Re: Results-report for David

Discussion in 'Computer Security' started by Joseph Ladovic, May 25, 2005.

  1. Hello Dave,

    Thank you very much for your advice.

    It did not work.

    It repeats itself again and again.

    As I stated earlier: (title) Please your advice.....
    Some dialers I cleaned all.
    Some dialers stayed in.

    I tried to remove some registry entries (my experiment)
    but WindowsXP program stops me.
    (At REGEDIT I found these entries.)

    I see: it is connected directly with WindowsXP program.
    How to seperate it? The rest of dialers from WindowsXP program?
    Please, do you know answer?

    Best regards.

    Joseph
    Joseph Ladovic, May 25, 2005
    #1
    1. Advertising

  2. From: "Joseph Ladovic" <>

    | Hello Dave,
    |
    | Thank you very much for your advice.
    |
    | It did not work.
    |
    | It repeats itself again and again.
    |
    | As I stated earlier: (title) Please your advice.....
    | Some dialers I cleaned all.
    | Some dialers stayed in.
    |
    | I tried to remove some registry entries (my experiment)
    | but WindowsXP program stops me.
    | (At REGEDIT I found these entries.)
    |
    | I see: it is connected directly with WindowsXP program.
    | How to seperate it? The rest of dialers from WindowsXP program?
    | Please, do you know answer?
    |
    | Best regards.
    |
    | Joseph

    Here is the web page: http://www.safer-networking.org/en/index.html

    Did you update SpyBot S&D ?

    The DSO Exploit was patched "long ago" by Microsoft and like I said it is a "False Postive"
    declaration. Rwead the web site, get all thye updates and don't fudge with the Registry.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 25, 2005
    #2
    1. Advertising

  3. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:Qv%ke.237$Pm3.195@trnddc08...
    > From: "Joseph Ladovic" <>
    >
    > | Hello Dave,
    > |
    > | Thank you very much for your advice.
    > |
    > | It did not work.
    > |
    > | It repeats itself again and again.
    > |
    > | As I stated earlier: (title) Please your advice.....
    > | Some dialers I cleaned all.
    > | Some dialers stayed in.
    > |
    > | I tried to remove some registry entries (my experiment)
    > | but WindowsXP program stops me.
    > | (At REGEDIT I found these entries.)
    > |
    > | I see: it is connected directly with WindowsXP program.
    > | How to seperate it? The rest of dialers from WindowsXP program?
    > | Please, do you know answer?
    > |
    > | Best regards.
    > |
    > | Joseph
    >
    > Here is the web page: http://www.safer-networking.org/en/index.html
    >
    > Did you update SpyBot S&D ?
    >
    > The DSO Exploit was patched "long ago" by Microsoft and like I said it is

    a "False Postive"
    > declaration. Rwead the web site, get all thye updates and don't fudge

    with the Registry.
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >

    Thank you very much on your reply.

    It gets worse.

    Meanwhile I deleted DOS Exploit somehow?

    I got four more spyware (red entries) and few usage tracks (green entries).
    I tried to delate parasites with Spybot- S@D
    .....Update....System Restore....Safe Mode....etc. and again for WinXP...
    and create new Restore point.

    Joseph
    Joseph Ladovic, May 25, 2005
    #3
  4. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:Qv%ke.237$Pm3.195@trnddc08...
    > From: "Joseph Ladovic" <>
    >
    > | Hello Dave,
    > |
    > | Thank you very much for your advice.
    > |
    > | It did not work.
    > |
    > | It repeats itself again and again.
    > |
    > | As I stated earlier: (title) Please your advice.....
    > | Some dialers I cleaned all.
    > | Some dialers stayed in.
    > |
    > | I tried to remove some registry entries (my experiment)
    > | but WindowsXP program stops me.
    > | (At REGEDIT I found these entries.)
    > |
    > | I see: it is connected directly with WindowsXP program.
    > | How to seperate it? The rest of dialers from WindowsXP program?
    > | Please, do you know answer?
    > |
    > | Best regards.
    > |
    > | Joseph
    >
    > Here is the web page: http://www.safer-networking.org/en/index.html
    >
    > Did you update SpyBot S&D ?
    >
    > The DSO Exploit was patched "long ago" by Microsoft and like I said it is

    a "False Postive"
    > declaration. Rwead the web site, get all thye updates and don't fudge

    with the Registry.
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >

    Report:

    I can not remove next entries.

    Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green entries)

    AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)

    Thank you.

    Joseph
    Joseph Ladovic, May 25, 2005
    #4
  5. Joseph Ladovic

    Ken Ward Guest

    On Thu, 26 May 2005 00:47:35 +0200, "Joseph Ladovic"
    <> wrote:

    >
    >"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    >news:Qv%ke.237$Pm3.195@trnddc08...
    >> From: "Joseph Ladovic" <>
    >>
    >> | Hello Dave,
    >> |
    >> | Thank you very much for your advice.
    >> |
    >> | It did not work.
    >> |
    >> | It repeats itself again and again.
    >> |
    >> | As I stated earlier: (title) Please your advice.....
    >> | Some dialers I cleaned all.
    >> | Some dialers stayed in.
    >> |
    >> | I tried to remove some registry entries (my experiment)
    >> | but WindowsXP program stops me.
    >> | (At REGEDIT I found these entries.)
    >> |
    >> | I see: it is connected directly with WindowsXP program.
    >> | How to seperate it? The rest of dialers from WindowsXP program?
    >> | Please, do you know answer?
    >> |
    >> | Best regards.
    >> |
    >> | Joseph
    >>
    >> Here is the web page: http://www.safer-networking.org/en/index.html
    >>
    >> Did you update SpyBot S&D ?
    >>
    >> The DSO Exploit was patched "long ago" by Microsoft and like I said it is

    >a "False Postive"
    >> declaration. Rwead the web site, get all thye updates and don't fudge

    >with the Registry.
    >>
    >>
    >> --
    >> Dave
    >> http://www.claymania.com/removal-trojan-adware.html
    >> http://www.ik-cs.com/got-a-virus.htm
    >>
    >>

    >Report:
    >
    >I can not remove next entries.
    >
    >Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green entries)
    >
    >AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)
    >
    >Thank you.
    >
    >Joseph
    >

    Try using BHODemon to check for & remove Browser Helper Objects (BHO).
    www.definitivesolutions.com
    Try using Process Explorer www.sysinternals.com to find out which
    processes are running that use items you cannot remove.
    See if they run in safe mode.
    Chase down dll that contain hostiles & delete - you may have to kill
    some processes to do this. Experiment.
    Sometimes the best way to delete the files is from a MS-DOS window.
    Open the window & navigate to where the file exists - use process
    explorer to kill any process holding the target file open - delete the
    target file in the DOS window - restart the killed process from
    Process Explorer - see if the file comes back - if it does, there is a
    dropper file somewhere that needs to be removed first.
    Ken Ward, May 26, 2005
    #5
  6. Joseph Ladovic

    Winged Guest

    Ken Ward wrote:
    > On Thu, 26 May 2005 00:47:35 +0200, "Joseph Ladovic"
    > <> wrote:
    >
    >
    >>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    >>news:Qv%ke.237$Pm3.195@trnddc08...
    >>
    >>>From: "Joseph Ladovic" <>
    >>>
    >>>| Hello Dave,
    >>>|
    >>>| Thank you very much for your advice.
    >>>|
    >>>| It did not work.
    >>>|
    >>>| It repeats itself again and again.
    >>>|
    >>>| As I stated earlier: (title) Please your advice.....
    >>>| Some dialers I cleaned all.
    >>>| Some dialers stayed in.
    >>>|
    >>>| I tried to remove some registry entries (my experiment)
    >>>| but WindowsXP program stops me.
    >>>| (At REGEDIT I found these entries.)
    >>>|
    >>>| I see: it is connected directly with WindowsXP program.
    >>>| How to seperate it? The rest of dialers from WindowsXP program?
    >>>| Please, do you know answer?
    >>>|
    >>>| Best regards.
    >>>|
    >>>| Joseph
    >>>
    >>>Here is the web page: http://www.safer-networking.org/en/index.html
    >>>
    >>>Did you update SpyBot S&D ?
    >>>
    >>>The DSO Exploit was patched "long ago" by Microsoft and like I said it is

    >>
    >>a "False Postive"
    >>
    >>>declaration. Rwead the web site, get all thye updates and don't fudge

    >>
    >>with the Registry.
    >>
    >>>
    >>>--
    >>>Dave
    >>>http://www.claymania.com/removal-trojan-adware.html
    >>>http://www.ik-cs.com/got-a-virus.htm
    >>>
    >>>

    >>
    >>Report:
    >>
    >>I can not remove next entries.
    >>
    >>Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green entries)
    >>
    >>AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)
    >>
    >>Thank you.
    >>
    >>Joseph
    >>

    >
    > Try using BHODemon to check for & remove Browser Helper Objects (BHO).
    > www.definitivesolutions.com
    > Try using Process Explorer www.sysinternals.com to find out which
    > processes are running that use items you cannot remove.
    > See if they run in safe mode.
    > Chase down dll that contain hostiles & delete - you may have to kill
    > some processes to do this. Experiment.
    > Sometimes the best way to delete the files is from a MS-DOS window.
    > Open the window & navigate to where the file exists - use process
    > explorer to kill any process holding the target file open - delete the
    > target file in the DOS window - restart the killed process from
    > Process Explorer - see if the file comes back - if it does, there is a
    > dropper file somewhere that needs to be removed first.


    A Better Internet is a serious issue. There is a full blown Trojan on
    your system.

    Removal procedure is here:

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076992

    Atlpz is a Trojan downloader removal instructions here or second link
    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453083588

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088156

    Hotsearchbar can be removed with spybot S&D
    Open spybot, update then in advanced mode and under tools open BHOs and
    remove hotbar bho, Imunize, then complete scan.

    URLSearch Hook is part of abetterInternet. I am not sure what rotue is
    but I suspect that may be the dialer. To remove this package (spybot or
    Ad-aware won't) Use
    http://www.microsoft.com/athome/security/spyware/software/default.mspx

    I believe that package will remove the dialer. I suspect you may also
    want to run the current version of cwshredder I believe a copy can be
    found at www.majorgeeks.com under spyware tools.

    That will get what you know about, but I still recommend re-building the
    system, that said most folks think I am paranoid.

    Winged

    Oh one more thing, quit using IE as your default browser. A
    betterinternet uses an open exploit in IE that should have been fixed
    months ago. This would not have infected firefox.
    Winged, May 27, 2005
    #6
  7. Thank you very much Winged.
    I will send my report to the same newsgroup later.
    The first I have to check everything.
    Meanwhile, please, describe me how to re-build the system?
    My knowledge is not big enough to understand that.
    I consider equally any solution what might completly
    delete all (parasites) dialers, trojans, etc.

    Best regards.

    Joseph

    "Winged" <> wrote in message
    news:aaeac$42966cc0$18d6d929$...
    > Ken Ward wrote:
    > > On Thu, 26 May 2005 00:47:35 +0200, "Joseph Ladovic"
    > > <> wrote:
    > >
    > >
    > >>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > >>news:Qv%ke.237$Pm3.195@trnddc08...
    > >>
    > >>>From: "Joseph Ladovic" <>
    > >>>
    > >>>| Hello Dave,
    > >>>|
    > >>>| Thank you very much for your advice.
    > >>>|
    > >>>| It did not work.
    > >>>|
    > >>>| It repeats itself again and again.
    > >>>|
    > >>>| As I stated earlier: (title) Please your advice.....
    > >>>| Some dialers I cleaned all.
    > >>>| Some dialers stayed in.
    > >>>|
    > >>>| I tried to remove some registry entries (my experiment)
    > >>>| but WindowsXP program stops me.
    > >>>| (At REGEDIT I found these entries.)
    > >>>|
    > >>>| I see: it is connected directly with WindowsXP program.
    > >>>| How to seperate it? The rest of dialers from WindowsXP program?
    > >>>| Please, do you know answer?
    > >>>|
    > >>>| Best regards.
    > >>>|
    > >>>| Joseph
    > >>>
    > >>>Here is the web page: http://www.safer-networking.org/en/index.html
    > >>>
    > >>>Did you update SpyBot S&D ?
    > >>>
    > >>>The DSO Exploit was patched "long ago" by Microsoft and like I said it

    is
    > >>
    > >>a "False Postive"
    > >>
    > >>>declaration. Rwead the web site, get all thye updates and don't fudge
    > >>
    > >>with the Registry.
    > >>
    > >>>
    > >>>--
    > >>>Dave
    > >>>http://www.claymania.com/removal-trojan-adware.html
    > >>>http://www.ik-cs.com/got-a-virus.htm
    > >>>
    > >>>
    > >>
    > >>Report:
    > >>
    > >>I can not remove next entries.
    > >>
    > >>Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green

    entries)
    > >>
    > >>AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)
    > >>
    > >>Thank you.
    > >>
    > >>Joseph
    > >>

    > >
    > > Try using BHODemon to check for & remove Browser Helper Objects (BHO).
    > > www.definitivesolutions.com
    > > Try using Process Explorer www.sysinternals.com to find out which
    > > processes are running that use items you cannot remove.
    > > See if they run in safe mode.
    > > Chase down dll that contain hostiles & delete - you may have to kill
    > > some processes to do this. Experiment.
    > > Sometimes the best way to delete the files is from a MS-DOS window.
    > > Open the window & navigate to where the file exists - use process
    > > explorer to kill any process holding the target file open - delete the
    > > target file in the DOS window - restart the killed process from
    > > Process Explorer - see if the file comes back - if it does, there is a
    > > dropper file somewhere that needs to be removed first.

    >
    > A Better Internet is a serious issue. There is a full blown Trojan on
    > your system.
    >
    > Removal procedure is here:
    >
    > http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076992
    >
    > Atlpz is a Trojan downloader removal instructions here or second link
    > http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453083588
    >
    > http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088156
    >
    > Hotsearchbar can be removed with spybot S&D
    > Open spybot, update then in advanced mode and under tools open BHOs and
    > remove hotbar bho, Imunize, then complete scan.
    >
    > URLSearch Hook is part of abetterInternet. I am not sure what rotue is
    > but I suspect that may be the dialer. To remove this package (spybot or
    > Ad-aware won't) Use
    > http://www.microsoft.com/athome/security/spyware/software/default.mspx
    >
    > I believe that package will remove the dialer. I suspect you may also
    > want to run the current version of cwshredder I believe a copy can be
    > found at www.majorgeeks.com under spyware tools.
    >
    > That will get what you know about, but I still recommend re-building the
    > system, that said most folks think I am paranoid.
    >
    > Winged
    >
    > Oh one more thing, quit using IE as your default browser. A
    > betterinternet uses an open exploit in IE that should have been fixed
    > months ago. This would not have infected firefox.
    Joseph Ladovic, May 28, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AK

    David Beckham

    AK, Oct 30, 2003, in forum: Computer Support
    Replies:
    19
    Views:
    1,850
    William Poaster
    Nov 1, 2003
  2. Brian H¹©

    David Blaine

    Brian H¹©, Dec 19, 2003, in forum: Computer Support
    Replies:
    14
    Views:
    760
  3. Windows XP

    getting rid of error report/ dont send error report

    Windows XP, May 9, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    10,260
  4. Replies:
    3
    Views:
    300
    Paul Heslop
    Sep 9, 2006
  5. Giuen
    Replies:
    0
    Views:
    874
    Giuen
    Sep 12, 2008
Loading...

Share This Page