Computer Expert Required

Submitted: Tuesday, May 24, 2005 at 01:32
ThreadID: 23257 Views:2952 Replies:23 FollowUps:14
This Thread has been Archived
A little off topic but since this forum is so full of good advice, why not ask a question about a computer issue.

I have just noticed that I seem to have been attacked by a spamer who is using my computer to distribute their spam.

I use Norton Anti Virus, Yes it is registered and updated by Norton constantly.
It is set to scan all incoming AND outgoing emails as well as all files on the Hard drive 3 times a week.
Every so often in the last 3 days I have suddenly seen the outgoing scan icon appear and a $hit load of outgoing mail scans occur, they are not going put from my out box (Outlook Express) but are certainly being scanned out wards by Norton through my computer, I also note the volume of upload and down load increase dramatically.

If I cut of the connection I get a message that says "You or a program you have set is requesting to connect to webadi.robobot.org or upseek.org and today a series of numbers ????????.org (Did not write them down)

I have obviously been infected by something and it is not being picked up by Norton, Spybot, Adware scans.
So can anyone tell me what has got me and how do I stop it and remove it.

Oh!!! I know it's spam as some of the stuff sent is rejected and Norton tells me with a rejection notice which has a Norton ID number that when I look up tells me its spam, I also get what appears to be a subject line in that reject message that says things that relate to porn and other obvious crap.

I have always been very very careful about what sites I access and I use mailwasher to also help filter my emails as well as up to date anti virus and I have still been hit.

I really hate these ba$tards who set up and propagate this $hit, I own a bull bar and would use it on these buggers in a way that would upset Mr Scrubby.

Any help or guidance, web sites or down loads that anyone knows of would be appreciated.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

Back Expand Un-Read 0 Moderator

Reply By: Member - Wesley S (WA) - Tuesday, May 24, 2005 at 03:29

Tuesday, May 24, 2005 at 03:29
John

Unfortunately you are infected with gremlins, based on what you are saying about all the programs and scans you have done (assuming they are up to date with the latest definitions) your quickest and most definite solution may be a reformat and reload.

Backup up all your data, documents, favourites, outllok files etc and blitz the hard drive. (2 hours of your time).

Or you could spend coutnless hours maybe even days trying to find this gremlin that is buried deep in your system.

What ever you choose to do I would do it fast before you get blacklisted on the anti-spam sites.

I agree with your course of action if you ever catch the buggers however you would be the first to acheive such a feat which is akin to catching a fly with chop sticks, possible but not feasible.
AnswerID: 112532

Follow Up By: Member - Wesley S (WA) - Tuesday, May 24, 2005 at 11:21

Tuesday, May 24, 2005 at 11:21
John

In the time it has taken to read all this stuff, you could have reformatted and reloaded your computer 3 times.
0
FollowupID: 368784

Reply By: Rosco - Bris. - Tuesday, May 24, 2005 at 06:13

Tuesday, May 24, 2005 at 06:13
John

Sorry to say it cobber, but your box has got a dose. ... ;-))

I had a similar problem a few months ago and fortunately we were able to clean it out without reformating the hd.

Over the years I have tried and been let down by Leprechaun, Macafee, Norton, AVG and a couple of others I can't recall. It would seem on occasions they are simply not up to the task.

The only thing I can suggest is trying other anti-virus software in the hope it'll catch the bug. You will most likely need to disable or perhaps even temporarily remove Norton, as you will invariably get a conflict between 2 different sets of anti-virus software.

You may like to try vet.com.au .. it's an Aus program I'm currently using, which seems ?? to be up to the task.

Good luck
AnswerID: 112533

Reply By: Member - Peter D M - Tuesday, May 24, 2005 at 06:44

Tuesday, May 24, 2005 at 06:44
hi john.
i'm no expert but from expensive experience, like roscoe i've used vet anti virus, 18 months with no problems. the data miners etc, i use adaware and spybot and update regularly. in the last week or so i've been getting heaps of mail from germany with links to sites. optus tells me this is the current virus causing trouble. i'm being extra carefull as a lot of this is coming in loking like it is from the 4x4 state associations that i normally deal with.
as a try do a manual update from norton.

regards peter
AnswerID: 112535

Reply By: Troll83 - Tuesday, May 24, 2005 at 07:08

Tuesday, May 24, 2005 at 07:08
Hi John

I should be able to help you been in the IT industry for years. Can you go to microsoft.com and download their new spuware program and run that and clear anything you find. Can you also open your taskmanager and take a screen shot of all the processes running and email that through

Are you on a perminent internet connection? do you have a router or a modem?
Check the "hosts" file and if it has any entries other than 127.0.0.1, comment them out.
For Windows XP and 2000 look in C:\WINDOWS\SYSTEM32\DRIVERS\ETC
For Windows 98\ME look in C:\WINDOWS
Prob best you email all the answers back to me. Also what version of windows do you have. The more info you can give me the better.

Regards,
AnswerID: 112536

Reply By: Nudenut - Tuesday, May 24, 2005 at 07:35

Tuesday, May 24, 2005 at 07:35
another good thing to get is spybot and adaware...run these things to check for n-case and the like....

recently, my bro'inlaw had the same problem...couldnt get data as the comp had been taken over by one or more trojan....

I ran spybot and adaware first and then vet... all okay now

n-case is or can be a prick of a thing to get rid of ...but vet and/or spybot takes care of it ...one of them does ...
i use no-adware...look around on the net..lots of cracks for it too ..you can message me if need be

oh and keep away from porn sites and you wont get these things...hehehe
AnswerID: 112537

Follow Up By: Nudenut - Tuesday, May 24, 2005 at 08:13

Tuesday, May 24, 2005 at 08:13
i should learn to read..you have spybot and adaware...
AS i said, i use No-Adware my self...do you have broad band?
are you running XP?...if so run msconfig...click startup tab and uncheck all those things that you dont want to start......
i only have 6 checked...vet, zonealarm, 2 back up programmes, office and ctfmon.....every thing else is unchecked....
there is something starting up when you boot the comp that is taking over your comp.....its in here that you'll find it and give you a clue as to what it is?....

you may also have to uncheck it before you might be able to remove it..so uncheck all ..especially those you dont know what they are......unchecking only stops the programme for starting when you start the comp...any programmes you want will always be available ......
0
FollowupID: 368760

Reply By: Member - JohnR (Vic) - Tuesday, May 24, 2005 at 08:04

Tuesday, May 24, 2005 at 08:04
You sure it is your computer and not a program somewhere else that has forged your address to start with John? Next is why would you be using a giveaway program like Outlook Express to do your emailing and not something better like Outlook although that has plenty of macro opportunities for small programs to use? I understand there are plenty of good other email clients that are not infiltrated so much by bots.

The next think is that the usual reccommendations by the ABC guys in Melbourne is to use ZoneAlarm rather than Nortons. I have ZoneAlarm Pro with Vet or ZoneAlarm with anti-virus to do the work and those seem to work pretty well on my networked system. Wireless networks, bridges and all!
AnswerID: 112541

Follow Up By: Nudenut - Tuesday, May 24, 2005 at 08:19

Tuesday, May 24, 2005 at 08:19
John R.ihave you had any problems with office word mailmerge with zonealarm pro running...
mine hangs in mailmerge (excel data) with it running...
trial version ok
help desk is no help...thet said to remove and reinstall...to no avail!
0
FollowupID: 368763

Follow Up By: Member - JohnR (Vic) - Tuesday, May 24, 2005 at 08:58

Tuesday, May 24, 2005 at 08:58
I have zonealarm with antivirus on this one Nudie and I have had problems attaching documents every time since I set up this one so prefer to send documents after selecting them in Explorer, though since using Mozilla it wants to select a different mail client.

I don't use mail merge as such. I do seem to have trouble sending emails from MS Word which I was able to do before - it crashes so I do a workaround sending from Explorer. I also have problems with links from IE and Outlook so I much prefer Mozilla now for fewer alround problems.

Love your signature Nudie, hehhe happens here too....
0
FollowupID: 368769

Follow Up By: Nudenut - Tuesday, May 24, 2005 at 09:10

Tuesday, May 24, 2005 at 09:10
I dont have trouble with sending email from word itself...only with mailmerge...and Visio ( a cad-drawing programme)

i use the trial version of zonealarm now as it doesnt play up.
0
FollowupID: 368771

Reply By: vuduguru - Tuesday, May 24, 2005 at 09:07

Tuesday, May 24, 2005 at 09:07
John,

The collective term for this type of infection is "Malware"
Also try this: Click Start, then Run, type "regedit" to start the registry editor. Navigate to HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows ->
CurrentVersion -> Run.
In the right payne are listed applications that are started when your PC starts / logs in. Look for applications listed that you have not installed and delete them. Restart and all should be good.
Note that this is really high end stuff, somewhat risky and not always effective either. Active X apps are usually the most surreptitious and almost impossible to remove. Often indicated by a quick flash of a window after starting.
To be honest the best way is reformat the hard drive and reinstall everything. Backup your data first. Note that you email file is not under your My Documents folder.
If you do, dont reinstall Norton, it isbleepe (useless, as you have experienced and slows your pc considerably). Your best defence is Zone Alarm, Spybot and common sense. Use AVG free antivirus if you feel a need for an AV program.
Dont feel bad as this happens to the best of us. I have just been through the same thing and I have been in the industry for 8 yrs.
If you feel a little queasy get an expert to do the work, shoudn't cost more that a couple of hundred bucks.
Once you have everthing back together consider replacing Internet Explorer and Outlook (Express) with Mozilla Firefox browser and Mozilla Thunderbird email client. Although not the perfect solution, popup blockers and email filters will make your pc less vulnerable.
Tip: do not double click (or execute) on email attachments ending .pif, .zip, .exe, and .scr. If you unexpectedly recieve these files, confirm that they have been sent by the sender (they may have an affected pc) Almost guaranteed to install the malware.
PS if you have a recent PC with recovery disks use this.
PPS note that a lot of this type of malware is designed to collect accout and password info to be sent to a hacker. Disconnect from the net to be sure and change passwords ASAP, especially banking etc.
Good luck and remember "Google is your friend"
Shane
AnswerID: 112553

Follow Up By: Member - John (Vic) - Tuesday, May 24, 2005 at 10:17

Tuesday, May 24, 2005 at 10:17
Shane many thanks, I have had a look where you suggest and can recognize some of the programs listed, other stuff I don't.

Problem is I am unsure as to what to remove and what it may do to me.
One says (Default) REG_SZ (value not set)

For all those following this thread I run XP Home, with windows fire wall enabled and up to date Norton, Spybot and Adware programs, nothing seems to find it.
It is also not sending to or from my address book it seems to be inputing its own addresses and just passing them through my system ?????

Another thing that I have noticed is that on start up Auto Protect on Norton is disabled, requiring me to manually reset it.

Not constantly either, probably happened about 5 times in the last 3 days.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 368778

Reply By: BenSpoon - Tuesday, May 24, 2005 at 09:47

Tuesday, May 24, 2005 at 09:47
I reckon its funny computer related posts get quicker responses than 4by ones.

Sounds like you've been hit with the worm W32.sober.P (also called M, N or O)
Its a worm, like others, that emails itself to addresses in your address book when you are infected. This worm was highly active last 2-3 weeks and responsible for brining down many networks thru overloading. mid last week it went dormant and just stopped spreading itself. It has left a network of infected machines, which as you suggested are now being used to mass produce spam.

McAfee's stinger program will help:
http://vil.nai.com/vil/averttools.asp#stinger
This is a free tool, and will take out your infection, but you will still need to keep your antivirus program up to date. If you havent paid for a norton subscription, get a different antivirus. I recommend Trend after having used many.

you will also have to remove manually any other traces
Trend removal help

For your firewall, Id suggest Sygate personal firewall. This is free, and easy to use.

Both Zone alarm and Nortons are a pain in the a$$ to remove, and both are susceptible and targeted by some new viruses. Nortons actually has a flaw which helps your computer get infected with malware and spyware- Once again, make sure you are recieving your updates!

That there is why I love 4WDing. You can actually see when stuff breaks on your car.

AnswerID: 112561

Follow Up By: Member - John (Vic) - Wednesday, May 25, 2005 at 03:50

Wednesday, May 25, 2005 at 03:50
Thanks Ben but Stinger did not work.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 368899

Reply By: Tim (vic) - Tuesday, May 24, 2005 at 09:49

Tuesday, May 24, 2005 at 09:49
John
My mate had this type of virus last week and had to back everything up and format his hard drive to clear it. It was scanning both in and out with AVG but changing IP addresses every minute or so , as well as blowing his download / upload limit.
Not sure but if you are running XP Pro you may need to disable your system restore as well if you are going to scan the system again. Maybe someone with a bit more tech knowledge could confirm this.

Good Luck
Tim
AnswerID: 112562

Follow Up By: BenSpoon - Tuesday, May 24, 2005 at 10:02

Tuesday, May 24, 2005 at 10:02
True.
If you have system restore turned on and you erase system files, It will "help" you by reinstating them- Most of the time putting the virus back on your PC.
Windoze XP:
Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore.
You may need to view system files to see them- In windows explorer: Tools>Folder Options>"view" tab> check the radio button for "Show hidden files and folders" > OK
0
FollowupID: 368776

Reply By: vuduguru - Tuesday, May 24, 2005 at 10:39

Tuesday, May 24, 2005 at 10:39
>Shane many thanks, I have had a look where you suggest and can recognize some of the programs listed, other stuff I don't.
>Problem is I am unsure as to what to remove and what it may do to me.
One says (Default) REG_SZ (value not set)

If you provide a list I can make some educated guesses. All care no responsibility!

You can also right click on Run and export to say desktop, then delete keys on the right 1 by 1 rebooting after each. You can double click on the saved file to re-import. Providing your system restarts. Obviously risky though.

>For all those following this thread I run XP Home, with windows fire wall enabled and up to date Norton, Spybot and Adware programs, nothing seems to find it.
>It is also not sending to or from my address book it seems to be inputing its own addresses and just passing them through my system ?????

These types of programs struggle to keep up with constantly evolving malware. Typically addresses are extracted from your email client address book and processed in the backgroud without a way to administer the process.
Right click on the Taskbar at the bottom of screen, Click Task Manager, Processes tab, "Show processes from all users" may reveal the process and the process may be ended. Usually requires you know what to look for and again not guaranteed successfull.

>Another thing that I have noticed is that on start up Auto Protect on Norton is disabled, requiring me to manually reset it.
>Not constantly either, probably happened about 5 times in the last 3 days.

Typical malware behaviour and an indication that you are indeed infected.

To be honest John, a reformat / reinstall is the only sure fire way of returning your system to normal.

Hope this helps (although probably not much!)
Shane
AnswerID: 112569

Follow Up By: Member - John (Vic) - Tuesday, May 24, 2005 at 10:45

Tuesday, May 24, 2005 at 10:45
Shane I appreciate your efforts, (And all others also who posted)
Jeez I hate this $hit, I'm going to take my bull bar off and bash the pricks over the head with it to really fix'em.

I still wonder if these problems are developed by the Anti Virus people themselves to keep themselves in business.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 368782

Reply By: vuduguru - Tuesday, May 24, 2005 at 11:18

Tuesday, May 24, 2005 at 11:18
Echo your sediments.

I would think that reputable AV companies would not risk their reputation. Most likely Uni students and kids with too much time on their hands.

As an aside, consider using a "Live CD", bootable Linux distibution such as Ubuntu or Knoppix, in order of personal pref. CD burner required although the Ubuntu CD can be ordered free!

Usually a simply matter of booting from the cd and using the web browser to connect to your web mail (if you have this facility... Optus does). As no Operating System is installed on your hard disk infection is unlikely and a reboot will reset everything. Sime distros will allow saving of settings (like an email config) to a USB key. May provide a short term solution in you situation. I have an old laptop with a failed hard disk and I use this method to allow my kids to access web / email / chat with great success. After supporting corporate networks all day the last thing I want to do is work on my kids pc.

By the way, firewalls such as Zone alarm, Sygate etc will not prevent these types of infection, they can however prevent some of the genereated traffic. Again an advanced subject. YMMV. Personally I just use the built in FW with XP. Less installed crap the better.

Ubuntu:-
http://www.ubuntulinux.org/
Knoppix
http://www.knopper.net

Food for thought.
Shane
AnswerID: 112574

Reply By: John - Qld - Tuesday, May 24, 2005 at 11:54

Tuesday, May 24, 2005 at 11:54
John

When you reformat you should load Norton Ghost. This makes it so much easier to reload everything next time. Apparently it keeps a mirror of everything.

We seem to have to reformat at least once a year with viruses, breakdowns etc. We luckily have a young guy, a backyard computer genius, who did the whole thng for us last time for $75 and loaded Norton Ghost for the future.
Frustrating isn't it.
John
AnswerID: 112578

Reply By: Gossy - Tuesday, May 24, 2005 at 17:11

Tuesday, May 24, 2005 at 17:11
John,

I hope to be of some assistance to you as I work in IT. Reimaging your pc is the last option. Unfortuanlty without the full error message I cannot help. It would be worth doing a search on "google" www.google.com with the full error message and see if there are any fixes on the net.
Microsoft Windows has many security holes. This can be fixed though by going to the following address: www.windowsupdate.com click on "scan for updates" and then click on "critical updates" link once it has checked your pc. Install all of these patches. Hopefully one of these will close the "back door" of the pc which the virus is using.
The other thing you can do is go to the registry. Click on "start" then "run" and type in "regedit". Then browse through to the following location:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Currentversion/Run
Click on the "run" folder and see the files on the right hand side. If there is anything which looks like the virus then delete it. Use this as the last option as if you delete the wrong info you could harm your pc but you probably have nothing to lose anyway.
If this does not work and there is no fix on the internet then you will need to reimage. If you do reimage your pc then make sure you go to "windows update" and do this again as there will be many new patches to install from a new image.
This might have been mentioned but I don't have time to read all the above comments but I did see "format" a few times which scared me. This should be the last option.
Hope this helps.
AnswerID: 112620

Reply By: Truckster (Vic) - Tuesday, May 24, 2005 at 21:09

Tuesday, May 24, 2005 at 21:09
if yer need a hand, your in cranny arent you? Im in langwarrin. gimme a yell tomorrow if your home..
AnswerID: 112670

Follow Up By: Member - John (Vic) - Wednesday, May 25, 2005 at 03:47

Wednesday, May 25, 2005 at 03:47
Thanks Bruce I am over the west side.
Bit far.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 368898

Reply By: oxwinch - Tuesday, May 24, 2005 at 21:33

Tuesday, May 24, 2005 at 21:33
Foloow the advice of Benspoon he has hit the nail on the head, you have a virus which is creating its own smtp engine in the background. By running the free trend home virus checker it will pick up the virus variant you have www.trendmicro.com.au/free_tools/

I am a 20 year systems engineer

Good Luck
AnswerID: 112674

Reply By: Niko - Tuesday, May 24, 2005 at 22:43

Tuesday, May 24, 2005 at 22:43
Pfffft to any web based virus checker. Some virus' disable them thus don't gaurantee your PCs safety. I did that once and then found Grisoft free edition which kicked the virus well and truly on its merry way.

I use Grisoft AVG free edition and spybot search and destroy and don't have any hassles. If you want to get these two free version just go to www.octapc.com.au and on the right hand side under free software is all the good stuff.

Spybot is given awards regularly by top PC mags, often number one becuase not only is it free it is also not going to ad malware like some of them do. In other words, some anti-spyware software stop some spyware and let those that sponsor their web sites.

Nortons'??!!! Tisk tisk.............
AnswerID: 112699

Reply By: Member - Frank - Tuesday, May 24, 2005 at 23:06

Tuesday, May 24, 2005 at 23:06
If you have identified the virus get the removal tool from the web and run it

if you cant find the right tool, remove the hard drive and go to a shop or someone who knows what they are doing (no amatures) and have it scaned with a working antivirus program

the reson for this is once it is not a active part of the operating syatem the virus is normaly helpless

note

this method only cleans the files not the registry thats you need to take it to some one who knows how to clean the registary

ps

it may be part of the virus is in the restore file

pps

if all else fails do low level format and do not put saved files back, no disks you have used or you will be right back where you started, format all disks that anybody could have used

frank
AnswerID: 112706

Reply By: Member - Smocky (NSW) - Wednesday, May 25, 2005 at 00:47

Wednesday, May 25, 2005 at 00:47
Hi John, I'll be brief. I didn't bother reading all of the responses. I work in the computer industry btw.

You need 4 things to protect yourself properly.

1. Virus Scan. This stops malicious code (programs) from running. It is important it is a recognised one and is set to update daily or every few days. You sound like you have this covered. This mostly protects e-mail attacks.

2. Spyware Protection. This protects from websites that load crap on your computer when you browse their sites. Best one I've found is Spy Sweeper. Run a full sweep and let it stay resident in memory.

3. Windows Updates. If you are using XP or 2000, you need to set your automatic updates on and make sure you install them regularly. This and a firewall protect you from works, which are the worst form of attack.

4. Firewall. Best to be hardware in the form of an internet router or broadband router, but can be software like Norton Security. Windows XP Service Pack 2 also has an inbuilt one that isn't bad.

If you need any help with any of this, drop me a mem message and I'll give you an e-mail address.

Cheers,

Smocky.
AnswerID: 112715

Reply By: Member - John (Vic) - Wednesday, May 25, 2005 at 22:07

Wednesday, May 25, 2005 at 22:07
Well I seem to have fixed the problem.
It turns out that was a very new Trojan called Webus.F only been discovered on the 17th May according to the info from Symantec and the fix has now been released by them within the last week.

I am also please to say that the best part appears to be that whilst the spammer was able gain access via one of my ports the output has actually been stopped by Norton.
I have my Norton settings set to scan all incoming and out going emails the Trojan according to the technical details attempts to delete some of the security settings, so I assume it was successful in bypassing the incoming scans but was scanned on the outgoing and recognized as spam by Norton and what I originally described as the rejection notice was in fact the Norton email proxy advising that it had detected and canned the out going mail. Phew!!! that explains why I was not getting heaps of bounced returns by heaps ofbleepof recipients around the world.
How and where I picked up the infection, I don't really know, but I suspect it came via one of the interactive game sites that my son accesses from time to time but who really knows.

How I found the right fix was to go to the Trend Micro and the Symantec web sites (Which actually had the correct and most up to date detail) and use their search facility, inputed the info I had being the two spam sites that kept popping up on the connection screen (webadi.robobot.org and upseek.org) until I found the Security Response that matched, then followed the fix. I also had to do this on another computer as mine was flat out trying to send crap to the rest of the world everytime I went on line.

Thanks for all the offers of help by everyone who responded in this thread, I really appreciate your efforts with your respective advice.

I don't really know what else we can do except keep your anti virus software as up to date as possible and look for the right fix before heading for the formating options, in my case the amount of business data that resides on my laptop would have taken me quite sometime and a huge headache to replace it all from my backups.

I still would like to use my bullbar on the ba$tards who propagate this crap.

VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

AnswerID: 112912

Reply By: Tim HJ61 (WA) - Thursday, May 26, 2005 at 11:00

Thursday, May 26, 2005 at 11:00
This might not be very helpful to your current situation, but try this link.

There are a bunch of us using the forum that just shake our heads in dismay at what PC users have to put up with, and to a certain extent take forgranted.

Tim
AnswerID: 112970

Follow Up By: Member - John (Vic) - Thursday, May 26, 2005 at 16:48

Thursday, May 26, 2005 at 16:48
Food for thought Tim, I was just talking to Member Eric this morning about the very same thing.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 369196

Reply By: techie - Thursday, May 26, 2005 at 22:58

Thursday, May 26, 2005 at 22:58
A quick suggestion
do a search for spybot or go to
www.safer-networking.org/
or read
spybot.eon.net.au/
and download spybot and update the spybot definitions.
Also try Ad aware from
www.lavasoftusa.com/
I use both and find it fixes all my probs.
Regards

AnswerID: 113116

Follow Up By: Member - John (Vic) - Friday, May 27, 2005 at 01:21

Friday, May 27, 2005 at 01:21
Thanks Techie but as I said in my original threads above I actually have both Spybot and Ad Ware and both are up to date but did not find this Trojan.
Although they have found lots of other crap before.

So good advice is to defiantly have both plus good up to date anti virus software.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 369275

Reply By: Muddy 'doe (SA) - Thursday, May 26, 2005 at 23:32

Thursday, May 26, 2005 at 23:32
Just read about the latest in the virus/spam/trojan/spyware wars. Something called "ransomware"!

It works such that you pick up some malicious code via an email or web site and this software then grabs hold of a few key dtafiles (Office Documents and stuff) and effectively encrypts them and locks them up so you cannot open them.

When you go to open the files you see a message telling you that your files are being held to ranson and that you should send US$200 via Western Union or whatever and visit a certain website with payment details and you will receive the encryption key to unlock your documents!

What the hell will they come up with next?!?!?!?!?!?!?!?

Details ein Sydney Morning Herald tech section.
AnswerID: 113122

Follow Up By: Muddy 'doe (SA) - Thursday, May 26, 2005 at 23:35

Thursday, May 26, 2005 at 23:35
I'll try that link again folks!

link
0
FollowupID: 369266

Follow Up By: Member - John (Vic) - Friday, May 27, 2005 at 01:24

Friday, May 27, 2005 at 01:24
As you say "What the hell will they come up with next?!?!?!?!?!?!?!?"

Steve I have no idea but I do know it will create a huge headache for some of us.

These people are nothing more than vandals and are in need of a serious bashing.
VKS737 - Mobile 6352 (Selcall 6352)

Lifetime Member
My Profile  Send Message

0
FollowupID: 369276

Reply By: Niko - Friday, May 27, 2005 at 03:47

Friday, May 27, 2005 at 03:47
Ransom side of things isn't vandals but criminals, just like the current ebay scam. I received an email telling me my ebay account has been suspended because they accused me of "placing false bids which is most likely by associates of mine". The wanted me to go to a web site to input my details (Password and id) if I wanted to refute this.

The should be put in jail permanently and the key thrown away, but sadly the Civil Rights Group would mamby pamby the little mongrels and want them out because they were such little darlings in jail.... I suppose I would too with what goes on in jails.
AnswerID: 113129

Sponsored Links