Re: Danger warning! to the public and note to Databaseben

Tech-Archive recommends: Speed Up your PC by fixing your registry

Glee,

Advanced Searchbar is questionable software? NO WAY!

None of our core files are connected with toolbars that can cause
undesired ads and pop-ups. None! We are absolutely against spyware and
adware. We have the best toolbar available so we don't need to do any
crap like that. Please take a look at the positive ratings & reviews we
have from legitimate sites.

Just for your information:
http://www.siteadvisor.com/sites/advancedsearchbar.com
http://www.castlecops.com/tk1913-advancedSearchbar_dll.html
http://www.spywaredata.com/spyware/malware/advancedSearchbar.dll.php
http://www.fileresearchcenter.com/A/ADVANC~2.DLL-5670.html
http://www.spywareterminator.com/item/608/AdvancedSearchbar.html

All of the reviews for Advanced Searchbar:
http://www.advancedsearchbar.com/reviews.html

And we have full page ads in PC World & PC Magazine.

Please do all of us a favor and do some research before assuming a
toolbar, if it's not Google, Yahoo or MSN, is automatically
questionable. We have a tough enough time trying to complete with
billion dollar companies like Google, Yahoo & MSN, so we can do without
the incorrect statements about the Advanced Searchbar.

The Advanced Searchbar is a FREE award winning toolbar that enables you
to search over 100 search engines and is loaded with features that make
searching and browsing the Internet easier than ever. The Advanced
Searchbar has more features than the Google, Yahoo and MSN toolbars
combined. No other toolbar has as many features.

The Advanced Searchbar is COMPLETELY FREE. No cost to you ever. No
limitations. No personal information is required whatsoever and the
Advanced Searchbar has No Adware, No Spyware, & No Malware.

Regards,
Gerald O'Dea
Advanced Search Technologies, Inc.




glee wrote:
You have a very questionable toolbar installed.....Advanced Searchbar. It's core
files are listed among those connected with toolbars which can cause undesired ads
and pop-ups:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078631

"BHOs are not stopped by personal firewalls, because they are seen by the firewall
as your browser itself. Some exploits of this technology search all pages you view
in IE and replace banner advertisements with other ads. Some monitor and report on
your actions. Some change your home page."

I suggest *at the very least* that you look at Start> Control Panel> Add and Remove
Programs, and if Advanced Searchbar is listed, that you select it and click the
Remove button. If it remove successfully, things should improve, but ideally your
system should be checked by someone with experience reading "HijackThis" logs. If
you like, you can send me a log from HijackThis via email, and I will check it for
you privately, as doing so on these groups is not preferred.

Download and unzip HijackThis from one of these locations:
http://www.majorgeeks.com/download3155.html
http://aumha.net/downloads/hijackthis.zip
Unzip to a folder *other than* your Desktop or the Temp folder (preferably make a
HJT folder on your desktop and unzip it to there), double-click HijackThis.exe, and
hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Press that, save the log somewhere you can find it (Desktop, My Documents, or
similar).
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Copy the log files and paste them into an email to me at glen.vee@xxxxxxxxx

See the "housekeeping" you should complete before you post your log:
http://aumha.org/forum/viewtopic.php?t=4075

A tutorial for using Hijack This is located here:
http://tomcoyote.com/hjt/

If there are any other problems shown in your log, I will explain what may need to
be done. Hopefully, simply uninstalling the Searchbar via Add and Remove will be
sufficient.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm


"MtnLadyinBlackHills1986" <MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:524CF463-D99B-4220-8E8A-114C7BC104C1@xxxxxxxxxxxxxxxx
Hi again, Glen. Here are the "Add-ons that have been used by Internet
Explorer" that you requested and were lost last night when Microsoft picked
the worst possible moment to make me log in:

AUDIO__MID Moniker Class - Microsoft
AUDIO__WAV Moniker Class - Microsoft
DHTML Edit Control Safe for Scripting for IE5 - Microsoft
HHCtrl Object - Microsoft
HTML Document - Microsoft
iTunesDetector Class - (Not Verified)
LSControl Class - Symantec
LSSupCtl Class - Symantec
Microsoft Scriptlet Component - Microsoft
MsnMessengerSetupDownloadControl Class - Microsoft MSN
MUWebControl Class - Microsoft
Office Update Installation Engine - (Not Verified) Microsoft
QuickTime Object - (Not Verified) Apple
RealPlayer G2 Control - (Not Verified) - RealNetwork
SearchAssistantOC - Microsoft
Shell Name Space - Microsoft
Shockwave Flash Object - Macromedia
Symantec Script Runner Class - Symantec
Symantec SmartIssue - Symantec
SymLTQueries Class - Symantec
SymSubQueries Class - Symantec
Tabular Data Control - Microsoft
Update Class - Microsoft Windows XP Pub.
Web Browser Applet Control - (Not Verified) Microsoft
Windows Genuine Advantage Validation Tool - Microsoft
Windows Media Player - Microsoft
Windows Media Player - Microsoft (NOTE: Listed twice - not a typo)
WUWebControl Class - Microsoft
XML Document - Microsoft
YInstStarter Class - Yahoo!
Advanced Searchbar - Advanced Search
Windows Messenger - (No Publisher Given)
Yahoo Messenger - Yahoo!
Adobe PDF Reader Link Helper - Adobe
Advanced Searchbar - Advanced Search (NOTE: Listed twice - not a typo)
CNavExtBho Class - Symantec
eBay Toolbar Helper - eBay
MSN Search Toolbar Helper - Microsoft MSN
PrxcnBHO Class - (Not Verified) Proxyconn
Yahoo! Toolbar Helper - Yahoo!
Advanced Searchbar - Advanced Search (NOTE: Listed 3rd time - not a typo)
eBay Toolbar - eBay
MSN Search Toolbar - Microsoft MSN
Norton AntiVirus - Symantec
Yahoo! Toolbar - Yahoo!

Whew! There they are! All this is certainly improving my typing and
proofreading skills! Ha! Good luck in going through them. Maybe you'll
find something interesting!

Thanks and good night!

Sue

"MtnLadyinBlackHills1986" wrote:

AAARRRRRHHHHHH! Glen, I wrote you a long answer to your last post, including
a very long list of Add-ons used by Internet Explorer and pressed "Post".
Pardon my language, but damn Microsoft made me log in again and when I came
back, my whole message was gone!!! I've got things to do and I'm just not up
to typing that all again. I'll try to give it a shot again tomorrow.

Sue

"glee" wrote:

Replies inline, interspersed below.....

"MtnLadyinBlackHills1986" <MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in message news:79D6C024-E8C1-469B-8FC7-6D65C1B0206C@xxxxxxxxxxxxxxxx
Glee, you were correct about the Norton and McAffee virus scans. My local
ISP does an email scan using McAffee before it reaches my mailbox. The
Norton is on my own system. You say that Norton says its own email scanning
is redundant, unnecessary and can cause problems? You'd think they'd remove
it from their software line.....

You'd think! By their own admission, it is redundant. As long as you have
your
resident virus scanner running in the background, the email scanner affords no
useful additional protection. yet, most A-V apps include it. Why? Because
users
*think* it makes them safer, and you give them what helps in their feeling of
security. If one supplier adds email scanning, they all must, lest they look
like
they are not trying to protect you as well as the competition.


I did run another Ad-Aware SE full scan last night, and it did not find any
more traces of a Trojan Horse.

That is good, and much as I suspected. From your original description, it was
never
a trojan horse in the first place, but a trojan downloader, which can download
its
friends, the trojan horses and other mal-ware. You may have only had it in
your
browser temporary cache. I can't tell because it is now in quarantine and you
cannot give me the exact description from when it was detected. You say it was
found in or connected to the Ntregopt file. With this trojan downloader in
quarantine, can you still find the original Ntregopt.exe file on your computer
in
the folder it has been living in all these months?


I will check out the AVG software you gave me the links for. Did you see
the post by "Joe"? He mentioned a software called "Free Home" with the
option to do a boot scan? Do you know anything about this?

The AVG Anti-Spyware app will find most trojans and spyware, and much that is
missed
by Ad-Aware and other apps. Do not confuse it with it's sister app, AVG
Anti-Virus,
which is an A-V program that you don't need, since you already have Norton.

Joe mentioned Avast Free Home A-V....it is another anti-virus program, and you
don't
need it. Your current A-V can be configured to do a boot scan when you start
the
computer, if it isn't doing it already. It won't help find a trojan, most
likely,
as they aren't loading prior to Windows.


I'm sorry to sound so confused, but I am a computer novice. I have several
people who are kind enough to want to try to help me, but I'm starting to get
"information overload".

Quite understandable, and overload is very easy to hit, even for experienced
professionals. I would not have even entered the thread except the info I saw
you
getting seemed to be too far off the mark. There appears thus far to be no
need or
reason to wipe anything out, restore anything, or go back months, for this
little
thing.


But I guess the main point to this post is: in answer to your question,
when I did a full rescan on Ad-Aware SE last night, there was NO indication
of Trojan Horse traces again. The Trojan trace info in my original post is
still quarantined in my Ad-Aware.

OK. Either install and run Ewido/AVG Anti-Spyware as described in my earlier
link,
or just run their online scanner, which I also linked. Have it quarantine or
delete
what it finds (quarantine is usually "safer" in terms of avoiding mistakes).

In you reply to DatabaseBen, you mentioned seeing a toolbar/BHO from Proxyconn,
Inc
which you disabled. That is a legitimate BHO which is the Proxyconn Web
Accelerator, used by some ISPs to speed up their dial-up access:
http://www.proxyconn.com/

You might check with your ISP as they may have included it. Regardless, you
can for
now disable it....at worst having it disabled will only slow down your web
pages
loading.

Go back to where you disabled the BHOs and toolbars, in Internet Explorer>
Tools
menu> Manage Add-Ons. In the drop-down list, select "Add-ons that have been
used by
Internet Explorer" rather than just "Add-ons that are currently loaded". If
it's
not too much work, post back with a list of what is shown there. I don't need
all
the info listed, just the Names and the first word of the Publishers list.

I can give you some links to reading on how to adjust your settings in IE to
help
prevent some of these issues, but for now I think you have more than enough to
chew
on, so I can hold those till later. Or I can simply bow out of the thread if
you
would rather work with someone else. :-) I'm easy.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm



"glee" wrote:

I haven't found Webroot Spysweeper's background monitoring to be very
useful, nor
the background monitoring of any other anti-spyware utilities. I do prefer
AVG
Anti-Spyware (formerly Ewido) for on-demand scanning for spyware and trojan
downloaders:
http://www.ewido.net/en/

They've also got an online scan:
http://www.ewido.net/en/onlinescan/

I am not a fan of either Norton or McAfee anti-virus, though either should
be
effective against viruses, but somewhat less so against trojans and trojan
downloaders. I can't imaging having both installed at the same time (in
fact, I
don't think they will co-habit), so I am guessing the McAfee scan you refer
to is
just an online email scan that your ISP uses prior to your receiving the
email.

Turn off the email scanning in your resident anti-virus (Norton, I
presume).....even
Symantec support states it is redundant and unnecessary, and can cause
problems.

You mentioned that the trojan downloader was quarantined (by Ad-Aware,
IIRC), so
do
you still detect any trojans or downloader when you rescan? If so, where
are
they
being found....what location on your hard drive? If they are being found in
System
Restore or in the Ad-Aware quarantine folder, then you only have to clear
the
quarantine area through the Ad-Aware interface, and or reset System Restore
to
delete old restore points.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in message news:B24E2E08-5C4A-43E7-A154-2031978DBB1E@xxxxxxxxxxxxxxxx
Glee, I found from talking to another person later that the NTREGOPT
program
was not the cause of the Trojan Horse, although possibly it could have
used
it to "sneak" the Trojan Horse onto my computer.

So now it appears I have a Trojan Horse on my system! I have used
security
software from 3 major companies (LavaSoft, Symantec/Norton, and Webroot),
have installed all the security downloads from Microsoft, have my firewall
up, have not added any toolbars, do not go to the so-called "dark side" of
the web, have 2 email scanners (Symantec/Norton and McAfee from my local
ISP), do not use links for "free checkups" of my computer and similar
dangerous links, do not use Instant Messaging, and I still got a Trojan
Horse!

I am a computer novice and have done everything I know how to do to keep
my
computer safe. I have "crashed" in the past, and I'm beginning to feel
that
I want to abandon the Internet. For me, it has changed from a source of
fun
and information to a dangerous maze with a hazard around every corner.

Can you give me any information on how to find and remove this Internet
Devil? I'd really appreciate any help you can give me.

"glee" wrote:

This program has been used for years on countless computers, and has been
downloaded
alone and also in the package with its sister app, ERUNT. The fact that
you
ran
it
successfully for months and only got a warning about a trojan last week,
indicates
that you simply have a trojan on your system, and it may have replaced
that
app,
using its name. It does not in any way implicate the download you got
months
ago
from majorgeeks.

In your paste of the trojan information, I don't see any mention of
NTREGOPT.
Are
you saying the file itself, ntregopt.exe, is in quarantine? The info you
posted
only mentions a trojan downloader, and points to registry entries for an
IE
toolbar.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/
http://dts-l.org/goodpost.htm


"MtnLadyinBlackHills1986"
<MtnLadyinBlackHills1986@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in message news:E5B8ADB2-CC92-462D-8E79-15AD3081E8E9@xxxxxxxxxxxxxxxxx
,General Warning Message: Do NOT install the following program:
http://www.majorgeeks.com/NTREGOPT_d4824.html

Hello, Databaseben! I talked to you way back in July when you were
very
helpful with all my computer problems. In your last post to me, you
recommended some free programs that could help "clean up" my computer.
I've
put a copy of part of what you wrote below:

"http://www.majorgeeks.com/NTREGOPT_d4824.html

The program above will optimize your registry..."

I installed this program, and used it without problem for several
months.
But I had an alarming finding about this program when I ran Ad-Aware SE
on
10/18/06. Unless I have read it wrong, it appears that a hacker got
hold of
it and corrupted it badly. I saved the quarantine area of Ad-Aware. I
will
copy what it said about the above software program, which showed the
program's name and logo in the findings before I quarantined it. I
immediately removed it from my computer:

ArchiveData(auto-quarantine- 2006-10-18 21-17-51.bckp)
Referencefile : SE1R128 18.10.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : S-1-5-19\software\classes\software\microsoft\internet
explorer\toolbar
obj[1]=Regkey : S-1-5-20\software\classes\software\microsoft\internet
explorer\toolbar
obj[2]=Regkey :
S-1-5-21-861567501-2139871995-725345543-1004\software\classes\software\microsoft\internet
explorer\toolbar
obj[3]=Regkey : software\microsoft\internet explorer\toolbar

Of course, I don't understand all the above. I don't know if you can
contact the program's authors and tell them about this development. If
not,
I wanted to warn others NOT to install this software... But I wanted
you in
particular to know, so you won't recommend it to anyone else.

Quite a world when you try to be helpful and evil people only want to
hurt
others! Kudos to Ad-Aware SE to catching this! (I'm sure my Spy
Sweeper
would have caught it too but I hadn't done my scan with it yet.)

Databaseben, I did want you to know that your other software
suggestions
have been very helpful and I thank you!







.

Quantcast