Re: Is AOL Router software a virus?

From: Chuck (none_at_example.net)
Date: 10/21/04 

Date: 21 Oct 2004 18:39:28 -0500

On Thu, 21 Oct 2004 16:02:41 -0700, "Ned Heller" <epheller@sbcglobal.net> wrote:

>I recently installed AOL 9.0a. This morning, after turning my computer on,
>I was presented with in a window stating that I had a so-and-so router, and
>would I like to install AOL Router softward. I said yes. After
>installation and restart, nothing would connect to the internet. Not AOL or
>anything. In fact, if I launched Outlook express, the AOL login screen
>would come up. Ditto any browser.
>
>I had to unistall AOL and all its related software to get things to work
>again. So my question, is it safe to reinstall AOL, or is this program a
>virus?

Ned,

Some nasty folks might answer that AOL itself is a virus. ;-}

Be that as it may, I do know that AOL is not a simple Ethernet over {Cable |
DSL} ISP.

Do you, in fact, have a router connected? Are you on AOL Broadband?

Here's an interesting article:
<http://www.homenethelp.com/web/howto/aol-share.asp>

You also might want to check out the BBR AOL Forum:
<http://www.dslreports.com/forum/aolplus>

I don't see any Google about an "AOL Router" spyware or virus. That doesn't
mean it doesn't exist though. Fortunately, there a number of reliable, free
tools to identify any infection that you may have acquired.

How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware, CWShredder, and Spybot S&D have install
routines - run them. The other downloaded programs can be copied into, and run
from, any convenient folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.

Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<http://forum.aumha.org/viewtopic.php?t=5877>), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://www1.spywareinfo.com/articles/hijacked/prevent.php>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.

How did I get infected in the first place?
http://forums.net-integration.net/index.php?showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Relevant Pages

  • Re: Spyware
    ... I know you can get AOL 9.0 at almost ... Bazooka Adware and Spyware Scanner ... Empty your Temporary Internet Files and shrink the size it stores to about ... Once it is done, click OK, close Internet Explorer ...
    (microsoft.public.windowsxp.general)
  • Re: Cant use IExplorer
    ... > use a cable modem with a 4 port wired router. ... > AOL stuff is entirely functional, ... But some links that would ordinarily route me to the Internet ... (Scan for updates, Review and Install) ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Remote Desktop and AOL
    ... >> Connection with AOL. ... > to connect to the internet. ... > Viewpoint Media Player on people's computers. ... > There is no option to not install Viewpoint. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: cannot connect to server or DNS error
    ... How to Configure Internet Explorer to Work with AOL as Your ISP ... All of a sudden I can't launch I.E. 6 to connect to the internet UNLESS I ... Rule out parasites like Kazaa and others. ... Let AD-Aware Scan your system for advertising Spyware ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Remote Desktop and AOL
    ... >Connection with AOL. ... Most people will agree that AOL's internet service ... Viewpoint Media Player on people's computers. ... There is no option to not install Viewpoint. ...
    (microsoft.public.windowsxp.help_and_support)