POSSIBLE HACK...PLEASE, PLEASE HELP!

[Annie]

Three days ago, I had RoadRunner (cable internet connection) hooked up. The
tech turned off both my firewalls and DIDN'T tell me! (Shame on me for not
checking) Just a few minutes ago, while I was surfing, all my programs
opened up, one by one.

Was my computer hacked and did someone get all my personal information?!
I'm running my virus program right now. What else should I do? Please help.
I'm a nervous wreck right now!

Thanks,

Annie

 

[PA Bear [MS MVP]]

Windows version (e.g., WinXP SP3 Vista SP1)?

What do you mean by "both firewalls"? You should only have one (1) firewall
enabled at a time, Annie.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Annie wrote:
> Three days ago, I had RoadRunner (cable internet connection) hooked up.
> The
> tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
> not
> checking) Just a few minutes ago, while I was surfing, all my programs
> opened up, one by one.
>
> Was my computer hacked and did someone get all my personal information?!
> I'm running my virus program right now. What else should I do? Please
> help. I'm a nervous wreck right now!
>
> Thanks,
>
> Annie

 

[Annie]

Windows firewall and Zone Alarm firewall. Which one do you recommend I keep
on?




"PA Bear [MS MVP]" wrote:

> Windows version (e.g., WinXP SP3 Vista SP1)?
>
> What do you mean by "both firewalls"? You should only have one (1) firewall
> enabled at a time, Annie.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> Annie wrote:
> > Three days ago, I had RoadRunner (cable internet connection) hooked up.
> > The
> > tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
> > not
> > checking) Just a few minutes ago, while I was surfing, all my programs
> > opened up, one by one.
> >
> > Was my computer hacked and did someone get all my personal information?!
> > I'm running my virus program right now. What else should I do? Please
> > help. I'm a nervous wreck right now!
> >
> > Thanks,
> >
> > Annie
>
>

 

[Shenan Stanley]

Annie wrote:
> Windows firewall and Zone Alarm firewall. Which one do you
> recommend I keep on?

Given that you are asking - the Windows Firewall will be more than
sufficient and easier to use and keep updated.

My Suggestion: Uninstall Zone Alarm completely and just utilize the built in
Windows XP Firewall and an updated antivirus application. Occassionally run
an AntiSpyware application to see if you have been infested with anything
and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
AntiVirus is a good Free AV application (8.0).

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Shenan Stanley]

<snipped>

Annie wrote:
> Windows firewall and Zone Alarm firewall. Which one do you
> recommend I keep on?

Shenan Stanley wrote:
> Given that you are asking - the Windows Firewall will be more than
> sufficient and easier to use and keep updated.
>
> My Suggestion: Uninstall Zone Alarm completely and just utilize the
> built in Windows XP Firewall and an updated antivirus application.
> Occassionally run an AntiSpyware application to see if you have
> been infested with anything and/or purchase one. SuperAntiSpyware
> is a good free/for pay one. AVG AntiVirus is a good Free AV
> application (8.0).

Oh - are you on high-speed Internet (Cable Modem, DSL, etc) and if so - do
you have a router between you and the internet? (Do you connect directly to
the Internet and get an actual external IP address or an internal IP
address?)

If you are unsure - do the following..

1) Find out your IP address internally:
- Clcik on the Start button
- Select RUN
- Type in: cmd /k ipconfig
- Note the IP address...

2) Find out your external IP address:
- Open Internet Explorer
- Visit the following web page:
http://whatismyip.com
- Note the IP address...

Are they different? Is your internal IP address 10.x.x.x or 192.168.x.x?
If so - you are behind a router. Hopefully this router has been properly
configured and the administrator password on it changed.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Annie]

I'm using high-speed internet with a router. The tech brought their own so
it's brand new...Netgear. How could the password change after he configured
it? I'm lost.

"Shenan Stanley" wrote:

> <snipped>
>
> Annie wrote:
> > Windows firewall and Zone Alarm firewall. Which one do you
> > recommend I keep on?
>
> Shenan Stanley wrote:
> > Given that you are asking - the Windows Firewall will be more than
> > sufficient and easier to use and keep updated.
> >
> > My Suggestion: Uninstall Zone Alarm completely and just utilize the
> > built in Windows XP Firewall and an updated antivirus application.
> > Occassionally run an AntiSpyware application to see if you have
> > been infested with anything and/or purchase one. SuperAntiSpyware
> > is a good free/for pay one. AVG AntiVirus is a good Free AV
> > application (8.0).
>
> Oh - are you on high-speed Internet (Cable Modem, DSL, etc) and if so - do
> you have a router between you and the internet? (Do you connect directly to
> the Internet and get an actual external IP address or an internal IP
> address?)
>
> If you are unsure - do the following..
>
> 1) Find out your IP address internally:
> - Clcik on the Start button
> - Select RUN
> - Type in: cmd /k ipconfig
> - Note the IP address...
>
> 2) Find out your external IP address:
> - Open Internet Explorer
> - Visit the following web page:
> http://whatismyip.com
> - Note the IP address...
>
> Are they different? Is your internal IP address 10.x.x.x or 192.168.x.x?
> If so - you are behind a router. Hopefully this router has been properly
> configured and the administrator password on it changed.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

 

[Shenan Stanley]

<snipped>

Shenan Stanley wrote:
> Oh - are you on high-speed Internet (Cable Modem, DSL, etc) and if
> so - do you have a router between you and the internet? (Do you
> connect directly to the Internet and get an actual external IP
> address or an internal IP address?)
>
> If you are unsure - do the following..
>
> 1) Find out your IP address internally:
> - Clcik on the Start button
> - Select RUN
> - Type in: cmd /k ipconfig
> - Note the IP address...
>
> 2) Find out your external IP address:
> - Open Internet Explorer
> - Visit the following web page:
> http://whatismyip.com
> - Note the IP address...
>
> Are they different? Is your internal IP address 10.x.x.x or
> 192.168.x.x? If so - you are behind a router. Hopefully this
> router has been properly configured and the administrator password
> on it changed.

Annie wrote:
> I'm using high-speed internet with a router. The tech brought
> their own so it's brand new...Netgear. How could the password
> change after he configured it? I'm lost.

Annie wrote:
> I'm using high-speed internet with a router. The tech brought
> their own so it's brand new...Netgear. How could the password
> change after he configured it? I'm lost.

No - I said I *hoped* it had been changed fromt he DEFAULT... It comes from
the factory with a default password set that anyone with the same router (or
Internet access, or just guessing probably) could know.

If you have a router - you were probably not hacked unless the 'tech' did it
or that default password was not changed. By having a router - it makes you
virtually invisible to the outside world (public internet) and without
forwarding ports and services on the router itself - people are not going to
be likely to get onto your computer. Those routers do not *require* that
you change the password from default to work - nor do they usually require
any actual configuration - just plug them in and go.

Now - if the default (from the factory) password was not changed on your
Netgear router - it is possible you got infested/infected with something
that could give someone access to your computer despite the router being
there and/or change the router settings to allow more remote control.

If that router has been in place the whole time you were connected to the
Internet and it did have its default password changed to something only you
know (or your IT tech..) - then it is unlikely that you have been *hacked* -
however - you may have been infested with a Trojan, a worm or spyware or
adware. If so - that software could have easily sent out your information
and/or whatever it wanted to whatever address(es) it was programmed to do.
A software firewall *might* have helped in such a situation if it monitored
outgoing traffic - but then again - it might not - as it may have been
modified by the installation itself to allow for it to go unnoticed.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Annie]

The tech had me come up with a long password for the network key. Is that
the password you're talking about? He does know it and I'm not sure how to
change it on my own. (I'll figure that out later) If that's not what you're
talking about, I have no idea if he changed anything else from default.
Guess I'll have to call the BrightHouse tech tomorrow.

I ran my antivirus: no virus
I ran AdAware: about 200 cookies
I ran Spybot: fixed 68

Computer was taking forever to reboot so I manually turned it off (by the
button). I knew right there something was wrong. All files were modified
with today's date, too. ???

Thanks so much for the info.

"Shenan Stanley" wrote:

> <snipped>
>
> Shenan Stanley wrote:
> > Oh - are you on high-speed Internet (Cable Modem, DSL, etc) and if
> > so - do you have a router between you and the internet? (Do you
> > connect directly to the Internet and get an actual external IP
> > address or an internal IP address?)
> >
> > If you are unsure - do the following..
> >
> > 1) Find out your IP address internally:
> > - Clcik on the Start button
> > - Select RUN
> > - Type in: cmd /k ipconfig
> > - Note the IP address...
> >
> > 2) Find out your external IP address:
> > - Open Internet Explorer
> > - Visit the following web page:
> > http://whatismyip.com
> > - Note the IP address...
> >
> > Are they different? Is your internal IP address 10.x.x.x or
> > 192.168.x.x? If so - you are behind a router. Hopefully this
> > router has been properly configured and the administrator password
> > on it changed.
>
> Annie wrote:
> > I'm using high-speed internet with a router. The tech brought
> > their own so it's brand new...Netgear. How could the password
> > change after he configured it? I'm lost.
>
> Annie wrote:
> > I'm using high-speed internet with a router. The tech brought
> > their own so it's brand new...Netgear. How could the password
> > change after he configured it? I'm lost.
>
> No - I said I *hoped* it had been changed fromt he DEFAULT... It comes from
> the factory with a default password set that anyone with the same router (or
> Internet access, or just guessing probably) could know.
>
> If you have a router - you were probably not hacked unless the 'tech' did it
> or that default password was not changed. By having a router - it makes you
> virtually invisible to the outside world (public internet) and without
> forwarding ports and services on the router itself - people are not going to
> be likely to get onto your computer. Those routers do not *require* that
> you change the password from default to work - nor do they usually require
> any actual configuration - just plug them in and go.
>
> Now - if the default (from the factory) password was not changed on your
> Netgear router - it is possible you got infested/infected with something
> that could give someone access to your computer despite the router being
> there and/or change the router settings to allow more remote control.
>
> If that router has been in place the whole time you were connected to the
> Internet and it did have its default password changed to something only you
> know (or your IT tech..) - then it is unlikely that you have been *hacked* -
> however - you may have been infested with a Trojan, a worm or spyware or
> adware. If so - that software could have easily sent out your information
> and/or whatever it wanted to whatever address(es) it was programmed to do.
> A software firewall *might* have helped in such a situation if it monitored
> outgoing traffic - but then again - it might not - as it may have been
> modified by the installation itself to allow for it to go unnoticed.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

 

[Shenan Stanley]

Annie wrote:
> The tech had me come up with a long password for the network key.
> Is that the password you're talking about? He does know it and I'm
> not sure how to change it on my own. (I'll figure that out later)
> If that's not what you're talking about, I have no idea if he
> changed anything else from default. Guess I'll have to call the
> BrightHouse tech tomorrow.
>
> I ran my antivirus: no virus
> I ran AdAware: about 200 cookies
> I ran Spybot: fixed 68
>
> Computer was taking forever to reboot so I manually turned it off
> (by the button). I knew right there something was wrong. All
> files were modified with today's date, too. ???
>
> Thanks so much for the info.

No - the wireless password that he probably set for WEP, WPA or WPA2 is not
the same as the password for the router itself. (Well - I suppose they
could be set that way - but the WEP/WPA/WPA2 password for wireless
connectivity is not what we are concerned with here.)

When you did the IPCONFIG feom the earlier posting - what was the internat
IP you received? If I had to venture a guess - it would be 192.168.1.# (#
could be anything between 2 and 254...) If so (or something like that) -
then what you can do is test if the Netgear router configuration password
has been set.

Open your Internet Explorer on a machine connected to that router for
Internet service. For the address type the first three digits of the IP you
have and the last number will be a one (example - if your IP is 10.0.0.45,
type http://10.0.0.1/ and press enter. If your IP was 192.168.1.56, then
you would type http://192.168.1.1/ and press enter - etc.) It should come
up and ask you for a username and password. The username is "admin" (sans
the quotes) and the password - if still set to default - is "password" (sans
the quotes.) If the tech changed it - you will know because the default
admin/password will fail.

As for "files were modified with today's date" - dependent on where the
files were changed (which files exactly and which date (modified, created or
accessed) - that could mean nothing. Honestly - did you look at *all* the
files on your machine or in a particular directory - and what particular
directory?

If the machine is not connected to the Internet - it cannot send anything
else out.

Download and put SuperAntiSpyware on it - scan with it.
Get MultiAV and put it on it and run it per instructions.

(Google for those two products.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Annie]

Hi Shenan,

I checked my internal and external IPs. They're different. I typed the
username and password as you said but got spooked when it said: Warning:
This server is requesting that your username and password be sent in an
insecure manner (basic authentication without a secure connection)....so I
just clicked cancel rather than OK. I got an 'unauthorized' page. Had I
clicked OK and it 'did' take me to the next page...I want to know where I'm
going before I get there. What would've come next?

When I did the search, I put a * in the search box and asked for any files
modified with today's date. Everything from Program Files to documents to
pictures were on that list. I can't say 'everything' was there, tho.

What's MultiAV? I already ran an anitvirus.



Sheesh...thanks for putting up with me. You're a great help in figuring
this out.

"Shenan Stanley" wrote:

> Annie wrote:
> > The tech had me come up with a long password for the network key.
> > Is that the password you're talking about? He does know it and I'm
> > not sure how to change it on my own. (I'll figure that out later)
> > If that's not what you're talking about, I have no idea if he
> > changed anything else from default. Guess I'll have to call the
> > BrightHouse tech tomorrow.
> >
> > I ran my antivirus: no virus
> > I ran AdAware: about 200 cookies
> > I ran Spybot: fixed 68
> >
> > Computer was taking forever to reboot so I manually turned it off
> > (by the button). I knew right there something was wrong. All
> > files were modified with today's date, too. ???
> >
> > Thanks so much for the info.
>
> No - the wireless password that he probably set for WEP, WPA or WPA2 is not
> the same as the password for the router itself. (Well - I suppose they
> could be set that way - but the WEP/WPA/WPA2 password for wireless
> connectivity is not what we are concerned with here.)
>
> When you did the IPCONFIG feom the earlier posting - what was the internat
> IP you received? If I had to venture a guess - it would be 192.168.1.# (#
> could be anything between 2 and 254...) If so (or something like that) -
> then what you can do is test if the Netgear router configuration password
> has been set.
>
> Open your Internet Explorer on a machine connected to that router for
> Internet service. For the address type the first three digits of the IP you
> have and the last number will be a one (example - if your IP is 10.0.0.45,
> type http://10.0.0.1/ and press enter. If your IP was 192.168.1.56, then
> you would type http://192.168.1.1/ and press enter - etc.) It should come
> up and ask you for a username and password. The username is "admin" (sans
> the quotes) and the password - if still set to default - is "password" (sans
> the quotes.) If the tech changed it - you will know because the default
> admin/password will fail.
>
> As for "files were modified with today's date" - dependent on where the
> files were changed (which files exactly and which date (modified, created or
> accessed) - that could mean nothing. Honestly - did you look at *all* the
> files on your machine or in a particular directory - and what particular
> directory?
>
> If the machine is not connected to the Internet - it cannot send anything
> else out.
>
> Download and put SuperAntiSpyware on it - scan with it.
> Get MultiAV and put it on it and run it per instructions.
>
> (Google for those two products.)
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

 

[Dan]

Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
Unfortunately with Free AVG 8, the company apparently broke many of their own
rules and I cannot suggest AVG anymore unless a user is running the legacy
version with AVG 7.5 in which support supposedly is ending in August.

The reason is that AVG 8 has too many false positives on both my system and
my dad's machine when we tried it on XP Professional for me and XP Home for
him. I do not like to disagree with an MVP and please do not jump down my
throat and forgive me for stating my opinion. I am not overly happy with
Avast either if the user is using a 9x machine (such as Windows 98 Second
Edition) but if the machine is using a more modern operating system such as
Windows XP then I would suggest Microsoft's antivirus of Windows Live One
Care because I have not had issues with it so far except the stupid red
notification it gives me because I do not enable automatic updates since I
enjoy reading about every security update.

"Shenan Stanley" wrote:

> Annie wrote:
> > Windows firewall and Zone Alarm firewall. Which one do you
> > recommend I keep on?
>
> Given that you are asking - the Windows Firewall will be more than
> sufficient and easier to use and keep updated.
>
> My Suggestion: Uninstall Zone Alarm completely and just utilize the built in
> Windows XP Firewall and an updated antivirus application. Occassionally run
> an AntiSpyware application to see if you have been infested with anything
> and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
> AntiVirus is a good Free AV application (8.0).
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

 

[Dan]

Re: Virus and Potential Hack of Computer

Thanks for your feedback to Annie on this Milo. What would be your best
suggestions for cleaning the machine? Would Windows LiveOneCare be able to
clean it fully or would it take a combination method of this and perhaps
things like Spybot Search and Destoy which I see Annie already run. Annie
also apparently ran Adaware SE (shudder --- too many false positives --
wrecked a computer once when I ran it and applied the fixes without the
proper backups to that computer in place --- I know better now and learned my
lesson well and would never suggest anyone to use it in the future.) Annie,
I am changing your title, to lowercase because uppercase is like shouting in
the discussion newsgroup and the title based on Milo's expertise of the
situation that has come to light. Annie, which antivirus program did you
run. I also like 2 other tools which are cwshredder and HiJack This which
Annie will need to run. Once, we can get your machine cleaned then we can
help to offer the appropriate safeguards via safety and security of your
machine to help prevent such problems in the future.

"Milo" wrote:

> Annie the way you describe it alone but am not saying yet that you have one
> but you may have a PE infection ( Virus ) and well recently we have a what
> we call PE_Sality / PE_Patch infector that are being delivered by
> polymorphic malicious files Trojan and Downloaders with combo rootkit since
> it bypassed your Firewall.
>
> If it opened up all your program on their own that was stage 1 ( that would
> be in injecting itself already )
> taking too much time and almost all of the file was modified to the recent
> date ( it means injection compeleted file headers already modified )
>
> next time maybe you ought to invest on a better Anti-virus or/and Firewall.
>
>
> "Annie" <Annie@discussions.microsoft.com> wrote in message
> news:1497AA21-C261-40C4-BDFF-97C260C45F8B@microsoft.com...
> > The tech had me come up with a long password for the network key. Is that
> > the password you're talking about? He does know it and I'm not sure how
> > to
> > change it on my own. (I'll figure that out later) If that's not what
> > you're
> > talking about, I have no idea if he changed anything else from default.
> > Guess I'll have to call the BrightHouse tech tomorrow.
> >
> > I ran my antivirus: no virus
> > I ran AdAware: about 200 cookies
> > I ran Spybot: fixed 68
> >
> > Computer was taking forever to reboot so I manually turned it off (by the
> > button). I knew right there something was wrong. All files were modified
> > with today's date, too. ???
> >
> > Thanks so much for the info.
> >
> > "Shenan Stanley" wrote:
> >
> >> <snipped>
> >>
> >> Shenan Stanley wrote:
> >> > Oh - are you on high-speed Internet (Cable Modem, DSL, etc) and if
> >> > so - do you have a router between you and the internet? (Do you
> >> > connect directly to the Internet and get an actual external IP
> >> > address or an internal IP address?)
> >> >
> >> > If you are unsure - do the following..
> >> >
> >> > 1) Find out your IP address internally:
> >> > - Clcik on the Start button
> >> > - Select RUN
> >> > - Type in: cmd /k ipconfig
> >> > - Note the IP address...
> >> >
> >> > 2) Find out your external IP address:
> >> > - Open Internet Explorer
> >> > - Visit the following web page:
> >> > http://whatismyip.com
> >> > - Note the IP address...
> >> >
> >> > Are they different? Is your internal IP address 10.x.x.x or
> >> > 192.168.x.x? If so - you are behind a router. Hopefully this
> >> > router has been properly configured and the administrator password
> >> > on it changed.
> >>
> >> Annie wrote:
> >> > I'm using high-speed internet with a router. The tech brought
> >> > their own so it's brand new...Netgear. How could the password
> >> > change after he configured it? I'm lost.
> >>
> >> Annie wrote:
> >> > I'm using high-speed internet with a router. The tech brought
> >> > their own so it's brand new...Netgear. How could the password
> >> > change after he configured it? I'm lost.
> >>
> >> No - I said I *hoped* it had been changed fromt he DEFAULT... It comes
> >> from
> >> the factory with a default password set that anyone with the same router
> >> (or
> >> Internet access, or just guessing probably) could know.
> >>
> >> If you have a router - you were probably not hacked unless the 'tech' did
> >> it
> >> or that default password was not changed. By having a router - it makes
> >> you
> >> virtually invisible to the outside world (public internet) and without
> >> forwarding ports and services on the router itself - people are not going
> >> to
> >> be likely to get onto your computer. Those routers do not *require* that
> >> you change the password from default to work - nor do they usually
> >> require
> >> any actual configuration - just plug them in and go.
> >>
> >> Now - if the default (from the factory) password was not changed on your
> >> Netgear router - it is possible you got infested/infected with something
> >> that could give someone access to your computer despite the router being
> >> there and/or change the router settings to allow more remote control.
> >>
> >> If that router has been in place the whole time you were connected to the
> >> Internet and it did have its default password changed to something only
> >> you
> >> know (or your IT tech..) - then it is unlikely that you have been
> >> *hacked* -
> >> however - you may have been infested with a Trojan, a worm or spyware or
> >> adware. If so - that software could have easily sent out your
> >> information
> >> and/or whatever it wanted to whatever address(es) it was programmed to
> >> do.
> >> A software firewall *might* have helped in such a situation if it
> >> monitored
> >> outgoing traffic - but then again - it might not - as it may have been
> >> modified by the installation itself to allow for it to go unnoticed.
> >>
> >> --
> >> Shenan Stanley
> >> MS-MVP
> >> --
> >> How To Ask Questions The Smart Way
> >> http://www.catb.org/~esr/faqs/smart-questions.html
> >>
> >>
> >>

 

[Annie]

Thank you, Dan and Milo.

So what is the next step? I'm not going to turn on that computer just yet.
Where do I find the PE_Sality / PE_Patch at a safe site and should I download
that first before anything else? Should I then run the programs Dan
suggested...in that order?

I'm running Windows XP Home edition on that computer.

I checked my IP addresses per Shenan's advice, they're different. I tried
to login as 'admin' and put the default password in. I then got a 'warning'
screen' so just clicked cancel because I didn't know where that was going to
take me. Could I have clicked OK and then just closed the next page had it
submitted? I realize if I did go to the next page my password was 'not'
changed from the default which is bad. I just didn't know where to take it
from there.

Thank you so much for your help.

One more thing...if this was what Milo said it was..does someone out there
have all my personal data (documents, photos, passwords, etc.).




"Dan" wrote:

> Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
> Unfortunately with Free AVG 8, the company apparently broke many of their own
> rules and I cannot suggest AVG anymore unless a user is running the legacy
> version with AVG 7.5 in which support supposedly is ending in August.
>
> The reason is that AVG 8 has too many false positives on both my system and
> my dad's machine when we tried it on XP Professional for me and XP Home for
> him. I do not like to disagree with an MVP and please do not jump down my
> throat and forgive me for stating my opinion. I am not overly happy with
> Avast either if the user is using a 9x machine (such as Windows 98 Second
> Edition) but if the machine is using a more modern operating system such as
> Windows XP then I would suggest Microsoft's antivirus of Windows Live One
> Care because I have not had issues with it so far except the stupid red
> notification it gives me because I do not enable automatic updates since I
> enjoy reading about every security update.
>
> "Shenan Stanley" wrote:
>
> > Annie wrote:
> > > Windows firewall and Zone Alarm firewall. Which one do you
> > > recommend I keep on?
> >
> > Given that you are asking - the Windows Firewall will be more than
> > sufficient and easier to use and keep updated.
> >
> > My Suggestion: Uninstall Zone Alarm completely and just utilize the built in
> > Windows XP Firewall and an updated antivirus application. Occassionally run
> > an AntiSpyware application to see if you have been infested with anything
> > and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
> > AntiVirus is a good Free AV application (8.0).
> >
> > --
> > Shenan Stanley
> > MS-MVP
> > --
> > How To Ask Questions The Smart Way
> > http://www.catb.org/~esr/faqs/smart-questions.html
> >
> >
> >

 

[Tom [Pepper] Willett]

Support for AVG 7.5 doesn't end until December, not August.
"Dan" <Dan@discussions.microsoft.com> wrote in message
news:1CB0C741-0BD5-420C-B433-53A102F5FEBA@microsoft.com...
: Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
: Unfortunately with Free AVG 8, the company apparently broke many of their
own
: rules and I cannot suggest AVG anymore unless a user is running the legacy
: version with AVG 7.5 in which support supposedly is ending in August.
:
: The reason is that AVG 8 has too many false positives on both my system
and
: my dad's machine when we tried it on XP Professional for me and XP Home
for
: him. I do not like to disagree with an MVP and please do not jump down my
: throat and forgive me for stating my opinion. I am not overly happy with
: Avast either if the user is using a 9x machine (such as Windows 98 Second
: Edition) but if the machine is using a more modern operating system such
as
: Windows XP then I would suggest Microsoft's antivirus of Windows Live One
: Care because I have not had issues with it so far except the stupid red
: notification it gives me because I do not enable automatic updates since I
: enjoy reading about every security update.
:
: "Shenan Stanley" wrote:
:
: > Annie wrote:
: > > Windows firewall and Zone Alarm firewall. Which one do you
: > > recommend I keep on?
: >
: > Given that you are asking - the Windows Firewall will be more than
: > sufficient and easier to use and keep updated.
: >
: > My Suggestion: Uninstall Zone Alarm completely and just utilize the
built in
: > Windows XP Firewall and an updated antivirus application. Occassionally
run
: > an AntiSpyware application to see if you have been infested with
anything
: > and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
: > AntiVirus is a good Free AV application (8.0).
: >
: > --
: > Shenan Stanley
: > MS-MVP
: > --
: > How To Ask Questions The Smart Way
: > http://www.catb.org/~esr/faqs/smart-questions.html
: >
: >
: >

 

[Dan]

I am actually posting this reply via the 98 Second Edition side of my
computer which was not hacked in 2007 after the APS network was hacked and
the XP Professional side was compromised, the 98 SE side rode through the
onslaught like a champ without noticing any problems despite the fact that it
was hooked up to the Internet. This is my main reason for my debate with
Steve Riley but I will discuss that later in the appropriate topic area of
this newsgroup. Identity Theft is really terrible. I want to rant and rave
about my problems but will not redirect to help you.

Okay, first come to grips with the worst case scenario although it might not
be the worst case, I feel it is better to get that over with first and then
try not to worry. Secondly, make sure the compromised portion (XP Home) side
of the PC is not connected to the Internet. I figure we are talking about a
single operating system and do not have to deal with Virtual Machines and or
Dual or Tri-Boots. Please correct me if I am wrong. Since the problem is
with Windows XP Home then I certainly would allow a copy of Windows Live One
Care to attempt to fix the problem. Unfortunately, for you this is a
terrible scenario but it will be useful for Microsoft and others to see how
effectively Windows Live One Care can fix your problem. This will make a
great test case to see the effectiveness of Windows Live One Care. Just so
you all know, I enjoy using Microsoft technology but will not limit myself to
a single software or hardware manufacturer. It must be all fully customized
for me to meet my needs and please sorry Annie but do not see me as
insensitive since your case may indeed help all users out.

1. Try to Install and Run Windows Live One Care --- use cd and make sure
your ethernet, usb or phone cord is not connected --- this is a critical step
as far as not being connected to the Internet with that machine or at least
within the compromised operating system (I presume broadband --- cable/dsl or
narrowband if dial-up) ---- access me and others with another non-compromised
machine at this Microsoft Newsgroup ---- Please let us know the results and I
will attempt to provide further assistant --- Milo, Steve Riley and others
are welcome to add their feedback to this case as well to help Annie.

"Annie" wrote:

> Thank you, Dan and Milo.
>
> So what is the next step? I'm not going to turn on that computer just yet.
> Where do I find the PE_Sality / PE_Patch at a safe site and should I download
> that first before anything else? Should I then run the programs Dan
> suggested...in that order?
>
> I'm running Windows XP Home edition on that computer.
>
> I checked my IP addresses per Shenan's advice, they're different. I tried
> to login as 'admin' and put the default password in. I then got a 'warning'
> screen' so just clicked cancel because I didn't know where that was going to
> take me. Could I have clicked OK and then just closed the next page had it
> submitted? I realize if I did go to the next page my password was 'not'
> changed from the default which is bad. I just didn't know where to take it
> from there.
>
> Thank you so much for your help.
>
> One more thing...if this was what Milo said it was..does someone out there
> have all my personal data (documents, photos, passwords, etc.).
>
>
>
>
> "Dan" wrote:
>
> > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
> > Unfortunately with Free AVG 8, the company apparently broke many of their own
> > rules and I cannot suggest AVG anymore unless a user is running the legacy
> > version with AVG 7.5 in which support supposedly is ending in August.
> >
> > The reason is that AVG 8 has too many false positives on both my system and
> > my dad's machine when we tried it on XP Professional for me and XP Home for
> > him. I do not like to disagree with an MVP and please do not jump down my
> > throat and forgive me for stating my opinion. I am not overly happy with
> > Avast either if the user is using a 9x machine (such as Windows 98 Second
> > Edition) but if the machine is using a more modern operating system such as
> > Windows XP then I would suggest Microsoft's antivirus of Windows Live One
> > Care because I have not had issues with it so far except the stupid red
> > notification it gives me because I do not enable automatic updates since I
> > enjoy reading about every security update.
> >
> > "Shenan Stanley" wrote:
> >
> > > Annie wrote:
> > > > Windows firewall and Zone Alarm firewall. Which one do you
> > > > recommend I keep on?
> > >
> > > Given that you are asking - the Windows Firewall will be more than
> > > sufficient and easier to use and keep updated.
> > >
> > > My Suggestion: Uninstall Zone Alarm completely and just utilize the built in
> > > Windows XP Firewall and an updated antivirus application. Occassionally run
> > > an AntiSpyware application to see if you have been infested with anything
> > > and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
> > > AntiVirus is a good Free AV application (8.0).
> > >
> > > --
> > > Shenan Stanley
> > > MS-MVP
> > > --
> > > How To Ask Questions The Smart Way
> > > http://www.catb.org/~esr/faqs/smart-questions.html
> > >
> > >
> > >

 

[Dan]

Thanks Tom for the correction. AVG must have extended the deadline. It will
be interesting as I have noted in the Windows 98 general newsgroup and MEB
and I have talked about this that Mozilla Firefox 2.0.0.x is set to expire in
December of 2008. Will the 10+ year anniversary of Windows 98 and almost the
10 year anniversary of Windows 98 Second Edition really end up putting the
operating system as truly dead or will there be new life somehow after that.
I am indeed petitioning Mozilla to continue to support Windows 98 Second
Edition with Mozilla Firefox 2 or at least update it to 2.5 and continue to
support legacy users such as myself for good safety reasons.

BTW, Tom have you seen the original Matrix movie and what about the 1980's
Sneakers movie with Robert Redford and how about It's a Wonderful Life with
Jimmy Stewart and Enemy of the State and The Game. These movies are just a
few that really make me think and reflect about life. I am one of those
movie goers who after seeing a really good movie will watch all the credits.
I will try and ask the movie personnel if there is an added extra at the end
because spending around $10 nowadays to see a new release is a real treat for
me. Unfortunately, I have been very disappointed with Hollywood recently
because I think the overall thought and intelligence in movies and the
quality is going way downhill.

"Tom [Pepper] Willett" wrote:

> Support for AVG 7.5 doesn't end until December, not August.
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:1CB0C741-0BD5-420C-B433-53A102F5FEBA@microsoft.com...
> : Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
> : Unfortunately with Free AVG 8, the company apparently broke many of their
> own
> : rules and I cannot suggest AVG anymore unless a user is running the legacy
> : version with AVG 7.5 in which support supposedly is ending in August.
> :
> : The reason is that AVG 8 has too many false positives on both my system
> and
> : my dad's machine when we tried it on XP Professional for me and XP Home
> for
> : him. I do not like to disagree with an MVP and please do not jump down my
> : throat and forgive me for stating my opinion. I am not overly happy with
> : Avast either if the user is using a 9x machine (such as Windows 98 Second
> : Edition) but if the machine is using a more modern operating system such
> as
> : Windows XP then I would suggest Microsoft's antivirus of Windows Live One
> : Care because I have not had issues with it so far except the stupid red
> : notification it gives me because I do not enable automatic updates since I
> : enjoy reading about every security update.
> :
> : "Shenan Stanley" wrote:
> :
> : > Annie wrote:
> : > > Windows firewall and Zone Alarm firewall. Which one do you
> : > > recommend I keep on?
> : >
> : > Given that you are asking - the Windows Firewall will be more than
> : > sufficient and easier to use and keep updated.
> : >
> : > My Suggestion: Uninstall Zone Alarm completely and just utilize the
> built in
> : > Windows XP Firewall and an updated antivirus application. Occassionally
> run
> : > an AntiSpyware application to see if you have been infested with
> anything
> : > and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
> : > AntiVirus is a good Free AV application (8.0).
> : >
> : > --
> : > Shenan Stanley
> : > MS-MVP
> : > --
> : > How To Ask Questions The Smart Way
> : > http://www.catb.org/~esr/faqs/smart-questions.html
> : >
> : >
> : >
>
>
>

 

[PA Bear [MS MVP]]

Support for AVG v7.5 in Win9x ends in August.

Tom [Pepper] Willett wrote:
> Support for AVG 7.5 doesn't end until December, not August.
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:1CB0C741-0BD5-420C-B433-53A102F5FEBA@microsoft.com...
>> Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
>> Unfortunately with Free AVG 8, the company apparently broke many of their
>> own rules and I cannot suggest AVG anymore unless a user is running the
>> legacy version with AVG 7.5 in which support supposedly is ending in
>> August.
>>
>> The reason is that AVG 8 has too many false positives on both my system
>> and
>> my dad's machine when we tried it on XP Professional for me and XP Home
>> for
>> him. I do not like to disagree with an MVP and please do not jump down
>> my
>> throat and forgive me for stating my opinion. I am not overly happy with
>> Avast either if the user is using a 9x machine (such as Windows 98 Second
>> Edition) but if the machine is using a more modern operating system such
>> as
>> Windows XP then I would suggest Microsoft's antivirus of Windows Live One
>> Care because I have not had issues with it so far except the stupid red
>> notification it gives me because I do not enable automatic updates since
>> I
>> enjoy reading about every security update.
>>
>> "Shenan Stanley" wrote:
>>
>>> Annie wrote:
>>>> Windows firewall and Zone Alarm firewall. Which one do you
>>>> recommend I keep on?
>>>
>>> Given that you are asking - the Windows Firewall will be more than
>>> sufficient and easier to use and keep updated.
>>>
>>> My Suggestion: Uninstall Zone Alarm completely and just utilize the
>>> built
>>> in Windows XP Firewall and an updated antivirus application.
>>> Occassionally run an AntiSpyware application to see if you have been
>>> infested with anything and/or purchase one. SuperAntiSpyware is a good
>>> free/for pay one. AVG AntiVirus is a good Free AV application (8.0).
>>>
>>> --
>>> Shenan Stanley
>>> MS-MVP
>>> --
>>> How To Ask Questions The Smart Way
>>> http://www.catb.org/~esr/faqs/smart-questions.html

 

[PA Bear [MS MVP]]

I've read all replies to this thread as of this post.

Given the fact that you connect via a router, I agree with Shenan: Uninstall
ZA & enable the Windows Firewall.

======================================

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~PA Bear


Annie wrote:
> Windows firewall and Zone Alarm firewall. Which one do you recommend I
> keep
> on?
>
> "PA Bear [MS MVP]" wrote:
>> Windows version (e.g., WinXP SP3 Vista SP1)?
>>
>> What do you mean by "both firewalls"? You should only have one (1)
>> firewall enabled at a time, Annie.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> Annie wrote:
>>> Three days ago, I had RoadRunner (cable internet connection) hooked up.
>>> The
>>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
>>> not
>>> checking) Just a few minutes ago, while I was surfing, all my programs
>>> opened up, one by one.
>>>
>>> Was my computer hacked and did someone get all my personal information?!
>>> I'm running my virus program right now. What else should I do? Please
>>> help. I'm a nervous wreck right now!

 

[Dan]

I agree with Robear as well. Please make sure you have the Windows Firewall
on and also please check the no exceptions box to allow nothing to get
through. You will indeed need to remove Zone Alarm Firewall and also please
let us know about programs that you don't recognize in Add/Remove Software.

However, it is useful to Google the software that you do not recognize and
then just read the results without clicking any web link because we don't
want your computer to have any more trash. I like McAfee Site Advisor.
Again, this needs to be done within another operating system or from another
PC and like I said it is best to keep the damaged PC off-line to limit damage
potential because you are in trouble if you keep a compromised computer
on-line until it is fully fixed and machines have been known to become part
of spy-bot networks when this is the case which is bad for all of us in the
World.

Robear, is tops when it comes to safety and security with Windows and he has
great advice.

"PA Bear [MS MVP]" wrote:

> I've read all replies to this thread as of this post.
>
> Given the fact that you connect via a router, I agree with Shenan: Uninstall
> ZA & enable the Windows Firewall.
>
> ======================================
>
> Run a /thorough/ check for hijackware, including posting your hijackthis log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
> conjuction with some other utilities). HijackThis will NOT fix anything on
> its own, but it will help you to both identify and remove any
> hijackware/spyware with assistance from an expert. **Post your log to
> http://aumha.net/viewforum.php?f=30,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html, or other appropriate forums for review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
> --
> ~PA Bear
>
>
> Annie wrote:
> > Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > keep
> > on?
> >
> > "PA Bear [MS MVP]" wrote:
> >> Windows version (e.g., WinXP SP3 Vista SP1)?
> >>
> >> What do you mean by "both firewalls"? You should only have one (1)
> >> firewall enabled at a time, Annie.
> >> --
> >> ~Robear Dyer (PA Bear)
> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >> AumHa VSOP & Admin http://aumha.net
> >> DTS-L http://dts-l.net/
> >>
> >>
> >> Annie wrote:
> >>> Three days ago, I had RoadRunner (cable internet connection) hooked up.
> >>> The
> >>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
> >>> not
> >>> checking) Just a few minutes ago, while I was surfing, all my programs
> >>> opened up, one by one.
> >>>
> >>> Was my computer hacked and did someone get all my personal information?!
> >>> I'm running my virus program right now. What else should I do? Please
> >>> help. I'm a nervous wreck right now!
>
>

 

[Shenan Stanley]

Dan wrote:
> Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
> program. Unfortunately with Free AVG 8, the company apparently
> broke many of their own rules and I cannot suggest AVG anymore
> unless a user is running the legacy version with AVG 7.5 in which
> support supposedly is ending in August.
>
> The reason is that AVG 8 has too many false positives on both my
> system and my dad's machine when we tried it on XP Professional for
> me and XP Home for him. I do not like to disagree with an MVP and
> please do not jump down my throat and forgive me for stating my
> opinion. I am not overly happy with Avast either if the user is
> using a 9x machine (such as Windows 98 Second Edition) but if the
> machine is using a more modern operating system such as Windows XP
> then I would suggest Microsoft's antivirus of Windows Live One Care
> because I have not had issues with it so far except the stupid red
> notification it gives me because I do not enable automatic updates
> since I enjoy reading about every security update.

No worries, Dan.

I appreciate opinions - especially when presented with supporting evidence
and sound reasoning. After all - how else would any of us learn anything
about the hundreds upon hundreds of different products out there? While I
admittedly try all I can - there are only so many hours in a day and so many
things I can do to 'try' something before I move on to something else.

I had noticed posts about AVG 7.5 popping up - and not having had trouble
with the AVG 8.0 install *beyond* what I have noted in many posts (how to
get rid of the link scanner and not to install the email scanner) - I
couldn't really fathom why it (7.5) was still popping up. Your post has
brought some insight into this and something for me to look into further.
Thanks!

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html