Re: After i go to this Web Sit i have many virus he instal he want without permission ! its very Dangerous ! Plz Help

From: Phil Weldon (notdisclosed_at_example.com)
Date: 04/15/04 

Date: Thu, 15 Apr 2004 07:14:59 GMT

Well, computing is damn near like shaving, the computers will be almost
free, and the software will like razor blades, expensive and needs constant
replacement B^)

I did notice a few interesting bits in the uninstall files and log files,
among which was a list of installed programs PLUS programs that have been
uninstalled. 

-- 
Phil Weldon, pweldonatmindjumpdotcom
For communication,
replace "at" with the 'at sign'
replace "mindjump" with "mindspring."
replace "dot" with "."
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:eL1mnKqIEHA.940@tk2msftngp13.phx.gbl...
> I guess I'd say that the log excerpt makes it sound like the issue is at
the
> server end.
>
> There's a Microsoft.public.windowsupdate where they might know for sure,
but
> they are also probably really swamped!
>
> That's interesting about the existence of the folder--not sure what it
> means--we'd all hope that the attributes of the patches--removability or
> not--are the same regardless of the delivery method, and I think they are.
>
> I still don't  understand why download would fail for particular patches
> over that length of time and # of tries--but there may be more to the
errors
> that I can guess.
>
> I did notice that patching via Shavlik's HFNETCHK was duck soup compared
to
> trying to pull directly from WindowsUpdate.
>
> I believe Shavlik pulls the patches from their own servers--not absolutely
> certain.
>
> This brings up an issue I'd not thought much about--if you are intending
to
> provide free patches and free downloading of them, you'd better be darn
sure
> that the infrastructure is up to snuff, or you'll have entrepreneurial
folks
> out there providing your patches at premium rates, but with guaranteed
ease
> of access--shades of the $19.95 scammers.
>
> "Phil Weldon" <notdisclosed@example.com> wrote in message
> news:Ljnfc.10681$k05.1418@newsread2.news.pas.earthlink.net...
> > Yes, the  successful install  came  through Auto Update;  the alert  was
> > to
> > tell me Auto Update was at  work.   The  updates took a reasonable
amount
> > of time (via ADSL ~ 1 Mbit/sec  limit),  it's just that three of  five
> > gave
> > the  message " X did not install."
> >
> > The only difference I see in  the  aftermath  is  that
> > $NtUninstallkBxxxxxx$ folders  exist for the successful  patches via
Auto
> > Update, but not for  the two that were successful  via the "Windows
> > Update"
> > button on the 13th  of April.
> >
> > For what  it is worth,  below is the end  of  the log file for one
> > attempt
> > to install KB828741 on  April  13th, 2004.  It would  have been  nice if
a
> > bit of the information  in the log file had been used in the "X did not
> > instal" message.
> >
> > EXCERPT BEGINS_______________________
> >
> > HttpSendRequest unsuccessful (12029)
> > ***
> >
> > Failed DownloadAndPatchFiles, GLE=0x00002EFD
> >
> > ***
> >
> > Max download retries exceeded, GLE=0x00002EFD
> >
> > ***
> >
> > DoInstallation:DownloadPatchFiles failed
> > ***
> >
> > VerifySize: Unable to verify size: Source = NULL: c:\windows\oem10.cat
> >
> > ***
> >
> > KB828741 installation did not complete.
> > ***
> >
> > Update.exe extended error code = 0x2efd
> > ***
> > EXCERPT ENDS__________________
> >
> > -- 
> > Phil Weldon, pweldonatmindjumpdotcom
> > For communication,
> > replace "at" with the 'at sign'
> > replace "mindjump" with "mindspring."
> > replace "dot" with "."
> >
> > "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> > news:uS3AvLpIEHA.3556@TK2MSFTNGP10.phx.gbl...
> >> I patched a couple of dozen machines last night, and only saw one
failure
> >> that resembled your report--on one machine, all 5 patches failed (this
> >> was
> >> XP, not Windows 2000.)  I figured I'd hit some button wrong by
> >> mistake--WindowsUpdate was very slow and balky, and I was cycling
between
> >> 3-6 machines at a time via Remote Desktop.
> >>
> >> So--I just redid the process at that machine and it went through just
> > fine.
> >>
> >> So you tried numerous times, over the course of parts of two days, and
> >> got
> >> the same failure pattern, but eventually, it resolved and the two
"bad"
> >> ones installed?
> >>
> >> Wierd--I'm having some trouble imagining a mechanism that'd give that
> >> effect.
> >>
> >> Hmm - when you say "Today, I got an update alert"  does that mean that
> >> the
> >> successful install came in via AutoUpdate, rather than via
WindowsUpdate?
> >>
> >> I don't know enough about how the two different update mechanisms work
to
> >> comment intelligently about why this might happen.
> >>
> >> "Phil Weldon" <notdisclosed@example.com> wrote in message
> >> news:kqjfc.9746$k05.8895@newsread2.news.pas.earthlink.net...
> >> > And Interesting Thing happened when I tried to apply the security
> > patches
> >> > released on 13APR04 to my notebook running Windows 2000.  On the 13th
I
> >> > clicked on the 'Windows Update' button.   The Windows Update  began,
> >> > and
> >> > found five critical  updates.  I selected all five, but only two
would
> >> > install successfully:
> >> > (KB837001   MS04-014), (KB828741   MS04-012), and (KB835732
MS04-011)
> >> > would download, but not install.  After four or five attempts,
> > yesterday
> >> > and today,  all of which failed [the updater announced  the failure,
> > but
> >> > gave no error codes nor  explanation but to try the installation
> >> > again.]
> >> > Later today a got an update alert, and the three failing  updates
were
> >> > successfully installed.
> >> >
> >> >
> >> > -- 
> >> > Phil Weldon, pweldonatmindjumpdotcom
> >> > For communication,
> >> > replace "at" with the 'at sign'
> >> > replace "mindjump" with "mindspring."
> >> > replace "dot" with "."
> >> >
> >> >
> >> > "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> >> > news:ObSW4xjIEHA.2236@TK2MSFTNGP10.phx.gbl...
> >> >> Exactly--and as Fraizer has said--that, which he applied after it
was
> >> >> available, should resolve his problem.
> >> >> (and that of all the rest of us as well!)
> >> >>
> >> >> Hey folks--if everybody else is still reading along:  There were a
> > LARGE
> >> >> number of remote code execution vulnerabilities patched in this
> > go-round.
> >> >>
> >> >> This almost guarantees a lot of attempts to exploit these in the
form
> > of
> >> >> worms in the not-too-distant future.
> >> >>
> >> >> Encourage all your friends and relations to get patched asap??
> >> >>
> >> >> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> >> >> news:eY9ADhcIEHA.3528@TK2MSFTNGP09.phx.gbl...
> >> >> > 4/13/2004 10:25:05 PM Deleted  DLIPMAN-1\lipman
> >> >> > D:\temp\IE6\Temporary
> >> >> > Internet
> >> >> > Files\Content.IE5\Z0WFDAGD\popupnew[1].htm Exploit-MhtRedir.gen
> >> >> >
> >> >> >
> >> >> > Exploit-MhtRedir.gen
> >> >> >
> >> >> > http://vil.nai.com/vil/content/v_101170.htm  -  MS Vulnerabilities
> >> >> > MS04-011 - 014
> >> >> >
> >> >> > Dave
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Fraizer" <NOfraizerfrSPAM@yahoo.fr> wrote in message
> >> >> > news:407c7030$0$20165$636a15ce@news.free.fr...
> >> >> > | hello all
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > | - After i go to this F****** Web site http://www.appzplanet.com/
i
> >> > have
> >> >> > this
> >> >> > | ViruS:
> >> >> > |
> >> >> > |
> >> >> > | Under Kaspersky Anti-Virus 4.5.0.95 ->
> >> >> > "TrojanDropper.Win32.Bridge"
> >> > AND
> >> >> > | Under The Cleaner Pro 4.1 build 4252 -> (ABetterInternet) Type:
> >> > Browser
> >> >> > | Hijacker
> >> >> >
> >> >
> >
| --------------------------------------------------------------------------
> >> > --
> >> >> >
> >> >
> >
| --------------------------------------------------------------------------
> >> > --
> >> >> > | --
> >> >> > | C:\Program Files\Internet Explorer\setup.exe
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > | Under Kaspersky Anti-Virus 4.5.0.95 -> "TrojanSpy.Win32.e"  AND
> >> >> > Under
> >> >> > The
> >> >> > | Cleaner Pro 4.1 build 4252 -> (ABetterInternet) Type: Browser
> >> >> > Hijacker
> >> >> >
> >> >
> >
| --------------------------------------------------------------------------
> >> > --
> >> >> >
> > | ---------------------------------------------------------------------
> >> >> > | C:\WINDOWS\system32\a.exe   (in file proprieties i have this
> > version
> >> >> > :
> >> >> > 1, 0,
> >> >> > | 0, 1)
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > | Under Kaspersky Anti-Virus 4.5.0.95 ->
> >> >> > "TrojanDownloader.Win32.Bridge"
> >> >> > AND
> >> >> > | Under The Cleaner Pro 4.1 build 4252 -> (ABetterInternet) Type:
> >> > Browser
> >> >> > | Hijacker
> >> >> >
> >> >
> >
| --------------------------------------------------------------------------
> >> > --
> >> >> >
> >> >
> >
| --------------------------------------------------------------------------
> >> > --
> >> >> > | -----
> >> >> > | C:\WINDOWS\system32\bridge.dll  (in file proprieties i have this
> >> > version
> >> >> > :
> >> >> > | 1, 0, 0, 116 and description : bridge Module)
> >> >> > |
> >> >> > |
> >> >> > | After i erase all this files
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > | - And this web sit put me a file (ActiveX Controle) like this
> >> >> > | {1000000000-1000-0000-1000-000000000000} in the Internet
> >> >> > proprieties->
> >> >> > | General -> Temoprary Internet Files After click on Config and
> >> >> > click
> >> >> > on
> >> >> > | Display Object u have this window : C:\WINDOWS\Downloaded
Program
> >> > Files\
> >> >> > and
> >> >> > | u see this file (ActiveX)
{1000000000-1000-0000-1000-000000000000}
> >> > withe
> >> >> > | other normals Files like : Update Class; Shockwave Flash Obkect;
> >> > Office
> >> >> > | Update Installation Engine... he execute this :
file://C:\Program
> >> >> > | Files\Internet Explorer\setup.exe
> >> >> > |
> >> >> > |
> >> >> > | - And i see he install me a program (i see in Add/uninstall
> > Programs)
> >> >> > the
> >> >> > | name : "Bridge" (Maybe he install me another think :( )
> >> >> > |
> >> >> > |
> >> >> > | - and he put me if i remeber (because i erase) a
Rundll/bridge.dll
> > or
> >> >> > | somthink like this...
> >> >> > |
> >> >> > |
> >> >> > | + After i erase all this files i do a Scan with Ad-aware 6.0 and
i
> >> > have
> >> >> > this
> >> >> > | log file : (i earase all)
> >> >> > |
> >> >> > | WINFAVORITES
> >> >> > | ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
> >> >> > | obj[0]=RegKey : Bridge.brdg
> >> >> > | obj[1]=RegKey : Bridge.brdg.1
> >> >> > | obj[2]=RegKey : CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
> >> >> > | obj[3]=RegKey : TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
> >> >> > | obj[4]=RegKey : Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > | PLEASE help me :( (i format all my computer and install again
and
> >> >> > i
> >> > have
> >> >> > the
> >> >> > | same problem)
> >> >> > |
> >> >> > | sorry if my english is poor. :(
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > | PS: When i go to this link : http://www.appzplanet.com/ the
first
> >> >> > time
> >> >> > he
> >> >> > | open a porno popup AND another window but this time He Ask Me if
i
> >> >> > accept a
> >> >> > | certificat if i remeber but i dont clik on Yes or No i just
closed
> >> >> > the
> >> >> > | window... and i see i have this problem i clean all like this
and
> >> > after
> >> >> > i
> >> >> > | check my system because i dont undstand why.. i think its files
> > after
> >> > i
> >> >> > run
> >> >> > | it but no and now i try many think i go again in the web sit and
I
> >> > Have
> >> >> > The
> >> >> > | Same Problems.. Now i Knwo But in the Seconde Time when i go i
> >> >> > have
> >> >> > little
> >> >> > | Difference ! -> He just open a porno popups But he Dont ask me
for
> >> >> > the
> >> >> > | certificat... (if i closed the Certificat mean yes or what ???
> >> >> > what
> > i
> >> > do
> >> >> > to
> >> >> > | have again ask me for certificat ??). [I IDENTIFY THIS ITS FOR
> >> > SHOKWAVE
> >> >> > | PLAYER BECAUSE THIS F*** WEB SITE WANT THIS TO RUN A Bandau
> >> >> > publicity...]
> >> >> > |
> >> >> > |
> >> >> > | PS2: I dont know if for another web sit i have this same
> >> >> > problems..
> > i
> >> >> > afraid
> >> >> > | to go :(
> >> >> > |
> >> >> > |
> >> >> > | PS3: when i tell you this : """"(Maybe he install me another
think
> >> >> > :( )""" i
> >> >> > | found this in Add/uninstall Programs ""Internet Explorer
Q832894""
> > i
> >> >> > dont
> >> >> > | know if its official or not... but i go in windows update to
chek
> > if
> >> >> > i
> >> >> > | download this in my hitorical download and i see nothink when i
> >> >> > search
> >> >> > withe
> >> >> > | this name "Q832894" in the window and i try to uninstall but he
> > dont
> >> >> > want he
> >> >> > | tell "INF File Invalid" (in Add/uninstall Programs) (Note: i
dont
> >> >> > tell
> >> >> > this
> >> >> > | its not normal i just tell u all i see to help :( )
> >> >> > |
> >> >> > |
> >> >> > | PS4: when i right this msg i see 7 critycals updates (3.6 mo..)
in
> >> >> > windows
> >> >> > | update since this morning to know :) 7 since 12 Hours... buged
xp
> > OS
> >> >> > tsss...
> >> >> > |
> >> >> > |
> >> >> > | PS5: !! --> i just try with another computer with Windows XP pro
> > Too
> >> > and
> >> >> > i
> >> >> > | have exactly the same problem !!!!!!! he install me the same
files
> >> > same
> >> >> > | registery etc... !!! all same !!! its the Web sit this Fu***
> > (sorry)
> >> > web
> >> >> > sit
> >> >> > | ! He Ask You Nothink ! He install without confirmation ! u have
> > juste
> >> > to
> >> >> > go
> >> >> > | to the web sit and he do all without you now !
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> > |
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>