Re: Databaseben, I need to talk to you again, please

Hi again, Databaseben. OMG, what have I gotten myself into this time?

Did you read the answer to my original question, that was posted by "Glee"?
If not, could you read it? I'm such a novice, I don't know if I understand
what he/she is trying to tell me.

I did read the article you linked to me, and it was really scary. What is
more scary is thinking I might still have a Trojan Horse on my system! I
rercently ran all the security software I have - Ad-Aware SE, Webroot Spy
Sweeper, and Norton Anti-Virus scans. I also ran Norton's One-Button
Checker, Windows Doctor, Disk Doctor and Check Disk. I have also added all
of the October Windows Security Updates to my system. And everything (except
the code I sent you) checked out fine.

I have not added any toolbars in a very long time. The only thing I can
think of that I've done differently is that I switched to Real Player from
Windows Media Player. I have a large bunch of commercial music CD's that I
wanted to put in a library in case a disk got damaged. When I did it with
WMP, I found that none of the song titles, artist, album name or genre came
through, just track numbers. Not wanting the very long, tedious job of
typing all this in manually, I tried Real Player, which worked fine. I was
connected to the Internet at the time to get the CD information. Could Real
Player be the cause of a Trojan? I thought they were reputable. I never did
get a toolbar from them...

Please help! I need to know how to find and get rid of this Trojan if all
I've done above security-wise didn't find it. I've tried so hard to avoid
all the "pitfalls" of these Internet Monsters. I'm about ready to have the
Internet taken off my computer - I just don't know if it's worth the dangers
out there.

Thanks, Databaseben, for your interest and for any help you can give me....

"DatabaseBen" wrote:

hey mtnlady,
here is an article of what i
mentioned to you earlier...

http://www.eweek.com/article2/0,1759,2034680,00.asp?kc=EWRSS03119TX1K0000594

but it isnt a new concept, just recently
made newsworthy to the uninformed..


"DatabaseBen" <databaseben@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uKwd9GV9GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
hello mtnlady,
yeh found the other posting with
your discovery.

i'm very interested with your analysis
and will take a look into it.

but, lets not be hasty in considering
that the ntregopt is the perpetrator of
a trojan. i checked that website and
followed that link to the home page at
http://www.larshederer.homepage.t-online.de/erunt/index.htm
and when the file sizes are compared they are both 472kb.
Then when i clicked to download a copy from majorgeek
the file size was also 472. (Of course i already had
a copy for a long time, but wanted to double check
out the download.)

This is important to know, because if the file
size was bigger or smaller than the original file
found at http://www.larshederer.homepage.t-online.de/erunt/index.htm
then we know the code was rewrittened.

now a days, there are softwares that
pretend to have discovered something
bad, but they are the cause of
the infiltration. But trojans can also
be snucked onto your system, with
music, videos and lots of other ways.

remember that a trojan by design hides
malacious code but figuring out
how it got on your system and where
that file is located is the question.
you disovered the malacious code but
the trojan imay still on your system and
hiding until the time is right to unleash
the malware....

Have you downloaded or allowed somekind
of toolbars to be installed recently?

Just to top of my head
right now, it sounds like the data you pasted
on the other posting is referring to an explorer
toolbar.

I know that today I was searching for old music
from that cold case tv show, and i swear i had
to install 3 different kinds of music players and
all of them kept asking me if i wanted a toolbar.
Of course, i said "no"....

again, thanks for the update.

btw, until the trojan can be discovered and
eliminated, it may not be wise to make any
restore points or backups because you would
only be helping with saving the trojan...


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B1FFC50D-CB70-44EC-BBA7-EDF35BFA2402@xxxxxxxxxxxxxxxx
Hi, Databaseben, I sent a message to you below titled "Danger Warning! to
the
public" and had put "note to Databaseben" on the end, but the title was
too
long and cut your name off! You helped me out last July with computer
problems.

Now I can't get my message of today to load. Maybe it was too long.
Could
you let me know if you can get it to load so you can read it? If not,
I'll
shorten it and tell you the situation.

I don't understand why it won't open! Maybe it's just my luck.





.