PDA

View Full Version : Friends Virus.



Cicero
06-01-2005, 05:19 PM
Friend asked me what could be done about her computer.
She can both send and receive emails,she can't access I/E,this is what she gets....Warning!
You cannot access this site due to following reason:
Your computer was infected by Spyware or Adware Software.
This is dangerous software which disclose your personal
and transferred data and/or display unsolices advertising.
You can use this ADWARE/SPYWARE REMOVAL tools in
order to solve this problem and prevent futurer infection.


You can click Search to look for information on the Internet.




HTTP Error - Access Blocked
Then when click search she gets..... Internet Explorer Critical Vulnerabilities Center
You are visiting this page because your Internet Explorer is vunerable to remote attackers (Adware/Spyware software, Viruses, etc.).
Following software are provided to help resolve known issues and protect your computer from futurer vulnerabilities:

No Results


She has pc cillin,no idea if its up to date,nor does she.
Was able to update and run spy bot and adaware,which I had put on some time ago and they had not run of course.
I was able to to go to system frestore and take it back prior to attack,then started to download avg,everything was going slow,it said 3hrs for download,that is where I left it,about 8 b4 it arrives or not.
She has xp 512 ram and 80 gighd.
As I have no idea what I am doing,perhaps some guidence would be nice.
Oh if you click on mico thing one gets..iot_initializedeviceandscanengine error fo32.

godfather
06-01-2005, 05:55 PM
Her system has been hijacked, and keeps pointing her at this page, or one like it.

http://ehttp.cc/?www.ebay.de

Cicero, sounds like you are the man for the job.
Just as well you are now so well versed in the finer art of PC's ?

Prescott
06-01-2005, 06:03 PM
give her AVG, Spybot, Adaware all on a cd and show her how to use it and how to update it :)

Cicero
06-01-2005, 06:41 PM
Her system has been hijacked, and keeps pointing her at this page, or one like it.

http://ehttp.cc/?www.ebay.de

Cicero, sounds like you are the man for the job.
Just as well you are now so well versed in the finer art of PC's ?

Had a great laugh at that G_F,I am glad you show such great confidence.
:rolleyes:

Cicero
06-01-2005, 07:21 PM
give her AVG, Spybot, Adaware all on a cd and show her how to use it and how to update it :)

Good idea Press,will burn same and do it for her(apply cd,just in case you thought otherwise. ;) thanks pal.

ninja
06-01-2005, 07:37 PM
Don't forget FireFox so it doesn't happen again.

Cicero
06-01-2005, 07:50 PM
Don't forget FireFox so it doesn't happen again.
Hard to explain to people whose interest in computers stops at email and IM.Will try,thanks Nin and do be nice to Metla,he's a good lad.(underneath :) )

ninja
06-01-2005, 08:27 PM
Hard to explain to people whose interest in computers stops at email and IM.Will try,thanks Nin and do be nice to Metla,he's a good lad.(underneath :) )

Eh? I haven't done anything to Metla?

TonyF
06-01-2005, 08:31 PM
and do be nice to Metla,he's a good lad.(underneath :) )
And so this is the start of Be-nice-to-Metla week ! Seems like a good idea in this season of goodwill

Cheers to all in Beetle-land.

Tony

Mirddes
06-01-2005, 08:51 PM
just for the record, how does one get rid of this problem,
it seems as though i also have this

tweak'e
06-01-2005, 08:51 PM
Don't forget FireFox so it doesn't happen again.
can you please explain how useing firefox will help ???

Mirddes
06-01-2005, 08:54 PM
firefox isnt prone to the majority of exploits the IE suffers from

tweak'e
06-01-2005, 08:59 PM
firefox isnt prone to the majority of exploits the IE suffers from
yes, but that still dosn't stop spyware/malware from being installed or stop the popups caused by them.

ninja
06-01-2005, 09:04 PM
can you please explain how useing firefox will help ???
They obviously use IE. Their IE installation has obviously been infected or hijacked, so needs to be cleaned out - hence the use of Spybot/AdAware/AVG being covered earlier in the thread.

It was mentioned he was going to burn a CD to take round there so I suggested chucking FireFox on there.

If they browse with FireFox it isn't vulnerable to all the ActiveX exploits/toolbars self installations/BHO's etc etc etc etc that IE is - hence browsing with FireFox instead of IE will prevent a recurrence of the problem.

Though I think you probably already knew that and are just baiting.

tweak'e
06-01-2005, 09:08 PM
yes just baiting ....see other post ;)

ninja
06-01-2005, 09:12 PM
yes just baiting ....see other post ;)
:groan:

Child.

tweak'e
06-01-2005, 09:21 PM
:groan:

Child.
o grow up.

what the firefox fanboys never seem to say that useing firefox (or any other browser) will stop you from being infected. while i sure helps its not a cure a never will be.

the simple way to advoid being infected is to use comman sence. not everything on the net is "free". it always pays to have the neccary tools handy in case you do get infected.

Prescott
06-01-2005, 10:02 PM
might also be a good idea to include a firewall, zonealarm perhaps?

Cicero
06-01-2005, 10:19 PM
might also be a good idea to include a firewall, zonealarm perhaps?
I might suggest they go to SP2,it has a nice firewall.

drb1
06-01-2005, 11:04 PM
Eh? I haven't done anything to Metla?

Selective memory, you have, perhaps??

D.

pheonix
06-01-2005, 11:10 PM
I would also suggest a cleanout using Ccleaner.

Also, if using XP, stop Windows Messenger. GRC produces a little program that does it for you. For his explanation of why it is a problem and the program, visit http://www.grc.com/stm/ShootTheMessenger.htm

drb1
06-01-2005, 11:18 PM
I might suggest they go to SP2,it has a nice firewall.

Tom,

SP2 firewall has a fault. It is really only half a firewall, as it can stop some incomming, but does not stop "Outgoing" so anything that snuck past in a download (ZIP) and installs its self can phone home or anywhere else at your expence undetected buy the Microsoft Firewall.

Sad really as supplying a fire wall was an intelligent move, but they only did half the job, probably so all their programs can phone home undetected.

So Zone Alarm, Kerio, or some other, is still required to controll unauthorised outbound traffic, a primary indicator of malware activity.

Some aftermarkett firewalls will not function correctly if M/Scam firewall is still running, Zone Alarm is one of these.

Unless you intend to buy zone alarm it it is not worth installing the pro demo as you will have to completely uninstall it and install standard at the end of the trial to get std to run properly

Also pro demo leaves bit hiding that are difficult to remove after it has been installed.

D.

Cicero
07-01-2005, 06:04 AM
Thank you all,today will be the day,will see how my ministrations go.

ninja
07-01-2005, 07:15 AM
Selective memory, you have, perhaps??

D.
Generate some evidence then buddy.

I've never had any dispute with metla - pull your head in.

pc_doctor
07-01-2005, 07:21 AM
just for the record, how does one get rid of this problem,
it seems as though i also have this
Use spyware removal etc and adware etc

Mirddes
07-01-2005, 10:45 AM
thats what i did, but it doesnt seem to have worked:illogical

Cicero
07-01-2005, 11:40 AM
thats what i did, but it doesnt seem to have worked:illogical

If it is the same as my friends,then it's a virus and those two won't resolve prob.
Have you run your anti virus?
It has worked on the computer that has been mentioned,doing all of the above.

ninja
07-01-2005, 12:13 PM
thats what i did, but it doesnt seem to have worked:illogical

Make sure you have the latest versions of the programs you are using. Old versions of SpyBot etc don't download updates any more so may not pick up everything.

pheonix
07-01-2005, 01:10 PM
Also, if a virus, you can use a standalone hunter/killer called Stinger. This doesn't have to be installed, but runs from the file. It checks and cleans the latest and most common viris and worms. A case of download, use and delete , as it has no update feature. It may be worth using to scan the PC as a "second opinion" .

http://vil.nai.com/vil/stinger/

mikebartnz
08-01-2005, 02:12 AM
I might suggest they go to SP2,it has a nice firewall. Get real the MS firewall stops inbound but does not stop any outbound traffic so it is of limited use.