Re: Danger warning! to the public and note to Databaseben

MtnLadyinBlackHills1986 wrote:
Glee, I found from talking to another person later that the NTREGOPT program was not the cause of the Trojan Horse, although possibly it could have used it to "sneak" the Trojan Horse onto my computer.

So now it appears I have a Trojan Horse on my system! I have used security software from 3 major companies (LavaSoft, Symantec/Norton, and Webroot), have installed all the security downloads from Microsoft, have my firewall up, have not added any toolbars, do not go to the so-called "dark side" of the web, have 2 email scanners (Symantec/Norton and McAfee from my local ISP), do not use links for "free checkups" of my computer and similar dangerous links, do not use Instant Messaging, and I still got a Trojan Horse!

I am a computer novice and have done everything I know how to do to keep my computer safe. I have "crashed" in the past, and I'm beginning to feel that I want to abandon the Internet. For me, it has changed from a source of fun and information to a dangerous maze with a hazard around every corner.

Can you give me any information on how to find and remove this Internet Devil? I'd really appreciate any help you can give me.

"glee" wrote:

This program has been used for years on countless computers, and has been downloaded alone and also in the package with its sister app, ERUNT. The fact that you ran it successfully for months and only got a warning about a trojan last week, indicates that you simply have a trojan on your system, and it may have replaced that app, using its name. It does not in any way implicate the download you got months ago from majorgeeks.

In your paste of the trojan information, I don't see any mention of NTREGOPT. Are you saying the file itself, ntregopt.exe, is in quarantine? The info you posted only mentions a trojan downloader, and points to registry entries for an IE toolbar.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm


"MtnLadyinBlackHills1986" <MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E5B8ADB2-CC92-462D-8E79-15AD3081E8E9@xxxxxxxxxxxxxxxx
,General Warning Message: Do NOT install the following program:
http://www.majorgeeks.com/NTREGOPT_d4824.html

Hello, Databaseben! I talked to you way back in July when you were very
helpful with all my computer problems. In your last post to me, you
recommended some free programs that could help "clean up" my computer. I've
put a copy of part of what you wrote below:

"http://www.majorgeeks.com/NTREGOPT_d4824.html

The program above will optimize your registry..."

I installed this program, and used it without problem for several months.
But I had an alarming finding about this program when I ran Ad-Aware SE on
10/18/06. Unless I have read it wrong, it appears that a hacker got hold of
it and corrupted it badly. I saved the quarantine area of Ad-Aware. I will
copy what it said about the above software program, which showed the
program's name and logo in the findings before I quarantined it. I
immediately removed it from my computer:

ArchiveData(auto-quarantine- 2006-10-18 21-17-51.bckp)
Referencefile : SE1R128 18.10.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : S-1-5-19\software\classes\software\microsoft\internet
explorer\toolbar
obj[1]=Regkey : S-1-5-20\software\classes\software\microsoft\internet
explorer\toolbar
obj[2]=Regkey :
S-1-5-21-861567501-2139871995-725345543-1004\software\classes\software\microsoft\internet explorer\toolbar
obj[3]=Regkey : software\microsoft\internet explorer\toolbar

Of course, I don't understand all the above. I don't know if you can
contact the program's authors and tell them about this development. If not,
I wanted to warn others NOT to install this software... But I wanted you in
particular to know, so you won't recommend it to anyone else.

Quite a world when you try to be helpful and evil people only want to hurt
others! Kudos to Ad-Aware SE to catching this! (I'm sure my Spy Sweeper
would have caught it too but I hadn't done my scan with it yet.)

Databaseben, I did want you to know that your other software suggestions
have been very helpful and I thank you!

Avast! Free Home has an option to do a boot scan. This helps because the trojan hasn't started yet and can't disable the a/v software. You'll be offered the option upon install, and you can schedule a boot scan from the top/left button on the Control Panel.

--
Joe =o)
.