|
| |||||||
| Hardware Computers, displays, tablets, scanners, cameras, printers, etc. |
 |
| | Thread Tools |
|
#1
07-23-2005, 10:01 AM
| ||||
| ||||
| Virus , Posting for Help and Direction However now I find after all this time I have the Trojan Horse Dialer 17 E on here. I had no idea it was found , but looked in the Vault and there it was.  I know this is a photo site, but I have come to trust  the people here and believe I will be led in the right direction for help. If this is not an appropriate post for here, maybe someone can direct me for some help. I am a senior citizen and know a little about computers but this is just not something I know about to relieve the problem. Also I have Microsoft 2003 and it will not work properly either!! The program does not respond , and when I try to end it the end task effort does nothing. Can someone kindly help me or send me inthe right direction. I would be so pleased to have any help possible. Thanks Neb  |
|
#2
07-23-2005, 10:19 AM
| ||||
| ||||
| Hi Neb, First of all, have you got AdAware and Spybot S&D, if not, then download them from here. http://www.lavasoft.de/ http://spybot.safer-networking.de/en...oad/index.html Once you have downloaded and installed them, you MUST update them for the newest definitions. Now run a FULL scan with both of them. When you finish a scan with one, REBOOT before running the scan with the other, THEN REBOOT AGAIN. Often, some Malware can only be removed on Bootup. Also Update your AntiVirus and run a Scan, again REBOOT after the scan. If you're still having problems, post again, and I'll go through what you need to try next. Best of luck, Gary. |
|
#3
07-23-2005, 10:48 AM
| ||||
| ||||
| Thanks Thanks Gary: I have Ad Aware, ran a scan and nothing there. I also have Spy Doctor, and Spy Blaster. I run AGV antivirus and all clean there . Now it was today when I was looking closer at AGV that I saw the Quarantine Vault and that is where the Trojan is and it says not healed or something like that. I know I got SpyDoctor AFTER the date the Trojan was found. So maybe that is why I have this virus. I have been having problems with dialing into my provider, and now when I go to get my e-mail I get booted off totally?? So , will wait for you to post what you think I might need to do now. Thanks Neb |
|
#4
07-23-2005, 04:03 PM
| ||||
| ||||
| Hi Neb, if the Virus is in the "Virus Vault", it has been Quarantined, and is therefore safe. Sometimes it isn't possible to remove a virus without damaging your Operating System, in such cases the Anti Virus Program will encrypt the virus in such a way that it cannot operate. Did your E-mail problem start when you installed AVG, and do you use Outlook Express as your E-mail client ? If so, you will have to either turn off the E-mail scanner for AVG (easiest but least secure option) or manually configure the E-mail filter (complex, but I can guide you through it). What kind of Internet connection do you have, and in what way does it fail to operate ? As a quick test, to see if it is AVG causing your E-mail problems, do the following. Open AVG, Click on "Control Centre", Click on "E-mail Scanner" then Click on the "Properties" tab at the bottom of the window. Now another window will open, click on "Disable Plugin" then click "OK". This has disabled your E-mail scanner, try your E-mail now, and let me know what happens. Best of luck, Gary. Last edited by Gary Richardson; 07-23-2005 at 04:12 PM. |
|
#6
07-23-2005, 04:51 PM
| ||||
| ||||
| ok . already had e-mail scanner disabled Gary. Was having problems once before and so did it then and it began to work. Did the system restore done as well. Thanks to you both. Now I just downloaded RegistryFix, have either of you heard of it? It found 505 problems. I am not sure but said free scan so I bet I need to buy it and will not be able to. My friend said not to fool around with the registry , and that I may lose all my files and have not backed them up, as ..well...hate to admit it but my old computer came with CD Creator and loved it..but this one has Nero and do not know how to use it and tried and all that happened is that I got a bunch of Nero Icons on the CD. So have not tried it since. OH MY... Neb  |
|
#7
07-23-2005, 05:49 PM
| ||||
| ||||
| If you are still having problems with your computer there is an excellent site which gives good advice. www.suggestafix.com I've used it many times for computer help. Sanda |
|
#8
07-23-2005, 06:28 PM
| ||||
| ||||
| no advice, but one recommendation here - try avast! antivirus ( http://www.avast.com/ ), it's among the best you can get [well, as well as the AVG, it's czech program  ], and it's regular winner of the "100% Virus Bulletin award" (price awarded for detecting all ItW viruses (i.e. viruses known to be 'in the wild') in the test); home edition is for free, you just have to register... |
|
#10
07-23-2005, 07:18 PM
| ||||
| ||||
| Just one more word of caution, since you had a dialer fon your system and you are using a dialup connection - you are set up for a big disaster - especially if you are periodicly losing your connection. You may still have the dialer (or another one) and it is dropping your connection to dial an overseas 900 number - some of these numbers charge several hundred dollars a minute. Believe me, I know first hand from an experience several years ago and got the shock of my life when I received my phone bill. I was only able to get the charges cut in half but not eliminated. Funny thing is you can get voice 900 calls blocked but not data 900 calls. You might want to check out your network folder and see if their are any connections that you did not create. Also, go to Start - Run and type "msconfig" then go to the startup tab. Look down the list to see if there are any programs starting that you do not want to start, (you can usually tell by the path what programs the entries control) if so uncheck them. Dont worry too much about unchecking these entries - if something doesn't work after you reboot just go back in and check the entry again. Anyway, hopefully your problem is not another dialer but I just wanted you to be aware of what could happen. |
|
#12
07-23-2005, 10:58 PM
| ||||
| ||||
| Go to your control panel and choose network connections - if you are using dialup you should have an entry in their for that provider - you can open them up to see what phone number they are dialing and to make sure it is the one it is supposed to be. |
|
#14
07-24-2005, 02:14 AM
| ||||
| ||||
| Hi Neb, If you have disabled your System Restore, RE-ENABLE IT AT ONCE if you have a problem now, it will not be possible for you to recover from it. As you have disabled it, it will have cleared out all your restore points, so if there was any malware it will now be gone. Re-enabling it means it will create a new Restore Point automatically. Even if this is infected, better to have an infected point you can restore to, than no point at all. You can find instructions on how to enable and re enable system restore here: Windows XP System Restore Guide re-enable system restore with instructions from tutorial above. It is not likely that running a Registry Fix will resolve your problems, also, your friend is right, it is not a good idea to change anything in your system registry without first doing a Registry Backup. The easiest way to do this, is to create a System Restore Point. To do this, Click on Start/All Programs/Accessories/System Tools/System Restore then check Create a Restore Point click the Next button, Now type a Name into the box (it adds date automatically) and click the Create button. Last edited by Gary Richardson; 07-24-2005 at 02:28 AM. |
|
#15
07-24-2005, 02:42 AM
| ||||
| ||||
| You may have malware that your scanners are not picking up. First you need to download Hijack This from here Download Link To a location on your computer where you can find it. I recommend you create a New Folder C:\Hijack This It is important you unzip it into this folder for the following reasons. 1. If you run it from its Zip File, the program cannot create backups, which may be needed if mistakes are made. 2. If you put it in a Temp File, HJT and the backups may get deleted if its needed to clear out your Temp Files as part of the cure. Once it is located, Navigate to the folder using Windows Explorer or My Computer, and double click on HijackThis.exe.. When its opened for the first time you’ll get a startup screen. Click on Don’t show this frame again when I start Hijack This then Click on None of the above just start the program. Before your first scan, we need to check the configuration. Click on the Config button in the bottom right hand corner. Now confirm the following are checked. Make backups before fixing items Confirm fixing & ignoring of items (safe mode) Include list of running processes in logfiles The other items should be unchecked. Click the Back button to return to the Scan page. Click on the Scan button, and wait for the scan to finish (this may take some time depending on the number of items in your log). When finished the Scan button will turn to a Save Log button, click on this and save the log (by default to the same folder that HijackThis,exe is in). To paste it into a Forum, do the following. Navigate to your Hijack This folder, double click on the hijackthis.log file, a text document will now be open on your screen. Click on Edit/ Select All, then Edit/Copy, then open the Posting Screen on the Forum, right click in the screen, and click on Paste. The text should now be in the message. Press Submit. If you post a HJT log here, I'll have a look at it, and I'll be able to tell you if you need to seek expert advice. DO NOT ATTEMPT TO FIX ANYTHING WITH HJT, NO MATTER WHAT ADVICE YOU ARE GIVEN BY OTHERS, HJT CAN DO IRREPERABLE HARM TO YOUR COMPUTER IF NOT USED WITH EXPERT GUIDANCE. |
|
#16
07-24-2005, 03:20 PM
| ||||
| ||||
| Hi Gary,Great Gye, and others. Thank you so much for taking the time to post help suggestions. Thsi is just too much for a novice like me. I am just going to backup all my files and do a complete restoration. I do have Nero and do not know how to use it. I tried once and all I got was a bunch of Nero Icons with nothing in them??? If you have any suggestions or want to post a how to please feelfree to ok? Thanks for everything!! NEB |
|
#17
07-24-2005, 04:18 PM
| ||||
| ||||
| Nero Not sure what version of Nero that you have, but these tutorials may help Nero Tutorials Ahead Nero Instructions for Burning a Data CD How to use Nero Express to create a data CD to backup your files |
|
#18
11-16-2005, 03:59 PM
| ||||
| ||||
| A friend rang me last Week and asked for help. His XP computer is infected with Trojan Startup Nameshifter A I am going over at weekend to try to help him. I have read this thread and prepared a CD containing the latest versions of Adaware Spybot Avast Hijack This WinsockFix MultiAv Stinger Trend Sysclean Package and pattern KaSx Kaspersky I have used all these programs before. The trouble is I can find no info on this Trojan. Is anybody familiar with this or have a removal tool or procedure. I have searched but can find no info. I did find a little on Trojan Startup Nameshifter EW/wingu/EZ but I don’t know if this is similar. Should I take any other programs? I don’t know if my friend has internet access. Ken |
|
#19
11-16-2005, 04:54 PM
| ||||
| ||||
| I just had my computer guy who is a long time trusted friend tell me that he is now using Spy Sweeper besides Adaware and Spybot and he thinks it's better because when he ran the other two they only found 4 things and spy sweeper found 116 and 3 of them were trojans. That's what he told me to get anyways. |
|
#21
11-16-2005, 08:46 PM
| ||||
| ||||
| Thanks Twinkissed I found it here http://www.webroot.com/consumer/products/spysweeper There is a free online scanner. Thanks Pierre. I found info on Trojan.Startup.Nameshifter.XXX Are they all the same? Ken |
|
#22
11-16-2005, 10:50 PM
| |||
| |||
| Restore as virus protection? I quit running any virus protection other than "mailwasher" and I've taken steps to keep my address book from being Hi Jacked. I've been able to quit worrying about viruses by building a really current restore point and whenever I suspect a problem I just return to my restore point. I keep very little on My C: partition to lose... favorites, addresses and e-mails can be saved on the other Partition or hard drive when needed. windows-XP and I think Win/me have RESTORE programs built in and are worth getting familar with.. I use win2000Pro and a little program that came with my motherboard called RestoreIt..... http://www.farstone.com/home/ensite/...estoreit.shtml requirements CPU: Intel Pentium 133 or higher RAM: 256MB or more Hard Drive: 400MB free space for the program and partition Operating Systems: Windows 2000 and XP platforms for desktops and laptops RAID Support: RAID 0/1.... I have installed it on hard drives without RAID Support ----------------------------------------- I've used the built in XP restore Program to build the same recovery protection on a couple of computers. The key to making this an acceptable method is returning to the restore point before before making permanent changes and then creating another. I usually make the new restore point a temporary one for a few days while I check for problems before making it permanent... windows XP allows more freedom there it seemed . Not a plan for everyone for sure but once in place all problems go away with a mouse click. |
|
#23
11-17-2005, 05:12 AM
| ||||
| ||||
| Webroot Spysweeper also has a free 14 day trial copy you can download, available from http://www.webroot.com/consumer/down...9941ba8e8052f1 The trojan your friend has is often tied to the Vundo (Virtumundo Trojan), or Apropos infections. You would be well advised to run a copy of HijackThis on his computer, then post a copy of his log to one of the following forums for analysis. http://spywarewarrior.com/index.php http://castlecops.com/forums.html http://www.spywareinfo.com/tempforum/index.php?act=idx http://forum.malwareremoval.com/prof...610a8387960061 These are serious infections, and can be very difficult to remove. Often auto tools do not do a very good job of totally cleaning a system, and re-infection can occur. Apropos in particular comes with a rootkit, and this can only be removed using specialist tools. (Sometimes not even then). HJT available from http://www.merijn.org/files/hijackthis.zip Good luck, Gary |
|
#24
11-17-2005, 05:57 AM
| ||||
| ||||
| Quote:
That is a very poor method, and in reality gives no protection at all If you have a dormant virus within your file system, you will be restoring the virus as well as the windows There are also viruses/worms out there that can rewrite themselves in to the system as you run the restore point procedure. By saving file to another drive or partition, it does not make them safe. In fact the viruses can spread to any drive or partition within the system, so they may be reinfecting your windows.Anti virus software is free and all over the net, so I would advise getting some protection back on your system. |
|
#25
11-17-2005, 06:37 AM
| |||
| |||
| Don't be such a Know it all Not a plan for everyone for sure A lot of people don't get it... but no.. there are no viruses built into the permanent restore points. By always returning to the restore point before making changes (and creating a new restore point when finished) the system hasn't been exposed to the net. Just think of formatting the HDD then sitting down and installing windows, all software, preferences and other tweaks all at one time without ever going online before making that restore point.. In effect that is what is accomplished by always returning to the restore point before making changes. That said, I did go online once to download and install service pack#4 for win2000... but... after doing that I 1st made a new restore point then went to trend micro's "house call" ran their scan for viruses..... found none... and then returned to the restore point I made before running the scan.. which means all traces of going back online for the House call scan were also removed.. It's tricky! and you have to be dedicated to returning to the restore point before making changes but it does work.. another advantage I find is that I have no fear of installing trial software.. things I may not want .. or full versions of software until I decide which portions are actually usefull. I've heard there are viruses that cross over partitions but I've never had one and I've been tweaking this restore point idea for nearly a year with no problem at all.. As a precaution I have made backup DVD's. If anyone does try this I've found it interesting and learn little tricks to make it easier... like starting a list of all the little things to be added next time I make a major change... for instance one was to be signed in here.. another was to open all my photo files with the PhotoShop browser so that thumbnails were made.. I made a few stationarys to choose from in outlook express and so on. I even have a shortcut to the "list" on my desktop.. the actually list is kept on the other partition so that when I use the restore point the shortcut brings up the current "list".. whoever that makes sense to will have little problem using this method. Besides virus protection the speed enjoyed after restoring makes it worthwhile.. I have about 3 gigs of windows and software installed and defragged when I return and the machine runs quick... none of the debris. |
|
#26
11-17-2005, 08:21 AM
| ||||
| ||||
| Fair enough, but as a Microsoft Registered Partner and IT adviser, I wouldn't recommend it  If you are happy with how it works for you, then thats OK for you. But as a general/possible alternative to Anti-virus protection, it wouldn't give the cover needed for people using the net on a day to day basis.One worm/virus that is flying all over at the moment is Linux.Plupii. It is exploiting Linux based web servers all over the world, and has attempted to get to my Windows based server many times. I have security in place that not only told me of the attack, but also told me when and where it came from. If the host of this site was hit by it, the hacker would be able to change scripts within this site and infect members (without anti-virus protection) with any number of viruses/Trojans/worms etc. I have just had to inform an IT college in Bathurst, Sydney,(Au) that their system has been hit by it, and they are at risk of infecting users of their site and server. Not to mention the fact that until they patch their system and reinstall everything from scratch, it is constantly trying to search out other web servers to infect (mine being one of them). Neither their head of department, or IT manager were aware of the infection and they had no signs of it from their server logs or scans, but sure enough it was there. PS: wasn't having a go at what you said, just didn't want to let people think they could drop anti-virus and use that method as a replacement   Last edited by chrishoggy; 11-17-2005 at 08:29 AM. |
|
#27
11-17-2005, 08:52 AM
| |||
| |||
| Legend in your own mind? That's more of a rave about your skills... I am on the net 15-20 hrs a day... On A phone line, I mention that as those virus protection programs have a more noticeable slowdown effect on those of us trying to keep up with the increasing demand for more speed on the WWW. Before developing this technique for utilizing restore points I was accustomed to formatting and reinstalling everything on Partition C: ... to get rid of bugs and glitches. I had gotten good at it and kept most of the needed installs on another Partition to accelerate things but it was still drudgery. This does all that but much more thoroughly.. No forgotten tweaks. and it all happens with a click of the mouse and a leisurely trip to the kitchen for a coffee refill. It's not high tech.. I find it interesting and I simply offered it as an alternative... those who embrace the offerings of virus protection software won't have paid this advice any notice.. It's for the others.. |
|
#28
11-17-2005, 09:12 AM
| ||||
| ||||
| Quote:
Quote:
Quote:
 ?????????????????I've given people/you my advice/opinion, take it or leave it. The choice is theirs/yours to make. I won't bother giving IT advice again on here, as it seems it is not appreciated   |
|
#29
11-17-2005, 09:21 AM
| |||
| |||
| Is this a case of the pot calling the Kettle black? Have you forgotten your opening salvo? That is a very poor method, and in reality gives no protection at all I'm sure you are offering worthwhile advice .. but be careful of your critiques of other's .. |
|
#30
11-17-2005, 09:41 AM
| ||||
| ||||
| I stand by that statement 100%. Did you forget this part. Quote:
|
|
| Thread Tools | |
| |
Well HELP please. Where is my network folder? How do I find it? Better look now. Thanks and please hang with me!! 
