OMG Viruses

[Cyclone]

I just got like 4 viruses today after my computer started acting funny. So I ran norton and this is what it found!

Download.Trojan
MHTMLRedir.Exploit
Trojan Horse
Trojan.Byte Verify

Now wtf is up with this. This is the first time I have ever found viruses on my computer and I have had it for like 5 years. Anybody now how I might have got these?

[Topher]

A hole in IE likely. MHTMLRedir.Exploit means an HTML page that uses an exploit was found so you ran across it and it installed the other stuff.

[[DWL]Punk]

im having the same problems to. no matter what i do my IE home age is some shady search site. i do adware/spyware scans daily, but they always sneak back in after reboot.

how do we get our PC's back to normal?
i've already switched to mozilla.
but my system is still permenetly infected.

would a reinstallation of windows help?

[BUBBALOU]

Spybot - Search and Destroy 1.3 is your friend (adaware blows monkey chunks)

Download, install, run update, run scan, reboot if required, repair , then immunize (enable tea timer if you want)

Then get a Popup blocker and stop anything in the future

[Warlock]

Spybot - Search and Destroy 1.3 is your friend (adaware blows monkey chunks)

uhhh u do know adaware finds stuff that spybot doesnt

[CDN_Merlin]

google toolbar will stop all unwanted popups. I dont have any spyware ot vurii and I use norton, netscape and google toolbar.

[Aggressor Prime]

Spybot - Search and Destroy 1.3 is your friend (adaware blows monkey chunks)

uhhh u do know adaware finds stuff that spybot doesnt

Yes, Adaware does. But Spybot finds stuff that Adaware doesn't.

You need both.

[WarAdvocat]

Also, you get those files (most often) from warez/pr0n sites. The ones that pop up windows to install software like gator and so forth, 1 time in 10 it's some sort of overtly malign trojan, dialer or downloader. For some reason, the file gets saved even if you don't accept the download, That doesn't mean that you're infected though, it just doesn't get installed.

You're probably safe if the file is just in your internet casche or temp internet files.

[Cuda68-2]

Dont forget to turn off the restore feature 1st and when all is well or as a last step turn it back on.

[Topher]

BHODemon

That will show you all Browser Helper Objects that IE is using. Most likely one of them is spyware that redirects your homepage. Uncheck it what looks suspicious and see if it helps.

[Cyclone]

I looked were the files were on my computer and all of them were in my temp internet files. Man lately I have been having lots of problems with spyware and crap. I have activex diabled in ie also. not sure if that helps.

[Grendel]

Also install the BHODemon

Edit: oops, skimmed Topher

[Iceman]

Yes, Adaware does. But Spybot finds stuff that Adaware doesn't.

You need both.

Word ...

[Mobius]

Amen to that Ice. I recently had an IE hijack which Norton and Spybots wouldn't detect - but Adaware got rid of. Bubba: talking out the wrong hole again bro.

[MD-2389]

im having the same problems to. no matter what i do my IE home age is some shady search site. i do adware/spyware scans daily, but they always sneak back in after reboot.

how do we get our PC's back to normal?
i've already switched to mozilla.
but my system is still permenetly infected.

would a reinstallation of windows help?

Its coming back because theres a program running in the background restoring the data. Open up Task Manager and look for any suspicious in the process list. (note: You will see multiple instances of svchost.exe, this is NORMAL...unless you're Warlock. )

[BUBBALOU]

Bubba: talking out the wrong hole again bro.

Trash@!

[Duper]

trojan?

Better get a firewall up, or spoof your ports.

[[DWL]Punk]

svchost.exe is listed 5 times in my task manager
and one of them is using 48,772K! yikes is that normal?

i thought the most it ever duplicates was 3 or 4?

[WarAdvocat]

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries.

Currently on my office computer I show 4 instances of SVCHOST.EXE, one of which is using 22,008k/RAM

Shouldn't be anything to worry about for you although I'd check my startup files and make sure I didn't have any bloatware loading when I boot up.

To view the services running under SVCHOST.EXE in WinXP, check the following article:

MS Knowledge Base Article 314056 - "A description of Svchost.exe in Windows XP"
http://support.microsoft.com/default.as ... N];Q314056

[DCrazy]

The best defense against malware is not Spybot or Ad-Aware: it's common sense. Granted, IE has security holes even seemingly innocuous websites can exploit, but downloading and installing things from random websites or KaZaA is an incredible no-no. And anything that advertises itself in a popup window can't possibly be as good as it seems (*cough*Precision Date & Time*cough*).

[Neitzl]

you should try using, as well as the other software mentioned here, two programs called Spyware Blaster, and Spyware Guard
both can be found here Spyware Stuff. Both are pretty good and have helped a lot. If you need to find out what stuff is running on your PC and other nifty (or unnifty)stuff, download HiJackThis.

Good luck!

[Ned]

Here's what I do:

only use Mozilla (best browser of 2003)
use AVG antivirus from Grisoft (free and good)
use SpySweeper (PC magazine editor's choice)
use yahoo mail, not outlook or O. Express

I rarely get anything with these methods. Hope that helps you!

[Duper]

Spybot - Search and Destroy 1.3 is your friend (adaware blows monkey chunks)

uhhh u do know adaware finds stuff that spybot doesnt

Yes, Adaware does. But Spybot finds stuff that Adaware doesn't.

You need both.

Exactly.

I haven't been able to get an update for spybot for a long time. Were they off line for a while?
To avoid trojan's it's best to also have a firewall in place as well.

[Vindicator]

The best defense against malware is not Spybot or Ad-Aware: it's common sense. Granted, IE has security holes even seemingly innocuous websites can exploit, but downloading and installing things from random websites or KaZaA is an incredible no-no.

Preach on, brotha.

[Krom]

Common sense is very uncommon these days

[MD-2389]

I haven't been able to get an update for spybot for a long time. Were they off line for a while?

No, they just actually updated the software and quit supporting 1.2.

Though it would be nice if the morons that upload the updates would bother to CHECK THE DAMN CHECKSUM! (the only two updates available have bac checksum values, thus will not install.)

[Duper]

Wonderful ..... would have been nice to have the updater to relay the message to the genral populas that they indeed quit supporting 1.2 Why not update that to a higher version or something? that's just wierd. Thanks for bringing me up to speed.

The reason I asked if they were off line is because I couldn't even get on their website.

[DigiJo]

win xp , 2k etc. are all multiuser-os, why do you work and play in an admin account? if you browse with your ie in an restricted user account most likely nothing can install into your system cause ie has the same rights as the restricted user then. use the admin account only for driver updates, win updates and so on.

[fliptw]

win xp , 2k etc. are all multiuser-os, why do you work and play in an admin account? if you browse with your ie in an restricted user account most likely nothing can install into your system cause ie has the same rights as the restricted user then. use the admin account only for driver updates, win updates and so on.

And, use the admin account to install a fair number of applications and games(most notable of which is BF1942, IIRC).

most people use admin accounts on windows because they are normally the only ones that use it, and its too inconvient to switch between accounts(provided they are aware of the capability in the first place, most aren't).

XP forces you to have a Computer Administrator account by default anyways.

[Deadmeat]

Running Spybot V1.3 and couldn't update either. Went to KOLLA'Sdownload page and got the updated detection files. No checksum errors.

[Cyclone]

Well this is my current setup.

98se
IE 5.5
Spyseeper
zonealarm
hijackthis
norton

I have norton's auto protect off cuzz when i have it on my computer keeps stalling. If i would have had it on i probably wouldn't have gotten those trojans.

Anybody try the Firefox browser?

[BUBBALOU]

I have no problems with SB 1.3 Updates...via SB

Chalk another one up to USER ERROR!

[AceCombat]

does anyone reconize any of these email addys:

matt@metallisoft.com

|clutch|@hotmail.com



im getting repeated numbers of virus loaded emails from these two addys.

[AceCombat]

Though it would be nice if the morons that upload the updates would bother to CHECK THE DAMN CHECKSUM! (the only two updates available have bac checksum values, thus will not install.)

i updated mine just fine..............updated my brothers just fine........updated my fathers just fine.......and mother just fine....???

[Topher]

does anyone reconize any of these email addys:

matt@metallisoft.com

|clutch|@hotmail.com



im getting repeated numbers of virus loaded emails from these two addys.

Yah, those guys are pretty bad. Stay away from 127.0.0.1 too, he's a nasty one.

More likely than not they're spoofed. Can you even have pipes in a hotmail user name?

[AceCombat]

well looking back at them, one of them even says "DBB Mailer, returned undeliverable mail"


now thats just tooooo much of a coincidence

[BUBBALOU]

Ace your getting spoofed from within your own computer, check your email inbox/outbox/sent items and mailing list.. bet they all match!!!!

You are infected !!!1!

Behold the power of 127.0.0.1!

[AceCombat]

bullsh!t....ive scanned my systems 5 times now, Spybot, Norton, Ad-ware.

i dont use a email application.....i use Hotmail

im clean on each scan with fully updated programs

[MD-2389]

I have no problems with SB 1.3 Updates...via SB

Chalk another one up to USER ERROR!

Yes, as in the user that failed to properly mirror the files.

I ended up using the Europe Safer-Networking mirror to get the defs.

[Cyclone]

blah...