What is a Trojan ?? Did I miss the name of the file somehow ?? ----- Original Message ----- From: §Pat§ To: pctechtalk@xxxxxxxxxxxxx Sent: Tuesday, May 27, 2003 8:53 PM Subject: -=PCTechTalk=- Re: HELP!! IS THIS VALID All I know it is to be a trojan...I went to http://www.pcpitstop.com/ did the full scan and I was clean in fact I did everything recommended and IM CLEAN Pat ----- Original Message ----- From: " milady" <kg6ocz@xxxxxxxxxxxxx> To: <pctechtalk@xxxxxxxxxxxxx> Sent: Tuesday, May 27, 2003 8:07 PM Subject: -=PCTechTalk=- Re: HELP!! IS THIS VALID > MY question is WHAT virus is it? so far I have yet to see ANY name > mentiond..all I see is check this or that ...hmmmmmm > ----- Original Message ----- > From: "§Pat§" <rhekay@xxxxxxxxxx> > To: "PCTECHTALK2" <pctechtalk@xxxxxxxxxxxxx> > Sent: Tuesday, May 27, 2003 4:46 PM > Subject: -=PCTechTalk=- HELP!! IS THIS VALID > > > > Is there an validity to this? If so is this the way to correct it? > > I don't have anything listed here EXCEPT I had the 3 url's listed > > in my favorites column...I couldn't find the other things mentioned here. > > Pat > > I got this information sent to me this morning. I think everyone should > > check this.. Very important! > > > > We need for each and every one of you to do the following: > > > > Because most Virus Checkers do not detect this there is no way stopping it > > unless you do the following checks yourself. > > > > Send yourself an email or a stationery. When you receive it back to > > yourself go control/F2 which will bring up the source of your stationary > or > > email. If you find the following inside your source: (example only) > > > > <IFRAME > > src="http://www01.upp.so-net.ne.jp:3142@%61%72%68%65%6F%1E%4%6F%6D/m"; > > width=0 height=0></IFRAME> > > > > This mean you still have the virus and we ask you not to post to group > until > > you get rid of it. > > > > Here's what you need to do: > > > > In Outlook Express click on Tools > Options > > > > > Do you have Signature file? If it references "s.html" ... delete that > file! > > It creates the IFRAME that infects other people. The file is located in > > C:\Windows > > > > ----- > > > > In IE ... click on Tools.. then Internet Options... how many tabs do you > > have? Do you have Security? or Advanced? If not, the Trojan hid them. > > > > This Trojan added three links to the bottom of your favorites list. > > > > Go to your favorites folder...and delete "Nude Nurses" "Search You Trust" > > and "Your Favorite Porn Links" > > > > ----- > > > > > > Ok.... if you go to the start button.... then click on run... type in > > "regedit" without the quotes. > > > > This one didn't change on mine... but you should check: > > > > click on the + by each of these: > > > > HKEY_LOCAL_MACHINE > > then SOFTWARE > > then Microsoft > > then Windows > > then CurrentVersion > > then URL > > then DefaultPrefix > > > > now on the right side is a file [ab] default... right click on that and > > choose "modify" > > > > you should just see "http://"; and nothing else (no quotes) > > > > click ok > > > > ----- > > > > Don't close the registry yet! > > > > ----- > > If you were missing the Security and Advanced tabs in IE > > ... move the scroll bar up to the top > > > > Click on these: > > > > HKEY_CURRENT_USER > > then Software > > then Policies > > then Microsoft > > then Internet Explorer > > then Control Panel > > > > You will see: [ab] default [ab] AdvancedTab [ab] SecurityTab > > > > Delete [ab] AdvancedTab and [ab] SecurityTab > > > > ---- > > > > Close the registry because we are done with it. If you open your browser > and > > go Tools > Internet Options ... all the tabs should be there now. > > > > ---- > > > > Click Start > Find .. type in find file name: hosts > > You should see a file in C:\windows that only has the word "hosts" no > > extension. Right click it and choose "send to" then choose "notepad" ... > > > > In there you should only have: > > > > # Copyright (c) 1998 Microsoft Corp. > > # > > # end of file. > > > > Look at the entire file and there is probably a list of a urls ... delete > > them all. They are there to redirect you and hijack you. > > > > ---- > > > > Then go to Windows Update and download the VM update. > > > > there are several ways.... > > > > one way... click on start .. at the top of that menu should be "Windows > > Update" > > > > another... open a browser window... click on "Tools" then choose "Windows > > Update" > > > > there are more ways.... I think my son likes to just type > > http://windowsupdate.microsoft.com > > > > or http://v4.windowsupdate.microsoft.com/en/default.asp > > > > Windows has lots of ways always to do the same thing... > > > > Take your pick... > > > > ------ > > > > After you do those things run Adaware and Spybot and they will find other > > registry changes that need to be removed. Mostly things for the hijacking > > part of this Trojan. > > > > You can download Adaware free at www.lavasoftusa.com > > > > And SpyBot at http://beam.to/spybotsd > > > > I recommend running both of them. > > > > ----- > > > > Update and scan with your antivirus program. > > > > > > > > > > > > > > > > > > > > Pat > > > > > > > > > > To unsub or change your email settings: > > //www.freelists.org/webpage/pctechtalk > > > > To access our Archives: > > http://groups.yahoo.com/group/PCTechTalk/messages/ > > //www.freelists.org/archives/pctechtalk/ > > > > For more info: > > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.484 / Virus Database: 282 - Release Date: 5/27/2003 > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ > > For more info: > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > > To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk