Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Evil programmes


  • Please log in to reply
8 replies to this topic

#1 tsagar

tsagar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 16 December 2004 - 08:20 AM

Although I consider myself a proficient PC user, my proficiency stops at running applications.

In the last one month, my PC has been bombarded by viruses, worms, trojans and every conceivable kind of malware. This led me to format the hard disk and re-install the programmes. I currently have Avast and spybot S & D. I have also activated the XP firewall.

In spite of all the above, I'm losing a lot of my bandwidth to the menaces. A few samples:

1. Something that calls itself 'Messenger Service' keeps popping messages with the following text

"Message from Internet to Infected on 12/16/2004 5:34:50 PM

This computer is infected with Spyware and Adware. This can and will effect performance on (sic) this computer. These programs are normally put onto your computer without your knowledge and virus programmes don't always find them. To remove these, it is recommended that you go to: www.Xp-Fix.com!"

I did actually try out the website and it exists. It claims to have a one shot cure for all kinds of XP ills. It also asks you to pay some $ 70 something.

The popup uses the csrss.exe process. If I shotdown the popup, it pops up again within a couple of minute. Also, it mentions a couple of different websites in the place of Xp-Fix.com.

2. This morning I was trying to install the trial version of Quick Heal AV. It detected a trojan called 'trojan.rootkit.H'. However, since this AV was clashing with Avast, I had to un-install it. Nevrtheless, I haven't as much as heard a yip from Avast regarding this trojan!

3. DCOM Exploit keeps occuring as well as JPEG Exploit

4. I use a dial-up to connect to the web. As soon as a connection to the web is established, my machine starts sending out data at a furious pace. At times, it completely takes up the bandwidth and I can not browse at all! When I cut short the connection, the standard connection pop-up comes up saying that a program is requesting information from majestikgtr69.wildinamerica.com and which dial up account it should use for connecting to the web. It also mentions a few other destinations.

5. This happens only in IE (I have now started using Firefox and this browser seems to be better at thwarting hijacks). My home page is hijacked to casinojems.com. Also, once in a while a tiny popup asks me whether I need $ 400 for gambling at some casino! Tempting, no doubt, still I manage to turn it off.

Anyone who can give me a hint on how to exorcise my machine wins one whole pint of the finest ale money can buy and you get to name the ale!

BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:24 AM

Posted 16 December 2004 - 08:27 AM

Oh my gosh never ever ever click on any pop-up. Install and run Spybot Search and Destroy and AdAware. A Squared is a great program also. It would not hurt to have them all. I do as do many others.

And go into your Task manager and cancel all running process' that are not needed as in "uninvited" guests.

AdAwareSE Personal

Spybot S&D

aČ Personal

And if all else fails. Post a Highjack This Log. You may need to anyway

Highjack This Forum

Edited by scarlett, 16 December 2004 - 08:55 AM.

Posted Image

#3 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:24 AM

Posted 16 December 2004 - 08:53 AM

Oh I see now that you do have Spybot. Oops. :thumbsup: But keep in mind one needs more than just one spyware-adware program. Since what one does not catch the other just may.
I do not think that you can have two Anti Virus' @ the same time. I used to have Avast but have since switched over to FreeAVG. I like it much better. And as far as the XP Firewall goes. I'm not so sure. I do not have XP. But Zone Alarm is a wonderful one. And there is a free version.


Free AVG


Zone Alarm

This is also a wonderful read by Grinler Note the info regarding "Spyware Blaster" You should install it also.


Simple Steps To Keep Your Computer Secure

Edited by scarlett, 16 December 2004 - 09:17 AM.

Posted Image

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:24 AM

Posted 16 December 2004 - 08:57 AM

I can give you a couple of tips that will help.

In Internet Explorer go to Tools>Internet Options>Advanced and take the check mark from Enable Install On Demand (Internet Explorer) and Enable Install On Demand (Other). The consequence of this will be that you will begin to see Security Warnings when something tries to install on your computer. Unless it is something you want to install (which happens rarely) always say no.

Again, in Internet Explorer, go to Tools>Internet Options>Connections and highlight and remove any dialup connection you don't recognize.

To stop the pop-ups you describe you need to disable Windows Messenger Service. Go here and download and run Shoot The Messenger. Windows Messenger Service is not needed unless you are on a network.

At this point you should go to this site and download LSPfix.exe. The changes you make from this point on may deny you internet access. If that happens, run LSPfix.exe and you should be good to go.

Go to Panda Anti-Virus online scan and allow it to fix what it finds. In this case, you will see a security warning but you can click OK.

You should also download, install, UPDATE and run both Spybot and AdAware. In both cases you should check off everything they find and remove those items. Make sure you UPDATE.

After you take these steps, post back and we can take it from there.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:24 AM

Posted 16 December 2004 - 09:00 AM

oops. I see I'm stepping on Scarletts toes here. Guess she's a little faster off the mark.

Good luck and post back

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:24 AM

Posted 16 December 2004 - 09:21 AM

oops. I see I'm stepping on Scarletts toes here. Guess she's a little faster off the mark.

Good luck and post back

So not a big deal Leurgy We all need all the help we can get. :) Is it that my typing skills are much more advanced? :inlove: Or my super fast Charter Internet? :thumbsup:

Besides attempting to help out a fellow Bleeper. The incentive was way to irresistable. It got my attention. :flowers: Scarlett's Ale... Nice ring to it dont you think? :trumpet:

Edited by scarlett, 16 December 2004 - 09:28 AM.

Posted Image

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:24 AM

Posted 16 December 2004 - 09:56 AM

Definitely your typing skills. I've got Hi-Speed too.

I don't usually do this for a pint of ale, up here we have quarts. :thumbsup:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:24 AM

Posted 16 December 2004 - 03:53 PM

In addition to the excellent advice above, I would recommend you getting a firewall that will handle OUTGOING packets as well as incoming, then dropping the MS version. The MS firewall only reviews incoming packets, and will not prevent malware from "calling home." There are several good, free firewalls, but my own choice is Sygate Personal Firewall.
If you reformatted your hard drive, and reinstalled Windows OS, and now you are right back where you started, then I suspect you reinstalled the very "fun/pretty/helper" applications that led to the problem in the first place, or failed to set your security options once more when you installed IE. Then again, not installing your AV and not initialising your firewall BEFORE you went on line, could have caused the problems, since many computers end up infected within 20 minutes of going on line when such defences are not set up.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#9 tsagar

tsagar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 16 December 2004 - 11:49 PM

Definitely your typing skills. I've got Hi-Speed too.

I don't usually do this for a pint of ale, up here we have quarts. :thumbsup:

Leurgy, Scarlett and all others.

Thanks for all your excellent advises. I also tried modifying the 'hosts' file in system32\drivers\etc folder. This seems to be working. All you need to do is enter the offending ad site's url in front of 127.0.0.1. It seems the machine gets confused into thinking that itself is the ad server. Then, when it cannot find the ad program in itself, it kind of gives up trying to load the ad. This also saves the bandwidth.

As for pints and quarts of ale, all I can is jugs are far better in the task of transporting the liquid from table top to lips.

Scarlett Ale does sound good. I'll keep that in mind when I start my own brewery!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users