>>>> If you happen to find a problem that you can???t uninstall / delete, reboot
>>>>>>> the computer, and go into Safe Mode.
>>>>>>> To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
>>>>>>> key to get to Safe Mode from list of options, then hit ENTER.
>>>>>>> RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
>>>>>>> while in Safe Mode.
>>>>>>>
>>>>>>> If unable to install above Programs in Normal Mode:
>>>>>>> Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
>>>>>>> Programs to remove them.
>>>>>>> If that happens, reboot into Safe Mode with Networking, and install, update
>>>>>>> and scan from there.
>>>>>>>
>>>>>>> --
>>>>>>> Mad Mike
>>>>>>>
>>>>>>>
>>>>>>> "Belprice" wrote:
>>>>>>>> On Friday, December 12, 2008 7:35 PM Touch Base wrote:
>>>>>>>> "Belprice" wrote in message
>>>>>>>>
>>>>>>>>
>>>>>>>> "Also my computer is now acting very strange , programs are disappearing
>>>>>>>> when
>>>>>>>> I re start the computer and when I try to view the c drive I get an error
>>>>>>>> message which states " WINDOWS CANNOT FIND RESYDED /BOOT.COM OR
>>>>>>>> RESYCLED/BOOT.COM"
>>>>>>>>
>>>>>>>> [TB] This file is part of the trojan and it is usually located in the root
>>>>>>>> of the 'C' drive. There is also an autorun file [which is hidden], that is
>>>>>>>> part of this problem and it interacts with the boot.com file which allows it
>>>>>>>> to propagate on the next start of windows.
>>>>>>>>
>>>>>>>> =========================================================
>>>>>>>>
>>>>>>>> [TB] This site talks about removing the problem with boot.com file. Read
>>>>>>>> through and see how others handled this problem. Malwarebytes is mentioned
>>>>>>>> in some of the responses.
>>>>>>>>
>>>>>>>> http://www.precisesecurity.com/blogs/2008/09/20/resycledbootcom/
>>>>>>>>
>>>>>>>>
>>>>>>>> ==========================================================
>>>>>>>>
>>>>>>>> "Gerry" wrote in message
>>>>>>>>
>>>>>>>>
>>>>>>>> "I believe it is shareware ( purchase after trial ). You should not run
>>>>>>>> two anti-virus programmes at the same time so you will need to turn off
>>>>>>>> Norton before running Malwarebytes."
>>>>>>>>
>>>>>>>> A visit to their website before posting the comment would have been prudent.
>>>>>>>>
>>>>>>>> Malwarebytes is not an anti-virus product and it is not a purchase after
>>>>>>>> trial product.
>>>>>>>>
>>>>>>>> It has a free version and a pay for version.
>>>>>>>>
>>>>>>>> The pay for version has real-time protection, scheduled scanning, and
>>>>>>>> scheduled updating.
>>>>>>>>
>>>>>>>> The free version does not have resident protection, it only allows for after
>>>>>>>> the fact scanning and you have to download the updates manually.
>>>>>>>>
>>>>>>>> Apart from that they do exactly the same job, it is not limited in any
>>>>>>>> regard.
>>>>>>>>
>>>>>>>> It's still a good idea to turn off Norton during a scan because it will pop
>>>>>>>> up and attempt to quarantine the trojan while Malwarebytes is doing it's
>>>>>>>> scan and it can only confuse the user as to which product do I use to try
>>>>>>>> and remove it. If Nortons hasn't been successful handling the trojan then
>>>>>>>> let Malwarebytes do it's job unhindered and quarantine and attempt to remove
>>>>>>>> it.
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Touch Base
>>>>>>>> Report back on the results, good or bad so others may benefit
>>>>>>>>> On Saturday, December 13, 2008 8:19 AM Belpric wrote:
>>>>>>>>> Hi there,
>>>>>>>>>
>>>>>>>>> Thanks for coming back to me.
>>>>>>>>>
>>>>>>>>> Everytime I try to run Malwarebytes the programs crashes and I get this
>>>>>>>>> message "Malwarebytes' Anti-Malware has encountered a problem and needs to
>>>>>>>>> close " and then some garble about memory. Also I can't start my computer in
>>>>>>>>> safe mode as I don't know the domian name, I do know the password though and
>>>>>>>>> I sign in with this every time I log unto the computer.
>>>>>>>>>
>>>>>>>>> I would be grateful for any suggestions to help me round this problem.
>>>>>>>>>
>>>>>>>>> Thanks in advance.
>>>>>>>>>
>>>>>>>>> "David H. Lipman" wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Belprice" wrote:
>>>>>>>>>> On Saturday, December 13, 2008 12:50 PM Gerry wrote:
>>>>>>>>>> Belprice
>>>>>>>>>>
>>>>>>>>>> You don't need to know a domain name to boot to safe mode. In safe mode
>>>>>>>>>> you have no internet connection.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hope this helps.
>>>>>>>>>>
>>>>>>>>>> Gerry
>>>>>>>>>> ~~~~
>>>>>>>>>> FCA
>>>>>>>>>> Stourport, England
>>>>>>>>>> Enquire, plan and execute
>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>>>>>> Belprice wrote:
>>>>>>>>>>> On Saturday, December 13, 2008 1:27 PM Touch Base wrote:
>>>>>>>>>>> "Belprice" wrote in message
>>>>>>>>>>>
>>>>>>>>>>> Hi there,
>>>>>>>>>>>
>>>>>>>>>>> Thanks for coming back to me.
>>>>>>>>>>>
>>>>>>>>>>> Everytime I try to run Malwarebytes the programs crashes and I get this
>>>>>>>>>>> message "Malwarebytes' Anti-Malware has encountered a problem and needs to
>>>>>>>>>>> close " and then some garble about memory. Also I can't start my computer
>>>>>>>>>>> in
>>>>>>>>>>> safe mode as I don't know the domian name, I do know the password though and
>>>>>>>>>>> I sign in with this every time I log unto the computer.
>>>>>>>>>>>
>>>>>>>>>>> I would be grateful for any suggestions to help me round this problem.
>>>>>>>>>>>
>>>>>>>>>>> Thanks in advance.
>>>>>>>>>>>
>>>>>>>>>>> =========================================
>>>>>>>>>>> Hi "Belprice"
>>>>>>>>>>>
>>>>>>>>>>> You should be able to start the computer in safe mode. If you can start it
>>>>>>>>>>> in normal mode and log in with a password then it's exactly the same thing
>>>>>>>>>>> in safe mode. Click on the same name and use the same password when safe
>>>>>>>>>>> mode starts up, it should offer you the same log on name.
>>>>>>>>>>>
>>>>>>>>>>> Failing that I suggest if you have a second computer and you're up to it, or
>>>>>>>>>>> you have a friend or relative that has a computer running XP or even windows
>>>>>>>>>>> 2000. Take your hard drive out of your computer and connect it up to the
>>>>>>>>>>> other computer as a slave drive. Start that computer in safe mode with
>>>>>>>>>>> networking (internet support), and download Malwarebytes or download it
>>>>>>>>>>> before you connect the drive, update the program then run it on your hard
>>>>>>>>>>> drive. To do this once the computer has started and Malwarebytes has been
>>>>>>>>>>> installed and updated, open My Computer and right click on your hard drive
>>>>>>>>>>> which should be listed and select 'Scan with Malwarebytes Anti-Malware'.
>>>>>>>>>>> After that drive is scanned and cleaned run the program on the main hard
>>>>>>>>>>> drive. The reason is, as I mentioned in my previous post, this is an
>>>>>>>>>>> insidious trojan and it will quite possibly infect any hard drive connected
>>>>>>>>>>> to it. It happened to me when I was repairing someone else's computer. I
>>>>>>>>>>> connected my USB drive (which had my copy of Malwarebytes on it) and it was
>>>>>>>>>>> infected with the same trojan. The USB drive was easy to clean because I
>>>>>>>>>>> knew what to look for but the likelihood is there. So if you scan both
>>>>>>>>>>> drives it should be ok.
>>>>>>>>>>>
>>>>>>>>>>> If the above is too hard for you and don't be embarrassed by that, I suggest
>>>>>>>>>>> you take it to a computer shop for repair. Of course it would be good if you
>>>>>>>>>>> had a backup of all your personal files beforehand and you probably haven't
>>>>>>>>>>> done this so ask the computer shop to back up your files before they start
>>>>>>>>>>> repairs on your computer. Warn them that the trojan can infect other
>>>>>>>>>>> connected drives so they are prepared to handle it.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Touch Base
>>>>>>>>>>> Report back on the results, good or bad so others may benefit
>>>>>>>>>>>> On Sunday, December 14, 2008 6:38 AM Gerry wrote:
>>>>>>>>>>>> Belprice
>>>>>>>>>>>>
>>>>>>>>>>>> My suspicion is that you still have malware.
>>>>>>>>>>>>
>>>>>>>>>>>> What errors appear in Event Viewer for the last 24 hours?
>>>>>>>>>>>>
>>>>>>>>>>>> You can access Event Viewer by selecting Start, Control Panel,
>>>>>>>>>>>> Administrative Tools, and Event Viewer. When researching the meaning
>>>>>>>>>>>> of the error, information regarding Event ID, Source and Description
>>>>>>>>>>>> are important.
>>>>>>>>>>>>
>>>>>>>>>>>> HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
>>>>>>>>>>>> http://support.microsoft.com/kb/308427/en-us
>>>>>>>>>>>>
>>>>>>>>>>>> A tip for posting copies of Error Reports! Run Event Viewer and double
>>>>>>>>>>>> click on the error you want to copy. In the window, which appears is a
>>>>>>>>>>>> button resembling two pages. Click the button and close Event
>>>>>>>>>>>> Viewer.Now start your message (email) and do a paste into the body of
>>>>>>>>>>>> the message. Make sure this is the first paste after exiting from
>>>>>>>>>>>> Event Viewer.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Hope this helps.
>>>>>>>>>>>>
>>>>>>>>>>>> Gerry
>>>>>>>>>>>> ~~~~
>>>>>>>>>>>> FCA
>>>>>>>>>>>> Stourport, England
>>>>>>>>>>>> Enquire, plan and execute
>>>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Belprice wrote:
>>>>>>>>>>>>> On Sunday, December 14, 2008 9:48 AM Ken Blake, MVP wrote:
>>>>>>>>>>>>> On Sun, 14 Dec 2008 03:08:01 -0800, Belprice
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> My guess is that you didn't, or if you did, you still have remaining
>>>>>>>>>>>>> some of the damage that they caused.
>>>>>>>>>>>>>
>>>>>>>>>>>>> How many infections did you have? If you had many, it's usually
>>>>>>>>>>>>> necessary to do a clean reinstallation of Windows than to try to clean
>>>>>>>>>>>>> the computer.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Moreover, it's important to note that viruses can do damage and are
>>>>>>>>>>>>> not things that you want to remove after you get infected. Rather, you
>>>>>>>>>>>>> want to prevent your getting infected in the first place.
>>>>>>>>>>>>>
>>>>>>>>>>>>> And finally, in my view, Norton Anti-Virus is the *worst* anti-virus
>>>>>>>>>>>>> program available. I recommend NOD32, or if you want a free program,
>>>>>>>>>>>>> Avast.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I don't know RemoveIt, and can't comment on how good it is, but it's
>>>>>>>>>>>>> not on my list of good anti-virus programs.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Ken Blake, Microsoft MVP - Windows Desktop Experience
>>>>>>>>>>>>> Please Reply to the Newsgroup
>>>>>>>>>>>>>> On Sunday, December 14, 2008 10:50 AM Daave wrote:
>>>>>>>>>>>>>> "Ken Blake, MVP" wrote in message
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I'm pretty sure that it's that plagiarized app by PCbutts or whatever
>>>>>>>>>>>>>> he's calling himself these days. My understanding is that also alters
>>>>>>>>>>>>>> the Hosts file to prevent a person reaching reputable sites like
>>>>>>>>>>>>>> Bleeping Computer.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Does anyone know if that app produces any other undesireable effects? To
>>>>>>>>>>>>>> OP: it's important you delete your Hosts file. The location is:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> C:\WINDOWS\system32\drivers\etc
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If you wish, you may replace it with a *good* Hosts file:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://www.mvps.org/winhelp2002/hosts.htm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> But, yes, Gerry and Ken are correct; you still have malware (or at the
>>>>>>>>>>>>>> very least, you have damage that it has left in its wake). Many people
>>>>>>>>>>>>>> have had success running one or both of these programs in Safe Mode:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Malwarebytes' Anti-Malware
>>>>>>>>>>>>>> http://www.malwarebytes.org/mbam.php
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> SUPERAntiSpyware
>>>>>>>>>>>>>> http://www.superantispyware.com/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The freeware versions are fine.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If you still have malware, you will have to post a HijackThis log to an
>>>>>>>>>>>>>> appropriate forum (courtesy of David H. Lipman):
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> NOTE: Registration is REQUIRED in any of the below before posting a log
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Suggested primary:
>>>>>>>>>>>>>> http://www.thespykiller.co.uk/index.php?board=3.0
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Suggested secondary:
>>>>>>>>>>>>>> http://www.bleepingcomputer.com/forums/forum22.html
>>>>>>>>>>>>>> http://castlecops.com/forum67.html
>>>>>>>>>>>>>> http://www.malwarebytes.org/forums/index.php?showforum=7
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Suggested tertiary:
>>>>>>>>>>>>>> http://www.dslreports.com/forum/cleanup
>>>>>>>>>>>>>> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>>>>>>>>>>>>>> http://www.atribune.org/forums/index.php?showforum=9
>>>>>>>>>>>>>> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
>>>>>>>>>>>>>> http://gladiator-antivirus.com/forum/index.php?showforum=170
>>>>>>>>>>>>>> http://forum.networktechs.com/forumdisplay.php?f=130
>>>>>>>>>>>>>> http://forums.maddoktor2.com/index.php?showforum=17
>>>>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5
>>>>>>>>>>>>>> http://forums.spywareinfo.com/index.php?showforum=18
>>>>>>>>>>>>>> http://forums.techguy.org/f54-s.html
>>>>>>>>>>>>>> http://forums.tomcoyote.org/index.php?showforum=27
>>>>>>>>>>>>>> http://forums.subratam.org/index.php?showforum=7
>>>>>>>>>>>>>> http://www.5starsupport.com/ipboard/index.php?showforum=18
>>>>>>>>>>>>>> http://aumha.net/viewforum.php?f=30
>>>>>>>>>>>>>> http://makephpbb.com/phpbb/viewforum.php?f=2
>>>>>>>>>>>>>> http://forums.techguy.org/54-security/
>>>>>>>>>>>>>> http://forums.security-central.us/forumdisplay.php?f=13
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Note: If you don't delete the Hosts file, as I mentioned above, you will
>>>>>>>>>>>>>> have trouble reaching these forums!
>>>>>>>>>>>>>>> On Sunday, December 14, 2008 1:19 PM Ken Blake, MVP wrote:
>>>>>>>>>>>>>>> Ahh, thanks for that info. Then it is a clearly one to stay far away
>>>>>>>>>>>>>>> from.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ugh!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Ken Blake, Microsoft MVP - Windows Desktop Experience
>>>>>>>>>>>>>>> Please Reply to the Newsgroup
>>>>>>>>>>>>>>>> On Sunday, December 14, 2008 1:27 PM Daave wrote:
>>>>>>>>>>>>>>>> YW, Ken.
>>>>>>>>>>>>>>>> Submitted via EggHeadCafe - Software Developer Portal of Choice
>>>>>>>>>>>>>>>> SharePoint Create List Add/Edit Form Web Part With Custom Toolbar and Attachments Option
>>>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/bdae9c53-4661-4144-90f9-5d...dfa737c >> Stay informed about: Trojan Flush.M |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
Windows XP