RetouchPRO

Go Back   RetouchPRO > Tools > Hardware
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read Chat Room


Hardware Computers, displays, tablets, scanners, cameras, printers, etc.

Reply
 
Thread Tools
  #1  
Old 07-23-2005, 10:01 AM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
Virus , Posting for Help and Direction

Well, my computer has been acting up for a while now. Thought the problem happened when I ordered more memory and Gateway sent the wrong chip..Imagine That!! At install it made my computer run and not stop.

However now I find after all this time I have the Trojan Horse Dialer 17 E on here. I had no idea it was found , but looked in the Vault and there it was.

I know this is a photo site, but I have come to trust the people here and believe I will be led in the right direction for help. If this is not an appropriate post for here, maybe someone can direct me for some help. I am a senior citizen and know a little about computers but this is just not something I know about to relieve the problem.

Also I have Microsoft 2003 and it will not work properly either!! The program does not respond , and when I try to end it the end task effort does nothing. Can someone kindly help me or send me inthe right direction. I would be so pleased to have any help possible. Thanks Neb
Reply With Quote
  #2  
Old 07-23-2005, 10:19 AM
Gary Richardson's Avatar
Moderator
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Neb,

First of all, have you got AdAware and Spybot S&D, if not, then download them from here.
http://www.lavasoft.de/
http://spybot.safer-networking.de/en...oad/index.html

Once you have downloaded and installed them, you MUST update them for the newest definitions.

Now run a FULL scan with both of them. When you finish a scan with one, REBOOT before running the scan with the other, THEN REBOOT AGAIN.

Often, some Malware can only be removed on Bootup.

Also Update your AntiVirus and run a Scan, again REBOOT after the scan.

If you're still having problems, post again, and I'll go through what you need to try next.

Best of luck,

Gary.
Reply With Quote
  #3  
Old 07-23-2005, 10:48 AM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
Thanks

Thanks Gary:
I have Ad Aware, ran a scan and nothing there. I also have Spy Doctor, and Spy Blaster. I run AGV antivirus and all clean there .

Now it was today when I was looking closer at AGV that I saw the Quarantine Vault and that is where the Trojan is and it says not healed or something like that.

I know I got SpyDoctor AFTER the date the Trojan was found. So maybe that is why I have this virus. I have been having problems with dialing into my provider, and now when I go to get my e-mail I get booted off totally??

So , will wait for you to post what you think I might need to do now. Thanks Neb
Reply With Quote
  #4  
Old 07-23-2005, 04:03 PM
Gary Richardson's Avatar
Moderator
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Neb, if the Virus is in the "Virus Vault", it has been Quarantined, and is therefore safe.

Sometimes it isn't possible to remove a virus without damaging your Operating System, in such cases the Anti Virus Program will encrypt the virus in such a way that it cannot operate.

Did your E-mail problem start when you installed AVG, and do you use Outlook Express as your E-mail client ?

If so, you will have to either turn off the E-mail scanner for AVG (easiest but least secure option) or manually configure the E-mail filter (complex, but I can guide you through it).

What kind of Internet connection do you have, and in what way does it fail to operate ?

As a quick test, to see if it is AVG causing your E-mail problems, do the following.

Open AVG, Click on "Control Centre", Click on "E-mail Scanner" then Click on the "Properties" tab at the bottom of the window.

Now another window will open, click on "Disable Plugin" then click "OK".

This has disabled your E-mail scanner, try your E-mail now, and let me know what happens.

Best of luck,

Gary.

Last edited by Gary Richardson; 07-23-2005 at 04:12 PM.
Reply With Quote
  #5  
Old 07-23-2005, 04:29 PM
greatguy's Avatar
Junior Member
 
Join Date: Jan 2005
Location: Crown Point, IN
Posts: 22
Gary has good advice, you may also want to turn off your "system restore" Control panel - system - system restore - turn off. to prevent windows from reinstalling a file it can no longer find.
Reply With Quote
  #6  
Old 07-23-2005, 04:51 PM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
ok . already had e-mail scanner disabled Gary. Was having problems once before and so did it then and it began to work.
Did the system restore done as well. Thanks to you both.

Now I just downloaded RegistryFix, have either of you heard of it? It found 505 problems. I am not sure but said free scan so

I bet
I need to buy it and will not be able to. My friend said not to fool around with the registry , and that I may lose all my files and have not backed them up, as ..well...hate to admit it but my old computer came with CD Creator and loved it..but this one has Nero and do not know how to use it and tried and all that happened is that I got a bunch of Nero Icons on the CD. So have not tried it since. OH MY... Neb
Reply With Quote
  #7  
Old 07-23-2005, 05:49 PM
Sanda's Avatar
Senior Member
 
Join Date: Oct 2001
Location: Sydney Australia
Posts: 573
If you are still having problems with your computer there is an excellent site which gives good advice. www.suggestafix.com I've used it many times for computer help.
Sanda
Reply With Quote
  #8  
Old 07-23-2005, 06:28 PM
JustChecking's Avatar
Senior Member
 
Join Date: Jul 2004
Location: Czech Rep.
Posts: 257
no advice, but one recommendation here - try avast! antivirus ( http://www.avast.com/ ), it's among the best you can get [well, as well as the AVG, it's czech program ], and it's regular winner of the "100% Virus Bulletin award" (price awarded for detecting all ItW viruses (i.e. viruses known to be 'in the wild') in the test); home edition is for free, you just have to register...
Reply With Quote
  #9  
Old 07-23-2005, 06:39 PM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
Thanks Sanda.
I am pullin gthe site up now. Neb

PS: Looked at your site..nice work and nice site!!
Reply With Quote
  #10  
Old 07-23-2005, 07:18 PM
greatguy's Avatar
Junior Member
 
Join Date: Jan 2005
Location: Crown Point, IN
Posts: 22
Just one more word of caution, since you had a dialer fon your system and you are using a dialup connection - you are set up for a big disaster - especially if you are periodicly losing your connection. You may still have the dialer (or another one) and it is dropping your connection to dial an overseas 900 number - some of these numbers charge several hundred dollars a minute. Believe me, I know first hand from an experience several years ago and got the shock of my life when I received my phone bill. I was only able to get the charges cut in half but not eliminated. Funny thing is you can get voice 900 calls blocked but not data 900 calls. You might want to check out your network folder and see if their are any connections that you did not create. Also, go to Start - Run and type "msconfig" then go to the startup tab. Look down the list to see if there are any programs starting that you do not want to start, (you can usually tell by the path what programs the entries control) if so uncheck them. Dont worry too much about unchecking these entries - if something doesn't work after you reboot just go back in and check the entry again. Anyway, hopefully your problem is not another dialer but I just wanted you to be aware of what could happen.
Reply With Quote
  #11  
Old 07-23-2005, 10:41 PM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
OMGosh. Well HELP please. Where is my network folder? How do I find it? Better look now. Thanks and please hang with me!!
Reply With Quote
  #12  
Old 07-23-2005, 10:58 PM
greatguy's Avatar
Junior Member
 
Join Date: Jan 2005
Location: Crown Point, IN
Posts: 22
Go to your control panel and choose network connections - if you are using dialup you should have an entry in their for that provider - you can open them up to see what phone number they are dialing and to make sure it is the one it is supposed to be.
Reply With Quote
  #13  
Old 07-23-2005, 11:02 PM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
Found my network folder there are two dialers there both my ISP name and number..this ok?? Neb
Reply With Quote
  #14  
Old 07-24-2005, 02:14 AM
Gary Richardson's Avatar
Moderator
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Neb,

If you have disabled your System Restore, RE-ENABLE IT AT ONCE if you have a problem now, it will not be possible for you to recover from it.

As you have disabled it, it will have cleared out all your restore points, so if there was any malware it will now be gone. Re-enabling it means it will create a new Restore Point automatically. Even if this is infected, better to have an infected point you can restore to, than no point at all.

You can find instructions on how to enable and re enable system restore here: Windows XP System Restore Guide
re-enable system restore with instructions from tutorial above.

It is not likely that running a Registry Fix will resolve your problems, also, your friend is right, it is not a good idea to change anything in your system registry without first doing a Registry Backup.

The easiest way to do this, is to create a System Restore Point. To do this, Click on Start/All Programs/Accessories/System Tools/System Restore then check Create a Restore Point click the Next button, Now type a Name into the box (it adds date automatically) and click the Create button.

Last edited by Gary Richardson; 07-24-2005 at 02:28 AM.
Reply With Quote
  #15  
Old 07-24-2005, 02:42 AM
Gary Richardson's Avatar
Moderator
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
You may have malware that your scanners are not picking up.

First you need to download Hijack This from here Download Link
To a location on your computer where you can find it. I recommend you create a New Folder C:\Hijack This

It is important you unzip it into this folder for the following reasons.

1. If you run it from its Zip File, the program cannot create backups, which may be needed if mistakes are made.
2. If you put it in a Temp File, HJT and the backups may get deleted if its needed to clear out your Temp Files as part of the cure.

Once it is located, Navigate to the folder using Windows Explorer or My Computer, and double click on HijackThis.exe..

When its opened for the first time you’ll get a startup screen.
Click on Don’t show this frame again when I start Hijack This then
Click on None of the above just start the program.

Before your first scan, we need to check the configuration.
Click on the Config button in the bottom right hand corner.
Now confirm the following are checked.

Make backups before fixing items
Confirm fixing & ignoring of items (safe mode)
Include list of running processes in logfiles


The other items should be unchecked.

Click the Back button to return to the Scan page.


Click on the Scan button, and wait for the scan to finish (this may take some time depending on the number of items in your log).

When finished the Scan button will turn to a Save Log button, click on this and save the log (by default to the same folder that HijackThis,exe is in).

To paste it into a Forum, do the following.

Navigate to your Hijack This folder, double click on the hijackthis.log file, a text document will now be open on your screen. Click on Edit/ Select All, then Edit/Copy, then open the Posting Screen on the Forum, right click in the screen, and click on Paste. The text should now be in the message. Press Submit.

If you post a HJT log here, I'll have a look at it, and I'll be able to tell you if you need to seek expert advice.

DO NOT ATTEMPT TO FIX ANYTHING WITH HJT, NO MATTER WHAT ADVICE YOU ARE GIVEN BY OTHERS, HJT CAN DO IRREPERABLE HARM TO YOUR COMPUTER IF NOT USED WITH EXPERT GUIDANCE.
Reply With Quote
  #16  
Old 07-24-2005, 03:20 PM
nebgranny's Avatar
Senior Member
 
Join Date: Mar 2005
Posts: 521
Hi Gary,Great Gye, and others. Thank you so much for taking the time to post help suggestions.

Thsi is just too much for a novice like me. I am just going to backup all my files and do a complete restoration.

I do have Nero and do not know how to use it. I tried once and all I got was a bunch of Nero Icons with nothing in them???

If you have any suggestions or want to post a how to please feelfree to ok?

Thanks for everything!! NEB
Reply With Quote
  #17  
Old 07-24-2005, 04:18 PM
T Paul's Avatar
Moderator
 
Join Date: Aug 2001
Location: USA
Posts: 2,844
Nero

Not sure what version of Nero that you have, but these tutorials may help

Nero Tutorials

Ahead Nero Instructions for Burning a Data CD

How to use Nero Express to create a data CD to backup your files
Reply With Quote
  #18  
Old 11-16-2005, 03:59 PM
Cameraken's Avatar
Senior Member
 
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,122
A friend rang me last Week and asked for help. His XP computer is infected with

Trojan Startup Nameshifter A

I am going over at weekend to try to help him.

I have read this thread and prepared a CD containing the latest versions of

Adaware
Spybot
Avast
Hijack This
WinsockFix
MultiAv
Stinger
Trend Sysclean Package and pattern
KaSx Kaspersky

I have used all these programs before.

The trouble is I can find no info on this Trojan. Is anybody familiar with this or have a removal tool or procedure. I have searched but can find no info.
I did find a little on Trojan Startup Nameshifter EW/wingu/EZ but I don’t know if this is similar.

Should I take any other programs? I don’t know if my friend has internet access.

Ken
Reply With Quote
  #19  
Old 11-16-2005, 04:54 PM
twinkissed's Avatar
Senior Member
 
Join Date: Sep 2005
Posts: 270
I just had my computer guy who is a long time trusted friend tell me that he is now using Spy Sweeper besides Adaware and Spybot and he thinks it's better because when he ran the other two they only found 4 things and spy sweeper found 116 and 3 of them were trojans. That's what he told me to get anyways.
Reply With Quote
  #20  
Old 11-16-2005, 07:43 PM
Panpan's Avatar
Senior Member
 
Join Date: Jun 2005
Location: Gatineau, QC Canada
Posts: 352
Here is some information on NameShifter.

Pierre
Reply With Quote
  #21  
Old 11-16-2005, 08:46 PM
Cameraken's Avatar
Senior Member
 
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,122
Thanks Twinkissed

I found it here
http://www.webroot.com/consumer/products/spysweeper

There is a free online scanner.



Thanks Pierre.

I found info on Trojan.Startup.Nameshifter.XXX

Are they all the same?

Ken
Reply With Quote
  #22  
Old 11-16-2005, 10:50 PM
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
Restore as virus protection?

I quit running any virus protection other than "mailwasher" and I've taken steps to keep my address book from being Hi Jacked.

I've been able to quit worrying about viruses by building a really current restore point and whenever I suspect a problem I just return to my restore point.

I keep very little on My C: partition to lose... favorites, addresses and e-mails can be saved on the other Partition or hard drive when needed.

windows-XP and I think Win/me have RESTORE programs built in and are worth getting familar with.. I use win2000Pro and a little program that came with my motherboard called RestoreIt.....

http://www.farstone.com/home/ensite/...estoreit.shtml

requirements
CPU: Intel Pentium 133 or higher
RAM: 256MB or more
Hard Drive: 400MB free space for the program and partition
Operating Systems: Windows 2000 and XP platforms for desktops and laptops
RAID Support: RAID 0/1.... I have installed it on hard drives without RAID Support

-----------------------------------------

I've used the built in XP restore Program to build the same recovery protection on a couple of computers.

The key to making this an acceptable method is returning to the restore point before before making permanent changes and then creating another.

I usually make the new restore point a temporary one for a few days while I check for problems before making it permanent... windows XP allows more freedom there it seemed .

Not a plan for everyone for sure but once in place all problems go away with a mouse click.
Reply With Quote
  #23  
Old 11-17-2005, 05:12 AM
Gary Richardson's Avatar
Moderator
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Webroot Spysweeper also has a free 14 day trial copy you can download, available from http://www.webroot.com/consumer/down...9941ba8e8052f1

The trojan your friend has is often tied to the Vundo (Virtumundo Trojan), or Apropos infections.

You would be well advised to run a copy of HijackThis on his computer, then post a copy of his log to one of the following forums for analysis.

http://spywarewarrior.com/index.php
http://castlecops.com/forums.html
http://www.spywareinfo.com/tempforum/index.php?act=idx
http://forum.malwareremoval.com/prof...610a8387960061

These are serious infections, and can be very difficult to remove. Often auto tools do not do a very good job of totally cleaning a system, and re-infection can occur.

Apropos in particular comes with a rootkit, and this can only be removed using specialist tools. (Sometimes not even then).

HJT available from http://www.merijn.org/files/hijackthis.zip

Good luck,

Gary
Reply With Quote
  #24  
Old 11-17-2005, 05:57 AM
chrishoggy's Avatar
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 576
Blog Entries: 1
Quote:
I quit running any virus protection other than "mailwasher" and I've taken steps to keep my address book from being Hi Jacked.

That is a very poor method, and in reality gives no protection at all
If you have a dormant virus within your file system, you will be restoring the virus as well as the windows There are also viruses/worms out there that can rewrite themselves in to the system as you run the restore point procedure. By saving file to another drive or partition, it does not make them safe. In fact the viruses can spread to any drive or partition within the system, so they may be reinfecting your windows.
Anti virus software is free and all over the net, so I would advise getting some protection back on your system.
Reply With Quote
  #25  
Old 11-17-2005, 06:37 AM
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
Don't be such a Know it all

Not a plan for everyone for sure

A lot of people don't get it... but no.. there are no viruses built into the permanent restore points.

By always returning to the restore point before making changes (and creating a new restore point when finished) the system hasn't been exposed to the net.

Just think of formatting the HDD then sitting down and installing windows, all software, preferences and other tweaks all at one time without ever going online before making that restore point.. In effect that is what is accomplished by always returning to the restore point before making changes.

That said, I did go online once to download and install service pack#4 for win2000... but... after doing that I 1st made a new restore point then went to trend micro's "house call" ran their scan for viruses..... found none... and then returned to the restore point I made before running the scan.. which means all traces of going back online for the House call scan were also removed..

It's tricky! and you have to be dedicated to returning to the restore point before making changes but it does work..

another advantage I find is that I have no fear of installing trial software.. things I may not want .. or full versions of software until I decide which portions are actually usefull.

I've heard there are viruses that cross over partitions but I've never had one and I've been tweaking this restore point idea for nearly a year with no problem at all.. As a precaution I have made backup DVD's.

If anyone does try this I've found it interesting and learn little tricks to make it easier... like starting a list of all the little things to be added next time I make a major change... for instance one was to be signed in here.. another was to open all my photo files with the PhotoShop browser so that thumbnails were made.. I made a few stationarys to choose from in outlook express and so on.

I even have a shortcut to the "list" on my desktop.. the actually list is kept on the other partition so that when I use the restore point the shortcut brings up the current "list".. whoever that makes sense to will have little problem using this method.

Besides virus protection the speed enjoyed after restoring makes it worthwhile.. I have about 3 gigs of windows and software installed and defragged when I return and the machine runs quick... none of the debris.
Reply With Quote
  #26  
Old 11-17-2005, 08:21 AM
chrishoggy's Avatar
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 576
Blog Entries: 1
Fair enough, but as a Microsoft Registered Partner and IT adviser, I wouldn't recommend it If you are happy with how it works for you, then thats OK for you. But as a general/possible alternative to Anti-virus protection, it wouldn't give the cover needed for people using the net on a day to day basis.
One worm/virus that is flying all over at the moment is Linux.Plupii. It is exploiting Linux based web servers all over the world, and has attempted to get to my Windows based server many times. I have security in place that not only told me of the attack, but also told me when and where it came from. If the host of this site was hit by it, the hacker would be able to change scripts within this site and infect members (without anti-virus protection) with any number of viruses/Trojans/worms etc.
I have just had to inform an IT college in Bathurst, Sydney,(Au) that their system has been hit by it, and they are at risk of infecting users of their site and server. Not to mention the fact that until they patch their system and reinstall everything from scratch, it is constantly trying to search out other web servers to infect (mine being one of them). Neither their head of department, or IT manager were aware of the infection and they had no signs of it from their server logs or scans, but sure enough it was there.

PS: wasn't having a go at what you said, just didn't want to let people think they could drop anti-virus and use that method as a replacement

Last edited by chrishoggy; 11-17-2005 at 08:29 AM.
Reply With Quote
  #27  
Old 11-17-2005, 08:52 AM
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
Legend in your own mind?

That's more of a rave about your skills...

I am on the net 15-20 hrs a day... On A phone line, I mention that as those virus protection programs have a more noticeable slowdown effect on those of us trying to keep up with the increasing demand for more speed on the WWW.

Before developing this technique for utilizing restore points I was accustomed to formatting and reinstalling everything on Partition C: ... to get rid of bugs and glitches. I had gotten good at it and kept most of the needed installs on another Partition to accelerate things but it was still drudgery.

This does all that but much more thoroughly.. No forgotten tweaks. and it all happens with a click of the mouse and a leisurely trip to the kitchen for a coffee refill.

It's not high tech.. I find it interesting and I simply offered it as an alternative... those who embrace the offerings of virus protection software won't have paid this advice any notice.. It's for the others..
Reply With Quote
  #28  
Old 11-17-2005, 09:12 AM
chrishoggy's Avatar
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 576
Blog Entries: 1
Quote:
Don't be such a Know it all
Quote:
That's more of a rave about your skills...
Quote:
Legend in your own mind?
There was no need for any of that ?????????????????
I've given people/you my advice/opinion, take it or leave it. The choice is theirs/yours to make.
I won't bother giving IT advice again on here, as it seems it is not appreciated
Reply With Quote
  #29  
Old 11-17-2005, 09:21 AM
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
Is this a case of the pot calling the Kettle black?

Have you forgotten your opening salvo?

That is a very poor method, and in reality gives no protection at all

I'm sure you are offering worthwhile advice .. but be careful of your critiques of other's ..
Reply With Quote
  #30  
Old 11-17-2005, 09:41 AM
chrishoggy's Avatar
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 576
Blog Entries: 1
I stand by that statement 100%.
Did you forget this part.
Quote:
PS: wasn't having a go at what you said, just didn't want to let people think they could drop anti-virus and use that method as a replacement
End of discussion
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -6. The time now is 11:18 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2008 Doug Nelson. All Rights Reserved