| Author |
Topic: Help with Trojan virus, please? |
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 6 Dec 2003 3:35 pm |
|
Although I have Norton Antivirus with live update, somehow two tmp files contracted Trojan byte verify.
I quarantined them and attempted repair, but to no avail and was notified;
quote:
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: C:\Program Files\Norton AntiVirus\Dummy.class
machine: F5QRY01
result: This file is infected with Trojan.ByteVerify
Developer notes:
C:\Program Files\Norton AntiVirus\Dummy.class is non-repairable threat. It is detected by NAV with the latest definition, which is available from LiveUpdate or http://securityresponse.symantec.com. Please delete this file and replace it if necessary.
The current monthly definitions are capable of detecting and repairing
this virus. Please update your definitions by clicking the "LiveUpdate"
button in your NAV program.
----------------------------------------------------------------------
This message was generated by Symantec Security Response automation
I have since deleted the files (there were two), but I still have problems such as;
unwanted pop ups (even when blocked by AOL)
AOL disconnecting when I click on a website
Someone throw me a life saver please....(not the green ones though  )
|
|
|
 |
Ricky Davis
From:
Bertram, Texas USA
|
Posted 6 Dec 2003 4:14 pm
|
|
Howard; do you have Windows XP?? AS you can restore to any earlier Date..and will help.
Also you can download for free> Spyware Blaster and that will kill those popups if infact your are affected with spyware...>but AOL has a pop up blocker built into it's browser....but never use AOL browswer..ha....just when you get online through AOL..than use your internet explorer browser...
Oh here's the link to the spyware blaster>
http://www.javacoolsoftware.com/spywareblaster.html
Ricky[This message was edited by Ricky Davis on 06 December 2003 at 04:15 PM.] |
|
|
|
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 6 Dec 2003 7:00 pm
|
|
I have Windows ME. I've tried system restore, but it's not working. It will not go back to a previous date, and I made sure that my system restore is enabled.
I have Spyware and pop ups were contolled.
This Trojan thing did something. Aside from pop ups, it disconnects AOL. When I log onto the forum for example, I can get to a section, but when I click on a thread, it disconnects (maybe b0b is doing that ).
I'm here now because I'm on a spare laptop. |
|
|
|
Mark Ardito
From:
Chicago, IL, USA
|
Posted 6 Dec 2003 7:38 pm
|
|
Howard,
One bad thing with that system restore is what you are experiencing. In order to "remove" these files, you will need to temporarly disable the system restore. Here is what you have to do.
1. RIGHT click on "My Computer"
2. A dialog box will appear, click the "Performance" tab.
3. You will see a button at the bottom called "file system"...go ahead and click that.
4. An additional dialog box will open. Go ahead and click on the last tab on the right called "Troubleshooting".
5. Put a CheckMark in the box titled "Disable System Restore".
6. Click "Apply" and then "OK".
Now, you will want to restart your computer, but you want to restart into "Safe Mode". So when you are prompted to restart your computer just click "NO".
Here is how to restart in safe mode the easiest way.
1. Go to the START menu and then select RUN.
2. At the prompt, type "msconfig".
3. Click the "Advanced" button at the bottom of the screen.
4. Put the checkMark in the "Enable Startup Menu" box.
5. Click "Apply" and then "OK"
NOW when it asks you to restart your computer click OK.
WHen you restart a prompt will ask you which mode you want. Choose SAFE-MODE.
Now in safe mode, do a virus scan and then DELETE the file. You don't need those files for anything.
Then once deleted, restart the computer again, and then reverse the CheckMarks you just put in.
Let me know...
Cheers!
Mark
------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com
|
|
|
|
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 7 Dec 2003 10:11 am
|
|
Mark & Ricky, thanks for your advice.
I followed the steps and procedures above, but I'm still having the same problems.
When I scanned for viruses, there were no files found to be infected, as I had previously deleted them.
The other abnormality that I have (or the computer has, I should say) is that when I start up an alert appears:
quote:
Problem with Shortcut
The shortcut AOL companion link refers to a location that is unavailable. The location could be on a hard drive on this computer, or on a network, or on a different computer on your home network. Check to make sure that the disk is properly inserted or that you are connected to the internet or home network and then try again.
This is something that just appeared recently. I have no home network. Don't know what this is about or if it's related.
????? |
|
|
|
Jody Carver
From:
KNIGHT OF FENDER TWEED
|
Posted 7 Dec 2003 3:15 pm
|
|
Howard
Have you been anywhere with strange people latley.??
This virus leads to pnuemonia which I have,
you need not know the next step...dont e mail me ,I have enough problems. |
|
|
|
Terry Srader
From:
Georgia
|
Posted 7 Dec 2003 5:39 pm
|
|
Howard,
If you are a computer whiz, here's the remove instrux directly from Symantec.
http://securityresponse.symantec.com/.../trojan.byteverify.html
Otherwise, you need to get a hold of Spybot http://spybot-spyware.com/ This is a free download.
It'll find / fix over 190 spyware and trojans currently on the internet. It is by far the best out there
Good luck.
Terry[This message was edited by Terry Srader on 07 December 2003 at 05:42 PM.] [This message was edited by Terry Srader on 07 December 2003 at 05:47 PM.] [This message was edited by b0b on 13 December 2003 at 12:34 PM.] |
|
|
|
Ricky Davis
From:
Bertram, Texas USA
|
Posted 7 Dec 2003 6:34 pm
|
|
Terry that spybot spyware download is for the program that will find all those things....but if you want to remove them...You have to pay 30 bucks....
So free in the sense that it will find all that you want to remove but than charge you to remove them...."Ain't our free enterprise just a wonderful capitalist society"???ha.
Ricky |
|
|
|
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 7 Dec 2003 8:19 pm
|
|
The files containing the virus were deleted, so I'm no longer infected. Certain settings ,I assume, have to be changed or reset.
I would like to restore to an earlier date, but for some reason, the restore function will not restore past today's date. When i click on a previous month or day,....nada.
Ricky, I did read your thread on the definition of restoration, and yes, I want to restore to the original condition, not refurbish or customize the settings..
How about retrofit? |
|
|
|
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 7 Dec 2003 8:22 pm
|
|
| Mark, I just re read your post. I originally deleted these files, but not in safe mode. When I went to safe mode and scanned, there were 0 infections. Could I possibly still have them? |
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 8 Dec 2003 4:12 am
|
|
| Quote: |
| but if you want to remove them...You have to pay 30 bucks.... |
Spybot Search & Destroy is free and will detect and remove anything it finds for no extra charge.
Perhaps you meant SpywareBlaster, but that's free for both detection and removal, as well. |
|
|
|
Ricky Davis
From:
Bertram, Texas USA
|
Posted 8 Dec 2003 10:33 am
|
|
Jeff I was only refering to the spybot-spyware link that Terry put up.
I do have SpywareBlaster and yes it's free for search and destroy...and works good.
Ricky[This message was edited by Ricky Davis on 08 December 2003 at 10:33 AM.] |
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 8 Dec 2003 11:31 am
|
|
My mistake, Ricky. I didn't pay attention to the actual link to which Terry referred.
The confusion is from that product's use of the "Spybot" name. I'm not a fan of companies that prey on this confusion with similar-sounding names.
In fact, this company has a poor reputation. Among many complaints, here is one from the Pittsburgh Post-Gazette: quote:
Q: I recently got a message when I logged onto a Web site saying "You are seeing this message, because we have detected that you have spyware installed in your machine. This is not a virus but a program in your machine that monitors and transmits all of your online activities, and is a serious violation of your privacy. Below is a link to a free scanner to download that will find & remove all spyware programs on your machine: Get the scanner." Is this for real? Or is it a virus trying to trick me into installing it on my system? I have not done anything with it yet.
A: This is one of the most distinct cases of false and deceptive advertising that I have seen in ages. It is actually a pop-up ad from a company called Enigma Software Group. The company offers an affiliate program in which Web site operators can pop up this message and get paid a few cents a click or $1.50 for every thousand people who see the ad. The company claims it has great click-through rates, which wouldn't surprise me because the ad misleads the user into thinking his system has already been checked for spyware -- which it hasn't been. In fact, Enigma allows the affiliate who runs the ad to personalize it with the name of the affiliate Web site.
There are plenty of spyware finders on the market. The Enigma product is just one of them -- and, frankly, I'm not even sure if it is any good. I would say that if the company stoops to deceptive practices like these to get you to click, I wouldn't download the product or use it. You can't be sure whether they are deceiving you in other ways.
After receiving your e-mail message I found a copy of the pop-up ad, and determined that when you click on the link, you're automatically downloading a program, not going to a Web page to get more information.
Also, note the pop-up clearly states the program is a "free scanner that will find and remove all spyware programs... (emphasis added).
FYI, the latest version of Spybot S&D detects and removes 13,454 pests. And it's free. |
|
|
|
Terry Srader
From:
Georgia
|
Posted 8 Dec 2003 8:16 pm
|
|
"Spybot" is like insurance...it's sometimes seems like a waste of $$$, but it sure comes in handy when things go south.
manually removing the trojan is an obvious option, given instrux from your fav AV software.
or you can go pick up your favorite firwall router so you can surf in "relative safety." this is the option i use personally as i block all non-established traffic (ie, not coming from inside my home network). you could go even further and customize your IE security settings.....whichever works best for all. |
|
|
|
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 13 Dec 2003 6:30 am
|
|
Well, here's my progress:
I downloaded spybot and along with that, a pop up eliminator program and so the pop ups are controlled. Thank for the information on that very useful and free website.
I'm virus free.
I do still have the disconnect problem. I'm still on dial up mode and become disconnected many times when clicking through a website.
Any info on how to correct this? |
|
|
|
Ricky Davis
From:
Bertram, Texas USA
|
Posted 13 Dec 2003 10:38 am
|
|
Howard being on AOL Dial-up; you will get kicked off as a result of more frequent activity on the same server.
So here's what you do. Click on "keyword" than type in "Time Zone"....and a box will come up and that is a constant time keeper and runs constantly....>so mimumize it out of the way....but it will continue to run while your online and you won't be kicked off anymore.
Ricky |
|
|
|
Jody Carver
From:
KNIGHT OF FENDER TWEED
|
Posted 13 Dec 2003 9:38 pm
|
|
Attention.
All traffic has been re-directed due to a virus in Manhattan. 37th Street has been closed until further notice.
|
|
|
|
HowardR
From:
N.Y.C.-Fire Island-Asheville
|
Posted 14 Dec 2003 7:25 am
|
|
| I knew you would surface Jody.... |
|
|
|
