Worms?

Discussion in 'Computer Security' started by TheThigILove@gmail.com, Sep 18, 2005.

  1. Guest

    I don't know what's going on with my machine. I'll be visiting a site,
    like CNN.com, and all of a sudden, I get a page not found screen with
    "http:///" in the address bar. Before it'd go to the google search
    page. It only seems to occur with IE and not with Mozilla Firefox. I
    have done all the newest Windows updates, installed ZoneAlarm for
    firewall purposes, run McAfee three times, used TrendMicro's HouseCall,
    and everything, and yet it continues. I have gotten a detection message
    from McAfee a couple of times for a p2p virus. Each time it says it's
    been cleaned, but I'm still having problems. Anyone have any advice?
    Thanks in advance!

    SuzyElizabeth
    , Sep 18, 2005
    #1
    1. Advertising

  2. Imhotep Guest

    wrote:

    > I don't know what's going on with my machine. I'll be visiting a site,
    > like CNN.com, and all of a sudden, I get a page not found screen with
    > "http:///" in the address bar. Before it'd go to the google search
    > page. It only seems to occur with IE and not with Mozilla Firefox. I
    > have done all the newest Windows updates, installed ZoneAlarm for
    > firewall purposes, run McAfee three times, used TrendMicro's HouseCall,
    > and everything, and yet it continues. I have gotten a detection message
    > from McAfee a couple of times for a p2p virus. Each time it says it's
    > been cleaned, but I'm still having problems. Anyone have any advice?
    > Thanks in advance!
    >
    > SuzyElizabeth


    Have you check for spyware/crapware? I used to use spybot search and
    destroy...also check you hosts file....I would guess that you have some
    kind of crapware installed...

    Imhotep
    Imhotep, Sep 18, 2005
    #2
    1. Advertising

  3. Guest

    For someone who's kind of spyware naive, where can I locate the hosts
    file? I will try the spybot as you suggested. I must admit, this is the
    first instance of the term "crapware" that I've heard. Thank you!
    , Sep 18, 2005
    #3
  4. From: <>

    | I don't know what's going on with my machine. I'll be visiting a site,
    | like CNN.com, and all of a sudden, I get a page not found screen with
    | "http:///" in the address bar. Before it'd go to the google search
    | page. It only seems to occur with IE and not with Mozilla Firefox. I
    | have done all the newest Windows updates, installed ZoneAlarm for
    | firewall purposes, run McAfee three times, used TrendMicro's HouseCall,
    | and everything, and yet it continues. I have gotten a detection message
    | from McAfee a couple of times for a p2p virus. Each time it says it's
    | been cleaned, but I'm still having problems. Anyone have any advice?
    | Thanks in advance!
    |
    | SuzyElizabeth

    For non-viral malware...

    Please download, install and update the following software...

    Ad-aware SE v1.06
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/

    SpyBot Search and Destroy v1.4
    http://security.kolla.de/

    After the software is updated, I suggest scanning the system in Safe Mode.


    For viral malware...

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Sep 18, 2005
    #4
  5. Imhotep Guest

    wrote:

    > For someone who's kind of spyware naive, where can I locate the hosts
    > file? I will try the spybot as you suggested. I must admit, this is the
    > first instance of the term "crapware" that I've heard. Thank you!


    Read David Lipman very good advice....

    im
    Imhotep, Sep 19, 2005
    #5
  6. Winged Guest

    wrote:
    > For someone who's kind of spyware naive, where can I locate the hosts
    > file? I will try the spybot as you suggested. I must admit, this is the
    > first instance of the term "crapware" that I've heard. Thank you!
    >

    %\windows\system32\etc

    Make sure to switch mode of spybot to advanced mode, after scanning and
    immunizing, preferably after you have updated...then check BHOs )browser
    helper objects, activeX controls, startup items and processes. All of
    this are accessible through the advanced mode. Use spybots host list if
    you have a machine with >128MB RAM.
    Winged
    Winged, Sep 19, 2005
    #6
  7. From: "Winged" <>

    | wrote:
    >> For someone who's kind of spyware naive, where can I locate the hosts
    >> file? I will try the spybot as you suggested. I must admit, this is the
    >> first instance of the term "crapware" that I've heard. Thank you!
    >>

    | %\windows\system32\etc
    |
    | Make sure to switch mode of spybot to advanced mode, after scanning and
    | immunizing, preferably after you have updated...then check BHOs )browser
    | helper objects, activeX controls, startup items and processes. All of
    | this are accessible through the advanced mode. Use spybots host list if
    | you have a machine with >128MB RAM.
    | Winged

    The correct path to the 'hosts' file is...

    For NT based OS'
    %windows%\system32\drivers\etc

    For Win9x/ME
    %windir%

    For NT based OS', anything alse means the Registry setting which is...

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    DataBasePath=%SystemRoot%\System32\drivers\etc

    Has been changed by malware.

    The Multi AV Scanning tool I provided in this thread deals with alterations of this setting
    and if is different from the above it will be set to the above and it will also rename
    'etc/hosts' to 'etc/hosts.bak' to make sure the anti virus files can be downloaded from
    their respective vendors web sites.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Sep 19, 2005
    #7
  8. Winged Guest

    David H. Lipman wrote:
    > From: "Winged" <>
    >
    > | wrote:
    >
    >>>For someone who's kind of spyware naive, where can I locate the hosts
    >>>file? I will try the spybot as you suggested. I must admit, this is the
    >>>first instance of the term "crapware" that I've heard. Thank you!
    >>>

    >
    > | %\windows\system32\etc
    > |
    > | Make sure to switch mode of spybot to advanced mode, after scanning and
    > | immunizing, preferably after you have updated...then check BHOs )browser
    > | helper objects, activeX controls, startup items and processes. All of
    > | this are accessible through the advanced mode. Use spybots host list if
    > | you have a machine with >128MB RAM.
    > | Winged
    >
    > The correct path to the 'hosts' file is...
    >
    > For NT based OS'
    > %windows%\system32\drivers\etc
    >
    > For Win9x/ME
    > %windir%
    >
    > For NT based OS', anything alse means the Registry setting which is...
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    > DataBasePath=%SystemRoot%\System32\drivers\etc
    >
    > Has been changed by malware.
    >
    > The Multi AV Scanning tool I provided in this thread deals with alterations of this setting
    > and if is different from the above it will be set to the above and it will also rename
    > 'etc/hosts' to 'etc/hosts.bak' to make sure the anti virus files can be downloaded from
    > their respective vendors web sites.
    >

    Yup, your right, somehow I missed the driver portion of the
    path...Thanks for the catch..
    Winged
    Winged, Sep 19, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Philip Drumm

    Trick to protect address book from worms

    Philip Drumm, Jul 4, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    793
  2. Mike
    Replies:
    3
    Views:
    499
    S.Heenan
    Aug 23, 2003
  3. P Watkins

    AVG 6.0 difficulties - Virus/worms getting through.

    P Watkins, Jan 19, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    473
    °Mike°
    Jan 19, 2004
  4. gruffydd

    worms

    gruffydd, Jan 21, 2004, in forum: Computer Support
    Replies:
    10
    Views:
    1,113
  5. gruffydd

    reference worms

    gruffydd, Jan 21, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    375
    Boomer
    Jan 21, 2004
Loading...

Share This Page