POSSIBLE HACK...PLEASE, PLEASE HELP!

D

Dan

You are most welcome. I am thankfully posting in Windows 98 Second Edition
because I went ahead and removed the extra memory from the computer and went
from 2 gigabytes back to 512 megabytes. I am doing this because I sincerely
believe in the safeness of the 9x source code with the proper security
protocol. Please see the biometrics debate back and forth between me, Steve
Riley and another Daniel and others if you are so interested in our opinions.
Chris Quirke, MVP was the one who really set me on the proper track of the
internal safety and external security approach.

Remember, if the foundation is built upon sand then no matter how powerful
the external foundation is then the foundation (kernel) will indeed crumble.
I read that this will be an issue within 20 years but I think it has come to
a head today with AVG 7.5 which I like and use on 98 Second Edition ending
support in August according to Robear and Mozilla Firefox 2.x ending support
for Windows 98 Second Edition in December. You must remember that Mozilla
Firefox provides 256 AES cipher strength within 98 Second Edition compared to
Internet Explorer which will only give you that cipher strength with Windows
Vista but not XP Professional or Home and I do not know about if it will give
you that strength with the server editions since I have not followed that
software.

Please see the secunia.com website about how vulnerabilities line up with
Windows 98 Second Edition compared to XP Home and Professional and you will
get an idea about my point. I actually now am starting to prefer Windows
2000 Professional to XP because it has more of the 98 Second Edition look and
feel which I enjoy and again less services so there is less surface area to
attack.

"Shenan Stanley" wrote:

> Dan wrote:
> > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
> > program. Unfortunately with Free AVG 8, the company apparently
> > broke many of their own rules and I cannot suggest AVG anymore
> > unless a user is running the legacy version with AVG 7.5 in which
> > support supposedly is ending in August.
> >
> > The reason is that AVG 8 has too many false positives on both my
> > system and my dad's machine when we tried it on XP Professional for
> > me and XP Home for him. I do not like to disagree with an MVP and
> > please do not jump down my throat and forgive me for stating my
> > opinion. I am not overly happy with Avast either if the user is
> > using a 9x machine (such as Windows 98 Second Edition) but if the
> > machine is using a more modern operating system such as Windows XP
> > then I would suggest Microsoft's antivirus of Windows Live One Care
> > because I have not had issues with it so far except the stupid red
> > notification it gives me because I do not enable automatic updates
> > since I enjoy reading about every security update.
>
> No worries, Dan.
>
> I appreciate opinions - especially when presented with supporting evidence
> and sound reasoning. After all - how else would any of us learn anything
> about the hundreds upon hundreds of different products out there? While I
> admittedly try all I can - there are only so many hours in a day and so many
> things I can do to 'try' something before I move on to something else.
>
> I had noticed posts about AVG 7.5 popping up - and not having had trouble
> with the AVG 8.0 install *beyond* what I have noted in many posts (how to
> get rid of the link scanner and not to install the email scanner) - I
> couldn't really fathom why it (7.5) was still popping up. Your post has
> brought some insight into this and something for me to look into further.
> Thanks!
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>
 
A

Annie

Thank you everyone for trying to help. This is just too overwhelming for me.
I'm just going to take my computer in to the shop and have the reinstall the
OS and I'll have to reinstall all my other programs.

My router says it has a double firewall so I still don't know how all of
this could've happened eventho that guy turned my Windows firewall off.
Makes no sense to me.

Thanks again. I hope all these posts help anyone else who has this problem
and are a bit more experienced than myself.

"Dan" wrote:

> I am actually posting this reply via the 98 Second Edition side of my
> computer which was not hacked in 2007 after the APS network was hacked and
> the XP Professional side was compromised, the 98 SE side rode through the
> onslaught like a champ without noticing any problems despite the fact that it
> was hooked up to the Internet. This is my main reason for my debate with
> Steve Riley but I will discuss that later in the appropriate topic area of
> this newsgroup. Identity Theft is really terrible. I want to rant and rave
> about my problems but will not redirect to help you.
>
> Okay, first come to grips with the worst case scenario although it might not
> be the worst case, I feel it is better to get that over with first and then
> try not to worry. Secondly, make sure the compromised portion (XP Home) side
> of the PC is not connected to the Internet. I figure we are talking about a
> single operating system and do not have to deal with Virtual Machines and or
> Dual or Tri-Boots. Please correct me if I am wrong. Since the problem is
> with Windows XP Home then I certainly would allow a copy of Windows Live One
> Care to attempt to fix the problem. Unfortunately, for you this is a
> terrible scenario but it will be useful for Microsoft and others to see how
> effectively Windows Live One Care can fix your problem. This will make a
> great test case to see the effectiveness of Windows Live One Care. Just so
> you all know, I enjoy using Microsoft technology but will not limit myself to
> a single software or hardware manufacturer. It must be all fully customized
> for me to meet my needs and please sorry Annie but do not see me as
> insensitive since your case may indeed help all users out.
>
> 1. Try to Install and Run Windows Live One Care --- use cd and make sure
> your ethernet, usb or phone cord is not connected --- this is a critical step
> as far as not being connected to the Internet with that machine or at least
> within the compromised operating system (I presume broadband --- cable/dsl or
> narrowband if dial-up) ---- access me and others with another non-compromised
> machine at this Microsoft Newsgroup ---- Please let us know the results and I
> will attempt to provide further assistant --- Milo, Steve Riley and others
> are welcome to add their feedback to this case as well to help Annie.
>
> "Annie" wrote:
>
> > Thank you, Dan and Milo.
> >
> > So what is the next step? I'm not going to turn on that computer just yet.
> > Where do I find the PE_Sality / PE_Patch at a safe site and should I download
> > that first before anything else? Should I then run the programs Dan
> > suggested...in that order?
> >
> > I'm running Windows XP Home edition on that computer.
> >
> > I checked my IP addresses per Shenan's advice, they're different. I tried
> > to login as 'admin' and put the default password in. I then got a 'warning'
> > screen' so just clicked cancel because I didn't know where that was going to
> > take me. Could I have clicked OK and then just closed the next page had it
> > submitted? I realize if I did go to the next page my password was 'not'
> > changed from the default which is bad. I just didn't know where to take it
> > from there.
> >
> > Thank you so much for your help.
> >
> > One more thing...if this was what Milo said it was..does someone out there
> > have all my personal data (documents, photos, passwords, etc.).
> >
> >
> >
> >
> > "Dan" wrote:
> >
> > > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
> > > Unfortunately with Free AVG 8, the company apparently broke many of their own
> > > rules and I cannot suggest AVG anymore unless a user is running the legacy
> > > version with AVG 7.5 in which support supposedly is ending in August.
> > >
> > > The reason is that AVG 8 has too many false positives on both my system and
> > > my dad's machine when we tried it on XP Professional for me and XP Home for
> > > him. I do not like to disagree with an MVP and please do not jump down my
> > > throat and forgive me for stating my opinion. I am not overly happy with
> > > Avast either if the user is using a 9x machine (such as Windows 98 Second
> > > Edition) but if the machine is using a more modern operating system such as
> > > Windows XP then I would suggest Microsoft's antivirus of Windows Live One
> > > Care because I have not had issues with it so far except the stupid red
> > > notification it gives me because I do not enable automatic updates since I
> > > enjoy reading about every security update.
> > >
> > > "Shenan Stanley" wrote:
> > >
> > > > Annie wrote:
> > > > > Windows firewall and Zone Alarm firewall. Which one do you
> > > > > recommend I keep on?
> > > >
> > > > Given that you are asking - the Windows Firewall will be more than
> > > > sufficient and easier to use and keep updated.
> > > >
> > > > My Suggestion: Uninstall Zone Alarm completely and just utilize the built in
> > > > Windows XP Firewall and an updated antivirus application. Occassionally run
> > > > an AntiSpyware application to see if you have been infested with anything
> > > > and/or purchase one. SuperAntiSpyware is a good free/for pay one. AVG
> > > > AntiVirus is a good Free AV application (8.0).
> > > >
> > > > --
> > > > Shenan Stanley
> > > > MS-MVP
> > > > --
> > > > How To Ask Questions The Smart Way
> > > > http://www.catb.org/~esr/faqs/smart-questions.html
> > > >
> > > >
> > > >
 
P

PA Bear [MS MVP]

Your router includes a hardware firewall. You should have a software
firewall (e.g., the Windows Firewall) enabled, too.

Annie wrote:
> Thank you everyone for trying to help. This is just too overwhelming for
> me. I'm just going to take my computer in to the shop and have the
> reinstall the OS and I'll have to reinstall all my other programs.
>
> My router says it has a double firewall so I still don't know how all of
> this could've happened eventho that guy turned my Windows firewall off.
> Makes no sense to me.
>
> Thanks again. I hope all these posts help anyone else who has this
> problem
> and are a bit more experienced than myself.
>
> "Dan" wrote:
>
>> I am actually posting this reply via the 98 Second Edition side of my
>> computer which was not hacked in 2007 after the APS network was hacked
>> and
>> the XP Professional side was compromised, the 98 SE side rode through the
>> onslaught like a champ without noticing any problems despite the fact
>> that
>> it was hooked up to the Internet. This is my main reason for my debate
>> with Steve Riley but I will discuss that later in the appropriate topic
>> area of this newsgroup. Identity Theft is really terrible. I want to
>> rant and rave about my problems but will not redirect to help you.
>>
>> Okay, first come to grips with the worst case scenario although it might
>> not be the worst case, I feel it is better to get that over with first
>> and
>> then try not to worry. Secondly, make sure the compromised portion (XP
>> Home) side of the PC is not connected to the Internet. I figure we are
>> talking about a single operating system and do not have to deal with
>> Virtual Machines and or Dual or Tri-Boots. Please correct me if I am
>> wrong. Since the problem is with Windows XP Home then I certainly would
>> allow a copy of Windows Live One Care to attempt to fix the problem.
>> Unfortunately, for you this is a terrible scenario but it will be useful
>> for Microsoft and others to see how effectively Windows Live One Care can
>> fix your problem. This will make a great test case to see the
>> effectiveness of Windows Live One Care. Just so you all know, I enjoy
>> using Microsoft technology but will not limit myself to a single software
>> or hardware manufacturer. It must be all fully customized for me to meet
>> my needs and please sorry Annie but do not see me as insensitive since
>> your case may indeed help all users out.
>>
>> 1. Try to Install and Run Windows Live One Care --- use cd and make sure
>> your ethernet, usb or phone cord is not connected --- this is a critical
>> step as far as not being connected to the Internet with that machine or
>> at
>> least within the compromised operating system (I presume broadband ---
>> cable/dsl or narrowband if dial-up) ---- access me and others with
>> another
>> non-compromised machine at this Microsoft Newsgroup ---- Please let us
>> know the results and I will attempt to provide further assistant ---
>> Milo,
>> Steve Riley and others are welcome to add their feedback to this case as
>> well to help Annie.
>>
>> "Annie" wrote:
>>
>>> Thank you, Dan and Milo.
>>>
>>> So what is the next step? I'm not going to turn on that computer just
>>> yet. Where do I find the PE_Sality / PE_Patch at a safe site and should
>>> I
>>> download that first before anything else? Should I then run the
>>> programs
>>> Dan suggested...in that order?
>>>
>>> I'm running Windows XP Home edition on that computer.
>>>
>>> I checked my IP addresses per Shenan's advice, they're different. I
>>> tried
>>> to login as 'admin' and put the default password in. I then got a
>>> 'warning' screen' so just clicked cancel because I didn't know where
>>> that
>>> was going to take me. Could I have clicked OK and then just closed the
>>> next page had it submitted? I realize if I did go to the next page my
>>> password was 'not' changed from the default which is bad. I just didn't
>>> know where to take it from there.
>>>
>>> Thank you so much for your help.
>>>
>>> One more thing...if this was what Milo said it was..does someone out
>>> there
>>> have all my personal data (documents, photos, passwords, etc.).
>>>
>>>
>>>
>>>
>>> "Dan" wrote:
>>>
>>>> Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
>>>> Unfortunately with Free AVG 8, the company apparently broke many of
>>>> their own rules and I cannot suggest AVG anymore unless a user is
>>>> running the legacy version with AVG 7.5 in which support supposedly is
>>>> ending in August.
>>>>
>>>> The reason is that AVG 8 has too many false positives on both my system
>>>> and my dad's machine when we tried it on XP Professional for me and XP
>>>> Home for him. I do not like to disagree with an MVP and please do not
>>>> jump down my throat and forgive me for stating my opinion. I am not
>>>> overly happy with Avast either if the user is using a 9x machine (such
>>>> as Windows 98 Second Edition) but if the machine is using a more modern
>>>> operating system such as Windows XP then I would suggest Microsoft's
>>>> antivirus of Windows Live One Care because I have not had issues with
>>>> it
>>>> so far except the stupid red notification it gives me because I do not
>>>> enable automatic updates since I enjoy reading about every security
>>>> update.
>>>>
>>>> "Shenan Stanley" wrote:
>>>>
>>>>> Annie wrote:
>>>>>> Windows firewall and Zone Alarm firewall. Which one do you
>>>>>> recommend I keep on?
>>>>>
>>>>> Given that you are asking - the Windows Firewall will be more than
>>>>> sufficient and easier to use and keep updated.
>>>>>
>>>>> My Suggestion: Uninstall Zone Alarm completely and just utilize the
>>>>> built in Windows XP Firewall and an updated antivirus application.
>>>>> Occassionally run an AntiSpyware application to see if you have been
>>>>> infested with anything and/or purchase one. SuperAntiSpyware is a
>>>>> good
>>>>> free/for pay one. AVG AntiVirus is a good Free AV application (8.0).
>>>>>
>>>>> --
>>>>> Shenan Stanley
>>>>> MS-MVP
>>>>> --
>>>>> How To Ask Questions The Smart Way
>>>>> http://www.catb.org/~esr/faqs/smart-questions.html
 
M

Milo

Anne what you have in your system wasn't a hack but a possible virus / the
way you describe it program executing on their own and was modified recently
its very possible what you're experiencing is a PE_sality / PE_patch Virus
concern.... Sad to say on most occasion it modifies file headers of those
exe and scr files that they become useless.

Next time invest in a better Security Application / firewall alone is
useless to polymorphic and blended threats.



"Annie" <Annie@discussions.microsoft.com> wrote in message
news:D05EAB4A-EE75-44C6-A77C-1985E4264BD1@microsoft.com...
> Thank you everyone for trying to help. This is just too overwhelming for
> me.
> I'm just going to take my computer in to the shop and have the reinstall
> the
> OS and I'll have to reinstall all my other programs.
>
> My router says it has a double firewall so I still don't know how all of
> this could've happened eventho that guy turned my Windows firewall off.
> Makes no sense to me.
>
> Thanks again. I hope all these posts help anyone else who has this
> problem
> and are a bit more experienced than myself.
>
> "Dan" wrote:
>
>> I am actually posting this reply via the 98 Second Edition side of my
>> computer which was not hacked in 2007 after the APS network was hacked
>> and
>> the XP Professional side was compromised, the 98 SE side rode through the
>> onslaught like a champ without noticing any problems despite the fact
>> that it
>> was hooked up to the Internet. This is my main reason for my debate with
>> Steve Riley but I will discuss that later in the appropriate topic area
>> of
>> this newsgroup. Identity Theft is really terrible. I want to rant and
>> rave
>> about my problems but will not redirect to help you.
>>
>> Okay, first come to grips with the worst case scenario although it might
>> not
>> be the worst case, I feel it is better to get that over with first and
>> then
>> try not to worry. Secondly, make sure the compromised portion (XP Home)
>> side
>> of the PC is not connected to the Internet. I figure we are talking
>> about a
>> single operating system and do not have to deal with Virtual Machines and
>> or
>> Dual or Tri-Boots. Please correct me if I am wrong. Since the problem
>> is
>> with Windows XP Home then I certainly would allow a copy of Windows Live
>> One
>> Care to attempt to fix the problem. Unfortunately, for you this is a
>> terrible scenario but it will be useful for Microsoft and others to see
>> how
>> effectively Windows Live One Care can fix your problem. This will make a
>> great test case to see the effectiveness of Windows Live One Care. Just
>> so
>> you all know, I enjoy using Microsoft technology but will not limit
>> myself to
>> a single software or hardware manufacturer. It must be all fully
>> customized
>> for me to meet my needs and please sorry Annie but do not see me as
>> insensitive since your case may indeed help all users out.
>>
>> 1. Try to Install and Run Windows Live One Care --- use cd and make sure
>> your ethernet, usb or phone cord is not connected --- this is a critical
>> step
>> as far as not being connected to the Internet with that machine or at
>> least
>> within the compromised operating system (I presume broadband ---
>> cable/dsl or
>> narrowband if dial-up) ---- access me and others with another
>> non-compromised
>> machine at this Microsoft Newsgroup ---- Please let us know the results
>> and I
>> will attempt to provide further assistant --- Milo, Steve Riley and
>> others
>> are welcome to add their feedback to this case as well to help Annie.
>>
>> "Annie" wrote:
>>
>> > Thank you, Dan and Milo.
>> >
>> > So what is the next step? I'm not going to turn on that computer just
>> > yet.
>> > Where do I find the PE_Sality / PE_Patch at a safe site and should I
>> > download
>> > that first before anything else? Should I then run the programs Dan
>> > suggested...in that order?
>> >
>> > I'm running Windows XP Home edition on that computer.
>> >
>> > I checked my IP addresses per Shenan's advice, they're different. I
>> > tried
>> > to login as 'admin' and put the default password in. I then got a
>> > 'warning'
>> > screen' so just clicked cancel because I didn't know where that was
>> > going to
>> > take me. Could I have clicked OK and then just closed the next page
>> > had it
>> > submitted? I realize if I did go to the next page my password was
>> > 'not'
>> > changed from the default which is bad. I just didn't know where to
>> > take it
>> > from there.
>> >
>> > Thank you so much for your help.
>> >
>> > One more thing...if this was what Milo said it was..does someone out
>> > there
>> > have all my personal data (documents, photos, passwords, etc.).
>> >
>> >
>> >
>> >
>> > "Dan" wrote:
>> >
>> > > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
>> > > program.
>> > > Unfortunately with Free AVG 8, the company apparently broke many of
>> > > their own
>> > > rules and I cannot suggest AVG anymore unless a user is running the
>> > > legacy
>> > > version with AVG 7.5 in which support supposedly is ending in August.
>> > >
>> > > The reason is that AVG 8 has too many false positives on both my
>> > > system and
>> > > my dad's machine when we tried it on XP Professional for me and XP
>> > > Home for
>> > > him. I do not like to disagree with an MVP and please do not jump
>> > > down my
>> > > throat and forgive me for stating my opinion. I am not overly happy
>> > > with
>> > > Avast either if the user is using a 9x machine (such as Windows 98
>> > > Second
>> > > Edition) but if the machine is using a more modern operating system
>> > > such as
>> > > Windows XP then I would suggest Microsoft's antivirus of Windows Live
>> > > One
>> > > Care because I have not had issues with it so far except the stupid
>> > > red
>> > > notification it gives me because I do not enable automatic updates
>> > > since I
>> > > enjoy reading about every security update.
>> > >
>> > > "Shenan Stanley" wrote:
>> > >
>> > > > Annie wrote:
>> > > > > Windows firewall and Zone Alarm firewall. Which one do you
>> > > > > recommend I keep on?
>> > > >
>> > > > Given that you are asking - the Windows Firewall will be more than
>> > > > sufficient and easier to use and keep updated.
>> > > >
>> > > > My Suggestion: Uninstall Zone Alarm completely and just utilize the
>> > > > built in
>> > > > Windows XP Firewall and an updated antivirus application.
>> > > > Occassionally run
>> > > > an AntiSpyware application to see if you have been infested with
>> > > > anything
>> > > > and/or purchase one. SuperAntiSpyware is a good free/for pay one.
>> > > > AVG
>> > > > AntiVirus is a good Free AV application (8.0).
>> > > >
>> > > > --
>> > > > Shenan Stanley
>> > > > MS-MVP
>> > > > --
>> > > > How To Ask Questions The Smart Way
>> > > > http://www.catb.org/~esr/faqs/smart-questions.html
>> > > >
>> > > >
>> > > >
 
D

Dan

I think I see the source of the confusion now. Support for free AVG 7.5
currently ends in August 2007 but paid AVG 7.5 will allow you support until
December of 2007. Anyway, this information was lifted from the lockergnome
website via searching about AVG 7.5 in the Google Search Engine.

As far as the stability concerns I totally disagree with the assessment
given below about AVG 8 being stable because it is not stable in my opinion
if it gives it users too many false positives. Unfortunately, this is a
worrying trend with anti virus programs recently and I am not sure who is to
blame. Adaware SE suffered from too many false positives in my opinion.
Even Avast which is an alternative for Windows 98 Second Edition users like
myself has issues with being too overly sensitive like when it claimed
yahoo.com was infected when the website was fine.
I will probably buy AVG 7.5 just to have the support provided for it through
December 31, 2007 and so that still makes me hit a brick wall at the end of
the year with Mozilla Firefox 2.0.0.x and now AVG 7.5 paid version ending
support by the end of the year. As I have mentioned in the Microsoft Windows
98 General Newsgroup, the end of 2007 may indeed be another defining year
just like July 11, 2006 was when Microsoft ended safety and security updates
for Windows 98, Windows 98 Second Edition and Windows Millennium (yuk). I
currently like and am using the trial of Windows Live One Care and if anyone
else really likes an anti virus program that does not give false positives
then please let this newsgroup know.

However, people can still can a safe browsing and Internet Experience using
the proper programs and only using Internet Explorer in Windows 98 Second
Edition for Windows Updates. I am now proving this by using Windows 98
Second Edition and I currently am posting in the newsgroup via Hotmail
(LiveMail) within Mozilla Firefox while using Windows 98 Second Edition so
there I am trying to prove to all the security guys and professionals about
how safe 98 Second Edition is by supposedly putting my system at risk
although when my system was hacked via VPN from the APS Network in the middle
of 2007 the Windows 98 Second Edition side suffered no ill effects even when
connecting it via VPN at the same time. I have since removed the VPN access
from Microsoft Windows 98 Second Edition for logical reasons of course.

There was an attempt by a 98 Guy to break up Internet Explorer patches for
Windows 2000 to apply to Windows 98 Second Edition and I tried it as well but
came to the conclusion it was not worth the potential *.dll hell to have a
supposedly safer and more secure Internet Explorer when the likely
alternative of having 256 bit AES cipher strength with Mozilla Firefox
2.0.0.x in Windows 98 Second Edition was so appealing as well as not having
to deal with ActiveX Technologies that unfortunately while a great tool to
auto-update components is being taken advantage of by malicious users to try
and break the free will of computer users everywhere.

----------Here is the information provided and credit to the right
people---------

Monday, July 14th, 2008
by Ron Schenone

Reader DougCuk has posted a comment in which he states that AVG has a new
end date for support of AVG 7.5 free edition. He states that:

For anyone still hanging on to AVG Free v7.5 the end date has now been
changed - it is now August 31st. But as most sources always stated the Paid
For version will continue until December 31st.

AVG Free v8 now seems pretty stable - so only the diehard Windows 98
users are left to check out the alternative products.

From the AVG Free Forum
http://freeforum.avg.com/read.php?2,136697
IMPORTANT UPDATE
AVG 7.5 Free - Support ends 31st AUGUST 2008
Posted by: michaelhd - AVG Team (IP Logged)
Date: July 9, 2008 04:07PM

Support for AVG 7.5 Free Edition is planned to end on 31st August 2008.
No more virus updates are planned for after that date.
Note that no more ‘program’ updates are due!
Only virus updates will continue until the end date.
AVG 7.5 Paid version will be supported until 31/12/08.

Hopefully this will be the last notice we will be receiving from AVG. But
who knows. They have changed the end date so much, it is hard to really know
that the August 31, 2008 will hold true.

Comments welcome.

Thanks DougCuk.

-------------------------------------------------------------------------------

"PA Bear [MS MVP]" wrote:

> Support for AVG v7.5 in Win9x ends in August.
>
> Tom [Pepper] Willett wrote:
> > Support for AVG 7.5 doesn't end until December, not August.
> > "Dan" <Dan@discussions.microsoft.com> wrote in message
> > news:1CB0C741-0BD5-420C-B433-53A102F5FEBA@microsoft.com...
> >> Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good program.
> >> Unfortunately with Free AVG 8, the company apparently broke many of their
> >> own rules and I cannot suggest AVG anymore unless a user is running the
> >> legacy version with AVG 7.5 in which support supposedly is ending in
> >> August.
> >>
> >> The reason is that AVG 8 has too many false positives on both my system
> >> and
> >> my dad's machine when we tried it on XP Professional for me and XP Home
> >> for
> >> him. I do not like to disagree with an MVP and please do not jump down
> >> my
> >> throat and forgive me for stating my opinion. I am not overly happy with
> >> Avast either if the user is using a 9x machine (such as Windows 98 Second
> >> Edition) but if the machine is using a more modern operating system such
> >> as
> >> Windows XP then I would suggest Microsoft's antivirus of Windows Live One
> >> Care because I have not had issues with it so far except the stupid red
> >> notification it gives me because I do not enable automatic updates since
> >> I
> >> enjoy reading about every security update.
> >>
> >> "Shenan Stanley" wrote:
> >>
> >>> Annie wrote:
> >>>> Windows firewall and Zone Alarm firewall. Which one do you
> >>>> recommend I keep on?
> >>>
> >>> Given that you are asking - the Windows Firewall will be more than
> >>> sufficient and easier to use and keep updated.
> >>>
> >>> My Suggestion: Uninstall Zone Alarm completely and just utilize the
> >>> built
> >>> in Windows XP Firewall and an updated antivirus application.
> >>> Occassionally run an AntiSpyware application to see if you have been
> >>> infested with anything and/or purchase one. SuperAntiSpyware is a good
> >>> free/for pay one. AVG AntiVirus is a good Free AV application (8.0).
> >>>
> >>> --
> >>> Shenan Stanley
> >>> MS-MVP
> >>> --
> >>> How To Ask Questions The Smart Way
> >>> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
 
A

Annie

One more thing...how do I get a patch or how do I get rid of the virus if it
is indeed the PE virus? Is there anything else I can do so the headers
aren't changed.

I turned on the computer yesterday, disabled wireless, and it came on
normally. I'm afraid that if I go back online the trouble will start again.

Also, in my ZA log list, there were a couple of suspicious logs:

Protocol: UDP (all others say TCP)
Source IDs are different than mine
Direction: Routed (all other ones say Outgoing)
Source DNS: one is blank, other has a string of numbers and letters (all
others say Toshiba user)
Destination DNS: blank

What do you make of that?





"Milo" wrote:

> Anne what you have in your system wasn't a hack but a possible virus / the
> way you describe it program executing on their own and was modified recently
> its very possible what you're experiencing is a PE_sality / PE_patch Virus
> concern.... Sad to say on most occasion it modifies file headers of those
> exe and scr files that they become useless.
>
> Next time invest in a better Security Application / firewall alone is
> useless to polymorphic and blended threats.
>
>
>
> "Annie" <Annie@discussions.microsoft.com> wrote in message
> news:D05EAB4A-EE75-44C6-A77C-1985E4264BD1@microsoft.com...
> > Thank you everyone for trying to help. This is just too overwhelming for
> > me.
> > I'm just going to take my computer in to the shop and have the reinstall
> > the
> > OS and I'll have to reinstall all my other programs.
> >
> > My router says it has a double firewall so I still don't know how all of
> > this could've happened eventho that guy turned my Windows firewall off.
> > Makes no sense to me.
> >
> > Thanks again. I hope all these posts help anyone else who has this
> > problem
> > and are a bit more experienced than myself.
> >
> > "Dan" wrote:
> >
> >> I am actually posting this reply via the 98 Second Edition side of my
> >> computer which was not hacked in 2007 after the APS network was hacked
> >> and
> >> the XP Professional side was compromised, the 98 SE side rode through the
> >> onslaught like a champ without noticing any problems despite the fact
> >> that it
> >> was hooked up to the Internet. This is my main reason for my debate with
> >> Steve Riley but I will discuss that later in the appropriate topic area
> >> of
> >> this newsgroup. Identity Theft is really terrible. I want to rant and
> >> rave
> >> about my problems but will not redirect to help you.
> >>
> >> Okay, first come to grips with the worst case scenario although it might
> >> not
> >> be the worst case, I feel it is better to get that over with first and
> >> then
> >> try not to worry. Secondly, make sure the compromised portion (XP Home)
> >> side
> >> of the PC is not connected to the Internet. I figure we are talking
> >> about a
> >> single operating system and do not have to deal with Virtual Machines and
> >> or
> >> Dual or Tri-Boots. Please correct me if I am wrong. Since the problem
> >> is
> >> with Windows XP Home then I certainly would allow a copy of Windows Live
> >> One
> >> Care to attempt to fix the problem. Unfortunately, for you this is a
> >> terrible scenario but it will be useful for Microsoft and others to see
> >> how
> >> effectively Windows Live One Care can fix your problem. This will make a
> >> great test case to see the effectiveness of Windows Live One Care. Just
> >> so
> >> you all know, I enjoy using Microsoft technology but will not limit
> >> myself to
> >> a single software or hardware manufacturer. It must be all fully
> >> customized
> >> for me to meet my needs and please sorry Annie but do not see me as
> >> insensitive since your case may indeed help all users out.
> >>
> >> 1. Try to Install and Run Windows Live One Care --- use cd and make sure
> >> your ethernet, usb or phone cord is not connected --- this is a critical
> >> step
> >> as far as not being connected to the Internet with that machine or at
> >> least
> >> within the compromised operating system (I presume broadband ---
> >> cable/dsl or
> >> narrowband if dial-up) ---- access me and others with another
> >> non-compromised
> >> machine at this Microsoft Newsgroup ---- Please let us know the results
> >> and I
> >> will attempt to provide further assistant --- Milo, Steve Riley and
> >> others
> >> are welcome to add their feedback to this case as well to help Annie.
> >>
> >> "Annie" wrote:
> >>
> >> > Thank you, Dan and Milo.
> >> >
> >> > So what is the next step? I'm not going to turn on that computer just
> >> > yet.
> >> > Where do I find the PE_Sality / PE_Patch at a safe site and should I
> >> > download
> >> > that first before anything else? Should I then run the programs Dan
> >> > suggested...in that order?
> >> >
> >> > I'm running Windows XP Home edition on that computer.
> >> >
> >> > I checked my IP addresses per Shenan's advice, they're different. I
> >> > tried
> >> > to login as 'admin' and put the default password in. I then got a
> >> > 'warning'
> >> > screen' so just clicked cancel because I didn't know where that was
> >> > going to
> >> > take me. Could I have clicked OK and then just closed the next page
> >> > had it
> >> > submitted? I realize if I did go to the next page my password was
> >> > 'not'
> >> > changed from the default which is bad. I just didn't know where to
> >> > take it
> >> > from there.
> >> >
> >> > Thank you so much for your help.
> >> >
> >> > One more thing...if this was what Milo said it was..does someone out
> >> > there
> >> > have all my personal data (documents, photos, passwords, etc.).
> >> >
> >> >
> >> >
> >> >
> >> > "Dan" wrote:
> >> >
> >> > > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
> >> > > program.
> >> > > Unfortunately with Free AVG 8, the company apparently broke many of
> >> > > their own
> >> > > rules and I cannot suggest AVG anymore unless a user is running the
> >> > > legacy
> >> > > version with AVG 7.5 in which support supposedly is ending in August.
> >> > >
> >> > > The reason is that AVG 8 has too many false positives on both my
> >> > > system and
> >> > > my dad's machine when we tried it on XP Professional for me and XP
> >> > > Home for
> >> > > him. I do not like to disagree with an MVP and please do not jump
> >> > > down my
> >> > > throat and forgive me for stating my opinion. I am not overly happy
> >> > > with
> >> > > Avast either if the user is using a 9x machine (such as Windows 98
> >> > > Second
> >> > > Edition) but if the machine is using a more modern operating system
> >> > > such as
> >> > > Windows XP then I would suggest Microsoft's antivirus of Windows Live
> >> > > One
> >> > > Care because I have not had issues with it so far except the stupid
> >> > > red
> >> > > notification it gives me because I do not enable automatic updates
> >> > > since I
> >> > > enjoy reading about every security update.
> >> > >
> >> > > "Shenan Stanley" wrote:
> >> > >
> >> > > > Annie wrote:
> >> > > > > Windows firewall and Zone Alarm firewall. Which one do you
> >> > > > > recommend I keep on?
> >> > > >
> >> > > > Given that you are asking - the Windows Firewall will be more than
> >> > > > sufficient and easier to use and keep updated.
> >> > > >
> >> > > > My Suggestion: Uninstall Zone Alarm completely and just utilize the
> >> > > > built in
> >> > > > Windows XP Firewall and an updated antivirus application.
> >> > > > Occassionally run
> >> > > > an AntiSpyware application to see if you have been infested with
> >> > > > anything
> >> > > > and/or purchase one. SuperAntiSpyware is a good free/for pay one.
> >> > > > AVG
> >> > > > AntiVirus is a good Free AV application (8.0).
> >> > > >
> >> > > > --
> >> > > > Shenan Stanley
> >> > > > MS-MVP
> >> > > > --
> >> > > > How To Ask Questions The Smart Way
> >> > > > http://www.catb.org/~esr/faqs/smart-questions.html
> >> > > >
> >> > > >
> >> > > >
>
 
A

Annie

Dan, PABear, Milo, Shenan.....:)

I posted this a few posts ahead but I meant it to be down near the bottom of
the thread...so I'm copying it here:


One more thing...how do I get a patch or how do I get rid of the virus if it
is indeed the PE virus? Is there anything else I can do so the headers
aren't changed.

I turned on the computer yesterday, disabled wireless, and it came on
normally. I'm afraid that if I go back online the trouble will start again.

Also, in my ZA log list, there were a couple of suspicious logs:

Protocol: UDP (all others say TCP)
Source IDs are different than mine
Direction: Routed (all other ones say Outgoing)
Source DNS: one is blank, other has a string of numbers and letters (all
others say Toshiba user) ...is this the person who infected me?
Destination DNS: blank

What do you make of that?


"Dan" wrote:

> I agree with Robear as well. Please make sure you have the Windows Firewall
> on and also please check the no exceptions box to allow nothing to get
> through. You will indeed need to remove Zone Alarm Firewall and also please
> let us know about programs that you don't recognize in Add/Remove Software.
>
> However, it is useful to Google the software that you do not recognize and
> then just read the results without clicking any web link because we don't
> want your computer to have any more trash. I like McAfee Site Advisor.
> Again, this needs to be done within another operating system or from another
> PC and like I said it is best to keep the damaged PC off-line to limit damage
> potential because you are in trouble if you keep a compromised computer
> on-line until it is fully fixed and machines have been known to become part
> of spy-bot networks when this is the case which is bad for all of us in the
> World.
>
> Robear, is tops when it comes to safety and security with Windows and he has
> great advice.
>
> "PA Bear [MS MVP]" wrote:
>
> > I've read all replies to this thread as of this post.
> >
> > Given the fact that you connect via a router, I agree with Shenan: Uninstall
> > ZA & enable the Windows Firewall.
> >
> > ======================================
> >
> > Run a /thorough/ check for hijackware, including posting your hijackthis log
> > to an appropriate forum.
> >
> > Checking for/Help with Hijackware
> > http://aumha.org/a/parasite.htm
> > http://aumha.org/a/quickfix.htm
> > http://aumha.net/viewtopic.php?t=5878
> > http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> > http://mvps.org/winhelp2002/unwanted.htm
> > http://inetexplorer.mvps.org/data/prevention.htm
> > http://inetexplorer.mvps.org/tshoot.html
> > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > http://defendingyourmachine2.blogspot.com/
> > http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >
> > When all else fails, HijackThis v2.0.2
> > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
> > conjuction with some other utilities). HijackThis will NOT fix anything on
> > its own, but it will help you to both identify and remove any
> > hijackware/spyware with assistance from an expert. **Post your log to
> > http://aumha.net/viewforum.php?f=30,
> > http://forums.spybot.info/forumdisplay.php?f=22,
> > http://castlecops.com/forum67.html, or other appropriate forums for review
> > by an expert in such matters, not here.**
> >
> > If the procedures look too complex - and there is no shame in admitting this
> > isn't your cup of tea - take the machine to a local, reputable and
> > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
> > --
> > ~PA Bear
> >
> >
> > Annie wrote:
> > > Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > > keep
> > > on?
> > >
> > > "PA Bear [MS MVP]" wrote:
> > >> Windows version (e.g., WinXP SP3 Vista SP1)?
> > >>
> > >> What do you mean by "both firewalls"? You should only have one (1)
> > >> firewall enabled at a time, Annie.
> > >> --
> > >> ~Robear Dyer (PA Bear)
> > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > >> AumHa VSOP & Admin http://aumha.net
> > >> DTS-L http://dts-l.net/
> > >>
> > >>
> > >> Annie wrote:
> > >>> Three days ago, I had RoadRunner (cable internet connection) hooked up.
> > >>> The
> > >>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
> > >>> not
> > >>> checking) Just a few minutes ago, while I was surfing, all my programs
> > >>> opened up, one by one.
> > >>>
> > >>> Was my computer hacked and did someone get all my personal information?!
> > >>> I'm running my virus program right now. What else should I do? Please
> > >>> help. I'm a nervous wreck right now!
> >
> >
 
D

Dan

Annie, it is very difficult to discover who hacked you. This would include
tracing logs and other stuff that Steve Riley, MSFT has mentioned in the
Biometrics post. For example, a few years back I had Zone Alarm Professional
and hooked it up to see where port scans were coming from with Windows 98
Second Edition and did not use a hardware firewall purposely so I could allow
ZA to track and figure out where hack attempts were coming from and the
majority appeared to be from China but remember this is back in about 2003 or
so and so the data is not as relevant today and China was followed by the
U.S.A. and then followed by Russia.

How does it make you feel that the hacking may have even come from within
the States? In addition, you must remember as my friend Will, says that
individuals and especially governments have the ability to hide themselves
within other servers in other countries so it is extraordinary difficult to
see who hacked you.

Anyway, it even boggles my mind to think about it because hackers have the
ability to use different servers in different remote locations around the
world. You may want to watch the Jason B. series and Sneakers from the
1980's to get a small idea of this. I also liked the original Matrix and
although it is fiction, it allows one to have a taste of what potentially may
not be entirely fiction in the future.

Furthermore, I suggest a read of Animal Farm and 1984 by George Orwell as
well to kind of whet your appetite if you are so inclined. There are
numerous technical documents within Microsoft Tech net and if you think that
I am that good then I am not really that good. I am just good because of
hands-on-experience, some computer courses in college, lots of reading
articles on-line especially Chris Quirke, MVP from Africa who I completely
agree with and Chris is what helped make me think how I think today about
computers. In addition, I read PC World, 2600, Game Informer, etc. as well
as I am working slowly but surely through a large textbook about Ubuntu Linux.

Anyway, have you bought a copy of Windows Live One Care and attempted to let
Microsoft's Technology fix your problem? I would be most interested in the
results and Windows Live One Care is not that expensive. Here is a web-link
if you cannot find it in your local Best Buy, CompUSA, Wal-Mart, etc. BTW,
there is no guarantee Windows Live One Care will fix your problem but why not
give it a try. I await your results with great interest.

Please also enjoy the outdoors and do not let technology rule your life.
Perhaps you want to go for a swim, bike ride, walk, see some friends, read a
book and take a break for a day to three days and that is what I must do when
technology overwhelms my brain circuits.

http://onecare.live.com/standard/en-us/default.htm?mkt=en-us



"Annie" wrote:

> Dan, PABear, Milo, Shenan.....:)
>
> I posted this a few posts ahead but I meant it to be down near the bottom of
> the thread...so I'm copying it here:
>
>
> One more thing...how do I get a patch or how do I get rid of the virus if it
> is indeed the PE virus? Is there anything else I can do so the headers
> aren't changed.
>
> I turned on the computer yesterday, disabled wireless, and it came on
> normally. I'm afraid that if I go back online the trouble will start again.
>
> Also, in my ZA log list, there were a couple of suspicious logs:
>
> Protocol: UDP (all others say TCP)
> Source IDs are different than mine
> Direction: Routed (all other ones say Outgoing)
> Source DNS: one is blank, other has a string of numbers and letters (all
> others say Toshiba user) ...is this the person who infected me?
> Destination DNS: blank
>
> What do you make of that?
>
>
> "Dan" wrote:
>
> > I agree with Robear as well. Please make sure you have the Windows Firewall
> > on and also please check the no exceptions box to allow nothing to get
> > through. You will indeed need to remove Zone Alarm Firewall and also please
> > let us know about programs that you don't recognize in Add/Remove Software.
> >
> > However, it is useful to Google the software that you do not recognize and
> > then just read the results without clicking any web link because we don't
> > want your computer to have any more trash. I like McAfee Site Advisor.
> > Again, this needs to be done within another operating system or from another
> > PC and like I said it is best to keep the damaged PC off-line to limit damage
> > potential because you are in trouble if you keep a compromised computer
> > on-line until it is fully fixed and machines have been known to become part
> > of spy-bot networks when this is the case which is bad for all of us in the
> > World.
> >
> > Robear, is tops when it comes to safety and security with Windows and he has
> > great advice.
> >
> > "PA Bear [MS MVP]" wrote:
> >
> > > I've read all replies to this thread as of this post.
> > >
> > > Given the fact that you connect via a router, I agree with Shenan: Uninstall
> > > ZA & enable the Windows Firewall.
> > >
> > > ======================================
> > >
> > > Run a /thorough/ check for hijackware, including posting your hijackthis log
> > > to an appropriate forum.
> > >
> > > Checking for/Help with Hijackware
> > > http://aumha.org/a/parasite.htm
> > > http://aumha.org/a/quickfix.htm
> > > http://aumha.net/viewtopic.php?t=5878
> > > http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> > > http://mvps.org/winhelp2002/unwanted.htm
> > > http://inetexplorer.mvps.org/data/prevention.htm
> > > http://inetexplorer.mvps.org/tshoot.html
> > > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > > http://defendingyourmachine2.blogspot.com/
> > > http://www.elephantboycomputers.com/page2.html#Removing_Malware
> > >
> > > When all else fails, HijackThis v2.0.2
> > > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
> > > conjuction with some other utilities). HijackThis will NOT fix anything on
> > > its own, but it will help you to both identify and remove any
> > > hijackware/spyware with assistance from an expert. **Post your log to
> > > http://aumha.net/viewforum.php?f=30,
> > > http://forums.spybot.info/forumdisplay.php?f=22,
> > > http://castlecops.com/forum67.html, or other appropriate forums for review
> > > by an expert in such matters, not here.**
> > >
> > > If the procedures look too complex - and there is no shame in admitting this
> > > isn't your cup of tea - take the machine to a local, reputable and
> > > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
> > > --
> > > ~PA Bear
> > >
> > >
> > > Annie wrote:
> > > > Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > > > keep
> > > > on?
> > > >
> > > > "PA Bear [MS MVP]" wrote:
> > > >> Windows version (e.g., WinXP SP3 Vista SP1)?
> > > >>
> > > >> What do you mean by "both firewalls"? You should only have one (1)
> > > >> firewall enabled at a time, Annie.
> > > >> --
> > > >> ~Robear Dyer (PA Bear)
> > > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > >> AumHa VSOP & Admin http://aumha.net
> > > >> DTS-L http://dts-l.net/
> > > >>
> > > >>
> > > >> Annie wrote:
> > > >>> Three days ago, I had RoadRunner (cable internet connection) hooked up.
> > > >>> The
> > > >>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
> > > >>> not
> > > >>> checking) Just a few minutes ago, while I was surfing, all my programs
> > > >>> opened up, one by one.
> > > >>>
> > > >>> Was my computer hacked and did someone get all my personal information?!
> > > >>> I'm running my virus program right now. What else should I do? Please
> > > >>> help. I'm a nervous wreck right now!
> > >
> > >
 
A

Annie

Dan,

I read up a little on One Care. Would I leave my current Antivirus,
Antispyware, etc. on my computer while I used their trial offer? I really
just want the computer checked out at this time. I supposed if I kept it I'd
just uninstall all those others and keep One Care.

When I enable my wireless connection, what would you suggest I do if things
start going crazy (like programs opening again)? Should I shut down
immediately, manually?

BTW...I loved Matrix! :) First one was the best.





"Dan" wrote:

> Annie, it is very difficult to discover who hacked you. This would include
> tracing logs and other stuff that Steve Riley, MSFT has mentioned in the
> Biometrics post. For example, a few years back I had Zone Alarm Professional
> and hooked it up to see where port scans were coming from with Windows 98
> Second Edition and did not use a hardware firewall purposely so I could allow
> ZA to track and figure out where hack attempts were coming from and the
> majority appeared to be from China but remember this is back in about 2003 or
> so and so the data is not as relevant today and China was followed by the
> U.S.A. and then followed by Russia.
>
> How does it make you feel that the hacking may have even come from within
> the States? In addition, you must remember as my friend Will, says that
> individuals and especially governments have the ability to hide themselves
> within other servers in other countries so it is extraordinary difficult to
> see who hacked you.
>
> Anyway, it even boggles my mind to think about it because hackers have the
> ability to use different servers in different remote locations around the
> world. You may want to watch the Jason B. series and Sneakers from the
> 1980's to get a small idea of this. I also liked the original Matrix and
> although it is fiction, it allows one to have a taste of what potentially may
> not be entirely fiction in the future.
>
> Furthermore, I suggest a read of Animal Farm and 1984 by George Orwell as
> well to kind of whet your appetite if you are so inclined. There are
> numerous technical documents within Microsoft Tech net and if you think that
> I am that good then I am not really that good. I am just good because of
> hands-on-experience, some computer courses in college, lots of reading
> articles on-line especially Chris Quirke, MVP from Africa who I completely
> agree with and Chris is what helped make me think how I think today about
> computers. In addition, I read PC World, 2600, Game Informer, etc. as well
> as I am working slowly but surely through a large textbook about Ubuntu Linux.
>
> Anyway, have you bought a copy of Windows Live One Care and attempted to let
> Microsoft's Technology fix your problem? I would be most interested in the
> results and Windows Live One Care is not that expensive. Here is a web-link
> if you cannot find it in your local Best Buy, CompUSA, Wal-Mart, etc. BTW,
> there is no guarantee Windows Live One Care will fix your problem but why not
> give it a try. I await your results with great interest.
>
> Please also enjoy the outdoors and do not let technology rule your life.
> Perhaps you want to go for a swim, bike ride, walk, see some friends, read a
> book and take a break for a day to three days and that is what I must do when
> technology overwhelms my brain circuits.
>
> http://onecare.live.com/standard/en-us/default.htm?mkt=en-us
>
>
>
> "Annie" wrote:
>
> > Dan, PABear, Milo, Shenan.....:)
> >
> > I posted this a few posts ahead but I meant it to be down near the bottom of
> > the thread...so I'm copying it here:
> >
> >
> > One more thing...how do I get a patch or how do I get rid of the virus if it
> > is indeed the PE virus? Is there anything else I can do so the headers
> > aren't changed.
> >
> > I turned on the computer yesterday, disabled wireless, and it came on
> > normally. I'm afraid that if I go back online the trouble will start again.
> >
> > Also, in my ZA log list, there were a couple of suspicious logs:
> >
> > Protocol: UDP (all others say TCP)
> > Source IDs are different than mine
> > Direction: Routed (all other ones say Outgoing)
> > Source DNS: one is blank, other has a string of numbers and letters (all
> > others say Toshiba user) ...is this the person who infected me?
> > Destination DNS: blank
> >
> > What do you make of that?
> >
> >
> > "Dan" wrote:
> >
> > > I agree with Robear as well. Please make sure you have the Windows Firewall
> > > on and also please check the no exceptions box to allow nothing to get
> > > through. You will indeed need to remove Zone Alarm Firewall and also please
> > > let us know about programs that you don't recognize in Add/Remove Software.
> > >
> > > However, it is useful to Google the software that you do not recognize and
> > > then just read the results without clicking any web link because we don't
> > > want your computer to have any more trash. I like McAfee Site Advisor.
> > > Again, this needs to be done within another operating system or from another
> > > PC and like I said it is best to keep the damaged PC off-line to limit damage
> > > potential because you are in trouble if you keep a compromised computer
> > > on-line until it is fully fixed and machines have been known to become part
> > > of spy-bot networks when this is the case which is bad for all of us in the
> > > World.
> > >
> > > Robear, is tops when it comes to safety and security with Windows and he has
> > > great advice.
> > >
> > > "PA Bear [MS MVP]" wrote:
> > >
> > > > I've read all replies to this thread as of this post.
> > > >
> > > > Given the fact that you connect via a router, I agree with Shenan: Uninstall
> > > > ZA & enable the Windows Firewall.
> > > >
> > > > ======================================
> > > >
> > > > Run a /thorough/ check for hijackware, including posting your hijackthis log
> > > > to an appropriate forum.
> > > >
> > > > Checking for/Help with Hijackware
> > > > http://aumha.org/a/parasite.htm
> > > > http://aumha.org/a/quickfix.htm
> > > > http://aumha.net/viewtopic.php?t=5878
> > > > http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> > > > http://mvps.org/winhelp2002/unwanted.htm
> > > > http://inetexplorer.mvps.org/data/prevention.htm
> > > > http://inetexplorer.mvps.org/tshoot.html
> > > > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > > > http://defendingyourmachine2.blogspot.com/
> > > > http://www.elephantboycomputers.com/page2.html#Removing_Malware
> > > >
> > > > When all else fails, HijackThis v2.0.2
> > > > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
> > > > conjuction with some other utilities). HijackThis will NOT fix anything on
> > > > its own, but it will help you to both identify and remove any
> > > > hijackware/spyware with assistance from an expert. **Post your log to
> > > > http://aumha.net/viewforum.php?f=30,
> > > > http://forums.spybot.info/forumdisplay.php?f=22,
> > > > http://castlecops.com/forum67.html, or other appropriate forums for review
> > > > by an expert in such matters, not here.**
> > > >
> > > > If the procedures look too complex - and there is no shame in admitting this
> > > > isn't your cup of tea - take the machine to a local, reputable and
> > > > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
> > > > --
> > > > ~PA Bear
> > > >
> > > >
> > > > Annie wrote:
> > > > > Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > > > > keep
> > > > > on?
> > > > >
> > > > > "PA Bear [MS MVP]" wrote:
> > > > >> Windows version (e.g., WinXP SP3 Vista SP1)?
> > > > >>
> > > > >> What do you mean by "both firewalls"? You should only have one (1)
> > > > >> firewall enabled at a time, Annie.
> > > > >> --
> > > > >> ~Robear Dyer (PA Bear)
> > > > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > > >> AumHa VSOP & Admin http://aumha.net
> > > > >> DTS-L http://dts-l.net/
> > > > >>
> > > > >>
> > > > >> Annie wrote:
> > > > >>> Three days ago, I had RoadRunner (cable internet connection) hooked up.
> > > > >>> The
> > > > >>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me for
> > > > >>> not
> > > > >>> checking) Just a few minutes ago, while I was surfing, all my programs
> > > > >>> opened up, one by one.
> > > > >>>
> > > > >>> Was my computer hacked and did someone get all my personal information?!
> > > > >>> I'm running my virus program right now. What else should I do? Please
> > > > >>> help. I'm a nervous wreck right now!
> > > >
> > > >
 
D

Dan

<snip>

Annie, please take a break. I must take a break as well and start the day
so please don't expect to hear back from me until this evening at the
earliest and it might not even be until Wednesday or later.

It is fine if you do indeed bring your computer in to be repaired but I ask
as a favor to me that you if you are willing to share with us any
unrecognized programs in add/remove programs of the Windows XP Home Control
Panel.

This would make a great test case and it would be invaluable in helping me
and others in diagnosing Internet Attacks. You of course can choose to do
what you would like to do. If you would rather have a friend or techie you
know do this and post here to us then it would be invaluable to me, Microsoft
and actually the whole world. In addition, please contact the Federal
Government about your identity theft. Here is a website to get the process
started.

http://www.justice.gov/criminal/cybercrime/reporting.htm

The reason I had wanted you to run Windows Live One Care was to see how good
a program it is and this would benefit all of us and let us all see how
Microsoft Technology holds up to competitors like AVG 7.5 anti virus program.
You also can run Spybot Search and Destroy to help eliminate baddies and
SpywareBlaster will help inoculate your machine in the future. Please get
these from reliable sources such as majorgeeks.com and you could just Google
Spybot Search and Destroy from majorgeeks to get it. Please click on any of
the downloads available there but watch out for the ads. Anyway, I download
and jump around with my downloading location and everything else to help keep
any potential follower from trying to fix a pattern to my behavior and that
is also where my learning disability helps greatly in not following the
standard operating procedure.
 
P

PA Bear [MS MVP]

Have you posted your HijackThis log in an appropriate forum for review by an
expert in such matters yet? If not, you've gotta do that first...or format
& reinstall Windows.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Annie wrote:
> Dan, PABear, Milo, Shenan.....:)
>
> I posted this a few posts ahead but I meant it to be down near the bottom
> of
> the thread...so I'm copying it here:
>
>
> One more thing...how do I get a patch or how do I get rid of the virus if
> it
> is indeed the PE virus? Is there anything else I can do so the headers
> aren't changed.
>
> I turned on the computer yesterday, disabled wireless, and it came on
> normally. I'm afraid that if I go back online the trouble will start
> again.
>
> Also, in my ZA log list, there were a couple of suspicious logs:
>
> Protocol: UDP (all others say TCP)
> Source IDs are different than mine
> Direction: Routed (all other ones say Outgoing)
> Source DNS: one is blank, other has a string of numbers and letters (all
> others say Toshiba user) ...is this the person who infected me?
> Destination DNS: blank
>
> What do you make of that?
>
>
> "Dan" wrote:
>
>> I agree with Robear as well. Please make sure you have the Windows
>> Firewall on and also please check the no exceptions box to allow nothing
>> to get through. You will indeed need to remove Zone Alarm Firewall and
>> also please let us know about programs that you don't recognize in
>> Add/Remove Software.
>>
>> However, it is useful to Google the software that you do not recognize
>> and
>> then just read the results without clicking any web link because we don't
>> want your computer to have any more trash. I like McAfee Site Advisor.
>> Again, this needs to be done within another operating system or from
>> another PC and like I said it is best to keep the damaged PC off-line to
>> limit damage potential because you are in trouble if you keep a
>> compromised computer on-line until it is fully fixed and machines have
>> been known to become part of spy-bot networks when this is the case which
>> is bad for all of us in the World.
>>
>> Robear, is tops when it comes to safety and security with Windows and he
>> has great advice.
>>
>> "PA Bear [MS MVP]" wrote:
>>
>>> I've read all replies to this thread as of this post.
>>>
>>> Given the fact that you connect via a router, I agree with Shenan:
>>> Uninstall ZA & enable the Windows Firewall.
>>>
>>> ======================================
>>>
>>> Run a /thorough/ check for hijackware, including posting your hijackthis
>>> log to an appropriate forum.
>>>
>>> Checking for/Help with Hijackware
>>> http://aumha.org/a/parasite.htm
>>> http://aumha.org/a/quickfix.htm
>>> http://aumha.net/viewtopic.php?t=5878
>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>> http://mvps.org/winhelp2002/unwanted.htm
>>> http://inetexplorer.mvps.org/data/prevention.htm
>>> http://inetexplorer.mvps.org/tshoot.html
>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>> http://defendingyourmachine2.blogspot.com/
>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>
>>> When all else fails, HijackThis v2.0.2
>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
>>> (in conjuction with some other utilities). HijackThis will NOT fix
>>> anything on its own, but it will help you to both identify and remove
>>> any
>>> hijackware/spyware with assistance from an expert. **Post your log to
>>> http://aumha.net/viewforum.php?f=30,
>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>> http://castlecops.com/forum67.html, or other appropriate forums for
>>> review
>>> by an expert in such matters, not here.**
>>>
>>> If the procedures look too complex - and there is no shame in admitting
>>> this isn't your cup of tea - take the machine to a local, reputable and
>>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
>>> shop.
>>> --
>>> ~PA Bear
>>>
>>>
>>> Annie wrote:
>>>> Windows firewall and Zone Alarm firewall. Which one do you recommend I
>>>> keep
>>>> on?
>>>>
>>>> "PA Bear [MS MVP]" wrote:
>>>>> Windows version (e.g., WinXP SP3 Vista SP1)?
>>>>>
>>>>> What do you mean by "both firewalls"? You should only have one (1)
>>>>> firewall enabled at a time, Annie.
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>> AumHa VSOP & Admin http://aumha.net
>>>>> DTS-L http://dts-l.net/
>>>>>
>>>>>
>>>>> Annie wrote:
>>>>>> Three days ago, I had RoadRunner (cable internet connection) hooked
>>>>>> up.
>>>>>> The
>>>>>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me
>>>>>> for
>>>>>> not
>>>>>> checking) Just a few minutes ago, while I was surfing, all my
>>>>>> programs
>>>>>> opened up, one by one.
>>>>>>
>>>>>> Was my computer hacked and did someone get all my personal
>>>>>> information?! I'm running my virus program right now. What else
>>>>>> should I do? Please help. I'm a nervous wreck right now!
 
P

PA Bear [MS MVP]

1. Please get your dates right.

2. This is a not a Win9x-specific newsgroup. If you decide to post
Win9x-specific information, please state that fact in your posts, otherwise
you're just confusing matters further.

Thanks.

Dan wrote:
> I think I see the source of the confusion now. Support for free AVG 7.5
> currently ends in August 2007 but paid AVG 7.5 will allow you support
> until
> December of 2007...
<snip>
 
D

Dan

Good Point, Robear. Annie after you post your HiJack This Log then please
tell this newsgroup where it is posted so we can analyze what happened to
your computer.

http://majorgeeks.com/download3155.html (for Hijack This --- shows what
is running and allows you to remove running processes)

http://majorgeeks.com/download2471.html (Spybot -- anti-spyware cleaning)

http://majorgeeks.com/download2859.html (SpywareBlaster when your machine

is clean)

and anti virus --- AVG 7.5 not 8 because it has too many false positives or
Windows Live One Care

That should help get you started.

"PA Bear [MS MVP]" wrote:

> Have you posted your HijackThis log in an appropriate forum for review by an
> expert in such matters yet? If not, you've gotta do that first...or format
> & reinstall Windows.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
> Annie wrote:
> > Dan, PABear, Milo, Shenan.....:)
> >
> > I posted this a few posts ahead but I meant it to be down near the bottom
> > of
> > the thread...so I'm copying it here:
> >
> >
> > One more thing...how do I get a patch or how do I get rid of the virus if
> > it
> > is indeed the PE virus? Is there anything else I can do so the headers
> > aren't changed.
> >
> > I turned on the computer yesterday, disabled wireless, and it came on
> > normally. I'm afraid that if I go back online the trouble will start
> > again.
> >
> > Also, in my ZA log list, there were a couple of suspicious logs:
> >
> > Protocol: UDP (all others say TCP)
> > Source IDs are different than mine
> > Direction: Routed (all other ones say Outgoing)
> > Source DNS: one is blank, other has a string of numbers and letters (all
> > others say Toshiba user) ...is this the person who infected me?
> > Destination DNS: blank
> >
> > What do you make of that?
> >
> >
> > "Dan" wrote:
> >
> >> I agree with Robear as well. Please make sure you have the Windows
> >> Firewall on and also please check the no exceptions box to allow nothing
> >> to get through. You will indeed need to remove Zone Alarm Firewall and
> >> also please let us know about programs that you don't recognize in
> >> Add/Remove Software.
> >>
> >> However, it is useful to Google the software that you do not recognize
> >> and
> >> then just read the results without clicking any web link because we don't
> >> want your computer to have any more trash. I like McAfee Site Advisor.
> >> Again, this needs to be done within another operating system or from
> >> another PC and like I said it is best to keep the damaged PC off-line to
> >> limit damage potential because you are in trouble if you keep a
> >> compromised computer on-line until it is fully fixed and machines have
> >> been known to become part of spy-bot networks when this is the case which
> >> is bad for all of us in the World.
> >>
> >> Robear, is tops when it comes to safety and security with Windows and he
> >> has great advice.
> >>
> >> "PA Bear [MS MVP]" wrote:
> >>
> >>> I've read all replies to this thread as of this post.
> >>>
> >>> Given the fact that you connect via a router, I agree with Shenan:
> >>> Uninstall ZA & enable the Windows Firewall.
> >>>
> >>> ======================================
> >>>
> >>> Run a /thorough/ check for hijackware, including posting your hijackthis
> >>> log to an appropriate forum.
> >>>
> >>> Checking for/Help with Hijackware
> >>> http://aumha.org/a/parasite.htm
> >>> http://aumha.org/a/quickfix.htm
> >>> http://aumha.net/viewtopic.php?t=5878
> >>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> >>> http://mvps.org/winhelp2002/unwanted.htm
> >>> http://inetexplorer.mvps.org/data/prevention.htm
> >>> http://inetexplorer.mvps.org/tshoot.html
> >>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> >>> http://defendingyourmachine2.blogspot.com/
> >>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >>>
> >>> When all else fails, HijackThis v2.0.2
> >>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
> >>> (in conjuction with some other utilities). HijackThis will NOT fix
> >>> anything on its own, but it will help you to both identify and remove
> >>> any
> >>> hijackware/spyware with assistance from an expert. **Post your log to
> >>> http://aumha.net/viewforum.php?f=30,
> >>> http://forums.spybot.info/forumdisplay.php?f=22,
> >>> http://castlecops.com/forum67.html, or other appropriate forums for
> >>> review
> >>> by an expert in such matters, not here.**
> >>>
> >>> If the procedures look too complex - and there is no shame in admitting
> >>> this isn't your cup of tea - take the machine to a local, reputable and
> >>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
> >>> shop.
> >>> --
> >>> ~PA Bear
> >>>
> >>>
> >>> Annie wrote:
> >>>> Windows firewall and Zone Alarm firewall. Which one do you recommend I
> >>>> keep
> >>>> on?
> >>>>
> >>>> "PA Bear [MS MVP]" wrote:
> >>>>> Windows version (e.g., WinXP SP3 Vista SP1)?
> >>>>>
> >>>>> What do you mean by "both firewalls"? You should only have one (1)
> >>>>> firewall enabled at a time, Annie.
> >>>>> --
> >>>>> ~Robear Dyer (PA Bear)
> >>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> >>>>> AumHa VSOP & Admin http://aumha.net
> >>>>> DTS-L http://dts-l.net/
> >>>>>
> >>>>>
> >>>>> Annie wrote:
> >>>>>> Three days ago, I had RoadRunner (cable internet connection) hooked
> >>>>>> up.
> >>>>>> The
> >>>>>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me
> >>>>>> for
> >>>>>> not
> >>>>>> checking) Just a few minutes ago, while I was surfing, all my
> >>>>>> programs
> >>>>>> opened up, one by one.
> >>>>>>
> >>>>>> Was my computer hacked and did someone get all my personal
> >>>>>> information?! I'm running my virus program right now. What else
> >>>>>> should I do? Please help. I'm a nervous wreck right now!
>
>
 
A

Annie

Dan and PABear,

I ran HJ and posted my logs here...http://aumha.net/viewforum.php?f=30
The subject is 'Several Programs Opened at Once'.

So far, everything seems to be running OK until I connect to the internet.
I then get several (!) alerts from ZA saying there are incoming packets. The
Source DNS and Destination DNS look similar to mine only with 4 added
numbers. I'm wondering if there's a conflict between ZA and one of my
programs or if this is part of the original problem. In an earlier post I
noted there was a suspicious entry...way out of sorts from all the rest.
This is when all the trouble started. Hopefully someone can figure it out
from my HJ logs.

A~


"Dan" wrote:

> Good Point, Robear. Annie after you post your HiJack This Log then please
> tell this newsgroup where it is posted so we can analyze what happened to
> your computer.
>
> http://majorgeeks.com/download3155.html (for Hijack This --- shows what
> is running and allows you to remove running processes)
>
> http://majorgeeks.com/download2471.html (Spybot -- anti-spyware cleaning)
>
> http://majorgeeks.com/download2859.html (SpywareBlaster when your machine
>
> is clean)
>
> and anti virus --- AVG 7.5 not 8 because it has too many false positives or
> Windows Live One Care
>
> That should help get you started.
>
> "PA Bear [MS MVP]" wrote:
>
> > Have you posted your HijackThis log in an appropriate forum for review by an
> > expert in such matters yet? If not, you've gotta do that first...or format
> > & reinstall Windows.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > AumHa VSOP & Admin http://aumha.net
> > DTS-L http://dts-l.net/
> >
> > Annie wrote:
> > > Dan, PABear, Milo, Shenan.....:)
> > >
> > > I posted this a few posts ahead but I meant it to be down near the bottom
> > > of
> > > the thread...so I'm copying it here:
> > >
> > >
> > > One more thing...how do I get a patch or how do I get rid of the virus if
> > > it
> > > is indeed the PE virus? Is there anything else I can do so the headers
> > > aren't changed.
> > >
> > > I turned on the computer yesterday, disabled wireless, and it came on
> > > normally. I'm afraid that if I go back online the trouble will start
> > > again.
> > >
> > > Also, in my ZA log list, there were a couple of suspicious logs:
> > >
> > > Protocol: UDP (all others say TCP)
> > > Source IDs are different than mine
> > > Direction: Routed (all other ones say Outgoing)
> > > Source DNS: one is blank, other has a string of numbers and letters (all
> > > others say Toshiba user) ...is this the person who infected me?
> > > Destination DNS: blank
> > >
> > > What do you make of that?
> > >
> > >
> > > "Dan" wrote:
> > >
> > >> I agree with Robear as well. Please make sure you have the Windows
> > >> Firewall on and also please check the no exceptions box to allow nothing
> > >> to get through. You will indeed need to remove Zone Alarm Firewall and
> > >> also please let us know about programs that you don't recognize in
> > >> Add/Remove Software.
> > >>
> > >> However, it is useful to Google the software that you do not recognize
> > >> and
> > >> then just read the results without clicking any web link because we don't
> > >> want your computer to have any more trash. I like McAfee Site Advisor.
> > >> Again, this needs to be done within another operating system or from
> > >> another PC and like I said it is best to keep the damaged PC off-line to
> > >> limit damage potential because you are in trouble if you keep a
> > >> compromised computer on-line until it is fully fixed and machines have
> > >> been known to become part of spy-bot networks when this is the case which
> > >> is bad for all of us in the World.
> > >>
> > >> Robear, is tops when it comes to safety and security with Windows and he
> > >> has great advice.
> > >>
> > >> "PA Bear [MS MVP]" wrote:
> > >>
> > >>> I've read all replies to this thread as of this post.
> > >>>
> > >>> Given the fact that you connect via a router, I agree with Shenan:
> > >>> Uninstall ZA & enable the Windows Firewall.
> > >>>
> > >>> ======================================
> > >>>
> > >>> Run a /thorough/ check for hijackware, including posting your hijackthis
> > >>> log to an appropriate forum.
> > >>>
> > >>> Checking for/Help with Hijackware
> > >>> http://aumha.org/a/parasite.htm
> > >>> http://aumha.org/a/quickfix.htm
> > >>> http://aumha.net/viewtopic.php?t=5878
> > >>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> > >>> http://mvps.org/winhelp2002/unwanted.htm
> > >>> http://inetexplorer.mvps.org/data/prevention.htm
> > >>> http://inetexplorer.mvps.org/tshoot.html
> > >>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > >>> http://defendingyourmachine2.blogspot.com/
> > >>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> > >>>
> > >>> When all else fails, HijackThis v2.0.2
> > >>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
> > >>> (in conjuction with some other utilities). HijackThis will NOT fix
> > >>> anything on its own, but it will help you to both identify and remove
> > >>> any
> > >>> hijackware/spyware with assistance from an expert. **Post your log to
> > >>> http://aumha.net/viewforum.php?f=30,
> > >>> http://forums.spybot.info/forumdisplay.php?f=22,
> > >>> http://castlecops.com/forum67.html, or other appropriate forums for
> > >>> review
> > >>> by an expert in such matters, not here.**
> > >>>
> > >>> If the procedures look too complex - and there is no shame in admitting
> > >>> this isn't your cup of tea - take the machine to a local, reputable and
> > >>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
> > >>> shop.
> > >>> --
> > >>> ~PA Bear
> > >>>
> > >>>
> > >>> Annie wrote:
> > >>>> Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > >>>> keep
> > >>>> on?
> > >>>>
> > >>>> "PA Bear [MS MVP]" wrote:
> > >>>>> Windows version (e.g., WinXP SP3 Vista SP1)?
> > >>>>>
> > >>>>> What do you mean by "both firewalls"? You should only have one (1)
> > >>>>> firewall enabled at a time, Annie.
> > >>>>> --
> > >>>>> ~Robear Dyer (PA Bear)
> > >>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > >>>>> AumHa VSOP & Admin http://aumha.net
> > >>>>> DTS-L http://dts-l.net/
> > >>>>>
> > >>>>>
> > >>>>> Annie wrote:
> > >>>>>> Three days ago, I had RoadRunner (cable internet connection) hooked
> > >>>>>> up.
> > >>>>>> The
> > >>>>>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me
> > >>>>>> for
> > >>>>>> not
> > >>>>>> checking) Just a few minutes ago, while I was surfing, all my
> > >>>>>> programs
> > >>>>>> opened up, one by one.
> > >>>>>>
> > >>>>>> Was my computer hacked and did someone get all my personal
> > >>>>>> information?! I'm running my virus program right now. What else
> > >>>>>> should I do? Please help. I'm a nervous wreck right now!
> >
> >
 
D

Dan

Whoops. Sorry about that Robear. Thanks for letting me know. It can indeed
get confusing when I am going back and forth from the 98 general newsgroup
and the public security newsgroup. You are indeed right and I was referring
to Windows 98 Second Edition with support for free AVG 7.5 ending in August
2008 and with support for AVG 7.5 for users who bought AVG 7.5 ending at the
end of December 2008. I am glad you caught my huge mistake. Thank you.
<smile and should I say grin and bear it> You are right and great, imo for
what it is worth.

"PA Bear [MS MVP]" wrote:

> 1. Please get your dates right.
>
> 2. This is a not a Win9x-specific newsgroup. If you decide to post
> Win9x-specific information, please state that fact in your posts, otherwise
> you're just confusing matters further.
>
> Thanks.
>
> Dan wrote:
> > I think I see the source of the confusion now. Support for free AVG 7.5
> > currently ends in August 2007 but paid AVG 7.5 will allow you support
> > until
> > December of 2007...
> <snip>
>
>
 
P

PA Bear [MS MVP]

Link to your thread: http://aumha.net/viewtopic.php?f=30&t=34821

Annie wrote:
> Dan and PABear,
>
> I ran HJ and posted my logs here...http://aumha.net/viewforum.php?f=30
> The subject is 'Several Programs Opened at Once'.
>
> So far, everything seems to be running OK until I connect to the internet.
> I then get several (!) alerts from ZA saying there are incoming packets.
> The Source DNS and Destination DNS look similar to mine only with 4 added
> numbers. I'm wondering if there's a conflict between ZA and one of my
> programs or if this is part of the original problem. In an earlier post I
> noted there was a suspicious entry...way out of sorts from all the rest.
> This is when all the trouble started. Hopefully someone can figure it out
> from my HJ logs.
<snip>
 
D

Dan

Please do not connect the compromised machine to the Internet. It will just
make things worse. Do you have any other machine you can use to post
feedback to this newsgroup. Perhaps a second computer or post at a friend's
house? In addition, Zone Alarm will need to be removed. BTW, are you
protected with a router, is the Windows software firewall enabled and has the
no exceptions box checked. What antivirus program are you using? Finally,
please listen to the experts within the aumha.net site. If I remember
correctly, are you running Windows XP Home? A machine is much easier to fix
once it is not connected to the Internet and I would be surprised if anyone
would disagree with that statement.

"Annie" wrote:

> Dan and PABear,
>
> I ran HJ and posted my logs here...http://aumha.net/viewforum.php?f=30
> The subject is 'Several Programs Opened at Once'.
>
> So far, everything seems to be running OK until I connect to the internet.
> I then get several (!) alerts from ZA saying there are incoming packets. The
> Source DNS and Destination DNS look similar to mine only with 4 added
> numbers. I'm wondering if there's a conflict between ZA and one of my
> programs or if this is part of the original problem. In an earlier post I
> noted there was a suspicious entry...way out of sorts from all the rest.
> This is when all the trouble started. Hopefully someone can figure it out
> from my HJ logs.
>
> A~
>
>
> "Dan" wrote:
>
> > Good Point, Robear. Annie after you post your HiJack This Log then please
> > tell this newsgroup where it is posted so we can analyze what happened to
> > your computer.
> >
> > http://majorgeeks.com/download3155.html (for Hijack This --- shows what
> > is running and allows you to remove running processes)
> >
> > http://majorgeeks.com/download2471.html (Spybot -- anti-spyware cleaning)
> >
> > http://majorgeeks.com/download2859.html (SpywareBlaster when your machine
> >
> > is clean)
> >
> > and anti virus --- AVG 7.5 not 8 because it has too many false positives or
> > Windows Live One Care
> >
> > That should help get you started.
> >
> > "PA Bear [MS MVP]" wrote:
> >
> > > Have you posted your HijackThis log in an appropriate forum for review by an
> > > expert in such matters yet? If not, you've gotta do that first...or format
> > > & reinstall Windows.
> > > --
> > > ~Robear Dyer (PA Bear)
> > > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > AumHa VSOP & Admin http://aumha.net
> > > DTS-L http://dts-l.net/
> > >
> > > Annie wrote:
> > > > Dan, PABear, Milo, Shenan.....:)
> > > >
> > > > I posted this a few posts ahead but I meant it to be down near the bottom
> > > > of
> > > > the thread...so I'm copying it here:
> > > >
> > > >
> > > > One more thing...how do I get a patch or how do I get rid of the virus if
> > > > it
> > > > is indeed the PE virus? Is there anything else I can do so the headers
> > > > aren't changed.
> > > >
> > > > I turned on the computer yesterday, disabled wireless, and it came on
> > > > normally. I'm afraid that if I go back online the trouble will start
> > > > again.
> > > >
> > > > Also, in my ZA log list, there were a couple of suspicious logs:
> > > >
> > > > Protocol: UDP (all others say TCP)
> > > > Source IDs are different than mine
> > > > Direction: Routed (all other ones say Outgoing)
> > > > Source DNS: one is blank, other has a string of numbers and letters (all
> > > > others say Toshiba user) ...is this the person who infected me?
> > > > Destination DNS: blank
> > > >
> > > > What do you make of that?
> > > >
> > > >
> > > > "Dan" wrote:
> > > >
> > > >> I agree with Robear as well. Please make sure you have the Windows
> > > >> Firewall on and also please check the no exceptions box to allow nothing
> > > >> to get through. You will indeed need to remove Zone Alarm Firewall and
> > > >> also please let us know about programs that you don't recognize in
> > > >> Add/Remove Software.
> > > >>
> > > >> However, it is useful to Google the software that you do not recognize
> > > >> and
> > > >> then just read the results without clicking any web link because we don't
> > > >> want your computer to have any more trash. I like McAfee Site Advisor.
> > > >> Again, this needs to be done within another operating system or from
> > > >> another PC and like I said it is best to keep the damaged PC off-line to
> > > >> limit damage potential because you are in trouble if you keep a
> > > >> compromised computer on-line until it is fully fixed and machines have
> > > >> been known to become part of spy-bot networks when this is the case which
> > > >> is bad for all of us in the World.
> > > >>
> > > >> Robear, is tops when it comes to safety and security with Windows and he
> > > >> has great advice.
> > > >>
> > > >> "PA Bear [MS MVP]" wrote:
> > > >>
> > > >>> I've read all replies to this thread as of this post.
> > > >>>
> > > >>> Given the fact that you connect via a router, I agree with Shenan:
> > > >>> Uninstall ZA & enable the Windows Firewall.
> > > >>>
> > > >>> ======================================
> > > >>>
> > > >>> Run a /thorough/ check for hijackware, including posting your hijackthis
> > > >>> log to an appropriate forum.
> > > >>>
> > > >>> Checking for/Help with Hijackware
> > > >>> http://aumha.org/a/parasite.htm
> > > >>> http://aumha.org/a/quickfix.htm
> > > >>> http://aumha.net/viewtopic.php?t=5878
> > > >>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> > > >>> http://mvps.org/winhelp2002/unwanted.htm
> > > >>> http://inetexplorer.mvps.org/data/prevention.htm
> > > >>> http://inetexplorer.mvps.org/tshoot.html
> > > >>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > > >>> http://defendingyourmachine2.blogspot.com/
> > > >>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> > > >>>
> > > >>> When all else fails, HijackThis v2.0.2
> > > >>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
> > > >>> (in conjuction with some other utilities). HijackThis will NOT fix
> > > >>> anything on its own, but it will help you to both identify and remove
> > > >>> any
> > > >>> hijackware/spyware with assistance from an expert. **Post your log to
> > > >>> http://aumha.net/viewforum.php?f=30,
> > > >>> http://forums.spybot.info/forumdisplay.php?f=22,
> > > >>> http://castlecops.com/forum67.html, or other appropriate forums for
> > > >>> review
> > > >>> by an expert in such matters, not here.**
> > > >>>
> > > >>> If the procedures look too complex - and there is no shame in admitting
> > > >>> this isn't your cup of tea - take the machine to a local, reputable and
> > > >>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
> > > >>> shop.
> > > >>> --
> > > >>> ~PA Bear
> > > >>>
> > > >>>
> > > >>> Annie wrote:
> > > >>>> Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > > >>>> keep
> > > >>>> on?
> > > >>>>
> > > >>>> "PA Bear [MS MVP]" wrote:
> > > >>>>> Windows version (e.g., WinXP SP3 Vista SP1)?
> > > >>>>>
> > > >>>>> What do you mean by "both firewalls"? You should only have one (1)
> > > >>>>> firewall enabled at a time, Annie.
> > > >>>>> --
> > > >>>>> ~Robear Dyer (PA Bear)
> > > >>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > >>>>> AumHa VSOP & Admin http://aumha.net
> > > >>>>> DTS-L http://dts-l.net/
> > > >>>>>
> > > >>>>>
> > > >>>>> Annie wrote:
> > > >>>>>> Three days ago, I had RoadRunner (cable internet connection) hooked
> > > >>>>>> up.
> > > >>>>>> The
> > > >>>>>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me
> > > >>>>>> for
> > > >>>>>> not
> > > >>>>>> checking) Just a few minutes ago, while I was surfing, all my
> > > >>>>>> programs
> > > >>>>>> opened up, one by one.
> > > >>>>>>
> > > >>>>>> Was my computer hacked and did someone get all my personal
> > > >>>>>> information?! I'm running my virus program right now. What else
> > > >>>>>> should I do? Please help. I'm a nervous wreck right now!
> > >
> > >
 
A

Annie

OK, now that I performed HJ, I won't connect anymore. I do have a second
computer to use.

Just wondering, why do I need to remove ZA? Can't I just make changes in
the settings? And if I do uninstall, what would I put in it's place for
security? I'm using ZA's firewall right now (compromised computer). I'm
thinking the tech made some changes to it and this is what caused all the
problems.

The new router has 2 firewalls. I use Avast Antivirus - yes, Windows XP
Home Edition. No one has replied to my HJ logs as of yet.




"Dan" wrote:

> Please do not connect the compromised machine to the Internet. It will just
> make things worse. Do you have any other machine you can use to post
> feedback to this newsgroup. Perhaps a second computer or post at a friend's
> house? In addition, Zone Alarm will need to be removed. BTW, are you
> protected with a router, is the Windows software firewall enabled and has the
> no exceptions box checked. What antivirus program are you using? Finally,
> please listen to the experts within the aumha.net site. If I remember
> correctly, are you running Windows XP Home? A machine is much easier to fix
> once it is not connected to the Internet and I would be surprised if anyone
> would disagree with that statement.
>
> "Annie" wrote:
>
> > Dan and PABear,
> >
> > I ran HJ and posted my logs here...http://aumha.net/viewforum.php?f=30
> > The subject is 'Several Programs Opened at Once'.
> >
> > So far, everything seems to be running OK until I connect to the internet.
> > I then get several (!) alerts from ZA saying there are incoming packets. The
> > Source DNS and Destination DNS look similar to mine only with 4 added
> > numbers. I'm wondering if there's a conflict between ZA and one of my
> > programs or if this is part of the original problem. In an earlier post I
> > noted there was a suspicious entry...way out of sorts from all the rest.
> > This is when all the trouble started. Hopefully someone can figure it out
> > from my HJ logs.
> >
> > A~
> >
> >
> > "Dan" wrote:
> >
> > > Good Point, Robear. Annie after you post your HiJack This Log then please
> > > tell this newsgroup where it is posted so we can analyze what happened to
> > > your computer.
> > >
> > > http://majorgeeks.com/download3155.html (for Hijack This --- shows what
> > > is running and allows you to remove running processes)
> > >
> > > http://majorgeeks.com/download2471.html (Spybot -- anti-spyware cleaning)
> > >
> > > http://majorgeeks.com/download2859.html (SpywareBlaster when your machine
> > >
> > > is clean)
> > >
> > > and anti virus --- AVG 7.5 not 8 because it has too many false positives or
> > > Windows Live One Care
> > >
> > > That should help get you started.
> > >
> > > "PA Bear [MS MVP]" wrote:
> > >
> > > > Have you posted your HijackThis log in an appropriate forum for review by an
> > > > expert in such matters yet? If not, you've gotta do that first...or format
> > > > & reinstall Windows.
> > > > --
> > > > ~Robear Dyer (PA Bear)
> > > > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > > AumHa VSOP & Admin http://aumha.net
> > > > DTS-L http://dts-l.net/
> > > >
> > > > Annie wrote:
> > > > > Dan, PABear, Milo, Shenan.....:)
> > > > >
> > > > > I posted this a few posts ahead but I meant it to be down near the bottom
> > > > > of
> > > > > the thread...so I'm copying it here:
> > > > >
> > > > >
> > > > > One more thing...how do I get a patch or how do I get rid of the virus if
> > > > > it
> > > > > is indeed the PE virus? Is there anything else I can do so the headers
> > > > > aren't changed.
> > > > >
> > > > > I turned on the computer yesterday, disabled wireless, and it came on
> > > > > normally. I'm afraid that if I go back online the trouble will start
> > > > > again.
> > > > >
> > > > > Also, in my ZA log list, there were a couple of suspicious logs:
> > > > >
> > > > > Protocol: UDP (all others say TCP)
> > > > > Source IDs are different than mine
> > > > > Direction: Routed (all other ones say Outgoing)
> > > > > Source DNS: one is blank, other has a string of numbers and letters (all
> > > > > others say Toshiba user) ...is this the person who infected me?
> > > > > Destination DNS: blank
> > > > >
> > > > > What do you make of that?
> > > > >
> > > > >
> > > > > "Dan" wrote:
> > > > >
> > > > >> I agree with Robear as well. Please make sure you have the Windows
> > > > >> Firewall on and also please check the no exceptions box to allow nothing
> > > > >> to get through. You will indeed need to remove Zone Alarm Firewall and
> > > > >> also please let us know about programs that you don't recognize in
> > > > >> Add/Remove Software.
> > > > >>
> > > > >> However, it is useful to Google the software that you do not recognize
> > > > >> and
> > > > >> then just read the results without clicking any web link because we don't
> > > > >> want your computer to have any more trash. I like McAfee Site Advisor.
> > > > >> Again, this needs to be done within another operating system or from
> > > > >> another PC and like I said it is best to keep the damaged PC off-line to
> > > > >> limit damage potential because you are in trouble if you keep a
> > > > >> compromised computer on-line until it is fully fixed and machines have
> > > > >> been known to become part of spy-bot networks when this is the case which
> > > > >> is bad for all of us in the World.
> > > > >>
> > > > >> Robear, is tops when it comes to safety and security with Windows and he
> > > > >> has great advice.
> > > > >>
> > > > >> "PA Bear [MS MVP]" wrote:
> > > > >>
> > > > >>> I've read all replies to this thread as of this post.
> > > > >>>
> > > > >>> Given the fact that you connect via a router, I agree with Shenan:
> > > > >>> Uninstall ZA & enable the Windows Firewall.
> > > > >>>
> > > > >>> ======================================
> > > > >>>
> > > > >>> Run a /thorough/ check for hijackware, including posting your hijackthis
> > > > >>> log to an appropriate forum.
> > > > >>>
> > > > >>> Checking for/Help with Hijackware
> > > > >>> http://aumha.org/a/parasite.htm
> > > > >>> http://aumha.org/a/quickfix.htm
> > > > >>> http://aumha.net/viewtopic.php?t=5878
> > > > >>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> > > > >>> http://mvps.org/winhelp2002/unwanted.htm
> > > > >>> http://inetexplorer.mvps.org/data/prevention.htm
> > > > >>> http://inetexplorer.mvps.org/tshoot.html
> > > > >>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > > > >>> http://defendingyourmachine2.blogspot.com/
> > > > >>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> > > > >>>
> > > > >>> When all else fails, HijackThis v2.0.2
> > > > >>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
> > > > >>> (in conjuction with some other utilities). HijackThis will NOT fix
> > > > >>> anything on its own, but it will help you to both identify and remove
> > > > >>> any
> > > > >>> hijackware/spyware with assistance from an expert. **Post your log to
> > > > >>> http://aumha.net/viewforum.php?f=30,
> > > > >>> http://forums.spybot.info/forumdisplay.php?f=22,
> > > > >>> http://castlecops.com/forum67.html, or other appropriate forums for
> > > > >>> review
> > > > >>> by an expert in such matters, not here.**
> > > > >>>
> > > > >>> If the procedures look too complex - and there is no shame in admitting
> > > > >>> this isn't your cup of tea - take the machine to a local, reputable and
> > > > >>> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair
> > > > >>> shop.
> > > > >>> --
> > > > >>> ~PA Bear
> > > > >>>
> > > > >>>
> > > > >>> Annie wrote:
> > > > >>>> Windows firewall and Zone Alarm firewall. Which one do you recommend I
> > > > >>>> keep
> > > > >>>> on?
> > > > >>>>
> > > > >>>> "PA Bear [MS MVP]" wrote:
> > > > >>>>> Windows version (e.g., WinXP SP3 Vista SP1)?
> > > > >>>>>
> > > > >>>>> What do you mean by "both firewalls"? You should only have one (1)
> > > > >>>>> firewall enabled at a time, Annie.
> > > > >>>>> --
> > > > >>>>> ~Robear Dyer (PA Bear)
> > > > >>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > > > >>>>> AumHa VSOP & Admin http://aumha.net
> > > > >>>>> DTS-L http://dts-l.net/
> > > > >>>>>
> > > > >>>>>
> > > > >>>>> Annie wrote:
> > > > >>>>>> Three days ago, I had RoadRunner (cable internet connection) hooked
> > > > >>>>>> up.
> > > > >>>>>> The
> > > > >>>>>> tech turned off both my firewalls and DIDN'T tell me! (Shame on me
> > > > >>>>>> for
> > > > >>>>>> not
> > > > >>>>>> checking) Just a few minutes ago, while I was surfing, all my
> > > > >>>>>> programs
> > > > >>>>>> opened up, one by one.
> > > > >>>>>>
> > > > >>>>>> Was my computer hacked and did someone get all my personal
> > > > >>>>>> information?! I'm running my virus program right now. What else
> > > > >>>>>> should I do? Please help. I'm a nervous wreck right now!
> > > >
> > > >
 
D

Dan

Re: Fixing Annie's Computer Att: Steve Riley, MSFT

<snipped --- way too long> <Annie please skip down to the numbers at the
bottom>

Sorry but I cannot answer these particular questions due to time constraints
on my end. Remember, I am a volunteer like Robear, MVP and Chris Quirke, MVP
but I do not have MVP status because I have not earned it. I just want to
help people.

I must now remain focused in fixing your compromised computer if we can and
I will try but remember this advice is given with a warning that now that
your computer is broken and our final step will be to do a clean install and
so I must ask you "Do you have a retail copy of Windows XP Home?"

We will indeed have to do a complete clean install in the end for the proper
safety and security protocol of a clean install and if you did not have
backups before then Windows Live One Care is a great place to get backups in
the future and you can put them on a few cds or dvds depending on how much
data you have to back up.

Microsoft even will give you a 90 day free trial which you can get after
your computer is working and I actually am currently using Windows Live One
Care on the XP Professional side of my computer and am coming around to the
conclusion that it is great.

I know there are people thinking that I am just pro-Microsoft but if you see
the Biometrics debate in this newsgroup you will see that Steve Riley, MSFT
and myself and Chris Quirke, MVP have radically different ideas as to the
future of computing and software in general and whether or not Microsoft will
take up this great and challenging role and be the light it once was back in
1998 and show us the pathway towards the future because I think they are the
only ones who can do it but I must convince them to change their ways. My
advice for what it is worth:



1. Remove Zone Alarm (compromised and software messed up)

2. Remove Avast (gives too many false positives -- I still do not like it)

What error messages are you getting and are you able to completely remove
this software. BTW, security and safety is now a non-issue since you are not
connected to the 'Net as long as you don't put any more compromised data onto
your pc via a flash drive, floppy disk, cd, etc.

<side note: All Caps is considered shouting and hard on the eyes at least my
eyes --- smile>
 
M

Milo

Its better to prevent it than remove it to this day PE virus are very potent
and often destructive.



"Annie" <Annie@discussions.microsoft.com> wrote in message
news:F0B9713A-20D0-4E7A-B21B-AE40B679B10B@microsoft.com...
> One more thing...how do I get a patch or how do I get rid of the virus if
> it
> is indeed the PE virus? Is there anything else I can do so the headers
> aren't changed.
>
> I turned on the computer yesterday, disabled wireless, and it came on
> normally. I'm afraid that if I go back online the trouble will start
> again.
>
> Also, in my ZA log list, there were a couple of suspicious logs:
>
> Protocol: UDP (all others say TCP)
> Source IDs are different than mine
> Direction: Routed (all other ones say Outgoing)
> Source DNS: one is blank, other has a string of numbers and letters (all
> others say Toshiba user)
> Destination DNS: blank
>
> What do you make of that?
>
>
>
>
>
> "Milo" wrote:
>
>> Anne what you have in your system wasn't a hack but a possible virus /
>> the
>> way you describe it program executing on their own and was modified
>> recently
>> its very possible what you're experiencing is a PE_sality / PE_patch
>> Virus
>> concern.... Sad to say on most occasion it modifies file headers of those
>> exe and scr files that they become useless.
>>
>> Next time invest in a better Security Application / firewall alone is
>> useless to polymorphic and blended threats.
>>
>>
>>
>> "Annie" <Annie@discussions.microsoft.com> wrote in message
>> news:D05EAB4A-EE75-44C6-A77C-1985E4264BD1@microsoft.com...
>> > Thank you everyone for trying to help. This is just too overwhelming
>> > for
>> > me.
>> > I'm just going to take my computer in to the shop and have the
>> > reinstall
>> > the
>> > OS and I'll have to reinstall all my other programs.
>> >
>> > My router says it has a double firewall so I still don't know how all
>> > of
>> > this could've happened eventho that guy turned my Windows firewall off.
>> > Makes no sense to me.
>> >
>> > Thanks again. I hope all these posts help anyone else who has this
>> > problem
>> > and are a bit more experienced than myself.
>> >
>> > "Dan" wrote:
>> >
>> >> I am actually posting this reply via the 98 Second Edition side of my
>> >> computer which was not hacked in 2007 after the APS network was hacked
>> >> and
>> >> the XP Professional side was compromised, the 98 SE side rode through
>> >> the
>> >> onslaught like a champ without noticing any problems despite the fact
>> >> that it
>> >> was hooked up to the Internet. This is my main reason for my debate
>> >> with
>> >> Steve Riley but I will discuss that later in the appropriate topic
>> >> area
>> >> of
>> >> this newsgroup. Identity Theft is really terrible. I want to rant
>> >> and
>> >> rave
>> >> about my problems but will not redirect to help you.
>> >>
>> >> Okay, first come to grips with the worst case scenario although it
>> >> might
>> >> not
>> >> be the worst case, I feel it is better to get that over with first and
>> >> then
>> >> try not to worry. Secondly, make sure the compromised portion (XP
>> >> Home)
>> >> side
>> >> of the PC is not connected to the Internet. I figure we are talking
>> >> about a
>> >> single operating system and do not have to deal with Virtual Machines
>> >> and
>> >> or
>> >> Dual or Tri-Boots. Please correct me if I am wrong. Since the
>> >> problem
>> >> is
>> >> with Windows XP Home then I certainly would allow a copy of Windows
>> >> Live
>> >> One
>> >> Care to attempt to fix the problem. Unfortunately, for you this is a
>> >> terrible scenario but it will be useful for Microsoft and others to
>> >> see
>> >> how
>> >> effectively Windows Live One Care can fix your problem. This will
>> >> make a
>> >> great test case to see the effectiveness of Windows Live One Care.
>> >> Just
>> >> so
>> >> you all know, I enjoy using Microsoft technology but will not limit
>> >> myself to
>> >> a single software or hardware manufacturer. It must be all fully
>> >> customized
>> >> for me to meet my needs and please sorry Annie but do not see me as
>> >> insensitive since your case may indeed help all users out.
>> >>
>> >> 1. Try to Install and Run Windows Live One Care --- use cd and make
>> >> sure
>> >> your ethernet, usb or phone cord is not connected --- this is a
>> >> critical
>> >> step
>> >> as far as not being connected to the Internet with that machine or at
>> >> least
>> >> within the compromised operating system (I presume broadband ---
>> >> cable/dsl or
>> >> narrowband if dial-up) ---- access me and others with another
>> >> non-compromised
>> >> machine at this Microsoft Newsgroup ---- Please let us know the
>> >> results
>> >> and I
>> >> will attempt to provide further assistant --- Milo, Steve Riley and
>> >> others
>> >> are welcome to add their feedback to this case as well to help Annie.
>> >>
>> >> "Annie" wrote:
>> >>
>> >> > Thank you, Dan and Milo.
>> >> >
>> >> > So what is the next step? I'm not going to turn on that computer
>> >> > just
>> >> > yet.
>> >> > Where do I find the PE_Sality / PE_Patch at a safe site and should I
>> >> > download
>> >> > that first before anything else? Should I then run the programs Dan
>> >> > suggested...in that order?
>> >> >
>> >> > I'm running Windows XP Home edition on that computer.
>> >> >
>> >> > I checked my IP addresses per Shenan's advice, they're different. I
>> >> > tried
>> >> > to login as 'admin' and put the default password in. I then got a
>> >> > 'warning'
>> >> > screen' so just clicked cancel because I didn't know where that was
>> >> > going to
>> >> > take me. Could I have clicked OK and then just closed the next page
>> >> > had it
>> >> > submitted? I realize if I did go to the next page my password was
>> >> > 'not'
>> >> > changed from the default which is bad. I just didn't know where to
>> >> > take it
>> >> > from there.
>> >> >
>> >> > Thank you so much for your help.
>> >> >
>> >> > One more thing...if this was what Milo said it was..does someone out
>> >> > there
>> >> > have all my personal data (documents, photos, passwords, etc.).
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Dan" wrote:
>> >> >
>> >> > > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
>> >> > > program.
>> >> > > Unfortunately with Free AVG 8, the company apparently broke many
>> >> > > of
>> >> > > their own
>> >> > > rules and I cannot suggest AVG anymore unless a user is running
>> >> > > the
>> >> > > legacy
>> >> > > version with AVG 7.5 in which support supposedly is ending in
>> >> > > August.
>> >> > >
>> >> > > The reason is that AVG 8 has too many false positives on both my
>> >> > > system and
>> >> > > my dad's machine when we tried it on XP Professional for me and XP
>> >> > > Home for
>> >> > > him. I do not like to disagree with an MVP and please do not jump
>> >> > > down my
>> >> > > throat and forgive me for stating my opinion. I am not overly
>> >> > > happy
>> >> > > with
>> >> > > Avast either if the user is using a 9x machine (such as Windows 98
>> >> > > Second
>> >> > > Edition) but if the machine is using a more modern operating
>> >> > > system
>> >> > > such as
>> >> > > Windows XP then I would suggest Microsoft's antivirus of Windows
>> >> > > Live
>> >> > > One
>> >> > > Care because I have not had issues with it so far except the
>> >> > > stupid
>> >> > > red
>> >> > > notification it gives me because I do not enable automatic updates
>> >> > > since I
>> >> > > enjoy reading about every security update.
>> >> > >
>> >> > > "Shenan Stanley" wrote:
>> >> > >
>> >> > > > Annie wrote:
>> >> > > > > Windows firewall and Zone Alarm firewall. Which one do you
>> >> > > > > recommend I keep on?
>> >> > > >
>> >> > > > Given that you are asking - the Windows Firewall will be more
>> >> > > > than
>> >> > > > sufficient and easier to use and keep updated.
>> >> > > >
>> >> > > > My Suggestion: Uninstall Zone Alarm completely and just utilize
>> >> > > > the
>> >> > > > built in
>> >> > > > Windows XP Firewall and an updated antivirus application.
>> >> > > > Occassionally run
>> >> > > > an AntiSpyware application to see if you have been infested with
>> >> > > > anything
>> >> > > > and/or purchase one. SuperAntiSpyware is a good free/for pay
>> >> > > > one.
>> >> > > > AVG
>> >> > > > AntiVirus is a good Free AV application (8.0).
>> >> > > >
>> >> > > > --
>> >> > > > Shenan Stanley
>> >> > > > MS-MVP
>> >> > > > --
>> >> > > > How To Ask Questions The Smart Way
>> >> > > > http://www.catb.org/~esr/faqs/smart-questions.html
>> >> > > >
>> >> > > >
>> >> > > >
>>
 
You must log in or register to reply here.

Similar threads

H
Reboot Not Working (PLEASE HELP)
Replies
0
Views
19
Ha_Aj
H
F
Hypervisor Error BSOD. Please Help!
Replies
0
Views
20
Fred_11KF
F
D
Ran an update, after which my files in the download folder have disappeared... please help
Replies
0
Views
27
Debbysings
D
K
Locked out of laptop. Please help. Thank you.
Replies
0
Views
58
Ken Walker4
K
N
Eternal BSOD ntoskrnl.exe, please help
Replies
0
Views
51
NicoCip
N
Back
Top Bottom