Viruses, Trojans and SPAM/Scam watch [Archived].

Discussion in 'Computer Science & Culture' started by Xerxes, Feb 5, 2003.

Thread Status:
Not open for further replies.
  1. NightFall Lazy Hedonist Valued Senior Member

    Red Devil: i d/l-ed the stinger but it didnt find anything. -pout-
  2. Google AdSense Guest Advertisement

    to hide all adverts.
  3. invert_nexus Ze do caixao Valued Senior Member

    I used to have a copy of Pest Patrol. It was free when I got some anti-virus or other. I haven't used it much. It's supposed to specialize more in trojan removal than adware. I mentioned it in another thread and said that it may not be free. Whoever it was I mentioned it to told me that it was free. Trialware anyway. What does it do? Scan and then tell you to pay if you want it fixed? Bummer.

    Looks like you're running out of choices. There's hijack this, I'm not sure if it removes trojans or not though.

    You might just want to reformat and reinstall from scratch if nothing can remove the virus. Maybe old viruses are the way to go. Seems like nothing can get rid of them.

    Please Register or Log in to view the hidden image!

  4. Google AdSense Guest Advertisement

    to hide all adverts.
  5. GuessWho A Californian Registered Senior Member

    I have used Avast for about a year now for free and it works great without taking so much memory from your computer like Norton (which also costs money). The link is provided below if you are interested.
  6. Google AdSense Guest Advertisement

    to hide all adverts.
  7. NightFall Lazy Hedonist Valued Senior Member

    norton didnt detect this virus. as well as a virus on my friends computer... but i will check avast.

    Please Register or Log in to view the hidden image!

  8. Alpha «Visitor» Registered Senior Member

  9. invert_nexus Ze do caixao Valued Senior Member

    Firefox isn't a virus scanner though. It does cut back on adware, cookies, hijacks and the like, but doesn't scan your system for viruses. Unless they've added some features I don't know about. And I kinda doubt it, considering that firefox is mozilla lite. A virus scanner would add bloat. I use the full version of mozilla. I haven't tried firefox since it was firebird. I didn't care too much for firebird, there weren't enough settings you could tweak.
  10. sevenblu feeling blu Registered Senior Member

    Will Avast work if I already have Norton installed or must I uninstall Norton. I currently use Norton system Works 2003 on Windows XP Pro and want to know if I can use multiple virus scanning programs at one time.
  11. sevenblu feeling blu Registered Senior Member

    BTW: Neither Viri or Virii is a word according to the OED. I pay a subsribtion service to use the OED for debates like this...

  12. Alpha «Visitor» Registered Senior Member

    Yeh, I goofed. Dunno what I was thinking. Maybe it was a typo and I meant to suggest something else. Or just read it wrong. Not sure.
    There are more settings and things you can tweak with Firefox than any other browser I know of. It seems small without the extensions, but that's one of the things that makes it great, is all the extensions for it. And there are a great many tweaks and customizations you can do through the settings files. about:config has lots of settings to tweak (though not all by any means). I believe 0.8 has just as many if not more tweakability than mozilla. I personally prefer Firefox over Mozilla by far.
  13. mom261 Registered Member

    Help! I have the Dropper.Liba.A Trojan on my computer. I have downloaded and ran CWShredder, Ad Aware & SpyBot. I have just also ran the HijackThis program as well and this is what it posted:

    Running processes:
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\PeoplePC Accelerated\propelac.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\MoreResults\MoreResults.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
    O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\PeoplePC Accelerated\propelac.exe
    O4 - HKLM\..\Run: [MoreResults] C:\Program Files\MoreResults\MoreResults.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) -
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

    Can you tell me if any of these things are needed to continue to run my computer? I don't want to delete anything that would be neccessary. Please let me know what to do! I am tired of dealing with this stupid virus! Thanks!!!
  14. Stryder Keeper of "good" ideas. Valued Senior Member

    Once your systems dealt with I'll have to clean this out of the thread.

    From your entries, the following two look like a browser Hijack:
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    The would require a regedit, but hopefully one of the programs can do that for you.

    And the following one is actually a Sasser/worm:
    O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
    This you should be able to either get your antivirus to spot, or you will have to Kill/stop it using TASKMANAGER and then if you can fix the entry so it doesn't load anymore before removing the file from your system.

    There seems to be programs related to your ISP/Soundcard/Graphicscard and a connection accelerator. Hope that helps.
  15. Alpha «Visitor» Registered Senior Member

  16. Rick Valued Senior Member

    Stinger recognizes SASSER Worm

  17. Stryder Keeper of "good" ideas. Valued Senior Member


    It seems over the past couple of weeks there have been an increase in Citibank ( and Ebay renewal notices, ones that state there's an error in your account and you need to re-enter data.

    The e-mail's are fraudulant, They are written with anchors that point to Fraud servers to capture your details if you should attempt to change them.

    Heres a clue of how to work out if something is real or not, This is an actual copy of the URL from a FRAUD e-mail.

    <A HREF=""></A>

    It will look like the real link, however in reality you should always check where the link is actually pointing to when your doing secure transactions.
    In this instance it's going to which is neither HTTPS (An SSL security layered protocol that usually has "Certificates" to prove where it's from) and nor is it actually a Citibank website.

    An unsuspecting person would probably have found there originally a clone of the citibank site, which they would of potentially entered their information into and lost control of their accounts.

    It's an old tactic and isn't just used with Citibank, it's been used with Ebay and a message telling you to update your credit details and other sites not mentioned yet.

    If you feel that you have fallen for one of these, First change your password and security data at citibank or Ebay. Then phone your credit card company or bank and tell them that you suspect your details have found there way into rogue hands, this will mean the bank will keep watch of your account and should any go missing they won't charge you for any loses.
  18. HOWARDSTERN HOWARDSTERN has logged out.... Registered Senior Member

    Beware, Be Cautious, & Be Alert....because

    PeerGuardian Users Beware: Version 1.99 pr 21

    I just came across a warning by "Braindancer", over at, where he is warning people to be careful of where they get their software copy of PeerGuardian.

    It seems that the evil corporations have collectively funded a project to develop a RIP-OFF VERSION OF PEERGUARDIAN CALLED: Version 1.99 pr21 ! ! !

    Please Register or Log in to view the hidden image!

    (note the "pr21").

    Please Register or Log in to view the hidden image!

    In this (crap) version , the evil corporations have decided to "deal" with people who are using PeerGuardian. So they have created a program that's looks like the real PeerGuardian, but with a majorly huge twist ! ! !

    Instead of providing protection from spammers, hackers, banners, popups, viruses, and p2p protection for file sharers, the pr21 version actually collects & sends information to the various evil corporations, as well as any other interested third party assho**les that might want to collect information on you ! ! !

    Please Register or Log in to view the hidden image!

    The first group of As*ho*les found to be doing this is called "". You can be damned sure that they are not going to be the only ones ! ! ! By the way, I did an Ip resolve for their address & came up with this number address: I then did an address whois & came up with this name & address range:
    OrgName: Abacus America Inc.
    NetRange: -
    (just in case any PeerGuardian users want to add them to the block list (BlackList) ! ! !)

    Taken from :

    And now.........a few more words from HOWARDCASH.............

    The reasons for the crap version 21 is obvious (rest assured that there will be more versions with different names & numbers). If these ass*ho*les at, ect... can get enough people to download the crap version, then they will do two things:

    1) make people believe that the real Peerguardian is spyware & erode support for the movement, and

    2) get as many unsuspecting people, as possible, to literally open up their computers to anyone who is connected to this evil group!

    If you haven't heard of PeerGuardian before, then let me tellya:
    PeerGuardian blocks the IP addresses of a seemingly endless number of Evil corporations, ect... all over the internet.

    It is the Evil Corporate A**holes who are the main reason that you get spyware, trojans, & various other viruses.

    - They are the ones who are making the internet go down the toliet.

    - They are the ones who are filling up the search engines with total & complete garbage/bullshit, to the point that it is damned difficult, if not impossible, to find what you are looking for.

    - They are the ones who have made many people "just give up" on trying to buy
    products, for fear of giving away their credit card numbers to these hackers ! !

    - They are the ones who put so much tracking software on your new computer that your computer can spend more time/memory working for them, than it spends working for you!

    Why are these a**holes doing this? BECAUSE THEY CAN!!! There is no law against it. It's up to you & me to protect our computers & privacy.

    Most anti-Spyware/anti-virus programs are RE-ACTIVE. They only try to remove the crap after it is already on your computer. The way that most of them do this is that they have a list of known sites & names of adware/spyware/viruses, that simply look for them on your computer hard drive. You usually have to go back to the anti-virus site periodically to update that list (usually for a continuing cost).

    PeerGuardian is PRO-ACTIVE. It has a list that blocks the IP addresses of other known evil computers from ever connecting to yours in the first place ! ! ! In other words, it's damned difficult for them to put their CrapWare on your computer, if they can't connect to it! ! ! The PeerGuardian list is updated regularly & many users voluntarily report any Evil addresses to make sure that Evil addresses get put on the update lists. There is no charge to get the list updates.

    The Evil Corporations don't like it because they are afraid that you are going to find out about them & block their shit! They are also afraid that you will boycott their other products & let me tellya, most of them are selling products that you buy in places like telecommunications, department stores, ect...

    They should be afraid. Then, they should stop funding the people who are creating the CrapWare/Spyware/viruses, ect..., because they are the ones who are doing this! I have been through many thousands of Ip addresses so far & I have tracked many back to some pretty big name Corporations (I am not going to name anyone~lawsuits, but I easily could).

    I am also HIGHLY SUSPICIOUS of the Anti-Virus people out there today. There is no doubt in my mind that many viruses are produced & sent out over the internet by funding that came down from Anti-Virus software corporations (I am Not going to name anyone).

    They don't like PeerGuardian because it's already cutting into their business/dollars. If enough people use the PeerGuardian, they won't need the Anti-Virus manufacturers.

    The current version of PeerGuardian that I am using is V1.99 pr14. It's an old version, but it works well for me. If anyone wants a good, clean version of PeerGuardian, then here is the url:

    PeerGuardian 1.99b pr16: It can be downloaded <font face="Arial"><a href="" target="_blank">HERE</a></font>

    <a href="" target="_blank">PeerGuardian 1.99 pr16</a> - (Latest Public Release Version)<br />
    <a href="" target="_blank">PeerGuardian Lite</a> - {New Preview Version of Upcoming 2.0 Release!}<br />
    <a href="" target="_blank">Updated Blocklists</a> (home page)

    If you have Windows XP, you'll have to go to the Homepage. I'm not sure if they have got the XP version out yet, but I know that's it on the way.

    As always, PeerGuardan is free. Donations are welcome. Just don't give any donations to ! ! !
    Last edited: Aug 17, 2004
  19. HOWARDSTERN HOWARDSTERN has logged out.... Registered Senior Member

    (commentary by HOWARDSTERN~081804). has just put up a page for PeerGuardian supporters/users to figure out whether they have a genuine or counterfeit version of PeerGuardian.

    This page has a How To Guide, as well as a relatively simple test to assure the authenticity of your PeerGuardian.

    Here is a short list of sites having the counterfeit versions, compiled so far: (WARNING: DO NOT DOWNLOAD FROM THESE SITES ! ! !),82,9454,programy.html/ Guardian 1.99.21.html,39025604,39083242s,00.htm Guardian 1.99.21.html Guardian 1.99.21.html,39021313,39080362s,00.htm,39021356,39001518r-3 8,00.htm,39000587,39085062s,00.htm,39025600,39000624r-3,00.htmŃSTWO/firewall.html

    In closing, I would like to once again express my gratitude & apology to you, Stryderunknown. I know that you have already recieved my earlier apology for writing some of the stuff against you & I read where you acknowledged this. The fact is that we got off to a bad start a long time ago over something that I don't even remember now. Anyhow, I just wanted to let you know that after reading your many posts here at Sciforums, I have come to realize how you have went over & above the call, in helping others here. I see now that Porfiry made an excellent choice in putting you in the captain's seat of this forum. Well done sir.

    Please Register or Log in to view the hidden image!
    Last edited: Aug 19, 2004
  20. Red Devil Born Again Athiest Registered Senior Member

    That list should be deleted.................
  21. grazzhoppa yawwn Valued Senior Member

    I almost got caught with my pants down on an eBay scam. If a seller only accepts Western Union payments, move on and forget that auction, no matter how good\realistic the deal seems or how honest the seller seems on emails. Paying through Western Union for an auction is like handing cash to a stranger on the street.

    Some more info about common but nasty eBay scams.
  22. Ruppert Registered Member

    Well maybe one of the reasons they chose Peerguardian to install spyware is that it does not block UDP protocol.

    People should not be using this software>

    They should go to and get the real software to block.

    It is called ProtoWall and it blocks all know protocols.

    The installation is still being worked on and is a little hard to figure out but they helped me get it installed at

    This is also the place to get the app called Blocklist manager that will download and update ProtoWall.

    Hey guys this is the place to go for your security issues as they are the one who are making the blocklists and updating them daily.

    Thank you for your time
  23. Captain_Crunch Club Ninja Valued Senior Member

    !!NEW WORM!!

    Name: W32/Rbot-PO

    Affected OS: Windows


    All or a combination of the following:
    • Logs keystrokes
    • Turns off anti-virus applications
    • Steals information
    • Creates back door
    • Downloads from internet
    • Reduces system security.

    Fix: For Windows without SPs there is a patch: Windows update site

    Additional info: Appears in processes in Windows Task Manager as wuraclt.exe.
    Last edited: Nov 14, 2004
Thread Status:
Not open for further replies.

Share This Page