Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Relevant Knowledge - Sick of It

  • Please log in to reply
2 replies to this topic

#1 JoWazzoo


  • Members
  • 2 posts
  • Local time:01:56 AM

Posted 07 December 2008 - 10:48 AM

(pls xcue m3 if this is not the right group.)

I really don't need help (actually I prob do :-)). :thumbsup: (please see ** 1 at bottom)

Relevant Knowledge (hereinafter POS) now has me really ticked. I have a VERY well protected machine with at least a dozen prophylactics. Of course the first one went on the Hard Disk. My last one is this great big sucker that covers the monitor. And to type this post, I went to the drug store and purchased latex gloves in fear that the keyboard might transfer to ME this viral POS.

It appears that I am now on my third installation of this POS in the last month. (I don't know where from and I don't understand why my many real time protectors are not working. Really need a good HIPS. This one is gonna be good:


Malware Defender


check out this thread - http://www.wilderssecurity.com/showthread.php?t=217522

not for the faint of heart.)


The POS seems to morph every time I get it. Now it seems to be injecting my machine with LSD, peyote or something. To wit:

Avira can no longer access updates
Malware Bytes cannot get updates

When I do a search for info on Google for POS, there are far less hits than I would expect.

When I reboot, RegRun finds this POS and I drive a stake into the POS's heart for the umpteenth time. Of course, next time I reboot it is the same story. Oh and at periodic intervals (pretty much randomly) my machines pops up an tells me that it just did a system Restore. All on its own.

As I have been typing this, I started SuperAntiSpyware and clicked to check for updates. That was about 8 minutes ago and it is still sitting there spinning its wheels. No, I am not running this on my TRS-80 Model 1 with 4 K Ram and cassette for storage. :-))

I don't mean to be honery (sp?), disrespectfull or whatever, but please (particularly newbies/kluebies) (see ** below) don't hit me with 37 irrelavant suggestions like:

Have you tried Reformating your hard disk?
Did you try running that nifty low level thingy called ( I think) fdisk?
Did you run xxx
Did you go to this web site yyy
Did you try a Google search?

and so on.

If anyone really does happen to have similar crap from a recent encounter with this POS, let me know.

Note to _real_ Malware proggie authors - update your code to find rlai.dll and the other stains left by this POS. (No 5 different Rootkit proggies have been of no use either.)

My only regret is that this is web based and not on Usenet where I could cross-post it to hell and back enuff to create a Brandy Storm.


** 1 Yes I admit:

- I go to some questionable sites (31337 hazz0r d00d, etc...) for security research purposes.
- Occassionaly, if I have 2 much time (or something else on or in my hanz) I have been known to visit a pron site or two, but strictly to unwind.
- I do go well equipped, shielded etc. (In the old days with the classic spammers you could (if so inclined) introduce them to avalanche. Heh. With todays bot nets I realize that it is hard to do.

** 2 I have some computer experience. Started on IBM 360 in 1967 or so. Have been an Abuse person. Classic anti-spammer back a dozen plus years ago. Have been on "the Net" since before both 1) it was invented by AlGore and 2) the WWW was invented. Then "the Net" meant Usenet.

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,307 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:56 AM

Posted 07 December 2008 - 11:53 AM

While I can't grant absolution for visiting porn sites or a license to practice humor, I can make a suggestion
regarding Super Antispyware.

Find the SAS .exe on your computer. Right click on it and choose rename. Name it lastchancescan. Double click on the file to run it and use the directions below.

If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates".
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JoWazzoo

  • Topic Starter

  • Members
  • 2 posts
  • Local time:01:56 AM

Posted 08 December 2008 - 05:52 PM

Wow ...

That's the type of info that's very helful and hard to pick up.

Thank you very much .. several things there I would have never thought of.

Thanks Buddy, I will let you anf others know what I find out.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users