Viruses, Trojans and SPAM/Scam watch [Archived].
- Thread starter Xerxes
- Start date
- Status
I used to have a copy of Pest Patrol. It was free when I got some anti-virus or other. I haven't used it much. It's supposed to specialize more in trojan removal than adware. I mentioned it in another thread and said that it may not be free. Whoever it was I mentioned it to told me that it was free. Trialware anyway. What does it do? Scan and then tell you to pay if you want it fixed? Bummer.
Looks like you're running out of choices. There's hijack this, I'm not sure if it removes trojans or not though.
You might just want to reformat and reinstall from scratch if nothing can remove the virus. Maybe old viruses are the way to go. Seems like nothing can get rid of them.
Looks like you're running out of choices. There's hijack this, I'm not sure if it removes trojans or not though.
You might just want to reformat and reinstall from scratch if nothing can remove the virus. Maybe old viruses are the way to go. Seems like nothing can get rid of them.
I have used Avast for about a year now for free and it works great without taking so much memory from your computer like Norton (which also costs money). The link is provided below if you are interested.
http://www.avast.com/i_idt_1016.html
http://www.avast.com/i_idt_1016.html
I would suggest Firefox (http://mozilla.org/products/firefox) over Avast.
Firefox isn't a virus scanner though. It does cut back on adware, cookies, hijacks and the like, but doesn't scan your system for viruses. Unless they've added some features I don't know about. And I kinda doubt it, considering that firefox is mozilla lite. A virus scanner would add bloat. I use the full version of mozilla. I haven't tried firefox since it was firebird. I didn't care too much for firebird, there weren't enough settings you could tweak.
Yeh, I goofed. Dunno what I was thinking. Maybe it was a typo and I meant to suggest something else. Or just read it wrong. Not sure.
There are more settings and things you can tweak with Firefox than any other browser I know of. It seems small without the extensions, but that's one of the things that makes it great, is all the extensions for it. And there are a great many tweaks and customizations you can do through the settings files. about:config has lots of settings to tweak (though not all by any means). I believe 0.8 has just as many if not more tweakability than mozilla. I personally prefer Firefox over Mozilla by far.
Help! I have the Dropper.Liba.A Trojan on my computer. I have downloaded and ran CWShredder, Ad Aware & SpyBot. I have just also ran the HijackThis program as well and this is what it posted:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MoreResults\MoreResults.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
c:\zipitpro\zipitfast.exe
C:\WINDOWS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\PeoplePC Accelerated\propelac.exe
O4 - HKLM\..\Run: [MoreResults] C:\Program Files\MoreResults\MoreResults.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/webolr/OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Can you tell me if any of these things are needed to continue to run my computer? I don't want to delete anything that would be neccessary. Please let me know what to do! I am tired of dealing with this stupid virus! Thanks!!!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MoreResults\MoreResults.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
c:\zipitpro\zipitfast.exe
C:\WINDOWS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\PeoplePC Accelerated\propelac.exe
O4 - HKLM\..\Run: [MoreResults] C:\Program Files\MoreResults\MoreResults.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/webolr/OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Can you tell me if any of these things are needed to continue to run my computer? I don't want to delete anything that would be neccessary. Please let me know what to do! I am tired of dealing with this stupid virus! Thanks!!!
Once your systems dealt with I'll have to clean this out of the thread.
From your entries, the following two look like a browser Hijack:
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
The would require a regedit, but hopefully one of the programs can do that for you.
And the following one is actually a Sasser/worm:
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
This you should be able to either get your antivirus to spot, or you will have to Kill/stop it using TASKMANAGER and then if you can fix the entry so it doesn't load anymore before removing the file from your system.
There seems to be programs related to your ISP/Soundcard/Graphicscard and a connection accelerator. Hope that helps.
From your entries, the following two look like a browser Hijack:
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
The would require a regedit, but hopefully one of the programs can do that for you.
And the following one is actually a Sasser/worm:
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
This you should be able to either get your antivirus to spot, or you will have to Kill/stop it using TASKMANAGER and then if you can fix the entry so it doesn't load anymore before removing the file from your system.
There seems to be programs related to your ISP/Soundcard/Graphicscard and a connection accelerator. Hope that helps.
!!Warning!!
It seems over the past couple of weeks there have been an increase in Citibank (citi.com) and Ebay renewal notices, ones that state there's an error in your account and you need to re-enter data.
The e-mail's are fraudulant, They are written with anchors that point to Fraud servers to capture your details if you should attempt to change them.
Heres a clue of how to work out if something is real or not, This is an actual copy of the URL from a FRAUD e-mail.
<A HREF="http://208.56.64.125/citibank/">https://web.da-us.citibank.com/signin/citifi/verify/%?6488820019</A>
It will look like the real link, however in reality you should always check where the link is actually pointing to when your doing secure transactions.
In this instance it's going to http://208.56.64.125/citibank/ which is neither HTTPS (An SSL security layered protocol that usually has "Certificates" to prove where it's from) and nor is it actually a Citibank website.
An unsuspecting person would probably have found there originally a clone of the citibank site, which they would of potentially entered their information into and lost control of their accounts.
It's an old tactic and isn't just used with Citibank, it's been used with Ebay and a message telling you to update your credit details and other sites not mentioned yet.
If you feel that you have fallen for one of these, First change your password and security data at citibank or Ebay. Then phone your credit card company or bank and tell them that you suspect your details have found there way into rogue hands, this will mean the bank will keep watch of your account and should any go missing they won't charge you for any loses.
It seems over the past couple of weeks there have been an increase in Citibank (citi.com) and Ebay renewal notices, ones that state there's an error in your account and you need to re-enter data.
The e-mail's are fraudulant, They are written with anchors that point to Fraud servers to capture your details if you should attempt to change them.
Heres a clue of how to work out if something is real or not, This is an actual copy of the URL from a FRAUD e-mail.
<A HREF="http://208.56.64.125/citibank/">https://web.da-us.citibank.com/signin/citifi/verify/%?6488820019</A>
It will look like the real link, however in reality you should always check where the link is actually pointing to when your doing secure transactions.
In this instance it's going to http://208.56.64.125/citibank/ which is neither HTTPS (An SSL security layered protocol that usually has "Certificates" to prove where it's from) and nor is it actually a Citibank website.
An unsuspecting person would probably have found there originally a clone of the citibank site, which they would of potentially entered their information into and lost control of their accounts.
It's an old tactic and isn't just used with Citibank, it's been used with Ebay and a message telling you to update your credit details and other sites not mentioned yet.
If you feel that you have fallen for one of these, First change your password and security data at citibank or Ebay. Then phone your credit card company or bank and tell them that you suspect your details have found there way into rogue hands, this will mean the bank will keep watch of your account and should any go missing they won't charge you for any loses.
Beware, Be Cautious, & Be Alert....because
PeerGuardian Users Beware: Version 1.99 pr 21
I just came across a warning by "Braindancer", over at Methlabs.org, where he is warning people to be careful of where they get their software copy of PeerGuardian.
It seems that the evil corporations have collectively funded a project to develop a RIP-OFF VERSION OF PEERGUARDIAN CALLED: Version 1.99 pr21 ! ! !
(note the "pr21").
In this (crap) version , the evil corporations have decided to "deal" with people who are using PeerGuardian. So they have created a program that's looks like the real PeerGuardian, but with a majorly huge twist ! ! !
Instead of providing protection from spammers, hackers, banners, popups, viruses, and p2p protection for file sharers, the pr21 version actually collects & sends information to the various evil corporations, as well as any other interested third party assho**les that might want to collect information on you ! ! !
The first group of As*ho*les found to be doing this is called "openwares.org". You can be damned sure that they are not going to be the only ones ! ! ! By the way, I did an Ip resolve for their address & came up with this number address: 66.226.81.182. I then did an address whois & came up with this name & address range:
OrgName: Abacus America Inc.
NetRange: 66.226.64.0 - 66.226.95.255 (just in case any PeerGuardian users want to add them to the block list (BlackList) ! ! !)
Taken from http://methlabs.org/forums/announcement.php?f=28 :
And now.........a few more words from HOWARDCASH.............
The reasons for the crap version 21 is obvious (rest assured that there will be more versions with different names & numbers). If these ass*ho*les at openwares.org, ect... can get enough people to download the crap version, then they will do two things:
1) make people believe that the real Peerguardian is spyware & erode support for the movement, and
2) get as many unsuspecting people, as possible, to literally open up their computers to anyone who is connected to this evil group!
If you haven't heard of PeerGuardian before, then let me tellya:
PeerGuardian blocks the IP addresses of a seemingly endless number of Evil corporations, ect... all over the internet.
It is the Evil Corporate A**holes who are the main reason that you get spyware, trojans, & various other viruses.
- They are the ones who are making the internet go down the toliet.
- They are the ones who are filling up the search engines with total & complete garbage/bullshit, to the point that it is damned difficult, if not impossible, to find what you are looking for.
- They are the ones who have made many people "just give up" on trying to buy
products, for fear of giving away their credit card numbers to these hackers ! !
- They are the ones who put so much tracking software on your new computer that your computer can spend more time/memory working for them, than it spends working for you!
Why are these a**holes doing this? BECAUSE THEY CAN!!! There is no law against it. It's up to you & me to protect our computers & privacy.
Most anti-Spyware/anti-virus programs are RE-ACTIVE. They only try to remove the crap after it is already on your computer. The way that most of them do this is that they have a list of known sites & names of adware/spyware/viruses, that simply look for them on your computer hard drive. You usually have to go back to the anti-virus site periodically to update that list (usually for a continuing cost).
PeerGuardian is PRO-ACTIVE. It has a list that blocks the IP addresses of other known evil computers from ever connecting to yours in the first place ! ! ! In other words, it's damned difficult for them to put their CrapWare on your computer, if they can't connect to it! ! ! The PeerGuardian list is updated regularly & many users voluntarily report any Evil addresses to make sure that Evil addresses get put on the update lists. There is no charge to get the list updates.
The Evil Corporations don't like it because they are afraid that you are going to find out about them & block their shit! They are also afraid that you will boycott their other products & let me tellya, most of them are selling products that you buy in places like telecommunications, department stores, ect...
They should be afraid. Then, they should stop funding the people who are creating the CrapWare/Spyware/viruses, ect..., because they are the ones who are doing this! I have been through many thousands of Ip addresses so far & I have tracked many back to some pretty big name Corporations (I am not going to name anyone~lawsuits, but I easily could).
I am also HIGHLY SUSPICIOUS of the Anti-Virus people out there today. There is no doubt in my mind that many viruses are produced & sent out over the internet by funding that came down from Anti-Virus software corporations (I am Not going to name anyone).
They don't like PeerGuardian because it's already cutting into their business/dollars. If enough people use the PeerGuardian, they won't need the Anti-Virus manufacturers.
The current version of PeerGuardian that I am using is V1.99 pr14. It's an old version, but it works well for me. If anyone wants a good, clean version of PeerGuardian, then here is the url:
PeerGuardian 1.99b pr16: It can be downloaded <font face="Arial"><a href="http://methlabs.org/forums/attachment.php?attachmentid=170" target="_blank">HERE</a></font>
<a href="http://methlabs.org/forums/attachment.php?attachmentid=170" target="_blank">PeerGuardian 1.99 pr16</a> - (Latest Public Release Version)<br />
<a href="http://dev.int64.org/pglite.html" target="_blank">PeerGuardian Lite</a> - {New Preview Version of Upcoming 2.0 Release!}<br />
<a href="http://methlabs.org/sync/" target="_blank">Updated Blocklists</a>
http://methlabs.org/forums/ (home page)
If you have Windows XP, you'll have to go to the Homepage. I'm not sure if they have got the XP version out yet, but I know that's it on the way.
As always, PeerGuardan is free. Donations are welcome. Just don't give any donations to openwares.org ! ! !
PeerGuardian Users Beware: Version 1.99 pr 21
I just came across a warning by "Braindancer", over at Methlabs.org, where he is warning people to be careful of where they get their software copy of PeerGuardian.
It seems that the evil corporations have collectively funded a project to develop a RIP-OFF VERSION OF PEERGUARDIAN CALLED: Version 1.99 pr21 ! ! !
In this (crap) version , the evil corporations have decided to "deal" with people who are using PeerGuardian. So they have created a program that's looks like the real PeerGuardian, but with a majorly huge twist ! ! !
Instead of providing protection from spammers, hackers, banners, popups, viruses, and p2p protection for file sharers, the pr21 version actually collects & sends information to the various evil corporations, as well as any other interested third party assho**les that might want to collect information on you ! ! !
The first group of As*ho*les found to be doing this is called "openwares.org". You can be damned sure that they are not going to be the only ones ! ! ! By the way, I did an Ip resolve for their address & came up with this number address: 66.226.81.182. I then did an address whois & came up with this name & address range:
OrgName: Abacus America Inc.
NetRange: 66.226.64.0 - 66.226.95.255 (just in case any PeerGuardian users want to add them to the block list (BlackList) ! ! !)
Taken from http://methlabs.org/forums/announcement.php?f=28 :
And now.........a few more words from HOWARDCASH.............
The reasons for the crap version 21 is obvious (rest assured that there will be more versions with different names & numbers). If these ass*ho*les at openwares.org, ect... can get enough people to download the crap version, then they will do two things:
1) make people believe that the real Peerguardian is spyware & erode support for the movement, and
2) get as many unsuspecting people, as possible, to literally open up their computers to anyone who is connected to this evil group!
If you haven't heard of PeerGuardian before, then let me tellya:
PeerGuardian blocks the IP addresses of a seemingly endless number of Evil corporations, ect... all over the internet.
It is the Evil Corporate A**holes who are the main reason that you get spyware, trojans, & various other viruses.
- They are the ones who are making the internet go down the toliet.
- They are the ones who are filling up the search engines with total & complete garbage/bullshit, to the point that it is damned difficult, if not impossible, to find what you are looking for.
- They are the ones who have made many people "just give up" on trying to buy
products, for fear of giving away their credit card numbers to these hackers ! !
- They are the ones who put so much tracking software on your new computer that your computer can spend more time/memory working for them, than it spends working for you!
Why are these a**holes doing this? BECAUSE THEY CAN!!! There is no law against it. It's up to you & me to protect our computers & privacy.
Most anti-Spyware/anti-virus programs are RE-ACTIVE. They only try to remove the crap after it is already on your computer. The way that most of them do this is that they have a list of known sites & names of adware/spyware/viruses, that simply look for them on your computer hard drive. You usually have to go back to the anti-virus site periodically to update that list (usually for a continuing cost).
PeerGuardian is PRO-ACTIVE. It has a list that blocks the IP addresses of other known evil computers from ever connecting to yours in the first place ! ! ! In other words, it's damned difficult for them to put their CrapWare on your computer, if they can't connect to it! ! ! The PeerGuardian list is updated regularly & many users voluntarily report any Evil addresses to make sure that Evil addresses get put on the update lists. There is no charge to get the list updates.
The Evil Corporations don't like it because they are afraid that you are going to find out about them & block their shit! They are also afraid that you will boycott their other products & let me tellya, most of them are selling products that you buy in places like telecommunications, department stores, ect...
They should be afraid. Then, they should stop funding the people who are creating the CrapWare/Spyware/viruses, ect..., because they are the ones who are doing this! I have been through many thousands of Ip addresses so far & I have tracked many back to some pretty big name Corporations (I am not going to name anyone~lawsuits, but I easily could).
I am also HIGHLY SUSPICIOUS of the Anti-Virus people out there today. There is no doubt in my mind that many viruses are produced & sent out over the internet by funding that came down from Anti-Virus software corporations (I am Not going to name anyone).
They don't like PeerGuardian because it's already cutting into their business/dollars. If enough people use the PeerGuardian, they won't need the Anti-Virus manufacturers.
The current version of PeerGuardian that I am using is V1.99 pr14. It's an old version, but it works well for me. If anyone wants a good, clean version of PeerGuardian, then here is the url:
PeerGuardian 1.99b pr16: It can be downloaded <font face="Arial"><a href="http://methlabs.org/forums/attachment.php?attachmentid=170" target="_blank">HERE</a></font>
<a href="http://methlabs.org/forums/attachment.php?attachmentid=170" target="_blank">PeerGuardian 1.99 pr16</a> - (Latest Public Release Version)<br />
<a href="http://dev.int64.org/pglite.html" target="_blank">PeerGuardian Lite</a> - {New Preview Version of Upcoming 2.0 Release!}<br />
<a href="http://methlabs.org/sync/" target="_blank">Updated Blocklists</a>
http://methlabs.org/forums/ (home page)
If you have Windows XP, you'll have to go to the Homepage. I'm not sure if they have got the XP version out yet, but I know that's it on the way.
As always, PeerGuardan is free. Donations are welcome. Just don't give any donations to openwares.org ! ! !
Last edited:
LATEST NEWS ON THE "PeerGuardian" COUNTERFEITERS
(commentary by HOWARDSTERN~081804).
Methlabs.org has just put up a page for PeerGuardian supporters/users to figure out whether they have a genuine or counterfeit version of PeerGuardian.
This page has a How To Guide, as well as a relatively simple test to assure the authenticity of your PeerGuardian.
THE HOW TO TELL SITE IS HERE: http://methlabs.org/howtotell/
Here is a short list of sites having the counterfeit versions, compiled so far: (WARNING: DO NOT DOWNLOAD FROM THESE SITES ! ! !)
http://www.openwares.org/
http://www.download.com/
http://download.cnet.com/
http://downloads-zdnet.com/
http://programy.onet.pl/74,82,9454,programy.html/
http://www.eprogramas.com/programas/Internet/seguridad/PeerGuardian_1.99.21.php
http://www.sofotex.com/PeerGuardian...oad_L21920.html
http://www.idg.pl/ftp/pc_3923/Peer.Guardian.1.99.21.html
http://www.internetstandard.com.pl/ftp/3923/Peer Guardian 1.99.21.html
http://www.internetstandard.com.pl/ftp/pobierz/pc/3923.html
http://www.download.com/PeerGuardian/3000-2144-10303292.html
http://downloads-zdnet.com.com/PeerGuardian/3000-2144-10303292.html
http://downloads.zdnet.co.uk/0,39025604,39083242s,00.htm
http://www.pcworld.pl/ftp/pc/programy/3923/Peer.Guardian.1.99.21.html
http://www.networld.pl/ftp/pc/programy/3923/Peer.Guardian.1.99.21.html
http://www.eprogramas.com/programas/Internet/seguridad/PeerGuardian_1.99.21.php
http://www.digit.pl/ftp/pc_3923/Peer.Guardian.1.99.21.html
http://www.computerworld.pl/ftp/3923/Peer Guardian 1.99.21.html
http://www.cxo.pl/ftp/FTPprogram.asp?id=3923
http://www.pcworld.pl/ftp/pobierz/pc/3923.html
http://www.itpartner.pl/ftp/pobierz/pc/3923.htm
http://www.kinodomowe.idg.pl/ftp/3923/Peer Guardian 1.99.21.html
http://www.zdnet.fr/telecharger/windows/fiche/0,39021313,39080362s,00.htm
http://netscape.com.com/PeerGuardian/3000-2144-10303292.html
http://www.download.com/PeerGuardian/3000-2144-10280657.html
http://www.excite.co.jp/world/engli...dian-download_L21920.html&wb_lp=ENJA&wb_dis=3
http://downloads-zdnet.com.com/MP3-Search-Tools/3150-2166_2-0.html
http://www.networld.pl/ftp/pobierz/pc/3923.html
http://bezpieczenstwo.idg.pl/ftp/pobierz/pc/3923.html
http://sakaguch.com/PastBBS/0005/B0002634.html
http://www.hope.com.tw/rel.asp?C=FIRSTNEWS&O=200407161913215251&L=&U=U=&F=&D=&R=SHAREWARE
http://www.zdnet.fr/telecharger/windows/categorie/0,39021356,39001518r-3+8,00.htm
http://asia.cnet.com/downloads/pc/swinfo/0,39000587,39085062s,00.htm
http://simfile.chol.com/view.php?fnum=63401
http://www.cxo.pl/ftp/FTPalf.asp?id=P
http://simfile.chol.com/view.php?fnum=63401
http://www.cxo.pl/ftp/FTPalf.asp?id=P
http://www.digit.pl/ftp/kategoria/pc_70/firewall.html
http://www.sofotex.com/PeerGuardian-download_L21920.html
http://night-sector.webspace4free.biz/
http://www.hope.com.tw/rel.asp?C=FIRSTNEWS&O=200407161913215251&L=&U=&F=&D=&R=SHAREWARE
http://gamelist.ru/outhttp%3A%2F%2Fwww.mac-net.com.html
http://gamelist.ru/outhttp%3A%2F%2Fwww.mac-net.com.html
http://downloads.zdnet.co.uk/0,39025600,39000624r-3,00.htm
http://www.kinodomowe.idg.pl/ftp/kategoria/70/BEZPIECZEŃSTWO/firewall.html
http://bezpieczenstwo.idg.pl/ftp/kategoria/pc_70/bezpieczenstwo/firewall.htm
http://download.rol.ro/programe/1/1931.htm
http://www.dnscaching.net/Downloads/guard-1.99.21.exe
In closing, I would like to once again express my gratitude & apology to you, Stryderunknown. I know that you have already recieved my earlier apology for writing some of the stuff against you & I read where you acknowledged this. The fact is that we got off to a bad start a long time ago over something that I don't even remember now. Anyhow, I just wanted to let you know that after reading your many posts here at Sciforums, I have come to realize how you have went over & above the call, in helping others here. I see now that Porfiry made an excellent choice in putting you in the captain's seat of this forum. Well done sir.
http://methlabs.org/howtotell/
http://methlabs.org/forums/
(commentary by HOWARDSTERN~081804).
Methlabs.org has just put up a page for PeerGuardian supporters/users to figure out whether they have a genuine or counterfeit version of PeerGuardian.
This page has a How To Guide, as well as a relatively simple test to assure the authenticity of your PeerGuardian.
THE HOW TO TELL SITE IS HERE: http://methlabs.org/howtotell/
Here is a short list of sites having the counterfeit versions, compiled so far: (WARNING: DO NOT DOWNLOAD FROM THESE SITES ! ! !)
http://www.openwares.org/
http://www.download.com/
http://download.cnet.com/
http://downloads-zdnet.com/
http://programy.onet.pl/74,82,9454,programy.html/
http://www.eprogramas.com/programas/Internet/seguridad/PeerGuardian_1.99.21.php
http://www.sofotex.com/PeerGuardian...oad_L21920.html
http://www.idg.pl/ftp/pc_3923/Peer.Guardian.1.99.21.html
http://www.internetstandard.com.pl/ftp/3923/Peer Guardian 1.99.21.html
http://www.internetstandard.com.pl/ftp/pobierz/pc/3923.html
http://www.download.com/PeerGuardian/3000-2144-10303292.html
http://downloads-zdnet.com.com/PeerGuardian/3000-2144-10303292.html
http://downloads.zdnet.co.uk/0,39025604,39083242s,00.htm
http://www.pcworld.pl/ftp/pc/programy/3923/Peer.Guardian.1.99.21.html
http://www.networld.pl/ftp/pc/programy/3923/Peer.Guardian.1.99.21.html
http://www.eprogramas.com/programas/Internet/seguridad/PeerGuardian_1.99.21.php
http://www.digit.pl/ftp/pc_3923/Peer.Guardian.1.99.21.html
http://www.computerworld.pl/ftp/3923/Peer Guardian 1.99.21.html
http://www.cxo.pl/ftp/FTPprogram.asp?id=3923
http://www.pcworld.pl/ftp/pobierz/pc/3923.html
http://www.itpartner.pl/ftp/pobierz/pc/3923.htm
http://www.kinodomowe.idg.pl/ftp/3923/Peer Guardian 1.99.21.html
http://www.zdnet.fr/telecharger/windows/fiche/0,39021313,39080362s,00.htm
http://netscape.com.com/PeerGuardian/3000-2144-10303292.html
http://www.download.com/PeerGuardian/3000-2144-10280657.html
http://www.excite.co.jp/world/engli...dian-download_L21920.html&wb_lp=ENJA&wb_dis=3
http://downloads-zdnet.com.com/MP3-Search-Tools/3150-2166_2-0.html
http://www.networld.pl/ftp/pobierz/pc/3923.html
http://bezpieczenstwo.idg.pl/ftp/pobierz/pc/3923.html
http://sakaguch.com/PastBBS/0005/B0002634.html
http://www.hope.com.tw/rel.asp?C=FIRSTNEWS&O=200407161913215251&L=&U=U=&F=&D=&R=SHAREWARE
http://www.zdnet.fr/telecharger/windows/categorie/0,39021356,39001518r-3+8,00.htm
http://asia.cnet.com/downloads/pc/swinfo/0,39000587,39085062s,00.htm
http://simfile.chol.com/view.php?fnum=63401
http://www.cxo.pl/ftp/FTPalf.asp?id=P
http://simfile.chol.com/view.php?fnum=63401
http://www.cxo.pl/ftp/FTPalf.asp?id=P
http://www.digit.pl/ftp/kategoria/pc_70/firewall.html
http://www.sofotex.com/PeerGuardian-download_L21920.html
http://night-sector.webspace4free.biz/
http://www.hope.com.tw/rel.asp?C=FIRSTNEWS&O=200407161913215251&L=&U=&F=&D=&R=SHAREWARE
http://gamelist.ru/outhttp%3A%2F%2Fwww.mac-net.com.html
http://gamelist.ru/outhttp%3A%2F%2Fwww.mac-net.com.html
http://downloads.zdnet.co.uk/0,39025600,39000624r-3,00.htm
http://www.kinodomowe.idg.pl/ftp/kategoria/70/BEZPIECZEŃSTWO/firewall.html
http://bezpieczenstwo.idg.pl/ftp/kategoria/pc_70/bezpieczenstwo/firewall.htm
http://download.rol.ro/programe/1/1931.htm
http://www.dnscaching.net/Downloads/guard-1.99.21.exe
In closing, I would like to once again express my gratitude & apology to you, Stryderunknown. I know that you have already recieved my earlier apology for writing some of the stuff against you & I read where you acknowledged this. The fact is that we got off to a bad start a long time ago over something that I don't even remember now. Anyhow, I just wanted to let you know that after reading your many posts here at Sciforums, I have come to realize how you have went over & above the call, in helping others here. I see now that Porfiry made an excellent choice in putting you in the captain's seat of this forum. Well done sir.
http://methlabs.org/howtotell/
http://methlabs.org/forums/
Last edited:
I almost got caught with my pants down on an eBay scam. If a seller only accepts Western Union payments, move on and forget that auction, no matter how good\realistic the deal seems or how honest the seller seems on emails. Paying through Western Union for an auction is like handing cash to a stranger on the street.
Some more info about common but nasty eBay scams.
Some more info about common but nasty eBay scams.
Well maybe one of the reasons they chose Peerguardian to install spyware is that it does not block UDP protocol.
People should not be using this software>
They should go to www.bluetack.co.uk and get the real software to block.
It is called ProtoWall and it blocks all know protocols.
The installation is still being worked on and is a little hard to figure out but they helped me get it installed at bluetack.co.uk
This is also the place to get the app called Blocklist manager that will download and update ProtoWall.
Hey guys this is the place to go for your security issues as they are the one who are making the blocklists and updating them daily.
Thank you for your time
People should not be using this software>
They should go to www.bluetack.co.uk and get the real software to block.
It is called ProtoWall and it blocks all know protocols.
The installation is still being worked on and is a little hard to figure out but they helped me get it installed at bluetack.co.uk
This is also the place to get the app called Blocklist manager that will download and update ProtoWall.
Hey guys this is the place to go for your security issues as they are the one who are making the blocklists and updating them daily.
Thank you for your time
!!NEW WORM!!
Name: W32/Rbot-PO
Affected OS: Windows
Effects:
All or a combination of the following:
Fix: For Windows without SPs there is a patch: Windows update site
Additional info: Appears in processes in Windows Task Manager as wuraclt.exe.
Name: W32/Rbot-PO
Affected OS: Windows
Effects:
All or a combination of the following:
- Logs keystrokes
- Turns off anti-virus applications
- Steals information
- Creates back door
- Downloads from internet
- Reduces system security.
Fix: For Windows without SPs there is a patch: Windows update site
Additional info: Appears in processes in Windows Task Manager as wuraclt.exe.
Last edited:
- Status