Re: Danger warning! to the public and note to Databaseben

I haven't found Webroot Spysweeper's background monitoring to be very useful, nor the background monitoring of any other anti-spyware utilities. I do prefer AVG Anti-Spyware (formerly Ewido) for on-demand scanning for spyware and trojan downloaders:
http://www.ewido.net/en/

They've also got an online scan:
http://www.ewido.net/en/onlinescan/

I am not a fan of either Norton or McAfee anti-virus, though either should be effective against viruses, but somewhat less so against trojans and trojan downloaders. I can't imaging having both installed at the same time (in fact, I don't think they will co-habit), so I am guessing the McAfee scan you refer to is just an online email scan that your ISP uses prior to your receiving the email.

Turn off the email scanning in your resident anti-virus (Norton, I presume).....even Symantec support states it is redundant and unnecessary, and can cause problems.

You mentioned that the trojan downloader was quarantined (by Ad-Aware, IIRC), so do you still detect any trojans or downloader when you rescan? If so, where are they being found....what location on your hard drive? If they are being found in System Restore or in the Ad-Aware quarantine folder, then you only have to clear the quarantine area through the Ad-Aware interface, and or reset System Restore to delete old restore points.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm


"MtnLadyinBlackHills1986" <MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:B24E2E08-5C4A-43E7-A154-2031978DBB1E@xxxxxxxxxxxxxxxx
Glee, I found from talking to another person later that the NTREGOPT program
was not the cause of the Trojan Horse, although possibly it could have used
it to "sneak" the Trojan Horse onto my computer.

So now it appears I have a Trojan Horse on my system! I have used security
software from 3 major companies (LavaSoft, Symantec/Norton, and Webroot),
have installed all the security downloads from Microsoft, have my firewall
up, have not added any toolbars, do not go to the so-called "dark side" of
the web, have 2 email scanners (Symantec/Norton and McAfee from my local
ISP), do not use links for "free checkups" of my computer and similar
dangerous links, do not use Instant Messaging, and I still got a Trojan Horse!

I am a computer novice and have done everything I know how to do to keep my
computer safe. I have "crashed" in the past, and I'm beginning to feel that
I want to abandon the Internet. For me, it has changed from a source of fun
and information to a dangerous maze with a hazard around every corner.

Can you give me any information on how to find and remove this Internet
Devil? I'd really appreciate any help you can give me.

"glee" wrote:

This program has been used for years on countless computers, and has been downloaded
alone and also in the package with its sister app, ERUNT. The fact that you ran it
successfully for months and only got a warning about a trojan last week, indicates
that you simply have a trojan on your system, and it may have replaced that app,
using its name. It does not in any way implicate the download you got months ago
from majorgeeks.

In your paste of the trojan information, I don't see any mention of NTREGOPT. Are
you saying the file itself, ntregopt.exe, is in quarantine? The info you posted
only mentions a trojan downloader, and points to registry entries for an IE toolbar.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm


"MtnLadyinBlackHills1986" <MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:E5B8ADB2-CC92-462D-8E79-15AD3081E8E9@xxxxxxxxxxxxxxxx
> ,General Warning Message: Do NOT install the following program:
> http://www.majorgeeks.com/NTREGOPT_d4824.html
>
> Hello, Databaseben! I talked to you way back in July when you were very
> helpful with all my computer problems. In your last post to me, you
> recommended some free programs that could help "clean up" my computer. I've
> put a copy of part of what you wrote below:
>
> "http://www.majorgeeks.com/NTREGOPT_d4824.html
>
> The program above will optimize your registry..."
>
> I installed this program, and used it without problem for several months.
> But I had an alarming finding about this program when I ran Ad-Aware SE on
> 10/18/06. Unless I have read it wrong, it appears that a hacker got hold of
> it and corrupted it badly. I saved the quarantine area of Ad-Aware. I will
> copy what it said about the above software program, which showed the
> program's name and logo in the findings before I quarantined it. I
> immediately removed it from my computer:
>
> ArchiveData(auto-quarantine- 2006-10-18 21-17-51.bckp)
> Referencefile : SE1R128 18.10.2006
> ======================================================
>
> WIN32.TROJAN.DOWNLOADER
> »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
> obj[0]=Regkey : S-1-5-19\software\classes\software\microsoft\internet
> explorer\toolbar
> obj[1]=Regkey : S-1-5-20\software\classes\software\microsoft\internet
> explorer\toolbar
> obj[2]=Regkey :
> S-1-5-21-861567501-2139871995-725345543-1004\software\classes\software\microsoft\internet
> explorer\toolbar
> obj[3]=Regkey : software\microsoft\internet explorer\toolbar
>
> Of course, I don't understand all the above. I don't know if you can
> contact the program's authors and tell them about this development. If not,
> I wanted to warn others NOT to install this software... But I wanted you in
> particular to know, so you won't recommend it to anyone else.
>
> Quite a world when you try to be helpful and evil people only want to hurt
> others! Kudos to Ad-Aware SE to catching this! (I'm sure my Spy Sweeper
> would have caught it too but I hadn't done my scan with it yet.)
>
> Databaseben, I did want you to know that your other software suggestions
> have been very helpful and I thank you!



.

Relevant Pages

  • Re: Danger warning! to the public and note to Databaseben
    ... more traces of a Trojan Horse. ... a trojan horse in the first place, but a trojan downloader, which can download its ... I can't tell because it is now in quarantine and you ... by Ad-Aware and other apps. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Danger warning! to the public and note to Databaseben
    ... you were correct about the Norton and McAffee virus scans. ... I did run another Ad-Aware SE full scan last night, and it did not find any ... more traces of a Trojan Horse. ... You mentioned that the trojan downloader was quarantined, so do ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Danger warning! to the public and note to Databaseben
    ... Norton is on my own system. ... From your original description, it was never a trojan horse in the first place, but a trojan downloader, which can download its friends, the trojan horses and other mal-ware. ... With this trojan downloader in quarantine, can you still find the original Ntregopt.exe file on your computer in the folder it has been living in all these months? ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Programs Want Permission to Access Internet
    ... > I recommend you try Ad-Aware, ... > that Norton found a trojan is a big thing, ... other Windows apps and various Norton apps). ...
    (microsoft.public.windowsxp.basics)
  • Re: MT CHAT - Anyone know what happened?
    ... | It's a trojan bot that's been around on a number of websites - I ... Before the computer went completely down, Ad-Aware said at ... least part of the trojan was in the system restore files, ... which enables me to run IE "natively" in Firefox. ...
    (sci.med.transcription)