Re-appearing links

"Soet" <> wrote in message news:bprkiv$muu$...
> Hi Mimic,
>
> I am not ashamed of admitting that I visit sites with adult content.
> I live in Germany and we are pretty open to such things.
>
> However, I can assure you that I never visited that particular site
> and I never admitted anything to be executed on my PC that came
> from a webpage, since I am aware of the risks.
>
> Yet, the advices of the other guys didn't help. This stupid links
> keep re-appearing. Neither NAV, nor AdAware or Spybot
> cleaned the problem. Maybe they are not aware of this particular
> bug.
>
> I have no chance to track down the root of this annoying problem.
> I will most likely end up re-installing the system to get rid of it.
>
> Regards
>
> "Mimic" <> schrieb im Newsbeitrag
> news:hcmdnbxhvI1tvVyiRVn-...
> > "Soet" <> wrote in message
> news:bpp91p$rcg$...
> > > Hi all,
> > >
> > > I've got a heavy (security) problem on my WinXP machine and hope
> > > to get information here about where to start looking for solutions.
> > >
> > > I found several links/shortcuts to a specific porn site in my start
> menu,
> > > my favorites list, and also on my desktop although I neither placed
them
> > > there nor did I ever visit this site. I keep on deleting all of the
> links
> > > but
> > > after a random time span they keep appearing again. Needless to say
> > > that this is absolutely annoying and more importantly very
frightening.
> > >
> > > I scanned my whole computer with the norton anti-virus scanner and
> > > up-to-date virus definition files but couldn't find anything. I also
> > checked
> > > all processes in the task manager and all automatically started tasks
> and
> > > services with msconfig but couldn't find anything suspicious.
> > >
> > > Does anybody have an idea if this is some hidden process messing with
> > > my system or possibly an attack from the internet (have DSL).
> > >
> > > Any advice is appreciated
> > > Suat
> > >
> > >
> >
> > Sounds like youve been going to gn0rty sites and got fooled by the "you
> have
> > to click yes to proceed" button.
> > Dont be ashamed, most people look at porn
> >
> > --
> > Mimic
> >
> > "Without Knowledge you have fear, With fear you create your own
> nightmares."
> > "There are 10 types of people in this world. Those that understand
Binary,
> > and those that dont."
> > "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> > when you do, it blows away your whole leg"
> >
> >
> >
>
>

Glad to hear it.
It doesnt matter if you havent visited that particular site, when you get
into http porn its just an industry of popups and leads, someone could have
just had a popup that linked the OK or No button to accept the download.
If i were you, id prolly go into the registry and have a root around

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

Mimic Spilled my beer when they jumped on the table and proclaimed in
<J6-dnVVtqIpKLF-iRVn->:
> It wont be lovesan (aka the Blaster worm)

Thinking about it, you are correct. However, being the
obsessive-compulsive type I am, I just had to find out what it was.
<G>

After obsessing for over an hour, I found the record in an obscure
location on the server at work...

js.fortnite

How the hell, I got Love-anything out of that, I will never know...

Here's a link to the description if anyone is interested...

http://www3.ca.com/virusinfo/virus.aspx?ID=11890

NOI

Thund3rstruck

"Thund3rstruck" <> wrote in message
news:3fc2c087$0$30684$...
> Mimic Spilled my beer when they jumped on the table and proclaimed in
> <J6-dnVVtqIpKLF-iRVn->:
> > It wont be lovesan (aka the Blaster worm)
>
> Thinking about it, you are correct. However, being the
> obsessive-compulsive type I am, I just had to find out what it was.
> <G>
>
> After obsessing for over an hour, I found the record in an obscure
> location on the server at work...
>
> js.fortnite
>
> How the hell, I got Love-anything out of that, I will never know...
>
> Here's a link to the description if anyone is interested...
>
> http://www3.ca.com/virusinfo/virus.aspx?ID=11890
>
> NOI

Yeah i know what you mean, sex pron and love really dont go together ;D

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

Well, after searching some more in the internet I finally found some
information
on the Symantec (Norton Anti-Virus) webpages that exactly described my
problem.
According to that it was a virus called "dialer.heysan", that doesn't create
registry
entries but rather places some malicious files on you harddrive.
http://securityresponse.symantec.com...er.heysan.html

The weird thing is that despite of having that virus also in the virus
definition list
my Norton Anti-Virus scanner didn't find it even by performing a deep scan
on
all files on my harddrive.

However, by manually searching for the files that are described in the given
webpage
I was successful. The problem source was a file called "mile.scr". This
created the
links, shortcuts, and files and placed these in different locations. Since
the extension
".scr" stands for "Windows Screensaver" I assume that this file was
activated by
the screensaver mechanism of Windows. But I am not sure about that.

Anyway, deleting this one particular file solved all my problems.

Thanks to all for the valuable information that finally helped me to narrow
down my
search for a solution.

Cheers


"Mimic" <> schrieb im Newsbeitrag
news:9PCdnZsYFvzvTV6iRVn-...
> "Thund3rstruck" <> wrote in message
> news:3fc2c087$0$30684$...
> > Mimic Spilled my beer when they jumped on the table and proclaimed in
> > <J6-dnVVtqIpKLF-iRVn->:
> > > It wont be lovesan (aka the Blaster worm)
> >
> > Thinking about it, you are correct. However, being the
> > obsessive-compulsive type I am, I just had to find out what it was.
> > <G>
> >
> > After obsessing for over an hour, I found the record in an obscure
> > location on the server at work...
> >
> > js.fortnite
> >
> > How the hell, I got Love-anything out of that, I will never know...
> >
> > Here's a link to the description if anyone is interested...
> >
> > http://www3.ca.com/virusinfo/virus.aspx?ID=11890
> >
> > NOI
>
> Yeah i know what you mean, sex pron and love really dont go together ;D
>
> --
> Mimic
>
> "Without Knowledge you have fear, With fear you create your own
nightmares."
> "There are 10 types of people in this world. Those that understand Binary,
> and those that dont."
> "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> when you do, it blows away your whole leg"
>
>
>

Soet

Soet Spilled my beer when they jumped on the table and proclaimed in
<bq0sju$8c8$>:

> Well, after searching some more in the internet I finally found some
> information
> on the Symantec (Norton Anti-Virus) webpages that exactly described
> my problem.
> According to that it was a virus called "dialer.heysan", that
> doesn't create registry
> entries but rather places some malicious files on you harddrive.
>
http://securityresponse.symantec.com...er.heysan.html
>
> The weird thing is that despite of having that virus also in the
> virus definition list
> my Norton Anti-Virus scanner didn't find it even by performing a
> deep scan on
> all files on my harddrive.
>
> However, by manually searching for the files that are described in
> the given webpage
> I was successful. The problem source was a file called "mile.scr".
> This created the
> links, shortcuts, and files and placed these in different locations.
> Since the extension
> ".scr" stands for "Windows Screensaver" I assume that this file was
> activated by
> the screensaver mechanism of Windows. But I am not sure about that.
>
> Anyway, deleting this one particular file solved all my problems.
>
> Thanks to all for the valuable information that finally helped me to
> narrow down my
> search for a solution.

I'm glad you got it solved. Yes, the .scr files are activated
(basically) by the screensaver section of windows... <G>

NOI

Thund3rstruck

"Soet" <> wrote in message news:bq0sju$8c8$...
> Well, after searching some more in the internet I finally found some
> information
> on the Symantec (Norton Anti-Virus) webpages that exactly described my
> problem.
> According to that it was a virus called "dialer.heysan", that doesn't
create
> registry
> entries but rather places some malicious files on you harddrive.
> http://securityresponse.symantec.com...er.heysan.html
>
> The weird thing is that despite of having that virus also in the virus
> definition list
> my Norton Anti-Virus scanner didn't find it even by performing a deep scan
> on
> all files on my harddrive.
>
> However, by manually searching for the files that are described in the
given
> webpage
> I was successful. The problem source was a file called "mile.scr". This
> created the
> links, shortcuts, and files and placed these in different locations. Since
> the extension
> ".scr" stands for "Windows Screensaver" I assume that this file was
> activated by
> the screensaver mechanism of Windows. But I am not sure about that.
>
> Anyway, deleting this one particular file solved all my problems.
>
> Thanks to all for the valuable information that finally helped me to
narrow
> down my
> search for a solution.
>
> Cheers
>

>

Isnt .scr for script ?

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

"Mimic" <> skrev i en meddelelse news:48OdnRTMwqifl1iiRVn-
> >
>
> Isnt .scr for script ?
>
> --
> Mimic
>
> "Without Knowledge you have fear, With fear you create your own
nightmares."
> "There are 10 types of people in this world. Those that understand Binary,
> and those that dont."
> "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> when you do, it blows away your whole leg"

Hi Mimic

The ".SCR" extension is for Screensaver executeable files, scripts is
usually ".CMD", in Windows NT/2000/XP, but can also be ".BAT", ".VBS",
".VBE", ".JS", ".VSH", and ".WSF".

Just try to execute any ".SCR" file in thhe C:\Windows\System32\ directory,
they are actually executeable files, just ligew ".EXE", you can even copy
and rename them to ".EXE" and run them as a proggy if you like.

Regards

Per Pedersen

Per Pedersen

This could be a firewall or spyware problem. If you don't have a firewall
installed, you can get a free version of ZoneAlarm for noncommercial use.
You also need anti-spyware software. Spybot Search & Destroy is good free
software. Pestpatrol has a decent
free online scanner at http://pestscan.com/Scan.asp

I hope this helps.

Regards,
Craig
http://info-safety.com


"Soet" <> wrote in message news:bpp91p$rcg$...
> Hi all,
>
> I've got a heavy (security) problem on my WinXP machine and hope
> to get information here about where to start looking for solutions.
>
> I found several links/shortcuts to a specific porn site in my start menu,
> my favorites list, and also on my desktop although I neither placed them
> there nor did I ever visit this site. I keep on deleting all of the links
> but
> after a random time span they keep appearing again. Needless to say
> that this is absolutely annoying and more importantly very frightening.
>
> I scanned my whole computer with the norton anti-virus scanner and
> up-to-date virus definition files but couldn't find anything. I also
checked
> all processes in the task manager and all automatically started tasks and
> services with msconfig but couldn't find anything suspicious.
>
> Does anybody have an idea if this is some hidden process messing with
> my system or possibly an attack from the internet (have DSL).
>
> Any advice is appreciated
> Suat
>
>

infosafety

"Per Pedersen" <> wrote in message
news:3fc513cb$0$25816$ ...
>
> "Mimic" <> skrev i en meddelelse news:48OdnRTMwqifl1iiRVn-
> > >
> >
> > Isnt .scr for script ?
> >
> > --
> > Mimic
> >
> > "Without Knowledge you have fear, With fear you create your own
> nightmares."
> > "There are 10 types of people in this world. Those that understand
Binary,
> > and those that dont."
> > "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> > when you do, it blows away your whole leg"
>
> Hi Mimic
>
> The ".SCR" extension is for Screensaver executeable files, scripts is
> usually ".CMD", in Windows NT/2000/XP, but can also be ".BAT", ".VBS",
> ".VBE", ".JS", ".VSH", and ".WSF".
>
> Just try to execute any ".SCR" file in thhe C:\Windows\System32\
directory,
> they are actually executeable files, just ligew ".EXE", you can even copy
> and rename them to ".EXE" and run them as a proggy if you like.
>
> Regards
>
> Per Pedersen
>
>

And the great thing about them is that logon.scr often gets automatically
executed by the system account...

This led to much merriment under NT4; however the ACLs on it are properly
configured these days.


DaveK
--
moderator of
alt.talk.rec.soc.biz.news.comp.humanities.meow.mis c.moderated.meow
Burn your ID card! http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!
Proud Member of the Exclusive "I have been plonked by Davee because he
thinks I'm interesting" List Member #<insert number here>
Master of Many Meowing Minions
Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
and beyond the call of hilarity.
PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7 D2BD

Dave Korn

"Per Pedersen" <> wrote in message
news:3fc513cb$0$25816$ ...
>
> "Mimic" <> skrev i en meddelelse news:48OdnRTMwqifl1iiRVn-
> > >
> >
> > Isnt .scr for script ?
> >
> > --
> > Mimic
> >
> > "Without Knowledge you have fear, With fear you create your own
> nightmares."
> > "There are 10 types of people in this world. Those that understand
Binary,
> > and those that dont."
> > "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> > when you do, it blows away your whole leg"
>
> Hi Mimic
>
> The ".SCR" extension is for Screensaver executeable files, scripts is
> usually ".CMD", in Windows NT/2000/XP, but can also be ".BAT", ".VBS",
> ".VBE", ".JS", ".VSH", and ".WSF".
>
> Just try to execute any ".SCR" file in thhe C:\Windows\System32\
directory,
> they are actually executeable files, just ligew ".EXE", you can even copy
> and rename them to ".EXE" and run them as a proggy if you like.
>
> Regards
>
> Per Pedersen
>
>

fair enough.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic