Re: Win Update
From: stan (SEDNCID_at_myomy.com)
Date: 11/12/04
- Next message: Julie P.: "Cannot delete IMAP mail folder in OE6"
- Previous message: EMD: "IE or Firefox???????"
- In reply to: PA Bear: "Re: Win Update"
- Next in thread: PA Bear: "Re: Win Update"
- Reply: PA Bear: "Re: Win Update"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 12 Nov 2004 12:18:31 -0600
Pa Bear,
Followed instructions in PART A.
Stinger found Trojan Horse, "downloader Qdown.c."
Updated virus AVG 6.0 Spybot & adaware. Ran full scan in AVG, AVG found
virus & removed rebooted problem still exits in Win Updated.
Posted with CastleCops copy of Hijack Log. Castle Cops web site a bit of a
hastle to navigate. Bet I can get into Fort Knox easier. LOL
Stan
"PA Bear" <PABear@mvps.org> wrote in message
news:u5uEf5HyEHA.1404@TK2MSFTNGP11.phx.gbl...
> OK, I had to ask.
>
> IIRC, that result (from pasting the link into an IE window) is indicative
> of hijackware (Hotbar? Huntbar?) infection, so...
>
> Dealing with Trojans & Hijackware (please tend to Parts A and B):
>
> A. Trojans
>
> 1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
>
> 2. Update your virus definitions, enable Show Hidden Files
> (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
> and then run a full system scan in Safe Mode
> (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
> with nothing else running in background. Note the files identified and
> removed then find the corresponding page for the file at your AV maker's
> online support pages (e.g.,
> http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
> and follow *all* Removal steps, including editing the Registry if
> directed.
>
> WinXP Only (WinME similar): If this scan finds anything, create a new
> Restore Point then:
>
> Disk Cleanup > More options > Delete all but the most recent Restore
> Point.
>
> B. Hijackware
>
> Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/Darnit.htm
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>
> Run these tools in the following order with nothing else running in
> background:
>
> 1. CWShredder v2,0 (Run "Fix", not "Scan)
> http://forum.aumha.org/downloads/cwshredder.zip
>
> 2. Ad-Aware SE (reconfigure per Post #2 in
> http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
> http://www.lavasoftusa.com/support/download/
>
> 3. Spybot (RTFM; Immunize then Scan; Generally fix everything in red)
> http://www.safer-networking.org/en/index.html
>
> Important: You must seek updates for Ad-Aware, Spybot, etc., before each
> and every use, even "right out of the box". But even they can't catch
> everything, 24/7.
>
> When all else fails...
>
> HijackThis
> http://forum.aumha.org/downloads/hijackthis.zip
>
> ...is the preferred tool to use. With advice from experts, it will help
> you to both identify and remove any hijackware/spyware. Post your log to,
> e.g., http://forums.spywareinfo.com/, http://computercops.biz/forum67.html
> or http://forum.aumha.org/viewforum.php?f=30 for expert analysis, **not
> here.**
>
> [Alternate download pages for many of the above tools may be found at
> http://aumha.org/a/parasite.htm.]
> --
> ~PA Bear
>
> stan wrote:
>> Don't understand. Please clarify.
>> That's exactly what I did. I entered it in IE Address bar.
>>
> <snip>
>>
>> "PA Bear" <PABear@mvps.org> wrote in message
>> news:O8myy9ByEHA.3376@TK2MSFTNGP12.phx.gbl...
>> > Did you notice?...
>> >
>> > > What do you see if you enter this in an *IE* Address bar on each?
>> > >
>> > > javascript:navigator.userAgent
>> >
>> > IE, not Mozilla, please.
>> > --
> <snip>
>> > > > > > > Thank you for your interest in Windows Update
>> > > > > > >
>> > > > > > > Windows Update is the online extension of Microsoft Windows
>> > > > > > > that helps you
>> > > > > > > get the most out of your computer.
>> > > > > > >
>> > > > > > > You must be running a Microsoft Windows operating system in
>> > > > > > > order to use
>> > > > > > > Windows Update. If you are looking for updates to Microsoft
>> > > > > > > products for
>> > > > > > > Macintosh operating systems, please visit
>> > > > > > > http://www.microsoft.com/mac/.
>> > > > > > >
>> > > > > > > Above message started appearing this morning.
>> > > > > > >
>> > > > > > > I am only using Windows firewall. Can't access windows
>> > > > > > > update. OS
>> > > > > > > WINXP
>> > > > > > > SP2.
>> > > > > > >
>> > > > > > > Entry in Registry,
>> > > > > > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
>> > > > > > > Settings\User Agent\Post Platform.
>> > > > > > >
>> > > > > > > There are two entries for POST PLATFORM. Should there be, if
>> > > > > > > not which is
>> > > > > > > correct.
>> > > > > > >
>> > > > > > > One entry shows MSN 2.5 & MSNIA. Other shows Q312461 & SN1.
>> > > > > > > UN
>> > > > > > > TOKEN SHOWS
>> > > > > > > MSN 2.5.
>> > > > > > >
>> > > > > > > My deduction says entries with references to MSN are
>> > > > > > > correct,
>> > > > > > > the
>> > > > > > > other
>> > > > > > > could be corruption.
>> > > > > > >
>> > > > > > > Much appreciated help needed. Can this one be deleted?. Can a
>> > > > > > > repair be done on Internet Explorer. How?.
>> > > > > > >
>> > > > > > > Stan
>
- Next message: Julie P.: "Cannot delete IMAP mail folder in OE6"
- Previous message: EMD: "IE or Firefox???????"
- In reply to: PA Bear: "Re: Win Update"
- Next in thread: PA Bear: "Re: Win Update"
- Reply: PA Bear: "Re: Win Update"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
