Re: Databaseben, I need to talk to you again, please

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

ok,
it sounds like you did pretty good
at finding some oddities. I would go ahead
and "disable" that proxycomm as well and
if you can. (I'll check this one out on the net.)

The ie browser will work without
it and disabling that proxy...-thing won't
uninstall it. So it is a safe option to disable
it at this time.

If it is related to your
real time player, then the player will let
you know of the problem. But i don't think
it is.

another place to look in is
your startups.

In your startups
there may have be a program that was
added and is set to automatically
launch each time windows is launched.
Badwares like to take advantage of this
basic feature.

go to "start", then to "run" then type
in and click afterwards "msconfig"

a dialog will open and there will be a
tab called startups. Inside of startups you
will see the names of the programs
that are set to start automatically, like your
adaware se and others that you know of.

You should also find something like realshed
which is a program that updates your realmusic
player. You can disable this and anything else that you do not
recognize or know it is not needed to run
automatically. Then close the dialog, then disconnect your computer
from the internet and reboot.

i'll take a look at the info you have
provided and will be happy to let you
know something.

have you recenty done a scan
of your system again? See what
the results are after you disable those
things mentioned above.

If no errors show up again,
then connect to the net and let us know...


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BB27EC2D-5B5C-409E-9B1B-3806BF165679@xxxxxxxxxxxxxxxx
Good morning, DatabaseBen. Thank you for replying so quickly. First off,
I
do want to express my appreciation for your (and other folks') help here.
If
this site wasn't here, laymen (or women! LOL) like me would be completely
lost and I can't afford to pay to talk to a Microsoft techician as a
"trouble
call"!

I don't know if you noticed, but another poster called "Nass" from the UK
also wrote to me. I have worked with you in the past and trust you.
Could
you check out what Nass wrote and if you think I should reply to his(?)
questions? One thing he did mention that I thought was interesting was he
thought the Trojan might have come through an advertiser with Real Player
(not Real Player itself). Would make sense since that's the only real
change
I have made.

Anyway, I don't think I want to go back to when we resolved my problems in
July. I've added a lot of data, which would be a terrible job to restore.
I
do back up my data to an additonal hard drive I have in my PC. When my
hubby
installed it (using the hardware's tool software), it copied over
everything
from my C Drive at the time. But since then, I have not added any new
programs or program updates to that drive - only data. But it would still
be
a lot of work. FYI, I when I do have to restore back, I have to use
Norton's
"System Go Back", which loses all subsequent data. I have not been able
to
get Microsoft's "System Restore" to work since I can remember. Awhile
back,
I tried again and tried every bolded date for months and never got it to
come
up. I just got the "go to another date". I tried to do a little reading
on
Trojan Horses on Google last night and it was recommended that this
function
should be turned off (temporarily for most people). I certainly did, as
it
is of no use to me anyway!

When I went to disable toolbars, I found something interesting. I
recognized all the Toolbars but one. I have never heard of this one.
Here
is its name and publisher: Name: PrxcnBHO Class Publisher: (Not
verified) Proxyconn, Inc.
I know I did NOT authorize that one! That was the first one I disabled.
I
have disabled all my toolbars. What about the Browser Helper Objects and
Browser Extensions? Are they OK to leave active?

I did do one more thing on my own, which I figured sure couldn't hurt. I
had never bothered to put a password on my computer because it is just my
husband and me who use it. But I read that a complicated password can
make
things more difficult for some Internet baddies to get access to my
computer
(where I have all my credit card info, etc.) and pull an identity theft.

Do you think what I've done is adequate? You are a wealth of information
besides being helpful. It's a scary cyber world out there, and I
appreciate
your putting my Trojan Horse situation in perspective. After my troubled
past and due to my limited knowledge, I was beginning to feel that the
Internet's "bad guys" were getting beyond my ability to cope with them.
And
maybe, as much as I enjoy and depend on the Internet, it was time to give
up
and "throw in the towel"!

Thanks again.

Sue

"DatabaseBen" wrote:

i checked for the name of that trojan
from here http://www.viruslist.com/en/virusesdescribed?chapter=153318100

but i didn't see an exact match. I don't
think you will have any difficulty with
getting your pc back in order.


"DatabaseBen" <databaseben@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uvPI7md9GHA.536@xxxxxxxxxxxxxxxxxxxxxxx
hey there mtnlady,

don't be scarred about this, it isn't as bad
as you think. There are trojans that are not
evil, instead they act in a way to obtain
statistics from the people who use there
"freeware". They are designed to work
in the background and silently thus they
are looked upon as trojans by some software,
including software companies that are competing
against each other.

It might be that you are in a funny situation,
whereas your antiviral that discovered the
toolbar is a direct competition with the
maker of the toolbar.

The statistics they get from your
activity and the millions of others
via its toolbar can help
improve there services and or
get money from marketing companies.

"And" if you really "read" the fine print
of those end user license agreements,
there will be an itty bitty line stating something
like "by using this free software you agree
to share information about your usage with us...."

I think an easy way to fix this is simply
is to restore your computer to the date
when we got you back up and running
a few months ago.

Or figure out what program you
installed that subsequently may
have asked you if you wanted to use
a toolbar and said ok so you can
unintall it.

If you are not sure, you can
open you ie browser, go
to managing addins and disable
any toolbars. You don't need
any extra toolbars added to your system.

If you like the ie browser from microsoft
download the new version released a few
days ago and be sure to say yes
to protecting you with anti phising
technology.

I think you'll be ok and I don't
think you will have any problems.
But its a good thing that you had
a place like this to find
earnest people who want
to help and get you through this,
However this is a positive opinion for you,
but I have others as well.

Incidently, i know you have found
and use some anti viruls already. But I would
like for you to know that out of
many years of trying out "and paying"
for anitviruls, I discovered that using
the "spywareterminator" with the
"clam anitvirus addin" and the "defender"
from microsoft to be an excellent
combination and reliable too.

take a look at these next time
you are unsure about the ones
you have now....


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8E6944D7-93C9-4BAE-9E69-9C020EEAA459@xxxxxxxxxxxxxxxx
Hi again, Databaseben. OMG, what have I gotten myself into this time?

Did you read the answer to my original question, that was posted by
"Glee"?
If not, could you read it? I'm such a novice, I don't know if I
understand
what he/she is trying to tell me.

I did read the article you linked to me, and it was really scary.
What
is
more scary is thinking I might still have a Trojan Horse on my system!
I
rercently ran all the security software I have - Ad-Aware SE, Webroot
Spy
Sweeper, and Norton Anti-Virus scans. I also ran Norton's One-Button
Checker, Windows Doctor, Disk Doctor and Check Disk. I have also
added
all
of the October Windows Security Updates to my system. And everything
(except
the code I sent you) checked out fine.

I have not added any toolbars in a very long time. The only thing I
can
think of that I've done differently is that I switched to Real Player
from
Windows Media Player. I have a large bunch of commercial music CD's
that
I
wanted to put in a library in case a disk got damaged. When I did it
with
WMP, I found that none of the song titles, artist, album name or genre
came
through, just track numbers. Not wanting the very long, tedious job
of
typing all this in manually, I tried Real Player, which worked fine.
I
was
connected to the Internet at the time to get the CD information.
Could
Real
Player be the cause of a Trojan? I thought they were reputable. I
never
did
get a toolbar from them...

Please help! I need to know how to find and get rid of this Trojan if
all
I've done above security-wise didn't find it. I've tried so hard to
avoid
all the "pitfalls" of these Internet Monsters. I'm about ready to
have
the
Internet taken off my computer - I just don't know if it's worth the
dangers
out there.

Thanks, Databaseben, for your interest and for any help you can give
me....

"DatabaseBen" wrote:

hey mtnlady,
here is an article of what i
mentioned to you earlier...

http://www.eweek.com/article2/0,1759,2034680,00.asp?kc=EWRSS03119TX1K0000594

but it isnt a new concept, just recently
made newsworthy to the uninformed..


"DatabaseBen" <databaseben@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:uKwd9GV9GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
hello mtnlady,
yeh found the other posting with
your discovery.

i'm very interested with your analysis
and will take a look into it.

but, lets not be hasty in considering
that the ntregopt is the perpetrator of
a trojan. i checked that website and
followed that link to the home page at
http://www.larshederer.homepage.t-online.de/erunt/index.htm
and when the file sizes are compared they are both 472kb.
Then when i clicked to download a copy from majorgeek
the file size was also 472. (Of course i already had
a copy for a long time, but wanted to double check
out the download.)

This is important to know, because if the file
size was bigger or smaller than the original file
found at
http://www.larshederer.homepage.t-online.de/erunt/index.htm
then we know the code was rewrittened.

now a days, there are softwares that
pretend to have discovered something
bad, but they are the cause of
the infiltration. But trojans can also
be snucked onto your system, with
music, videos and lots of other ways.

remember that a trojan by design hides
malacious code but figuring out
how it got on your system and where
that file is located is the question.
you disovered the malacious code but
the trojan imay still on your system and
hiding until the time is right to unleash
the malware....

Have you downloaded or allowed somekind
of toolbars to be installed recently?

Just to top of my head
right now, it sounds like the data you pasted
on the other posting is referring to an explorer
toolbar.

I know that today I was searching for old music
from that cold case tv show, and i swear i had
to install 3 different kinds of music players and
all of them kept asking me if i wanted a toolbar.
Of course, i said "no"....

again, thanks for the update.

btw, until the trojan can be discovered and
eliminated, it may not be wise to make any
restore points or backups because you would
only be helping with saving the trojan...


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:B1FFC50D-CB70-44EC-BBA7-EDF35BFA2402@xxxxxxxxxxxxxxxx
Hi, Databaseben, I sent a message to you below titled "Danger
Warning! to
the
public" and had put "note to Databaseben" on the end, but the
title
was
too
long and cut your name off! You helped me out last July with
computer
problems.

Now I can't get my message of today to load. Maybe it was too
long.
Could
you let me know if you can get it to load so you can read it? If
not,
I'll
shorten it and tell you the situation.

I don't understand why it won't open! Maybe it's just my luck.












.

Quantcast