Strange virus/malware problem

[Thrasher]

Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
with MS updates (for reasons I won't bore you with). I've owned
computers for many, many years and don't do any of the obviously stupid
things (like open email attachments). This is happening on my home HP
laptop I use a router and evidently my desktop is affected but I'm not
seeing the same symptons there. I have another laptop on my network
(running McAfee) which is not affected (so far).

Somehow I contracted one or more viruses/malware. Norton reports the
virus name as "Downloader" most of the time indicating .exe files
beginning with "b" and then some 3 digit number usually found in my
C:\Windows folder. Also have Norton reporting a virus named
Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
(just *luv* that name) showing up.

Dunno if it's all really the same frigging thing or what. Can't find any
updated info on these things so I wonder if I'm now suffering for
falling behind on updates and managed to contract some really old
virus(es). Norton AV informs me that it quarantines this stuff and, so
far, it's just mainly an annoyance: I get the Norton pop-up box and now
I'm getting new windows in my Firefox browser opening "suddenly" to like
appliance dealers in my area.
I'm obviously afraid it will get worse and that this bloody Infostealer
is sending my private data to some frigging moron hiding in a dark
basement somewhere...

Am I scrooged or is there a quick fix for this? Is it now worth catching
up with all the MS security updates (or just a certain few)? Any help
would be appreciated.

Many thx,
Joe

 

[Leonard Grey]

"Unexplained computer behavior may be caused by deceptive software"
http://support.microsoft.com/kb/827315

IE 7 has stricter security than IE 6, so malicious attacks that IE 6
didn't notice can cause IE 7 to react.

Today's viruses and malicious software can be very hard to detect, and
even harder to remove. If you suspect your computer is infected, follow
these steps:

1) If you have anti-virus and/or anti-spyware programs already installed
on your computer, update the programs and scan your computer. With luck,
the programs will detect and remove the problem.

2) If the scan doesn't produce results, contact the program's technical
support. Most of the major anti-virus/spyware programs will help you to
remove an infection that their software did not detrect.

3) Scan your system with /several/ of the better online scanners
(Kaspersky, Eset, Trend Micro, Panda, Sophos, Symantec etc.)

4) Submit a HiJack This log to one of the expert web sites that analyze
these logs. To find HiJack this, look here:
http://www.spywareinfo.com/~merijn/programs.php

"So how did I get infected in the first place?"
http://forums.spywareinfo.com/index.php?showtopic=60955


---
Leonard Grey
Errare humanum est

Thrasher wrote:
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
> with MS updates (for reasons I won't bore you with). I've owned
> computers for many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the
> virus name as "Downloader" most of the time indicating .exe files
> beginning with "b" and then some 3 digit number usually found in my
> C:\Windows folder. Also have Norton reporting a virus named
> Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
> had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
> (just *luv* that name) showing up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for
> falling behind on updates and managed to contract some really old
> virus(es). Norton AV informs me that it quarantines this stuff and, so
> far, it's just mainly an annoyance: I get the Norton pop-up box and now
> I'm getting new windows in my Firefox browser opening "suddenly" to like
> appliance dealers in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer
> is sending my private data to some frigging moron hiding in a dark
> basement somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

 

[Sharon Franks]

Sorry but without SP2 any help given you would be a waste of time.

--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).



"Thrasher" <cujoe@comcast.net> wrote in message
news:HtKdnWu83Lhmb4XanZ2dnUVZ_hOdnZ2d@comcast.com...
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up with
> MS updates (for reasons I won't bore you with). I've owned computers for
> many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the virus
> name as "Downloader" most of the time indicating .exe files beginning with
> "b" and then some 3 digit number usually found in my C:\Windows folder.
> Also have Norton reporting a virus named Backdoor.Trojan with similar file
> names under C:Windows. Yesterday, I had the "pleasure" of a new
> pain-in-the-ass virus called "Infostealer" (just *luv* that name) showing
> up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for falling
> behind on updates and managed to contract some really old virus(es).
> Norton AV informs me that it quarantines this stuff and, so far, it's just
> mainly an annoyance: I get the Norton pop-up box and now I'm getting new
> windows in my Firefox browser opening "suddenly" to like appliance dealers
> in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer is
> sending my private data to some frigging moron hiding in a dark basement
> somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

 

[Thrasher]

OK, thanks. I will either get that done or just reload and start over.
In the meantime, can you tell me something about Ad-Aware? I ran it and
it found a boatload of various adware/malware/viruses. A web page given
by a pundit here says to go ahead and remove everything found by the
scan. There are dll's in the scan results.

Is Ad-Aware smart enough to only list adware/malware dll's or is there a
chance these dll's are used elsewhere?

Also, is there really a chance removing what Ad-Aware found will
eliminate my problems?

Sharon Franks wrote:
> Sorry but without SP2 any help given you would be a waste of time.
>

 

[Frank Saunders MS-MVP IE,OE/WM]

"Thrasher" <cujoe@comcast.net> wrote in message
news:HtKdnWu83Lhmb4XanZ2dnUVZ_hOdnZ2d@comcast.com...
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up with
> MS updates (for reasons I won't bore you with). I've owned computers for
> many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the virus
> name as "Downloader" most of the time indicating .exe files beginning with
> "b" and then some 3 digit number usually found in my C:\Windows folder.
> Also have Norton reporting a virus named Backdoor.Trojan with similar file
> names under C:Windows. Yesterday, I had the "pleasure" of a new
> pain-in-the-ass virus called "Infostealer" (just *luv* that name) showing
> up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for falling
> behind on updates and managed to contract some really old virus(es).
> Norton AV informs me that it quarantines this stuff and, so far, it's just
> mainly an annoyance: I get the Norton pop-up box and now I'm getting new
> windows in my Firefox browser opening "suddenly" to like appliance dealers
> in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer is
> sending my private data to some frigging moron hiding in a dark basement
> somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

Do a thorough check for malware, following all of the steps at one of these
Web pages.
Help with malware:
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing programs like Messenger Plus,
whose ads for malware don't identify the malware as such and try to convince
you that you owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see
what else is being carried along. Don't install any extras you're not sure
of.

When the machine is clean INSTALL SP2!!!

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not send email

 

[Anonymous]

Thrasher <NOSPAM@comcast.net> wrote:
>Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
>with MS updates (for reasons I won't bore you with). I've owned
>computers for many, many years and don't do any of the obviously stupid
>things (like open email attachments). This is happening on my home HP
>laptop I use a router and evidently my desktop is affected but I'm not
>seeing the same symptons there. I have another laptop on my network
>(running McAfee) which is not affected (so far).
>
>Somehow I contracted one or more viruses/malware. Norton reports the
>virus name as "Downloader" most of the time indicating .exe files
>beginning with "b" and then some 3 digit number usually found in my
>C:\Windows folder. Also have Norton reporting a virus named
>Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
>had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
>(just *luv* that name) showing up.
>
>Dunno if it's all really the same frigging thing or what. Can't find any
>updated info on these things so I wonder if I'm now suffering for
>falling behind on updates and managed to contract some really old
>virus(es). Norton AV informs me that it quarantines this stuff and, so
>far, it's just mainly an annoyance: I get the Norton pop-up box and now
>I'm getting new windows in my Firefox browser opening "suddenly" to like
>appliance dealers in my area.
>I'm obviously afraid it will get worse and that this bloody Infostealer
>is sending my private data to some frigging moron hiding in a dark
>basement somewhere...
>
>Am I scrooged or is there a quick fix for this? Is it now worth catching
>up with all the MS security updates (or just a certain few)? Any help
>would be appreciated.
>
>Sharon Franks wrote:
>> Sorry but without SP2 any help given you would be a waste of time.
>
>OK, thanks. I will either get that done or just reload and start over.
>In the meantime, can you tell me something about Ad-Aware? I ran it and
>it found a boatload of various adware/malware/viruses. A web page given
>by a pundit here says to go ahead and remove everything found by the
>scan. There are dll's in the scan results.
>
>Is Ad-Aware smart enough to only list adware/malware dll's or is there a
>chance these dll's are used elsewhere?
>
>Also, is there really a chance removing what Ad-Aware found will
>eliminate my problems?
>
Keeping everything up to date is always considered essential to protecting
your computer from viruses or spywares, since they keep updating these too.
Anything important on the network that goes significantly out of date, like
Windows, or Java, and your system become a lot more vulnerable to attack.
Antivirus software usually updates every day you go on-line. Spybot updates
about once a week. I added the spyware group, since regulars their post good
information about spywares, and alerts to popular program updates.

Here's a short list of freeware that I've had very good luck with. If
none of the other popular programs, like Spybot, can't get rid of the problem,
you might try the free version of SAS and run a full scan. That's what I did when
nothing else worked, and the "Super Anti-Spyware" completely fixed the problem.

Free anti virus:
http://free.grisoft.com/doc/5390/us/frt/0?prd=aff
http://www.avast.com/eng/download-avast-home.html

Free fire walls:
http://www.personalfirewall.comodo.com/

Free anti spyware etc:
http://www.spybot.info/en/download/
http://www.javacoolsoftware.com/spywareblaster.html
http://www.winpatrol.com/download.html
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
http://www.siteadvisor.com/download/ie.html
http://www.mvps.org/winhelp2002/hosts.zip
http://www.funkytoad.com/download/HostsXpert.zip
http://www.ccleaner.com

Free news readers:
http://www.40tude.com/dialog/
http://xnews.newsguy.com/

Free public news servers:
http://www.newzbot.com/

Free news filters:
http://www.nfilter.org/
http://www.arcorhome.de/newshamster/tgl/misc/hamster_de.html

Free mail filters:
http://sawin32.sourceforge.net/

Free word processors, spreadsheets, etc.:
http://download.openoffice.org/2.2.1/index.html?focus=download

Free bibles and bible translations:
http://www.onlinebible.net/downloads.html

--

Ckypper

 

[Sharon Franks]

Yes let AdAware remove what it found, You should be fine. Also do what
Anonymous said and use Spybot and SuperAntispyware both free.

--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).



"Thrasher" <NOSPAM@comcast.net> wrote in message
news:IpednUv4GKcS1ITanZ2dnUVZ_tqtnZ2d@comcast.com...
> OK, thanks. I will either get that done or just reload and start over. In
> the meantime, can you tell me something about Ad-Aware? I ran it and it
> found a boatload of various adware/malware/viruses. A web page given by a
> pundit here says to go ahead and remove everything found by the scan.
> There are dll's in the scan results.
>
> Is Ad-Aware smart enough to only list adware/malware dll's or is there a
> chance these dll's are used elsewhere?
>
> Also, is there really a chance removing what Ad-Aware found will eliminate
> my problems?
>
> Sharon Franks wrote:
>> Sorry but without SP2 any help given you would be a waste of time.
>>

 

[Blue]

D/L the trial version of Trendmicro Internet Security from this site
www.trendmicro.com


This will or should remove every virus, bot, or whatever you have on the
computer..


--
Blue


"Thrasher" <cujoe@comcast.net> wrote in message
news:HtKdnWu83Lhmb4XanZ2dnUVZ_hOdnZ2d@comcast.com...
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up with
> MS updates (for reasons I won't bore you with). I've owned computers for
> many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the virus
> name as "Downloader" most of the time indicating .exe files beginning with
> "b" and then some 3 digit number usually found in my C:\Windows folder.
> Also have Norton reporting a virus named Backdoor.Trojan with similar file
> names under C:Windows. Yesterday, I had the "pleasure" of a new
> pain-in-the-ass virus called "Infostealer" (just *luv* that name) showing
> up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for falling
> behind on updates and managed to contract some really old virus(es).
> Norton AV informs me that it quarantines this stuff and, so far, it's just
> mainly an annoyance: I get the Norton pop-up box and now I'm getting new
> windows in my Firefox browser opening "suddenly" to like appliance dealers
> in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer is
> sending my private data to some frigging moron hiding in a dark basement
> somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

 

[Gerald309]

On Oct 19, 2:09 pm, Thrasher <cu...@comcast.net> wrote:
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
> with MS updates (for reasons I won't bore you with). I've owned
> computers for many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the
> virus name as "Downloader" most of the time indicating .exe files
> beginning with "b" and then some 3 digit number usually found in my
> C:\Windows folder. Also have Norton reporting a virus named
> Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
> had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
> (just *luv* that name) showing up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for
> falling behind on updates and managed to contract some really old
> virus(es). Norton AV informs me that it quarantines this stuff and, so
> far, it's just mainly an annoyance: I get the Norton pop-up box and now
> I'm getting new windows in my Firefox browser opening "suddenly" to like
> appliance dealers in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer
> is sending my private data to some frigging moron hiding in a dark
> basement somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

---------------------------------------/.
A sidebar - - - you may want to add research about bots, botnets to
your Advanced User experiences. What is strange to an experienced user
can be this and even combined with rootkit attempts. Add - on
thoughts.... What may be "hot" software you would like to check out -
would be the "Antibot" which Norton recently released and I just saw
that on a Corporate (enterprise) level that Trend Micro has their free
scan up and running for botnet networks. It is perhaps the "real
money" in the cyber criminal underground - and isn't that such a long
space trip from "kiddie scripts" .... Just a sidebar and add-on ideas
to what was discussed... in other words the 'zombie networks' would
presumably be the origin of "in the wild threats" (unknown as yet
spyware and virus/worms and trojans - particularly 'Downloader
Trojans'. >>>see bluecollarpc.org

 

[gerald_309MSN]

On Oct 19, 2:09 pm, Thrasher <cu...@comcast.net> wrote:
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
> with MS updates (for reasons I won't bore you with). I've owned
> computers for many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the
> virus name as "Downloader" most of the time indicating .exe files
> beginning with "b" and then some 3 digit number usually found in my
> C:\Windows folder. Also have Norton reporting a virus named
> Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
> had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
> (just *luv* that name) showing up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for
> falling behind on updates and managed to contract some really old
> virus(es). Norton AV informs me that it quarantines this stuff and, so
> far, it's just mainly an annoyance: I get the Norton pop-up box and now
> I'm getting new windows in my Firefox browser opening "suddenly" to like
> appliance dealers in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer
> is sending my private data to some frigging moron hiding in a dark
> basement somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

------------------------------------/.
About your Ad-Aware software comments - number one, No, absolutely not
- - - never delete anything by a malware or registry scanner that you
do not know what it is. I have two pages that should help you a great
deal in identifying exactly what was presented to you for quarantine
or deletion. The .dll items are the criss crossing in Windows\system32
commonly seen as trafficing by spyware and trojans (other). Of course
that is malware and certainly not the legitimate purposes of system32
- the Dynamic Link Library of Windows. Anyhoooo.... you should
identify each item as to what process it is before deleting. There are
what is called "same name threats" that usuallu occur with the usual
suspects as well known viruses/worms that use certain Windows
legitimate processes file names to attempt to avoid detection and
deletion. A common one was the Isasser worm. But this is generally way
less than ten percent of the time in an adware or spyware unwanted
installation. Note it though since you are dealing with .DLL files
which is another area of same name threats.

GO HERE:
Spyware Removal Center
http://www.bluecollarpc.net/pcsafety.html
Spyware Removal Center .... a central place to detect, discover, and
remove any threats present on your computer. There are malware search
engines and file process search engines to identify valid files and
malware files, aiding as well in manual removals and to rule out
'false positives' in scan results.

ALSO: (for registry items information)
Windows Registry Information
http://www.bluecollarpc.net/registry.html

gerald philly pa usa

 

[gerald_309MSN]

On Oct 19, 2:09 pm, Thrasher <cu...@comcast.net> wrote:
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
> with MS updates (for reasons I won't bore you with). I've owned
> computers for many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the
> virus name as "Downloader" most of the time indicating .exe files
> beginning with "b" and then some 3 digit number usually found in my
> C:\Windows folder. Also have Norton reporting a virus named
> Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
> had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
> (just *luv* that name) showing up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for
> falling behind on updates and managed to contract some really old
> virus(es). Norton AV informs me that it quarantines this stuff and, so
> far, it's just mainly an annoyance: I get the Norton pop-up box and now
> I'm getting new windows in my Firefox browser opening "suddenly" to like
> appliance dealers in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer
> is sending my private data to some frigging moron hiding in a dark
> basement somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe

-----------------------------------\.
About your current system (SP1) ..... Let me give you my speel as an
Advanced User about WinXP SP2. For the average consumer there is no
reason whatsoever why you should not have Windows Updates set at the
minimum of Automatic Download / Review For Install - - - or just set
to automatic download / install. This is to say that all average
consumers should at all times be running a fully patched windows
Operating System and why ? Because there is no greater opinion in the
world yet as to the "Expert" opinion which comes from Microsoft
recommending Windows Updates for the most safe and secure and optimum
performance operating system. (This is the only way I know to spout
the "propaganda" if you wish - but to make an actual "informed
decision"

You were mistakingly referred to as an Advanced User which you are
actually an Intermediate User meaning you know your way around the
machine mostly, but more importantly know how to execute help
instructions and have enough savvy to learn more easily no doubt.

My real purpose in this message is to put across to you the EXTREME
danger your machine is in - in its current state which hopefully may
convince you readily of the Service Pack 2 for Windows XP immediately.
Number one, some time ago all support except for WinXP SP2 and new
Vista has been discontinued. This means you have not had Critical
Updates in over a year because only Windows XP SP2 can access Windows
Updates. What is the danger of SP1 ? In a very, very, very rare
approx. 18 months time there were three, count them, three "Zero Day"
exploit holes that were patched. Look up thes WMF metafile exploit,
VML exploit, .ANI Cursor exploit. These "holes" were nothing more than
pump and dump avenues of spyware. See SpyAxe, SpyFalcon, and many more
specifically designed for these security holes in Windows. These
spyware packages were dressed up as real antispyware software offers
that in reality hijacked the computer as ransomware crimeware stealing
all financial information if the user was duped into purchase. They
presented false Microsoft Security warnings in the system tray with
Desktop pop ups. These were only one avenue the cyber criminals used
for these Zero Day threats/exploits. One person was reporting about
the Ani Cursor exploit infection that seemed like a sophisticated
'joke program' of sorts loosing virtually all controls of the system
mainly through the mouse and cursor. Why should you be fully patched
at Windows XP SP2 ? Those reasons for one and to be able to access
Windows Updates for the limited life of your computer now. Windows XP
goes off the shelf this coming June (I believe is the last target
date). They will soon be axed from Windows Updates as well like
Windows 98 and ME were. You should have the presence of mind to cling
to the Microsft Windows Updates as a lifeline for your Operating
System security and enhancement. No doubt you haven't heard anything
from your PC manufacturer in years meaning Windows Updates is your
last lifeline for enhancement improvements as well whereby you may be
able to retrieve updated drivers as well. There is also the .Net
Framework available there as version 1,2,3 now (at least 2 for
compatibility and security). The point is that the "soft target" of
older softwares and operating systems are now actually side by side as
mainline primary targets for crimewares and cyber criminals running
them. (People have written books)....

No doubt you missed this....

Add Windows Updates to Trusted Sites (Required, How To)
SEE: http://bluecollarpc.net/smf/index.php/topic,205.0.html

Simply, you will have to add the following to "Trusted Sites" to use
Windows Updates now:

http://*.update.microsoft.com
https://*.update.microsoft.com
http://download.windowsupdate.com

Make notice of the Secure Sites " s " in ---> https://.

Look up "heurisitics" in antivirus software and antispyware software.
No doubt if you have paid real time protection installed - it is the
only reason you are able to use your computer obviously on all OS
(operating systems) below Windows XP SP2 (Service Pack 2).

Really.... forget all previous and hook your machine up to Windows
Updates immediately.... you definately need the three zero days
plugged to stop infestation.

gerald philly pa usa webmaster bluecollarpc.net/.org

 

[Thrasher]

Gerald: Thx a mil for all this info. Haven't absorbed it all, yet, but I
will.

OK, trying to get the infected machines up-to-date. Looked for SP2 and
ended up going thru the MS Windows update process which generated a list
of high-priority security updates needed. I'm afraid there's dozens of
them, but SP2 is not on this list.

So, first question, is SP2 a series of updates/patches rolled into one
big package, or is it a unique, separate update/fix? (so, in other
words, this list of updates could has SP2 contained in it?)

At this point, I'm unclear how to proceed: install this long list of
updates, only do SP2, or do both and in what order?? Sorry to be so
frigging helpless 'cause I guess I got myself into this mess, but I had
a problem once with Windows updates and just never trusted them.

gerald_309MSN wrote:
> On Oct 19, 2:09 pm, Thrasher <cu...@comcast.net> wrote:
>> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up
>> with MS updates (for reasons I won't bore you with). I've owned
>> computers for many, many years and don't do any of the obviously stupid
>> things (like open email attachments). This is happening on my home HP
>> laptop I use a router and evidently my desktop is affected but I'm not
>> seeing the same symptons there. I have another laptop on my network
>> (running McAfee) which is not affected (so far).
>>
>> Somehow I contracted one or more viruses/malware. Norton reports the
>> virus name as "Downloader" most of the time indicating .exe files
>> beginning with "b" and then some 3 digit number usually found in my
>> C:\Windows folder. Also have Norton reporting a virus named
>> Backdoor.Trojan with similar file names under C:Windows. Yesterday, I
>> had the "pleasure" of a new pain-in-the-ass virus called "Infostealer"
>> (just *luv* that name) showing up.
>>
>> Dunno if it's all really the same frigging thing or what. Can't find any
>> updated info on these things so I wonder if I'm now suffering for
>> falling behind on updates and managed to contract some really old
>> virus(es). Norton AV informs me that it quarantines this stuff and, so
>> far, it's just mainly an annoyance: I get the Norton pop-up box and now
>> I'm getting new windows in my Firefox browser opening "suddenly" to like
>> appliance dealers in my area.
>> I'm obviously afraid it will get worse and that this bloody Infostealer
>> is sending my private data to some frigging moron hiding in a dark
>> basement somewhere...
>>
>> Am I scrooged or is there a quick fix for this? Is it now worth catching
>> up with all the MS security updates (or just a certain few)? Any help
>> would be appreciated.
>>
>> Many thx,
>> Joe
>
> -----------------------------------\.
> About your current system (SP1) ..... Let me give you my speel as an
> Advanced User about WinXP SP2. For the average consumer there is no
> reason whatsoever why you should not have Windows Updates set at the
> minimum of Automatic Download / Review For Install - - - or just set
> to automatic download / install. This is to say that all average
> consumers should at all times be running a fully patched windows
> Operating System and why ? Because there is no greater opinion in the
> world yet as to the "Expert" opinion which comes from Microsoft
> recommending Windows Updates for the most safe and secure and optimum
> performance operating system. (This is the only way I know to spout
> the "propaganda" if you wish - but to make an actual "informed
> decision"
>
> You were mistakingly referred to as an Advanced User which you are
> actually an Intermediate User meaning you know your way around the
> machine mostly, but more importantly know how to execute help
> instructions and have enough savvy to learn more easily no doubt.
>
> My real purpose in this message is to put across to you the EXTREME
> danger your machine is in - in its current state which hopefully may
> convince you readily of the Service Pack 2 for Windows XP immediately.
> Number one, some time ago all support except for WinXP SP2 and new
> Vista has been discontinued. This means you have not had Critical
> Updates in over a year because only Windows XP SP2 can access Windows
> Updates. What is the danger of SP1 ? In a very, very, very rare
> approx. 18 months time there were three, count them, three "Zero Day"
> exploit holes that were patched. Look up thes WMF metafile exploit,
> VML exploit, .ANI Cursor exploit. These "holes" were nothing more than
> pump and dump avenues of spyware. See SpyAxe, SpyFalcon, and many more
> specifically designed for these security holes in Windows. These
> spyware packages were dressed up as real antispyware software offers
> that in reality hijacked the computer as ransomware crimeware stealing
> all financial information if the user was duped into purchase. They
> presented false Microsoft Security warnings in the system tray with
> Desktop pop ups. These were only one avenue the cyber criminals used
> for these Zero Day threats/exploits. One person was reporting about
> the Ani Cursor exploit infection that seemed like a sophisticated
> 'joke program' of sorts loosing virtually all controls of the system
> mainly through the mouse and cursor. Why should you be fully patched
> at Windows XP SP2 ? Those reasons for one and to be able to access
> Windows Updates for the limited life of your computer now. Windows XP
> goes off the shelf this coming June (I believe is the last target
> date). They will soon be axed from Windows Updates as well like
> Windows 98 and ME were. You should have the presence of mind to cling
> to the Microsft Windows Updates as a lifeline for your Operating
> System security and enhancement. No doubt you haven't heard anything
> from your PC manufacturer in years meaning Windows Updates is your
> last lifeline for enhancement improvements as well whereby you may be
> able to retrieve updated drivers as well. There is also the .Net
> Framework available there as version 1,2,3 now (at least 2 for
> compatibility and security). The point is that the "soft target" of
> older softwares and operating systems are now actually side by side as
> mainline primary targets for crimewares and cyber criminals running
> them. (People have written books)....
>
> No doubt you missed this....
>
> Add Windows Updates to Trusted Sites (Required, How To)
> SEE: http://bluecollarpc.net/smf/index.php/topic,205.0.html
>
> Simply, you will have to add the following to "Trusted Sites" to use
> Windows Updates now:
>
> http://*.update.microsoft.com
> https://*.update.microsoft.com
> http://download.windowsupdate.com
>
> Make notice of the Secure Sites " s " in ---> https://.
>
> Look up "heurisitics" in antivirus software and antispyware software.
> No doubt if you have paid real time protection installed - it is the
> only reason you are able to use your computer obviously on all OS
> (operating systems) below Windows XP SP2 (Service Pack 2).
>
> Really.... forget all previous and hook your machine up to Windows
> Updates immediately.... you definately need the three zero days
> plugged to stop infestation.
>
> gerald philly pa usa webmaster bluecollarpc.net/.org
>

 

[Richard Urban]

Depending upon only one antivirus program or one anti spyware program is
insufficient in these days. No one program will detect everything.
Conversely, some things are detected by almost all of these type programs.

Use some or all of these on-line scans:

http://www.microsoft.com/security/malwareremove/default.mspx

http://www.pandasecurity.com/homeusers/solutions/activescan/?

http://www.spywareinfo.com/xscan.php

http://www.kaspersky.com/kos/english/kavwebscan.html

http://www.spywareguide.com/onlinescan.php

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.htmlhttp://support.f-secure.com/enu/home/ols.shtml

http://www.kaspersky.com/virusscanner

http://ca.com/us/securityadvisor/virusinfo/scan.aspx

http://onlinescan.avast.com/

You may have to boot up into safe mode to totally remove many infections.

After you have removed everything, protect your computer with additional
software. Install good anti virus protection and anti malware protection.


--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)



"Thrasher" <cujoe@comcast.net> wrote in message
news:HtKdnWu83Lhmb4XanZ2dnUVZ_hOdnZ2d@comcast.com...
> Running XP (5.1.2600 SP1), and I'll first admit that I don't keep up with
> MS updates (for reasons I won't bore you with). I've owned computers for
> many, many years and don't do any of the obviously stupid
> things (like open email attachments). This is happening on my home HP
> laptop I use a router and evidently my desktop is affected but I'm not
> seeing the same symptons there. I have another laptop on my network
> (running McAfee) which is not affected (so far).
>
> Somehow I contracted one or more viruses/malware. Norton reports the virus
> name as "Downloader" most of the time indicating .exe files beginning with
> "b" and then some 3 digit number usually found in my C:\Windows folder.
> Also have Norton reporting a virus named Backdoor.Trojan with similar file
> names under C:Windows. Yesterday, I had the "pleasure" of a new
> pain-in-the-ass virus called "Infostealer" (just *luv* that name) showing
> up.
>
> Dunno if it's all really the same frigging thing or what. Can't find any
> updated info on these things so I wonder if I'm now suffering for falling
> behind on updates and managed to contract some really old virus(es).
> Norton AV informs me that it quarantines this stuff and, so far, it's just
> mainly an annoyance: I get the Norton pop-up box and now I'm getting new
> windows in my Firefox browser opening "suddenly" to like appliance dealers
> in my area.
> I'm obviously afraid it will get worse and that this bloody Infostealer is
> sending my private data to some frigging moron hiding in a dark basement
> somewhere...
>
> Am I scrooged or is there a quick fix for this? Is it now worth catching
> up with all the MS security updates (or just a certain few)? Any help
> would be appreciated.
>
> Many thx,
> Joe