[mchFree] [MCH] Digest Number 1383
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mch@xxxxxxxxxxxxx
- Date: Tue, 17 May 2005 08:29:51 -0700
There are 2 messages in this issue.
Topics in this digest:
1. Re: AVG found a Trojan Horse -- Help, please II
From: "esrman" <esrman@xxxxxxxxxxxxx>
2. Re: AVG found a Trojan Horse -- Help, please
From: Seantific <spunkovision@xxxxxxxxx>
________________________________________________________________________
________________________________________________________________________
Message: 1
Date: Tue, 17 May 2005 08:54:34 -0400
From: "esrman" <esrman@xxxxxxxxxxxxx>
Subject: Re: AVG found a Trojan Horse -- Help, please II
I have a compaq and its in "Compaq Support" in the start menu.
Open compaq support and it has a list.
System restore,selective restore,etc.
----- Original Message -----
From: Seantific
To: mycomputerheadaches@xxxxxxxxxxxxxxx
Sent: Tuesday, May 17, 2005 5:16 AM
Subject: Re: [MCH] AVG found a Trojan Horse -- Help, please II
It does? How do you do it, Esrman?
esrman <esrman@xxxxxxxxxxxxx> wrote:
I repeat.
windows 98se has a ".SYSTEM RESTORE"
----- Original Message -----
From: Seantific
To: mycomputerheadaches@xxxxxxxxxxxxxxx
Sent: Monday, May 16, 2005 9:22 PM
Subject: Re: [MCH] AVG found a Trojan Horse -- Help, please II
Guy, that would be a Registry restore. I think System Restore is much
more involved. Doing a Registry restore could fix some of the problems a
computer user might be experiencing of course.
Guy Mallard <gmelex@xxxxxxxxx> wrote:
I have performed system restore many times in W98.
If you reboot choosing ms-dos - Type in: scanreg
/restore.
Make sure there is a space between scanreg
and/restore.
Guy Mallard
--- AlohaBev <alohabev@xxxxxxxxxxxxx> wrote:
> At 5/16/2005 05:24 PM, Steve Tabler wrote:
>
> >For what it's worth, versions of Windows prior to
> Windows XP don't have a
> >system restore.
>
> It's worth a lot to me, Steve. I've been all day
> trying to find it or its
> equivalent in Win98.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[Non-text portions of this message have been removed]
=3D=3D=3DMOD RULE: Delete this line & everything below it when responding=
to an
email.=3D=3D=3D
----------------------------------------------------------------------------=
--
Yahoo! Groups Links
a.. To visit your group on the web, go to:
http://groups.yahoo.com/group/mycomputerheadaches/
b.. To unsubscribe from this group, send an email to:
mycomputerheadaches-unsubscribe@xxxxxxxxxxxxxxx
c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service.
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
Message: 2
Date: Tue, 17 May 2005 05:46:31 -0700 (PDT)
From: Seantific <spunkovision@xxxxxxxxx>
Subject: Re: AVG found a Trojan Horse -- Help, please
YOU:
A cyberbud just switched from her expired-Friday-McAfee to AVG. Her first
run after installation gave her this, she says:
This is what the Vault says:
TROJAN HORSE Downloader.Comet.B -- the below two files
C:\Program Files\Comet Systems\DM\bin\dmserver.exe
C:\Program Files\Comet Systems\DM\bin\dmproxy.dll
SEAN:
Why am I not surprised. McAfee is an antivirus primarily and its strong
attribute is that of detecting viruses. Unfortunately antiviruses are
usually not good trojan detectors. You need antitrojans to do that job.
Past experience of working with AVG, however, as well as working with Avast
and AntiVir, both free antiviruses, has taught me that they are better in
detecting trojans than either McAfee or Norton. In the systems I configure
and fix, I actually install two antiviruses (yeah, I know: you can't use 2
antiviruses at the same time). Remember, I said "install" and not "use" at
the same time. I allow one antivirus, usually AVG, to run on Windows
bootup, while either Avast or Antivir is disabled at bootup by way of
msconfig's Startup tab AND their own settings. I tell the owners of these
computers to sometimes run their secondary antivirus at bootup instead of
AVG also by configuring msconfig to switch off AVG from booting up and also
using AVG's own settings. They also need to
switch on their secondary antivirus to run at bootup through the same
means. In other words, I tell them to cycle or alternate using the
different antiviruses that they have. I have friends who have installed all
three: AVG, AntiVir, and Avast.
Additionally, Spybot, Ad-Aware, MS Windows AntiSpyware and other
antispyware have trojan detecting and removal capabilities since trojans
are categorized as malware.
Here are my recommendations:
Before doing anything, do the following first:
Turning on "Show all files":
Windows itself, by default, hides certain files, system folders or file
extentions from the user to make it easier to navigate. If you are having
to find an infected file or just one you are looking for, this can cause
you to not find it. If you wish you may change this to show all of the
files on your computer.
How to Show Hidden System Files in Win98
Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select Show all files.
Click OK.
When you are done with the above, download the following:
LSPFix - http://www.cexx.org/lspfix.htm
WinSock Fix -
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
A lot of times, when cleaning up spyware/adware, internet connection or
configuration gets broken due to the modifications made by the pests. Once
you remove the pests, internet connection also gets broken. The above
utilities will help you restore your internet connection.
All the programs recommended here are freeware, except Trojan Hunter.
1. Update McAfee/AVG first of all. Then reboot in Safe Mode. Do you
scanning and pest removal there.
How to boot up to Safe Mode using alternative methods
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D32
2. Update Spybot and Adaware. Do not only update their reference lists
though. Make sure you have the latest versions.
Spybot's current version is 1.3.
Ad-Aware SE's current version is 1.05.
If you are upgrading any of them to a higher version, do uninstall them
first then install the new version.
On guidelines on how to use them, go here (password-protected):
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showforum=3D5
This is a long thread. Adaware is at the very bottom.
Reboot to Safe Mode and do your Spybot AND Ad-Aware scanning there.
3. Install ALL of the following antitrojans:
a. a2 (a-squared)
b. Ewido
Search for both of them in this thread:
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2
When you are done, make sure they are updated before you use them. Reboot
and perform your scanning in Safe Mode.
If you still have problems, install Trojan Hunter:
http://www.trojanhunter.com/
They have a trial version that you can use for a few days. Again, do your
scanning in Safe Mode. There are other antitrojans trojan scanning services
in this thread that are free:
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2
4. For added insurance, install MS Windows AntiSpyware. Update it first
then scan your system in Safe Mode. Search for it here:
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2
Why so many software are needed to detect/remove trojans? Unfortunately,
not one antitrojan can detect all the trojans. Some detect some trojans,
while others detect some other trojans that the other antitrojans miss.
5. Go to Add/Remove Programs in Control Panel to see if you can find
unfamiliar programs that you do not remember installing. Uninstall them if
you are suspicious of them.
6. Install SpywareBlaster. SpywareBlaster prevents many spywares ActiveX
controls from running, even if they are already installed on your system.
Look for SpywareBlaster here:
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2
7. Install HijackThis and send me the HJT scan log privately. Look for the
link and instructions here:
http://s11.invisionfree.com/SpunkyMcSpank/index.php?showtopic=3D2
8. Launch msconfig to see what runs during bootup. Go to the Startup tab to
see the list. Uncheck the ones that are not essential to normal Windows
bootup. If you do not know which ones to uncheck, follow this:
Copying Startup list
Download StartLog.com from this site:
http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html
Doubleclick it, and it will generate a text file on your desktop that will
list all the applications that start in the many places when you start
Windows.
We don't need to see StubPath.txt, just Startup.Log. Just go to
'Edit/select all', then copy, and paste it here.
9. Empty your Temporary and Temporary Internet Files or Folder. One of the
tricks that spyware use is to operate from within these folders.
YOU: The details say they are NOT healable.
SEAN: Try doing it in Safe Mode.
YOU:
What the heck is COMET SYSTEMS anyway? Both of these say "Backup copy --
infected"
I saw on Google that it/they are Gator-related. :( Ad-Aware will "heal"
(remove?) these, right? If not, please, what is the recommended way?
SEAN: Comet and Gator are spyware. They are some of the hardest to remove.
Ad-Aware does remove some of their components. That is the reason why you
need to use different software to detect everything that potentially can
damage your system.
AlohaBev <alohabev@xxxxxxxxxxxxx> wrote:
A cyberbud just switched from her expired-Friday-McAfee to AVG. Her first
run after installation gave her this, she says:
This is what the Vault says:
TROJAN HORSE Downloader.Comet.B -- the below two files
C:\Program Files\Comet Systems\DM\bin\dmserver.exe
C:\Program Files\Comet Systems\DM\bin\dmproxy.dll
The details say they are NOT healable.
What the heck is COMET SYSTEMS anyway? Both of these say "Backup copy --
infected"
I saw on Google that it/they are Gator-related. :( Ad-Aware will "heal"
(remove?) these, right? If not, please, what is the recommended way?
Aloha, Bev in Alabama, USA :)
alohabev@xxxxxxxxxxxxx
---------------------------------
Yahoo! Mail
Stay connected, organized, and protected. Take the tour
[Non-text portions of this message have been removed]
________________________________________________________________________
________________________________________________________________________
=3D=3D=3DMOD RULE: Delete this line & everything below it when responding=
to an
email.=3D=3D=3D
------------------------------------------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/mycomputerheadaches/
<*> To unsubscribe from this group, send an email to:
mycomputerheadaches-unsubscribe@xxxxxxxxxxxxxxx
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
------------------------------------------------------------------------
see the Yahoo home page
http://groups.yahoo.com/group/mycomputerheadaches/
See the self help page here
//www.freelists.org/cgi-bin/webpage?webpage_id=mch
Other related posts:
- » [mchFree] [MCH] Digest Number 1383
