-=PCTechTalk=- Re: HELP!! IS THIS VALID

• From: *Çõ$mï¢* <Cosmic@xxxxxxxxxxx>
• To: pctechtalk@xxxxxxxxxxxxx
• Date: Tue, 27 May 2003 21:20:01 -0400

What is a Trojan ?? Did I miss the name of the file somehow ?? 
  ----- Original Message ----- 
  From: §Pat§ 
  To: pctechtalk@xxxxxxxxxxxxx 
  Sent: Tuesday, May 27, 2003 8:53 PM
  Subject: -=PCTechTalk=- Re: HELP!! IS THIS VALID


  All I know it is to be a trojan...I went to http://www.pcpitstop.com/
  did the full scan and I was clean in fact I did everything recommended
  and IM CLEAN
  Pat
  ----- Original Message ----- 
  From: " milady" <kg6ocz@xxxxxxxxxxxxx>
  To: <pctechtalk@xxxxxxxxxxxxx>
  Sent: Tuesday, May 27, 2003 8:07 PM
  Subject: -=PCTechTalk=- Re: HELP!! IS THIS VALID


  > MY question is WHAT virus is it? so far I have yet to see ANY name
  > mentiond..all I see is check this or that ...hmmmmmm
  > ----- Original Message ----- 
  > From: "§Pat§" <rhekay@xxxxxxxxxx>
  > To: "PCTECHTALK2" <pctechtalk@xxxxxxxxxxxxx>
  > Sent: Tuesday, May 27, 2003 4:46 PM
  > Subject: -=PCTechTalk=- HELP!! IS THIS VALID
  >
  >
  > > Is there an validity to this? If so is this the way to correct it?
  > > I don't have anything listed here EXCEPT I had the 3 url's listed
  > > in my favorites column...I couldn't find the other things mentioned
  here.
  > > Pat
  > > I got this information sent to me this morning. I think everyone should
  > > check this.. Very important!
  > >
  > > We need for each and every one of you to do the following:
  > >
  > > Because most Virus Checkers do not detect this there is no way stopping
  it
  > > unless you do the following checks yourself.
  > >
  > > Send yourself an email or a stationery.  When you receive it back to
  > > yourself go control/F2 which will bring up the source of your stationary
  > or
  > > email.  If you find the following inside your source: (example only)
  > >
  > > <IFRAME
  > > src="http://www01.upp.so-net.ne.jp:3142@%61%72%68%65%6F%1E%4%6F%6D/m";
  > > width=0 height=0></IFRAME>
  > >
  > > This mean you still have the virus and we ask you not to post to group
  > until
  > > you get rid of it.
  > >
  > > Here's what you need to do:
  > >
  > > In Outlook Express click on Tools > Options >
  > >
  > > Do you have Signature file?  If it references "s.html" ... delete that
  > file!
  > > It creates the IFRAME that infects other people.  The file is located in
  > > C:\Windows
  > >
  > > -----
  > >
  > > In IE ... click on Tools.. then Internet Options... how many tabs do you
  > > have?  Do you have Security? or Advanced? If not, the Trojan hid them.
  > >
  > > This Trojan added three links to the bottom of your favorites list.
  > >
  > > Go to your favorites folder...and delete "Nude Nurses" "Search You
  Trust"
  > > and "Your Favorite Porn Links"
  > >
  > > -----
  > >
  > >
  > > Ok.... if you go to the start button.... then click on run... type in
  > > "regedit" without the quotes.
  > >
  > > This one didn't change on mine... but you should check:
  > >
  > > click on the + by each of these:
  > >
  > > HKEY_LOCAL_MACHINE
  > > then SOFTWARE
  > > then Microsoft
  > > then Windows
  > > then CurrentVersion
  > > then URL
  > > then DefaultPrefix
  > >
  > > now on the right side is a file [ab] default... right click on that and
  > > choose "modify"
  > >
  > > you should just see "http://"; and nothing else (no quotes)
  > >
  > > click ok
  > >
  > > -----
  > >
  > > Don't close the registry yet!
  > >
  > > -----
  > > If you were missing the Security and Advanced tabs in IE
  > > ... move the scroll bar up to the top
  > >
  > > Click on these:
  > >
  > > HKEY_CURRENT_USER
  > > then Software
  > > then Policies
  > > then Microsoft
  > > then Internet Explorer
  > > then Control Panel
  > >
  > > You will see: [ab] default [ab] AdvancedTab [ab] SecurityTab
  > >
  > > Delete [ab] AdvancedTab and [ab] SecurityTab
  > >
  > > ----
  > >
  > > Close the registry because we are done with it. If you open your browser
  > and
  > > go Tools > Internet Options ... all the tabs should be there now.
  > >
  > > ----
  > >
  > > Click Start > Find .. type in find file name:  hosts
  > > You should see a file in C:\windows that only has the word "hosts" no
  > > extension. Right click it and choose "send to" then choose "notepad" ...
  > >
  > > In there you should only have:
  > >
  > > # Copyright (c) 1998 Microsoft Corp.
  > > #
  > > # end of file.
  > >
  > > Look at the entire file and there is probably a list of a urls ...
  delete
  > > them all.  They are there to redirect you and hijack you.
  > >
  > > ----
  > >
  > > Then go to Windows Update and download the VM update.
  > >
  > > there are several ways....
  > >
  > > one way... click on start .. at the top of that menu should be "Windows
  > > Update"
  > >
  > > another... open a browser window... click on "Tools" then choose
  "Windows
  > > Update"
  > >
  > > there are more ways.... I think my son likes to just type
  > > http://windowsupdate.microsoft.com
  > >
  > > or http://v4.windowsupdate.microsoft.com/en/default.asp
  > >
  > > Windows has lots of ways always to do the same thing...
  > >
  > > Take your pick...
  > >
  > > ------
  > >
  > > After you do those things run Adaware and Spybot and they will find
  other
  > > registry changes that need to be removed. Mostly things for the
  hijacking
  > > part of this Trojan.
  > >
  > > You can download Adaware free at www.lavasoftusa.com
  > >
  > > And SpyBot at http://beam.to/spybotsd
  > >
  > > I recommend running both of them.
  > >
  > > -----
  > >
  > > Update and scan with your antivirus program.
  > >
  > >
  > >
  > >
  > >
  > >
  > >
  > >
  > >
  > > Pat
  > >
  > >
  > >
  > >
  > > To unsub or change your email settings:
  > > //www.freelists.org/webpage/pctechtalk
  > >
  > > To access our Archives:
  > > http://groups.yahoo.com/group/PCTechTalk/messages/
  > > //www.freelists.org/archives/pctechtalk/
  > >
  > > For more info:
  > > //www.freelists.org/cgi-bin/list?list_id=pctechtalk
  > >
  >
  >
  > ---
  > Outgoing mail is certified Virus Free.
  > Checked by AVG anti-virus system (http://www.grisoft.com).
  > Version: 6.0.484 / Virus Database: 282 - Release Date: 5/27/2003
  >
  > To unsub or change your email settings:
  > //www.freelists.org/webpage/pctechtalk
  >
  > To access our Archives:
  > http://groups.yahoo.com/group/PCTechTalk/messages/
  > //www.freelists.org/archives/pctechtalk/
  >
  > For more info:
  > //www.freelists.org/cgi-bin/list?list_id=pctechtalk
  >
  >


  To unsub or change your email settings:
  //www.freelists.org/webpage/pctechtalk

  To access our Archives:
  http://groups.yahoo.com/group/PCTechTalk/messages/
  //www.freelists.org/archives/pctechtalk/

  For more info:
  //www.freelists.org/cgi-bin/list?list_id=pctechtalk

To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk

• Follow-Ups:
  • -=PCTechTalk=- Re: HELP!! IS THIS VALID
    • From: milady

• References:
  • -=PCTechTalk=- HELP!! IS THIS VALID
    • From: §Pat§
  • -=PCTechTalk=- Re: HELP!! IS THIS VALID
    • From: milady
  • -=PCTechTalk=- Re: HELP!! IS THIS VALID
    • From: §Pat§

Other related posts:

• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID
• » -=PCTechTalk=- Re: HELP!! IS THIS VALID

1. Home
2. pctechtalk
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---