There are 2 messages in this issue. Topics in this digest: 1. Re: AVG found a Trojan Horse -- Help, please II From: "esrman" <esrman@xxxxxxxxxxxxx> 2. Re: AVG found a Trojan Horse -- Help, please From: Seantific <spunkovision@xxxxxxxxx> ________________________________________________________________________ ________________________________________________________________________ Message: 1 Date: Tue, 17 May 2005 08:54:34 -0400 From: "esrman" <esrman@xxxxxxxxxxxxx> Subject: Re: AVG found a Trojan Horse -- Help, please II I have a compaq and its in "Compaq Support" in the start menu. Open compaq support and it has a list. System restore,selective restore,etc. ----- Original Message ----- From: Seantific To: mycomputerheadaches@xxxxxxxxxxxxxxx Sent: Tuesday, May 17, 2005 5:16 AM Subject: Re: [MCH] AVG found a Trojan Horse -- Help, please II It does? How do you do it, Esrman? esrman <esrman@xxxxxxxxxxxxx> wrote: I repeat. windows 98se has a ".SYSTEM RESTORE" ----- Original Message ----- From: Seantific To: mycomputerheadaches@xxxxxxxxxxxxxxx Sent: Monday, May 16, 2005 9:22 PM Subject: Re: [MCH] AVG found a Trojan Horse -- Help, please II Guy, that would be a Registry restore. I think System Restore is much more involved. Doing a Registry restore could fix some of the problems a computer user might be experiencing of course. Guy Mallard <gmelex@xxxxxxxxx> wrote: I have performed system restore many times in W98. If you reboot choosing ms-dos - Type in: scanreg /restore. Make sure there is a space between scanreg and/restore. Guy Mallard --- AlohaBev <alohabev@xxxxxxxxxxxxx> wrote: > At 5/16/2005 05:24 PM, Steve Tabler wrote: > > >For what it's worth, versions of Windows prior to > Windows XP don't have a > >system restore. > > It's worth a lot to me, Steve. I've been all day > trying to find it or its > equivalent in Win98. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com [Non-text portions of this message have been removed] =3D=3D=3DMOD RULE: Delete this line & everything below it when responding= to an email.=3D=3D=3D ----------------------------------------------------------------------------= -- Yahoo! Groups Links a.. To visit your group on the web, go to: http://groups.yahoo.com/group/mycomputerheadaches/ b.. To unsubscribe from this group, send an email to: mycomputerheadaches-unsubscribe@xxxxxxxxxxxxxxx c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ Message: 2 Date: Tue, 17 May 2005 05:46:31 -0700 (PDT) From: Seantific <spunkovision@xxxxxxxxx> Subject: Re: AVG found a Trojan Horse -- Help, please YOU: A cyberbud just switched from her expired-Friday-McAfee to AVG. Her first run after installation gave her this, she says: This is what the Vault says: TROJAN HORSE Downloader.Comet.B -- the below two files C:\Program Files\Comet Systems\DM\bin\dmserver.exe C:\Program Files\Comet Systems\DM\bin\dmproxy.dll SEAN: Why am I not surprised. McAfee is an antivirus primarily and its strong attribute is that of detecting viruses. Unfortunately antiviruses are usually not good trojan detectors. You need antitrojans to do that job. Past experience of working with AVG, however, as well as working with Avast and AntiVir, both free antiviruses, has taught me that they are better in detecting trojans than either McAfee or Norton. In the systems I configure and fix, I actually install two antiviruses (yeah, I know: you can't use 2 antiviruses at the same time). Remember, I said "install" and not "use" at the same time. I allow one antivirus, usually AVG, to run on Windows bootup, while either Avast or Antivir is disabled at bootup by way of msconfig's Startup tab AND their own settings. I tell the owners of these computers to sometimes run their secondary antivirus at bootup instead of AVG also by configuring msconfig to switch off AVG from booting up and also using AVG's own settings. They also need to switch on their secondary antivirus to run at bootup through the same means. In other words, I tell them to cycle or alternate using the different antiviruses that they have. I have friends who have installed all three: AVG, AntiVir, and Avast. Additionally, Spybot, Ad-Aware, MS Windows AntiSpyware and other antispyware have trojan detecting and removal capabilities since trojans are categorized as malware. Here are my recommendations: Before doing anything, do the following first: Turning on "Show all files": Windows itself, by default, hides certain files, system folders or file extentions from the user to make it easier to navigate. If you are having to find an infected file or just one you are looking for, this can cause you to not find it. If you wish you may change this to show all of the files on your computer. How to Show Hidden System Files in Win98 Open My Computer. Select the View menu and click Folder Options. Select the View Tab. In the Hidden files section select Show all files. Click OK. When you are done with the above, download the following: LSPFix - http://www.cexx.org/lspfix.htm WinSock Fix - http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml A lot of times, when cleaning up spyware/adware, internet connection or configuration gets broken due to the modifications made by the pests. Once you remove the pests, internet connection also gets broken. The above utilities will help you restore your internet connection. All the programs recommended here are freeware, except Trojan Hunter. 1. Update McAfee/AVG first of all. Then reboot in Safe Mode. Do you scanning and pest removal there. How to boot up to Safe Mode using alternative methods http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D32 2. Update Spybot and Adaware. Do not only update their reference lists though. Make sure you have the latest versions. Spybot's current version is 1.3. Ad-Aware SE's current version is 1.05. If you are upgrading any of them to a higher version, do uninstall them first then install the new version. On guidelines on how to use them, go here (password-protected): http://s11.invisionfree.com/SpunkyMcSpank/index.php?showforum=3D5 This is a long thread. Adaware is at the very bottom. Reboot to Safe Mode and do your Spybot AND Ad-Aware scanning there. 3. Install ALL of the following antitrojans: a. a2 (a-squared) b. Ewido Search for both of them in this thread: http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2 When you are done, make sure they are updated before you use them. Reboot and perform your scanning in Safe Mode. If you still have problems, install Trojan Hunter: http://www.trojanhunter.com/ They have a trial version that you can use for a few days. Again, do your scanning in Safe Mode. There are other antitrojans trojan scanning services in this thread that are free: http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2 4. For added insurance, install MS Windows AntiSpyware. Update it first then scan your system in Safe Mode. Search for it here: http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2 Why so many software are needed to detect/remove trojans? Unfortunately, not one antitrojan can detect all the trojans. Some detect some trojans, while others detect some other trojans that the other antitrojans miss. 5. Go to Add/Remove Programs in Control Panel to see if you can find unfamiliar programs that you do not remember installing. Uninstall them if you are suspicious of them. 6. Install SpywareBlaster. SpywareBlaster prevents many spywares ActiveX controls from running, even if they are already installed on your system. Look for SpywareBlaster here: http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2 7. Install HijackThis and send me the HJT scan log privately. Look for the link and instructions here: http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2 8. Launch msconfig to see what runs during bootup. Go to the Startup tab to see the list. Uncheck the ones that are not essential to normal Windows bootup. If you do not know which ones to uncheck, follow this: Copying Startup list Download StartLog.com from this site: http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html Doubleclick it, and it will generate a text file on your desktop that will list all the applications that start in the many places when you start Windows. We don't need to see StubPath.txt, just Startup.Log. Just go to 'Edit/select all', then copy, and paste it here. 9. Empty your Temporary and Temporary Internet Files or Folder. One of the tricks that spyware use is to operate from within these folders. YOU: The details say they are NOT healable. SEAN: Try doing it in Safe Mode. YOU: What the heck is COMET SYSTEMS anyway? Both of these say "Backup copy -- infected" I saw on Google that it/they are Gator-related. :( Ad-Aware will "heal" (remove?) these, right? If not, please, what is the recommended way? SEAN: Comet and Gator are spyware. They are some of the hardest to remove. Ad-Aware does remove some of their components. That is the reason why you need to use different software to detect everything that potentially can damage your system. AlohaBev <alohabev@xxxxxxxxxxxxx> wrote: A cyberbud just switched from her expired-Friday-McAfee to AVG. Her first run after installation gave her this, she says: This is what the Vault says: TROJAN HORSE Downloader.Comet.B -- the below two files C:\Program Files\Comet Systems\DM\bin\dmserver.exe C:\Program Files\Comet Systems\DM\bin\dmproxy.dll The details say they are NOT healable. What the heck is COMET SYSTEMS anyway? Both of these say "Backup copy -- infected" I saw on Google that it/they are Gator-related. :( Ad-Aware will "heal" (remove?) these, right? If not, please, what is the recommended way? Aloha, Bev in Alabama, USA :) alohabev@xxxxxxxxxxxxx --------------------------------- Yahoo! Mail Stay connected, organized, and protected. Take the tour [Non-text portions of this message have been removed] ________________________________________________________________________ ________________________________________________________________________ =3D=3D=3DMOD RULE: Delete this line & everything below it when responding= to an email.=3D=3D=3D ------------------------------------------------------------------------ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/mycomputerheadaches/ <*> To unsubscribe from this group, send an email to: mycomputerheadaches-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ------------------------------------------------------------------------ see the Yahoo home page http://groups.yahoo.com/group/mycomputerheadaches/ See the self help page here //www.freelists.org/cgi-bin/webpage?webpage_id=mch