|
Suspicious Icons on Desktop
A neighbor just called me concerning two Icons on the desktop of her
computer. It is a Dell Dimension 8400 with windows XP Pro (SP2 and with the latest MS Security Updates). She also has Symantec Norton Internet Security, NAV 2006, and Adaware SE Plus installed. The two icons appeared yesterday on her computer and unfortunately she clicked on the first one and her computer registry was supposedly scanned and found some errors in her computer and recommended something to the effect of purchasing a registry program. I had her accomplish a properties on the first Icon named "Registry Cleaner" and read me the entry for the Target, and it was as follows: http:\\ad.double-click.net\clk;26983459;5531471. The second Icon named Registry Cleaner, had for properties, Target: C:/Program Files/Registry Cleaner Trial/Regclean.exe. I also had her run Adaware and it found 18 tracking cookies and she put them in quarantine. Her NAV 2006 and Adaware definitions were up todate. At this point, I am reluctant to recommend the deletion of the Icons on the desktop and the removal of the Registry Cleaner Trial folder in windows explorer since I don't know what she has on her computer. I also ran a Google search but did not find any applicable information. Any suggestions would be very much appreciated, Sam. |
Re: Suspicious Icons on Desktop
From: "Sam" <samnewsgrp71@REMOVE THISsbcglobal.net>
| A neighbor just called me concerning two Icons on the desktop of her | computer. It is a Dell Dimension 8400 with windows XP Pro (SP2 and with the | latest MS Security Updates). She also has Symantec Norton Internet | Security, NAV 2006, and Adaware SE Plus installed. | | The two icons appeared yesterday on her computer and unfortunately she | clicked on the first one and her computer registry was supposedly scanned | and found some errors in her computer and recommended something to the | effect of purchasing a registry program. I had her accomplish a properties | on the first Icon named "Registry Cleaner" and read me the entry for the | Target, and it was as follows: | http:\\ad.double-click.net\clk;26983459;5531471. The second Icon named | Registry Cleaner, had for properties, Target: C:/Program Files/Registry | Cleaner Trial/Regclean.exe. I also had her run Adaware and it found 18 | tracking cookies and she put them in quarantine. Her NAV 2006 and Adaware | definitions were up todate. | | At this point, I am reluctant to recommend the deletion of the Icons on the | desktop and the removal of the Registry Cleaner Trial folder in windows | explorer since I don't know what she has on her computer. I also ran a | Google search but did not find any applicable information. Any suggestions | would be very much appreciated, Sam. | If neighbor is using any version of Sun Java that is prior to JRE Version 5.0, then you are strongly urged to remove any/all versions that are prior to JRE Version 5.0. There are vulnerabilities in them and they are actively being exploited. It is possible that is how you got infected with malware. Therefore, it is highly suggested that if there are any prior versions of Sun Java to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6 be installed ASAP. Simple check, look under... C:\Program Files\Java The only folder under that folder should be the latest version... C:\Program Files\Java\jre1.5.0_06 http://www.java.com/en/download/manual.jsp For non-viral malware... Please download, install and update the following software... * SpyBot Search and Destroy v1.4 http://security.kolla.de/ http://www.safer-networking.org/microsoft.en.html * SuperAntiSpyware http://www.superantispyware.com/supe...freevspro.html After the software is updated, I suggest scanning the system in Safe Mode. I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. * BHODemon http://www.majorgeeks.com/downloadge...4332b4b8b8442d For viral malware... * Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
Re: Suspicious Icons on Desktop
Sam wrote:
[compromised system, some pseudo-security software] 1. Where's the problem? The system was compromised, so it should be flattened and rebuilt. 2. There is no such thing like "tracking cookies" with proper configuration. |
Re: Suspicious Icons on Desktop
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:JPa5g.9063$Un3.8968@trnddc05... > From: "Sam" <samnewsgrp71@REMOVE THISsbcglobal.net> > > | A neighbor just called me concerning two Icons on the desktop of her > | computer. It is a Dell Dimension 8400 with windows XP Pro (SP2 and with > the > | latest MS Security Updates). She also has Symantec Norton Internet > | Security, NAV 2006, and Adaware SE Plus installed. > | > | The two icons appeared yesterday on her computer and unfortunately she > | clicked on the first one and her computer registry was supposedly > scanned > | and found some errors in her computer and recommended something to the > | effect of purchasing a registry program. I had her accomplish a > properties > | on the first Icon named "Registry Cleaner" and read me the entry for the > | Target, and it was as follows: > | http:\\ad.double-click.net\clk;26983459;5531471. The second Icon named > | Registry Cleaner, had for properties, Target: C:/Program Files/Registry > | Cleaner Trial/Regclean.exe. I also had her run Adaware and it found 18 > | tracking cookies and she put them in quarantine. Her NAV 2006 and > Adaware > | definitions were up todate. > | > | At this point, I am reluctant to recommend the deletion of the Icons on > the > | desktop and the removal of the Registry Cleaner Trial folder in windows > | explorer since I don't know what she has on her computer. I also ran a > | Google search but did not find any applicable information. Any > suggestions > | would be very much appreciated, Sam. > | > > > > If neighbor is using any version of Sun Java that is prior to JRE Version > 5.0, > then you are strongly urged to remove any/all versions that are prior to > JRE > Version 5.0. There are vulnerabilities in them and they are actively > being exploited. > It is possible that is how you got infected with malware. > > Therefore, it is highly suggested that if there are any prior versions of > Sun Java > to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 > Update 6 > be installed ASAP. > > Simple check, look under... > C:\Program Files\Java > > The only folder under that folder should be the latest version... > > C:\Program Files\Java\jre1.5.0_06 > > > http://www.java.com/en/download/manual.jsp > > > > > > For non-viral malware... > > Please download, install and update the following software... > > * SpyBot Search and Destroy v1.4 > http://security.kolla.de/ > http://www.safer-networking.org/microsoft.en.html > > * SuperAntiSpyware > http://www.superantispyware.com/supe...freevspro.html > > After the software is updated, I suggest scanning the system in Safe Mode. > > I also suggest downloading, installing and updating BHODemon for any > Browser Helper Objects > that may be on the PC. > > * BHODemon > > http://www.majorgeeks.com/downloadge...4332b4b8b8442d > > For viral malware... > > * Download MULTI_AV.EXE from the URL -- > http://www.ik-cs.com/programs/virtools/Multi_AV.exe > > To use this utility, perform the following... > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } > Choose; Unzip > Choose; Close > > Execute; C:\AV-CLS\StartMenu.BAT > { or Double-click on 'Start Menu' in C:\AV-CLS } > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to > go through your > FireWall to allow it to download the needed AV vendor related files. > > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} > This will bring up the initial menu of choices and should be executed in > Normal Mode. > This way all the components can be downloaded from each AV vendor's web > site. > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and > Reboot the PC. > > You can choose to go to each menu item and just download the needed files > or you can > download the files and perform a scan in Normal Mode. Once you have > downloaded the files > needed for each scanner you want to use, you should reboot the PC into > Safe Mode [F8 key > during boot] and re-run the menu again and choose which scanner you want > to run in Safe > Mode. It is suggested to run the scanners in both Safe Mode and Normal > Mode. > > When the menu is displayed hitting 'H' or 'h' will bring up a more > comprehensive PDF help > file. http://www.ik-cs.com/multi-av.htm > > Additional Instructions: > http://pcdid.com/Multi_AV.htm > > > * * * Please report back your results * * * > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > David, thanks very much for your reply and information. I forgot about the Sun Java program updates!! Will get my neighbor to install the latest Sun Java program and install the additional malware programs. Will keep you posted. Thanks again, Sam. > |
Re: Suspicious Icons on Desktop
On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote: >Sam wrote: >[compromised system, some pseudo-security software] > >1. Where's the problem? The system was compromised, so it should be >flattened and rebuilt. Nonsense >2. There is no such thing like "tracking cookies" with proper configuration. More nonsense Follow the advice of David Lipman he has a clue. Her computer has aquired some software that pretends to be anti-spyware / a registry 'cleaner' - get rid of it. A good commercial product to do this is Spyware Doctor from http://www.pctools.com/ -- Jim Watt http://www.gibnet.com |
Re: Suspicious Icons on Desktop
Jim Watt wrote:
> > On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk > <seppi@seppig.de> wrote: > > >Sam wrote: > >[compromised system, some pseudo-security software] > > > >1. Where's the problem? The system was compromised, so it should be > >flattened and rebuilt. > > Nonsense > > >2. There is no such thing like "tracking cookies" with proper configuration. > > More nonsense > > Follow the advice of David Lipman he has a clue. > > Her computer has aquired some software that pretends to be > anti-spyware / a registry 'cleaner' - get rid of it. > > A good commercial product to do this is Spyware Doctor from > > http://www.pctools.com/ This week, CompUSA is offering Spyware Doctor for $9.99 (with rebates). Notan |
Re: Suspicious Icons on Desktop
Notan wrote:
> Jim Watt wrote: >> On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk >> <seppi@seppig.de> wrote: >> >>> Sam wrote: >>> [compromised system, some pseudo-security software] >>> >>> 1. Where's the problem? The system was compromised, so it should be >>> flattened and rebuilt. >> Nonsense It's good that this troll is already filtered out. Anyway, even some guys at Microsoft know that old and ever-lasting mantra. <http://www.microsoft.com/technet/security/secnews/articles/gothacked.mspx>: | The only way to clean a compromised system is to flatten and rebuild. And with at least some common sense you'd understand why this is so. >>> 2. There is no such thing like "tracking cookies" with proper configuration. >> More nonsense Once again, stupidity is no argument. A "tracking cookie" is merely a cookie used for interdomain tracking by utilizing the "domain" attribute in HTTP Cookie header. Without interpretation the tracking doesn't work, and interpretation is controlled by the webbrowser. Even the common-as-such-misused webbrowser IE has disabled that by default (even though can be circumvented by a dishonest P3P policy file) and about any real webbrowser has disabled it as well without any circumvention. BTW, who would be so stupid and save any cookie permanently? Someone has seriously ****ed up his settings! >> A good commercial product to do this is Spyware Doctor Hm... this **** doesn't even install. And if beaten to work it only produces a big load of false alarm and technical nonsense. |
Re: Suspicious Icons on Desktop
On Mon, 01 May 2006 14:29:51 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote: <garble snipped> >BTW, who would be so stupid and save any cookie permanently? Perhaps you should read about the purpose of cookies and you will find an answer to that question. >>> A good commercial product to do this is Spyware Doctor > >Hm... this **** doesn't even install. And if beaten to work it only >produces a big load of false alarm and technical nonsense. Ah a 'security expert' who does not understand cookies can't install a simple program, or write coherent English. Thank you for time. -- Jim Watt http://www.gibnet.com |
Re: Suspicious Icons on Desktop
Jim Watt wrote: > >BTW, who would be so stupid and save any cookie permanently? > > Perhaps you should read about the purpose of cookies and you > will find an answer to that question. What do you imagine you can accomplish with a permanent cookie that can't be acomplished in a more secure way with only a little more work, by only allowing cookies to exist temporarily? > >>> A good commercial product to do this is Spyware Doctor > > > >Hm... this **** doesn't even install. And if beaten to work it only > >produces a big load of false alarm and technical nonsense. > > Ah a 'security expert' who does not understand cookies > can't install a simple program, or write coherent English. I don't see where he said anything like that Jim. Sorry. |
Re: Suspicious Icons on Desktop
DRosen wrote:
> Jim Watt wrote: > >>> BTW, who would be so stupid and save any cookie permanently? >> Perhaps you should read about the purpose of cookies and you >> will find an answer to that question. > > What do you imagine you can accomplish with a permanent cookie that > can't be accomplished in a more secure way with only a little more work, > by only allowing cookies to exist temporarily? The purpose of permanent cookies is to _intentionally_ store credentials. There's absolutely no need to permanently store any random cookie. >> can't install a simple program I could, but as the program demands file access beyond reasonablity, I won't do so. A wonderful 'security program' that needs to break security to start operating... > or write coherent English. English is not my native language. > I don't see where he said anything like that Jim. Sorry. There's no need to discuss, Jim is a moron that ended up in my killfile a long time ago. For stupidities as seen above. |
| All times are GMT. The time now is 06:17 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.