Re: Exploit Trojan destroying Content IE5
From: Lori (anonymous_at_discussions.microsoft.com)
Date: 06/27/04
- Next message: Paul Pedersen: "Re: IE freezes, and won't quit at shutdown"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: DLL Errors"
- In reply to: LuckyStrike: "Re: Exploit Trojan destroying Content IE5"
- Next in thread: LuckyStrike: "Re: Exploit Trojan destroying Content IE5"
- Reply: LuckyStrike: "Re: Exploit Trojan destroying Content IE5"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 27 Jun 2004 11:16:40 -0700
Dear Lucky,
Thank so much for your information. I got a very similar
reply from someone named Sandy under the category of
Security, Virus Discussions. Well, thrilled to say that
the combination of LSPFix, ugraded Adaware and Spybot has
gotten us up and running. I was too afraid of
HijackThis, so I left it all alone. And now that I was
able to get back online, I upgraded my version of etrust
EZ antivirus and it finally detected the exploit trojan
virus and deleted it.
One problem that is still remaining is that if I rescan
using the Spybot, even though it supposedly fixed the
problems before, PurityScan and RSOExploit still seems to
come up. I keep "fixing" it but they still show up.
But at least we're up and running. I thank you for your
full list of informative suggestions and links.
Lori
>-----Original Message-----
>It might be a bit late now Lori, but this is what has
been said regarding
>the loss of internet connection (after removing certain
spyware) by resident
>guru Jim Byrd MVP:
>
><paste>
>Before you try to remove spyware using any of the
programs below, download a
>copy of LSPFIX from any of the following sites:
>
>http://www.cexx.org/lspfix.htm
>http://www.spychecker.com/program/winsockxpfix.html (if
your OS is Win2k or
>XP)
>
>The process of removing certain malware may kill your
internet connection.
>If this should occur, this program, LSPFIX, will enable
you to regain your
>connection.
>
>All of the removal tools should be run from Safe mode
when
>possible.
><paste/>
>
>Thereafter, you can run the gamut of Anti Spyware
programs:
>Ad-Aware
>CWShredder
>Spybot S&D
>Hijack This
>
>Just for simplicities sake, here is a lengthy C/P from
my sent items folder.
>Please forgive my lack of personal attention in
submitting this to you, but
>it applies to most who have these issues. <s>
>
>
>"Check for Spyware" suggestions:
>First, install the respective programs and then update
them immediately, so
>that they have the current versions, and definitions.
Read the Help Files
>and
>Tutorials. Run them one at a time. With Ad-Aware you may
have it generally
>clean whatever it finds. The same applies for
CWShredder. Spybot S&D
>requires special attention (listed below), as does
HijackThis (Only more so.
>Details listed below) The programs are listed in order
of their general
>strength, safety, and purpose. It is perhaps best to
install and run these
>in this order of appearance. All are freeware programs,
but if you are
>pleased with the results and quality of the utilities,
donations to the
>respective Authors are cheerfully accepted.
>
>Ad -Aware
>http://www.lavasoftusa.com/support/download/
>Ad-Aware Tutorial (might help if you look through this)
>http://www.bleepingcomputer.com/forums/index.php?
showtutorial=48
>
>CWShredder (cleans all Cool Web Search malware)
>http://www.majorgeeks.com/download4086.html
>CWShredder Tutorial
>http://www.bleepingcomputer.com/forums/index.php?
showtutorial=47
>
>Spybot S&D
>http://www.safer-networking.org/index.php?page=download
>Spybot Tutorial (Must Read)
>http://www.safer-networking.org/index.php?page=tutorial
>Other tutorials for Spybot S&D (Also must read)
>http://www.bleepingcomputer.com/forums/index.php?
showtutorial=43
>http://tomcoyote.com/SPYBOT/index1.php
>http://tomcoyote.com/SPYBOT/index2.php
>
>This item below is designed to *prevent* installation of
malware and the
>like by comparing known CLSID's of these "bad guys" with
what is in its
>definitions. It doesn't remove anything, nor will it fix
anything that is
>already in your PC. Rather, it will prevent installation
or re-installation
>of the item once it has been removed either manually, or
by the use of
>another program which will perform the duty of removing
the spyware.
>
>SpywareBlaster (prevents installation of spyware,
Trojans, etc.)
>http://www.javacoolsoftware.com/spywareguard.html
>SpywareBlaster Tutorial
>http://www.bleepingcomputer.com/forums/index.php?
showtutorial=49
>
>SpywareGuard (companion program to SWB, above)
>http://www.javacoolsoftware.com/spywareguard.html
>SpywareGuard Tutorial
>http://www.bleepingcomputer.com/forums/index.php?
showtutorial=50
>
>If you use Spybot S & D, be sure to clean *ONLY* the
items displayed in
>*RED*. DO NOT clean any items displayed in Black or
Green at this time.
>
>Lastly there is HijackThis. Hijack this is a very
powerful, last resort type
>of program which is generally best used in conjunction
with help from those
>who deal with the findings of the log created by the
HijackThis scan. It
>does nothing in the scan itself; it merely says what is
in and running on
>your PC. The items must be checked-marked to
be "cleaned". You must
>know *exactly* what you are checking-off before you
proceed.
>If you don't, you can quite possibly disable many useful
and vital functions
>of your PC. Remember; read the Tutorials, and seek help
at SpywareInfo
>Forums, Net-Integration, or TomCoyote forums for
safety's sake.
>
>HijackThis
>http://www.spywareinfo.com/~merijn/downloads.html
>If the preceding site is down, you may get HijackThis
from Major Geeks
>(amongst other sites as well)
>Hijack This (from Major Geeks)
>http://www.majorgeeks.com/download3155.html
>
>HijackThis Tutorials **(MUST READ)**
>http://www.spywareinfo.com/~merijn/htlogtutorial.html
>http://www.bleepingcomputer.com/forums/index.php?
showtutorial=42
>http://hjt.wizardsofwebsites.com/
>
>Where to seek help with your HijackThis scan log
>SpywareInfo Forums
>http://forums.spywareinfo.com/
>other help forums for HijackThis:
>Net-Integration
>http://forums.net-integration.net/index.php?c=19
>TomCoyote
>http://forums.tomcoyote.com/index.php?showforum=27
>
>
>More general info on Spyware, Malware, and other
undesirable unwanted
>spyware, etc:
>Jim Eshelmans WSC Aumha site:
>http://aumha.org/a/parasite.htm
>more details from Jim and his site
>http://www.aumha.org/a/quickfix.htm
>His quick scan for parasites (scripting must be enabled
for this to work)
>http://www.aumha.org/a/noads.htm
>Bugs, Glitches, and Stuff-Ups; Sandi Hardmeiers help site
>http://inetexplorer.mvps.org/Darnit.htm
>
>
>A free on-line Trojan scanner
>GFI
>http://www.windowsecurity.com/trojanscan/
>PestPatrol on-line scan
>http://www.pestscan.com/home.asp
>
>HTH - and I wish your fledgling XP Dell PC a long
fruitful life. Go forth,
>prosper and multiply. ;-))
>--
>
>LuckyStrike
>LS@smokedamagedfurniture.youcandriveitawaytoday.com
>---------------------------------------------------------
-----------
>
>"Lori" <anonymous@discussions.microsoft.com> wrote in
message
>news:21dec01c45bb7$0c4ca970$a501280a@phx.gbl...
>> We have been experiencing popup resident protection
>> windows for the past week telling us that we have an
>> exploit trojan in the ContentIE5\******* assorted
files,
>> different ones each day. Our antivirus software
doesn't
>> pick up on it, except the manufacturer's resident
>> protection popups do. We can do a full scan but it
comes
>> up clean with the software (etrust EZ antivirus from
CA).
>> Now we can no longer access the Internet as of today
and
>> got some LSP error message, and were receiving many
popup
>> ads from IE even when we weren't online. Have tried to
>> scan for spyware and used the CW Shredder, but no luck.
>> Also have removed any programs we didn't recognize.
>> Any idea how to save this computer which seems to be
>> dying? It is six months old, a Dell, running on XP.
>> Thanks for any input.
>
>
>.
>
- Next message: Paul Pedersen: "Re: IE freezes, and won't quit at shutdown"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: DLL Errors"
- In reply to: LuckyStrike: "Re: Exploit Trojan destroying Content IE5"
- Next in thread: LuckyStrike: "Re: Exploit Trojan destroying Content IE5"
- Reply: LuckyStrike: "Re: Exploit Trojan destroying Content IE5"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
