- Thread starter
- #41
M
Milo
Add to what you just said it works well offline, possible backdoor and
trojan worms are the one causing you headaches
hopefully you're not yet infected by any PE infection.
Alright here you can try this for evaluating how bad it is in your system:
Microsoft Windows Defender www.microsoft.com
Kaspersky Anti-virus ( trial version ) www.kaspersky.com
I would recommend this 3 instances possibly there still a remedy before you
do a destructive install.
Give it a try call Microsoft Security Free Support ( 866-727 2338 )
US/CANADA only
"Annie" <Annie@discussions.microsoft.com> wrote in message
news:F0B9713A-20D0-4E7A-B21B-AE40B679B10B@microsoft.com...
> One more thing...how do I get a patch or how do I get rid of the virus if
> it
> is indeed the PE virus? Is there anything else I can do so the headers
> aren't changed.
>
> I turned on the computer yesterday, disabled wireless, and it came on
> normally. I'm afraid that if I go back online the trouble will start
> again.
>
> Also, in my ZA log list, there were a couple of suspicious logs:
>
> Protocol: UDP (all others say TCP)
> Source IDs are different than mine
> Direction: Routed (all other ones say Outgoing)
> Source DNS: one is blank, other has a string of numbers and letters (all
> others say Toshiba user)
> Destination DNS: blank
>
> What do you make of that?
>
>
>
>
>
> "Milo" wrote:
>
>> Anne what you have in your system wasn't a hack but a possible virus /
>> the
>> way you describe it program executing on their own and was modified
>> recently
>> its very possible what you're experiencing is a PE_sality / PE_patch
>> Virus
>> concern.... Sad to say on most occasion it modifies file headers of those
>> exe and scr files that they become useless.
>>
>> Next time invest in a better Security Application / firewall alone is
>> useless to polymorphic and blended threats.
>>
>>
>>
>> "Annie" <Annie@discussions.microsoft.com> wrote in message
>> news
05EAB4A-EE75-44C6-A77C-1985E4264BD1@microsoft.com...
>> > Thank you everyone for trying to help. This is just too overwhelming
>> > for
>> > me.
>> > I'm just going to take my computer in to the shop and have the
>> > reinstall
>> > the
>> > OS and I'll have to reinstall all my other programs.
>> >
>> > My router says it has a double firewall so I still don't know how all
>> > of
>> > this could've happened eventho that guy turned my Windows firewall off.
>> > Makes no sense to me.
>> >
>> > Thanks again. I hope all these posts help anyone else who has this
>> > problem
>> > and are a bit more experienced than myself.
>> >
>> > "Dan" wrote:
>> >
>> >> I am actually posting this reply via the 98 Second Edition side of my
>> >> computer which was not hacked in 2007 after the APS network was hacked
>> >> and
>> >> the XP Professional side was compromised, the 98 SE side rode through
>> >> the
>> >> onslaught like a champ without noticing any problems despite the fact
>> >> that it
>> >> was hooked up to the Internet. This is my main reason for my debate
>> >> with
>> >> Steve Riley but I will discuss that later in the appropriate topic
>> >> area
>> >> of
>> >> this newsgroup. Identity Theft is really terrible. I want to rant
>> >> and
>> >> rave
>> >> about my problems but will not redirect to help you.
>> >>
>> >> Okay, first come to grips with the worst case scenario although it
>> >> might
>> >> not
>> >> be the worst case, I feel it is better to get that over with first and
>> >> then
>> >> try not to worry. Secondly, make sure the compromised portion (XP
>> >> Home)
>> >> side
>> >> of the PC is not connected to the Internet. I figure we are talking
>> >> about a
>> >> single operating system and do not have to deal with Virtual Machines
>> >> and
>> >> or
>> >> Dual or Tri-Boots. Please correct me if I am wrong. Since the
>> >> problem
>> >> is
>> >> with Windows XP Home then I certainly would allow a copy of Windows
>> >> Live
>> >> One
>> >> Care to attempt to fix the problem. Unfortunately, for you this is a
>> >> terrible scenario but it will be useful for Microsoft and others to
>> >> see
>> >> how
>> >> effectively Windows Live One Care can fix your problem. This will
>> >> make a
>> >> great test case to see the effectiveness of Windows Live One Care.
>> >> Just
>> >> so
>> >> you all know, I enjoy using Microsoft technology but will not limit
>> >> myself to
>> >> a single software or hardware manufacturer. It must be all fully
>> >> customized
>> >> for me to meet my needs and please sorry Annie but do not see me as
>> >> insensitive since your case may indeed help all users out.
>> >>
>> >> 1. Try to Install and Run Windows Live One Care --- use cd and make
>> >> sure
>> >> your ethernet, usb or phone cord is not connected --- this is a
>> >> critical
>> >> step
>> >> as far as not being connected to the Internet with that machine or at
>> >> least
>> >> within the compromised operating system (I presume broadband ---
>> >> cable/dsl or
>> >> narrowband if dial-up) ---- access me and others with another
>> >> non-compromised
>> >> machine at this Microsoft Newsgroup ---- Please let us know the
>> >> results
>> >> and I
>> >> will attempt to provide further assistant --- Milo, Steve Riley and
>> >> others
>> >> are welcome to add their feedback to this case as well to help Annie.
>> >>
>> >> "Annie" wrote:
>> >>
>> >> > Thank you, Dan and Milo.
>> >> >
>> >> > So what is the next step? I'm not going to turn on that computer
>> >> > just
>> >> > yet.
>> >> > Where do I find the PE_Sality / PE_Patch at a safe site and should I
>> >> > download
>> >> > that first before anything else? Should I then run the programs Dan
>> >> > suggested...in that order?
>> >> >
>> >> > I'm running Windows XP Home edition on that computer.
>> >> >
>> >> > I checked my IP addresses per Shenan's advice, they're different. I
>> >> > tried
>> >> > to login as 'admin' and put the default password in. I then got a
>> >> > 'warning'
>> >> > screen' so just clicked cancel because I didn't know where that was
>> >> > going to
>> >> > take me. Could I have clicked OK and then just closed the next page
>> >> > had it
>> >> > submitted? I realize if I did go to the next page my password was
>> >> > 'not'
>> >> > changed from the default which is bad. I just didn't know where to
>> >> > take it
>> >> > from there.
>> >> >
>> >> > Thank you so much for your help.
>> >> >
>> >> > One more thing...if this was what Milo said it was..does someone out
>> >> > there
>> >> > have all my personal data (documents, photos, passwords, etc.).
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Dan" wrote:
>> >> >
>> >> > > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
>> >> > > program.
>> >> > > Unfortunately with Free AVG 8, the company apparently broke many
>> >> > > of
>> >> > > their own
>> >> > > rules and I cannot suggest AVG anymore unless a user is running
>> >> > > the
>> >> > > legacy
>> >> > > version with AVG 7.5 in which support supposedly is ending in
>> >> > > August.
>> >> > >
>> >> > > The reason is that AVG 8 has too many false positives on both my
>> >> > > system and
>> >> > > my dad's machine when we tried it on XP Professional for me and XP
>> >> > > Home for
>> >> > > him. I do not like to disagree with an MVP and please do not jump
>> >> > > down my
>> >> > > throat and forgive me for stating my opinion. I am not overly
>> >> > > happy
>> >> > > with
>> >> > > Avast either if the user is using a 9x machine (such as Windows 98
>> >> > > Second
>> >> > > Edition) but if the machine is using a more modern operating
>> >> > > system
>> >> > > such as
>> >> > > Windows XP then I would suggest Microsoft's antivirus of Windows
>> >> > > Live
>> >> > > One
>> >> > > Care because I have not had issues with it so far except the
>> >> > > stupid
>> >> > > red
>> >> > > notification it gives me because I do not enable automatic updates
>> >> > > since I
>> >> > > enjoy reading about every security update.
>> >> > >
>> >> > > "Shenan Stanley" wrote:
>> >> > >
>> >> > > > Annie wrote:
>> >> > > > > Windows firewall and Zone Alarm firewall. Which one do you
>> >> > > > > recommend I keep on?
>> >> > > >
>> >> > > > Given that you are asking - the Windows Firewall will be more
>> >> > > > than
>> >> > > > sufficient and easier to use and keep updated.
>> >> > > >
>> >> > > > My Suggestion: Uninstall Zone Alarm completely and just utilize
>> >> > > > the
>> >> > > > built in
>> >> > > > Windows XP Firewall and an updated antivirus application.
>> >> > > > Occassionally run
>> >> > > > an AntiSpyware application to see if you have been infested with
>> >> > > > anything
>> >> > > > and/or purchase one. SuperAntiSpyware is a good free/for pay
>> >> > > > one.
>> >> > > > AVG
>> >> > > > AntiVirus is a good Free AV application (8.0).
>> >> > > >
>> >> > > > --
>> >> > > > Shenan Stanley
>> >> > > > MS-MVP
>> >> > > > --
>> >> > > > How To Ask Questions The Smart Way
>> >> > > > http://www.catb.org/~esr/faqs/smart-questions.html
>> >> > > >
>> >> > > >
>> >> > > >
>>
trojan worms are the one causing you headaches
hopefully you're not yet infected by any PE infection.
Alright here you can try this for evaluating how bad it is in your system:
Microsoft Windows Defender www.microsoft.com
Kaspersky Anti-virus ( trial version ) www.kaspersky.com
I would recommend this 3 instances possibly there still a remedy before you
do a destructive install.
Give it a try call Microsoft Security Free Support ( 866-727 2338 )
US/CANADA only
"Annie" <Annie@discussions.microsoft.com> wrote in message
news:F0B9713A-20D0-4E7A-B21B-AE40B679B10B@microsoft.com...
> One more thing...how do I get a patch or how do I get rid of the virus if
> it
> is indeed the PE virus? Is there anything else I can do so the headers
> aren't changed.
>
> I turned on the computer yesterday, disabled wireless, and it came on
> normally. I'm afraid that if I go back online the trouble will start
> again.
>
> Also, in my ZA log list, there were a couple of suspicious logs:
>
> Protocol: UDP (all others say TCP)
> Source IDs are different than mine
> Direction: Routed (all other ones say Outgoing)
> Source DNS: one is blank, other has a string of numbers and letters (all
> others say Toshiba user)
> Destination DNS: blank
>
> What do you make of that?
>
>
>
>
>
> "Milo" wrote:
>
>> Anne what you have in your system wasn't a hack but a possible virus /
>> the
>> way you describe it program executing on their own and was modified
>> recently
>> its very possible what you're experiencing is a PE_sality / PE_patch
>> Virus
>> concern.... Sad to say on most occasion it modifies file headers of those
>> exe and scr files that they become useless.
>>
>> Next time invest in a better Security Application / firewall alone is
>> useless to polymorphic and blended threats.
>>
>>
>>
>> "Annie" <Annie@discussions.microsoft.com> wrote in message
>> news
05EAB4A-EE75-44C6-A77C-1985E4264BD1@microsoft.com...>> > Thank you everyone for trying to help. This is just too overwhelming
>> > for
>> > me.
>> > I'm just going to take my computer in to the shop and have the
>> > reinstall
>> > the
>> > OS and I'll have to reinstall all my other programs.
>> >
>> > My router says it has a double firewall so I still don't know how all
>> > of
>> > this could've happened eventho that guy turned my Windows firewall off.
>> > Makes no sense to me.
>> >
>> > Thanks again. I hope all these posts help anyone else who has this
>> > problem
>> > and are a bit more experienced than myself.
>> >
>> > "Dan" wrote:
>> >
>> >> I am actually posting this reply via the 98 Second Edition side of my
>> >> computer which was not hacked in 2007 after the APS network was hacked
>> >> and
>> >> the XP Professional side was compromised, the 98 SE side rode through
>> >> the
>> >> onslaught like a champ without noticing any problems despite the fact
>> >> that it
>> >> was hooked up to the Internet. This is my main reason for my debate
>> >> with
>> >> Steve Riley but I will discuss that later in the appropriate topic
>> >> area
>> >> of
>> >> this newsgroup. Identity Theft is really terrible. I want to rant
>> >> and
>> >> rave
>> >> about my problems but will not redirect to help you.
>> >>
>> >> Okay, first come to grips with the worst case scenario although it
>> >> might
>> >> not
>> >> be the worst case, I feel it is better to get that over with first and
>> >> then
>> >> try not to worry. Secondly, make sure the compromised portion (XP
>> >> Home)
>> >> side
>> >> of the PC is not connected to the Internet. I figure we are talking
>> >> about a
>> >> single operating system and do not have to deal with Virtual Machines
>> >> and
>> >> or
>> >> Dual or Tri-Boots. Please correct me if I am wrong. Since the
>> >> problem
>> >> is
>> >> with Windows XP Home then I certainly would allow a copy of Windows
>> >> Live
>> >> One
>> >> Care to attempt to fix the problem. Unfortunately, for you this is a
>> >> terrible scenario but it will be useful for Microsoft and others to
>> >> see
>> >> how
>> >> effectively Windows Live One Care can fix your problem. This will
>> >> make a
>> >> great test case to see the effectiveness of Windows Live One Care.
>> >> Just
>> >> so
>> >> you all know, I enjoy using Microsoft technology but will not limit
>> >> myself to
>> >> a single software or hardware manufacturer. It must be all fully
>> >> customized
>> >> for me to meet my needs and please sorry Annie but do not see me as
>> >> insensitive since your case may indeed help all users out.
>> >>
>> >> 1. Try to Install and Run Windows Live One Care --- use cd and make
>> >> sure
>> >> your ethernet, usb or phone cord is not connected --- this is a
>> >> critical
>> >> step
>> >> as far as not being connected to the Internet with that machine or at
>> >> least
>> >> within the compromised operating system (I presume broadband ---
>> >> cable/dsl or
>> >> narrowband if dial-up) ---- access me and others with another
>> >> non-compromised
>> >> machine at this Microsoft Newsgroup ---- Please let us know the
>> >> results
>> >> and I
>> >> will attempt to provide further assistant --- Milo, Steve Riley and
>> >> others
>> >> are welcome to add their feedback to this case as well to help Annie.
>> >>
>> >> "Annie" wrote:
>> >>
>> >> > Thank you, Dan and Milo.
>> >> >
>> >> > So what is the next step? I'm not going to turn on that computer
>> >> > just
>> >> > yet.
>> >> > Where do I find the PE_Sality / PE_Patch at a safe site and should I
>> >> > download
>> >> > that first before anything else? Should I then run the programs Dan
>> >> > suggested...in that order?
>> >> >
>> >> > I'm running Windows XP Home edition on that computer.
>> >> >
>> >> > I checked my IP addresses per Shenan's advice, they're different. I
>> >> > tried
>> >> > to login as 'admin' and put the default password in. I then got a
>> >> > 'warning'
>> >> > screen' so just clicked cancel because I didn't know where that was
>> >> > going to
>> >> > take me. Could I have clicked OK and then just closed the next page
>> >> > had it
>> >> > submitted? I realize if I did go to the next page my password was
>> >> > 'not'
>> >> > changed from the default which is bad. I just didn't know where to
>> >> > take it
>> >> > from there.
>> >> >
>> >> > Thank you so much for your help.
>> >> >
>> >> > One more thing...if this was what Milo said it was..does someone out
>> >> > there
>> >> > have all my personal data (documents, photos, passwords, etc.).
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Dan" wrote:
>> >> >
>> >> > > Sorry, Shenan. I disagree. AVG Free 7.5 antivirus is a good
>> >> > > program.
>> >> > > Unfortunately with Free AVG 8, the company apparently broke many
>> >> > > of
>> >> > > their own
>> >> > > rules and I cannot suggest AVG anymore unless a user is running
>> >> > > the
>> >> > > legacy
>> >> > > version with AVG 7.5 in which support supposedly is ending in
>> >> > > August.
>> >> > >
>> >> > > The reason is that AVG 8 has too many false positives on both my
>> >> > > system and
>> >> > > my dad's machine when we tried it on XP Professional for me and XP
>> >> > > Home for
>> >> > > him. I do not like to disagree with an MVP and please do not jump
>> >> > > down my
>> >> > > throat and forgive me for stating my opinion. I am not overly
>> >> > > happy
>> >> > > with
>> >> > > Avast either if the user is using a 9x machine (such as Windows 98
>> >> > > Second
>> >> > > Edition) but if the machine is using a more modern operating
>> >> > > system
>> >> > > such as
>> >> > > Windows XP then I would suggest Microsoft's antivirus of Windows
>> >> > > Live
>> >> > > One
>> >> > > Care because I have not had issues with it so far except the
>> >> > > stupid
>> >> > > red
>> >> > > notification it gives me because I do not enable automatic updates
>> >> > > since I
>> >> > > enjoy reading about every security update.
>> >> > >
>> >> > > "Shenan Stanley" wrote:
>> >> > >
>> >> > > > Annie wrote:
>> >> > > > > Windows firewall and Zone Alarm firewall. Which one do you
>> >> > > > > recommend I keep on?
>> >> > > >
>> >> > > > Given that you are asking - the Windows Firewall will be more
>> >> > > > than
>> >> > > > sufficient and easier to use and keep updated.
>> >> > > >
>> >> > > > My Suggestion: Uninstall Zone Alarm completely and just utilize
>> >> > > > the
>> >> > > > built in
>> >> > > > Windows XP Firewall and an updated antivirus application.
>> >> > > > Occassionally run
>> >> > > > an AntiSpyware application to see if you have been infested with
>> >> > > > anything
>> >> > > > and/or purchase one. SuperAntiSpyware is a good free/for pay
>> >> > > > one.
>> >> > > > AVG
>> >> > > > AntiVirus is a good Free AV application (8.0).
>> >> > > >
>> >> > > > --
>> >> > > > Shenan Stanley
>> >> > > > MS-MVP
>> >> > > > --
>> >> > > > How To Ask Questions The Smart Way
>> >> > > > http://www.catb.org/~esr/faqs/smart-questions.html
>> >> > > >
>> >> > > >
>> >> > > >
>>