Virus', spyware, etc. - Fiberglass RV


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-08-2006, 12:24 PM   #1
Member
 
Trailer: Quantum-5 5th Wheel 1981 17 ft
Posts: 32
Send a message via Yahoo to Harold Dean
Not having been on the forum for quite awhile, I did not know it had been hijacked until Donna informed me. I go through this about onece every two months. Some hacker has figured out a way to get a trojan inserted below my root directory where it cannot be cleaned with any known virus software (and I have spent a small fortune buying and subscribing to just about everythig). I have had to repeatedly had to wipe, reformat and reload my hard drive. Even with fresh new operating system that I know hasn't been compromised he still manages to get in and sieze my computer to forward his spam and porn. This did not happen until I built up a new computer with a 2.4ghz chip and over 1gb of RAM. Just this last reload 5 days ago I have finally isolated how he does it. He has piggybacked a latent trojan on the Microsoft Service pack upgrades that lies in wait a couple of days and then inserts permission for a rundll32 program to access the net. This then downloads his preemptive trojan. I have changed routers several times and it became really prevalent after I got DSL. Now I simply leave the cable unplugged until the computer has booted up, go through the cleaning process and double check the zone alarm firewall and program permissives and remove it if it is there before plugging in to the internet. It only loads up on a reboot or new boot up, so after cleaning it stays gone for the session period of time. However, since it is a latent and you try to leave your computer running, even not connected to the internet, it still reloads after a couple of days. The only way I can think of to get permanently rid of it is to buy the service pack upgrades from Microsoft on CD ROM;. They do not want to support ME and I will not install XP on my machine due to not being able to kill the backweb reporting feature to Microsoft. They sell the information they glean from you machine this way and if my information is going to be sold, I want to be the one doing the selling and the collecting for it. Harold
__________________

__________________
Harold Dean is offline   Reply With Quote
Old 02-08-2006, 02:58 PM   #2
Senior Member
 
Patrick M.'s Avatar
 
Name: Patrick
Trailer: 2007 Casita Liberty (Sold 2011)/ Honda Odyssey
Arizona
Posts: 705
Harold, I think the problems you are having can be traced to not using XP! Microsoft does not collect and sell information from users. XP is what Microsoft is spending its resources on protecting, including the new AntiSpyware program, which I don't think is available for ME (Which is probably the worse Windows since 1.0).

Reformat, install XP, Microsoft Antispyware, ZoneAlarm, and AVG Antivirus and you'll be in good shape.

Good luck!

Patrick
__________________

__________________
Patrick M. is offline   Reply With Quote
Old 02-08-2006, 06:12 PM   #3
Member
 
Trailer: Quantum-5 5th Wheel 1981 17 ft
Posts: 32
Send a message via Yahoo to Harold Dean
Quote:
Harold, I think the problems you are having can be traced to not using XP! Microsoft does not collect and sell information from users. XP is what Microsoft is spending its resources on protecting, including the new AntiSpyware program, which I don't think is available for ME (Which is probably the worse Windows since 1.0).

Reformat, install XP, Microsoft Antispyware, ZoneAlarm, and AVG Antivirus and you'll be in good shape.

Good luck!

Patrick
Thanks, Patrick but no thanks, I am a controls engineer who has been using microsoft software for a long while and they do collect and sell your information and I have tried XP along with everything they have ever turned out including NT Business 2000 and everything else. I started in the business when a Timex Sinclair was considered state of the art and have a long career with PLC's. I believe I will just stay with what I have. No software provider of anti-virus or spyware can find and eliminate everything. I have had McAfee Trend Micro, AVG, Zone Alarm and use Spyware Begone, Spybot, Xoftspy, Adaware and occassinally run the Trend Micro System Cleaner and also check CLRAV website to see how many new trojans they have added to the list. I am quite adept at culling the registry file of all unwanted programs. You have some insiduous types out there who are fininacilly independent who have nothing better to do than to work hard all day coining code to disrupt the lives of peacable harmless people and I sure wish there was a way to get to them. To date, Zone Alarm has done the best job of stopping the intrusions and the latent program at least shows up on their program control in time to prevent it from accessing the network if you just check the menu drop down often. Thanks anyway. Harold
__________________
Harold Dean is offline   Reply With Quote
Old 02-09-2006, 12:08 AM   #4
Senior Member
 
Patrick M.'s Avatar
 
Name: Patrick
Trailer: 2007 Casita Liberty (Sold 2011)/ Honda Odyssey
Arizona
Posts: 705
Harold, have you tried the free HiJackThis? Suppose to work well to clean up the Registry.

"Some spyware just keeps on re-appearing on your PC no matter how many times you remove it. When this happens, download HijackThis from this page and follow the instructions. These folks should be able to help you permanently get rid of the problem. It won't cost you a cent, either." http://www.tomcoyote.org/hjt/
__________________
Patrick M. is offline   Reply With Quote
Old 02-10-2006, 12:25 AM   #5
Senior Member
 
Pat And Arleen's Avatar
 
Trailer: Bigfoot 2500 Series (25C9.6E 'Yeti')
Posts: 101
Send a message via Yahoo to Pat And Arleen
If it was my PC I would install Windows Server 2003R2. Windows Home and ME are about the same. Stay away from XP Home.
__________________
Pat And Arleen is offline   Reply With Quote
Old 02-10-2006, 06:12 AM   #6
member
 
Trailer: Bigfoot Rear Queen 25 ft
Posts: 346
Well, it has been said before and will be said again.........use a MAC!
__________________
Time K is offline   Reply With Quote
Old 02-10-2006, 08:01 PM   #7
Senior Member
 
Brian B-P's Avatar
 
Name: Brian
Trailer: Boler (B1700RGH) 1979
Alberta
Posts: 5,000
My wife has a Mac and a Windows PC. Both have lots of flaws, including security issues, as does any complex and easily modified system; any current operating system can be used safely and productively with enough of the right effort. I'm glad there's some choice.
__________________
1979 Boler B1700RGH, pulled by 2004 Toyota Sienna LE 2WD
Information is good. Lack of information is not so good, but misinformation is much worse. Check facts, and apply common sense liberally.
STATUS: No longer active in forum.
Brian B-P is offline   Reply With Quote
Old 02-11-2006, 10:04 AM   #8
Senior Member
 
Trailer: 84 16 ft Scamp
Posts: 725
I also have had a couple of wipe-outs. So now I have two computers, one for the internet and another for stuff I don't want messed with.

The internet one is of a quality that you could purchase for about $25.00 at Goodwill, but it does have a USB port. Once I got it set up, I mirrored it on another hard drive. Now routinely every few weeks, or if I get slowing, I just re-format, mirror back my original set-up and am good-to-go.

I suppose the hackers have a way to get around this and some of you computer gurus are laughing at my simple minded smugness, knowing a major wipe-out is just around the corner. But so far I haven't had another problem.

I'm beginning to wonder if I should take heed to the old saying, perhaps from B. Franklin -- "If you keep your mouth shut, people will only think you you are a fool. If you open it, they will know it."
__________________
Loren G. Hedahl is offline   Reply With Quote
Old 02-11-2006, 10:11 AM   #9
Member
 
Jeremy Witt's Avatar
 
Trailer: 2005 Scamp 13 ft
Posts: 94
Quote:
Well, it has been said before and will be said again.........use a MAC!
I'm going to agree with this one. I have used Window's PCs at home and work until I bought an iMac G5 for Christmas this year.

I know Macs are not bullet-proof, but most of the bad stuff out there is written for a Windows machine, not Macs.

The Mac I am using right now is not only gorgeous to look at but just FEELS rock solid and smooth. I don't feel like I'm constantly on the front line of some battle against viruses and sypware.
__________________
Jeremy Witt is offline   Reply With Quote
Old 02-11-2006, 04:31 PM   #10
Member
 
Trailer: Quantum-5 5th Wheel 1981 17 ft
Posts: 32
Send a message via Yahoo to Harold Dean
Quote:
I also have had a couple of wipe-outs. So now I have two computers, one for the internet and another for stuff I don't want messed with.

The internet one is of a quality that you could purchase for about $25.00 at Goodwill, but it does have a USB port. Once I got it set up, I mirrored it on another hard drive. Now routinely every few weeks, or if I get slowing, I just re-format, mirror back my original set-up and am good-to-go.

I suppose the hackers have a way to get around this and some of you computer gurus are laughing at my simple minded smugness, knowing a major wipe-out is just around the corner. But so far I haven't had another problem.

I'm beginning to wonder if I should take heed to the old saying, perhaps from B. Franklin -- "If you keep your mouth shut, people will only think you you are a fool. If you open it, they will know it."
Mirroring or Ghosting with Norton is what I have been doing lately as it saves a lot of time. I too have a spare hard drive set up like I want it in a fresh machine not connected to the internet in which I reformat and reload with the Ghost program. However, as soon as you log on to download the Service Packs is when the trojan rides piggy back in. As it resides below the root directory and I personally know of no anti virus software that has the capability of defining and finding programs below the root, I am just going to have to continue and maybe I can get hold of a clean copy of the Srvice packs on a CD somewhere that I can use in a Ghosted setup. I have it pinned down to where it is just a minor annoyance every three days until they find a way of getting around Zone Alarm. I am sure they will as they defeated the firewalls from both McAfee and Trend Micro. At least ZA lets me know what programs have been granted access before I actually connect to the net. Harold
__________________
Harold Dean is offline   Reply With Quote
Old 02-11-2006, 05:24 PM   #11
Senior Member
 
Trailer: Love Bug / Chevy Astro
Posts: 216

We were having major problems with a Trojan named "WinFixer" that Norton and Dell were both having trouble with. My daughter (danged 15 year old) used the "HiJack This" program and got rid of the Trojan. We have been trouble free for 3 weeks now.
__________________
Bob Cupp is offline   Reply With Quote
Old 02-11-2006, 08:49 PM   #12
Senior Member
 
Brian B-P's Avatar
 
Name: Brian
Trailer: Boler (B1700RGH) 1979
Alberta
Posts: 5,000
Loren, I'm not laughing - your approach looks perfectly sound to me, as long as you don't need to exchange data between your internet-connected and isolated machines.
__________________
1979 Boler B1700RGH, pulled by 2004 Toyota Sienna LE 2WD
Information is good. Lack of information is not so good, but misinformation is much worse. Check facts, and apply common sense liberally.
STATUS: No longer active in forum.
Brian B-P is offline   Reply With Quote
Old 02-11-2006, 09:58 PM   #13
Senior Member
 
Bill Abbay's Avatar
 
Trailer: 2002 21.5 ft Bigfoot / 2003 Chevy Duramax 4x4
California
Posts: 113
Harold,

Excuse my ignorance but where is "below root" and how does the OS (ie. rundll32.exe) execute software that isn't visible to the OS?

If there is a hidden trojan somewhere, and rundll32 is running it, presumably the directory should know about it (?) so a hex editor with direct disk access like Axe should be able to ferret it out by inspecting the directory directly.

Or could it be that your updated rundll32.exe file itself is the culprit? It's been a favorite place to hide trojans, virii, and other nefarious programs for years. I'd check to see if there is more than one program named "rundll32.exe" on your hardrive. The only valid one should be in your /Windows/System32/ dir. Any located somewhere else would be suspect. So maybe the trojan doesn't piggy back in on rundll, it is rundll, or at least named that.

My sympathy to you. I've been a holdout against M$ Update for years but finally just turned the dang thing on. I'm very careful about what I store on my local hardrive and am more afraid of those other bad guys than the ones in Redmond.

(I once owned a Sinclair for about 3 hours and decided that, if this was the future of computing, I'd study the abacus.)

Good luck and let us know how this all turns out.
__________________
Bill Abbay is offline   Reply With Quote
Old 02-12-2006, 09:53 PM   #14
Member
 
Steven Tonnesen's Avatar
 
Trailer: casually shopping
Florida
Posts: 35
Send a message via Yahoo to Steven Tonnesen
For anyone having problems with Windows systems, I recommend you look at building a BartPE disk to fix problems.

http://www.nu2.nu/pebuilder/

I am a system admin for the company I work for (20+years) and have been using Bart's creations for many years to solve otherwise intractable problems.

BartPE is a bootable Windows XP 'preinstall' environment that enables you to delete anything that the bad guys may have managed to successfully install on your computer.

File sharing programs (Kazaa, etc.), instant messaging, porn sites and warez sites are surefire ways of getting a virus, trojan, spyware or other malware infection.

In addition, I heartily recommend avoiding the use of Internet Explorer except at known safe websites. Use Mozilla or Firefox instead and save yourselves a lot of grief.

Next, this is a good site for people reinstalling windows: http://www.autopatcher.com/

Finally, buy and use a hardware firewall. Something like this will work: http://www.bestbuy.com/site/olspage.jsp?sk...d=1051384561463

If you have/use a dialup connection, you should install Zonealarm before connecting to the internet. http://download.zonelabs.com/bin/promotion...=1413356&SID=b2

I have conducted several experiments related to computer infections and found that an unpatched and unprotected computer can become infected within 30 seconds after connecting to the internet.

I have 10 windows based computers in my home and I never get infections.
[ATTACH][/ATTACH]
__________________

__________________
Steven Tonnesen is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus at YahooScampers floyd General Chat 4 07-07-2010 07:16 AM
Virus Warning Donna D. General Chat 12 12-01-2009 05:26 AM
Bad Virus Going Around HaroldB Jokes, Stories & Tall Tales 0 10-02-2007 11:43 PM
Warning: Yahoo using spyware General Chat 0 12-31-1969 07:00 PM

» Upcoming Events
No events scheduled in
the next 465 days.
» Virginia Campgrounds

Reviews provided by


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -6. The time now is 11:34 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.