Re: Databaseben, I need to talk to you again, please

yeh, something is suspicious about
that realsched/real player.

i think that a pop up blocker might
not be a bad thing to get installed.

for me i have disabled that realsched startup
and have not received anypopups. but i do use the
new ie7, avant browser
and spyware terminator
w/clam anitvirus plugin and
msdefender.
so issues like pop ups, etc are
a thing of the past for my pc's.

also it would be such a bad idea
to try out different antivirals until
you get the ones that work best
for your particular pc.

further, it wouldn't be a great loss or a
bad idea to uninstall real player for now.
and see how your pc functions for
a couple of days.

but it is your computer and i beleive
that you should do what ever your heart
desires with it. I'm only here to provide
some suggestions based on my experience.

if you do decide to unload that realplayer
and install the other programs mentioned above
besure to make a restore point first.

then be sure not to have duplicated / triplicated
antiviruls running as well; as this will bog down
your system. So if you want to try out
that spyware terminator, then be sure
to disable what you already have beforehand.

basically, i think we got you back up and
running again......

before you know it,
you'll become a computer expert.....

let's see "MtnLadyBlackHills1986, MVP"

(sounds pretty good to me....)


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:949F4EA3-56DF-4E21-9F31-C1921AFFF3C9@xxxxxxxxxxxxxxxx
Just a quick note... A surprise development (for me, anyway!). Earlier
when
I had changed msconfig, I left without rebooting. I reactivated the ISP's
Internet tool and bingo! Up jumped a Real Player pop-up about some music
artist. I looked at msconfig and the Real Player command was still
disabled.
Now where did that pop-up come from?

More for you to ponder, DatabaseBen.

Sue

"MtnLadyinBlackHills1986" wrote:

First, I'd like to thank everyone for being so understanding when I sent
my
distress message that too many people were trying to help and I was
hopelessly confused. Wouldn't it be a nice world if everyone could be
that
way in all walks of life?

Anyway, DatabaseBen, I actually do have some good news to tell you. We
do
indeed have dial-up, and our ISP offered a package of Internet tools
which
included an "Internet Accelerator" (as they called it). And as I look at
the
icon in my toolbar, it appears to be shut off. So I think it is safe,
and I
will just reactivate that one item.

BTW, you mentioned earlier about cutting down my start menu. Well,
surprise, I did find out about that awhile back. I have de-activated
everything that I don't think is necessary. The one that does bother me
is
one called (Startup Item) realsched (Command) "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

I have checked and every time I turn on the computer (even if I'm not
using
Real Player), this comes up, even though I disabled it the time before.
None
of the other start-up commands I disabled do that. I believe it was Nass
who
suggested it might be an advertiser on Real Player. The fact that it
keeps
reactivating itself seems suspicious to me. What do you think? Is there
a
way to permanently disable that command?

Can I dare hope that there might be a "light at the end of the tunnel"?
I've got to get off and leave for a little while, but I will definitely
be
back to see what you have to say!

Thanks again, DatabaseBen (I assume your name is Ben?)

Sue

"DatabaseBen" wrote:

thats great!

youre doing really good at
figuring out some of these things.

i looked up that proxyconn service
your mentioned. It is designed to boost
your internet speed.

The question is was it provided to you
by your internet service provider or
you downloaded it manually or
you clicked an ok button somewhere and it
was automaticallyinstalled with another software.

If it was provided by your internet service
provider than it is likely to be safe and may
even be required-depending on your service.

But if it wasn't provided by your ISP
and it came from some internet site
as somekind of freeware it may
not be safe.

There are different methods to boost internet
speed.

But what this particular program is likely do is
to download and store your favorite webpages
onto your harddrive automatically and without your
knowledge.

It would do this so that when you visit a site,
that webpage would pop up on your screen "instantly"
since it has been stored on your harddrive.

The fact that webpages are being downloaded onto your harddrive
automatically is a problem that could become serious because
you have no control over it,.

Your not given the opportunity to decide
what you want or don't want stored on your pc .
And there are malicious webpages that are designed
to pop up 100's of other webpages, like those porn sites.
Who knows, webpages with unlawful pics could
secretly get stored on your pc and you would never know
because of these so -called web accelerators.

without going into too much detail take
a look at the source of this proxyconn software and
uninstall it if it was not provided to you by
your internet service provider.

If you have DSL you really
don't need it.

But if you still use regular
internet, it may be required for you to use by
your ISP as some kind of turbo charger between
your modem and their servers.

Let me know....


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:643E7C34-7770-4F38-B4EE-9E5DFD2A6A8C@xxxxxxxxxxxxxxxx
Doggone it! Right after I sent the last message, I found that the
unknown
"toolbar" I told you about is actually a Browser Helper Object. Just
wanted
you to know that, as it might make a difference.

"DatabaseBen" wrote:

hey there mtnlady,

don't be scarred about this, it isn't as bad
as you think. There are trojans that are not
evil, instead they act in a way to obtain
statistics from the people who use there
"freeware". They are designed to work
in the background and silently thus they
are looked upon as trojans by some software,
including software companies that are competing
against each other.

It might be that you are in a funny situation,
whereas your antiviral that discovered the
toolbar is a direct competition with the
maker of the toolbar.

The statistics they get from your
activity and the millions of others
via its toolbar can help
improve there services and or
get money from marketing companies.

"And" if you really "read" the fine print
of those end user license agreements,
there will be an itty bitty line stating something
like "by using this free software you agree
to share information about your usage with us...."

I think an easy way to fix this is simply
is to restore your computer to the date
when we got you back up and running
a few months ago.

Or figure out what program you
installed that subsequently may
have asked you if you wanted to use
a toolbar and said ok so you can
unintall it.

If you are not sure, you can
open you ie browser, go
to managing addins and disable
any toolbars. You don't need
any extra toolbars added to your system.

If you like the ie browser from microsoft
download the new version released a few
days ago and be sure to say yes
to protecting you with anti phising
technology.

I think you'll be ok and I don't
think you will have any problems.
But its a good thing that you had
a place like this to find
earnest people who want
to help and get you through this,
However this is a positive opinion for you,
but I have others as well.

Incidently, i know you have found
and use some anti viruls already. But I would
like for you to know that out of
many years of trying out "and paying"
for anitviruls, I discovered that using
the "spywareterminator" with the
"clam anitvirus addin" and the "defender"
from microsoft to be an excellent
combination and reliable too.

take a look at these next time
you are unsure about the ones
you have now....


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8E6944D7-93C9-4BAE-9E69-9C020EEAA459@xxxxxxxxxxxxxxxx
Hi again, Databaseben. OMG, what have I gotten myself into this
time?

Did you read the answer to my original question, that was posted
by
"Glee"?
If not, could you read it? I'm such a novice, I don't know if I
understand
what he/she is trying to tell me.

I did read the article you linked to me, and it was really scary.
What
is
more scary is thinking I might still have a Trojan Horse on my
system!
I
rercently ran all the security software I have - Ad-Aware SE,
Webroot
Spy
Sweeper, and Norton Anti-Virus scans. I also ran Norton's
One-Button
Checker, Windows Doctor, Disk Doctor and Check Disk. I have also
added
all
of the October Windows Security Updates to my system. And
everything
(except
the code I sent you) checked out fine.

I have not added any toolbars in a very long time. The only thing
I
can
think of that I've done differently is that I switched to Real
Player
from
Windows Media Player. I have a large bunch of commercial music
CD's
that
I
wanted to put in a library in case a disk got damaged. When I did
it
with
WMP, I found that none of the song titles, artist, album name or
genre
came
through, just track numbers. Not wanting the very long, tedious
job of
typing all this in manually, I tried Real Player, which worked
fine. I
was
connected to the Internet at the time to get the CD information.
Could
Real
Player be the cause of a Trojan? I thought they were reputable.
I
never
did
get a toolbar from them...

Please help! I need to know how to find and get rid of this
Trojan if
all
I've done above security-wise didn't find it. I've tried so hard
to
avoid
all the "pitfalls" of these Internet Monsters. I'm about ready to
have
the
Internet taken off my computer - I just don't know if it's worth
the
dangers
out there.

Thanks, Databaseben, for your interest and for any help you can
give
me....

"DatabaseBen" wrote:

hey mtnlady,
here is an article of what i
mentioned to you earlier...

http://www.eweek.com/article2/0,1759,2034680,00.asp?kc=EWRSS03119TX1K0000594

but it isnt a new concept, just recently
made newsworthy to the uninformed..


"DatabaseBen" <databaseben@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:uKwd9GV9GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
hello mtnlady,
yeh found the other posting with
your discovery.

i'm very interested with your analysis
and will take a look into it.

but, lets not be hasty in considering
that the ntregopt is the perpetrator of
a trojan. i checked that website and
followed that link to the home page at
http://www.larshederer.homepage.t-online.de/erunt/index.htm
and when the file sizes are compared they are both 472kb.
Then when i clicked to download a copy from majorgeek
the file size was also 472. (Of course i already had
a copy for a long time, but wanted to double check
out the download.)

This is important to know, because if the file
size was bigger or smaller than the original file
found at
http://www.larshederer.homepage.t-online.de/erunt/index.htm
then we know the code was rewrittened.

now a days, there are softwares that
pretend to have discovered something
bad, but they are the cause of
the infiltration. But trojans can also
be snucked onto your system, with
music, videos and lots of other ways.

remember that a trojan by design hides
malacious code but figuring out
how it got on your system and where
that file is located is the question.
you disovered the malacious code but
the trojan imay still on your system and
hiding until the time is right to unleash
the malware....

Have you downloaded or allowed somekind
of toolbars to be installed recently?

Just to top of my head


.