bad virus - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: bad virus




| Theres alot of crap out there, to be sure.
| To say that every signle one is infected is clearly ludicrous, there are
| many clean programs available - I've never had much of a problem, for
| years, until this one time I made the poor decision to ignore the anti
| virus warning and procede anyhow.
| Live and learn.

The vast majority are.  If you want freeware, go to a vetted web site.  You can
NOT vet a
news group.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it

As per the OP, I was trying to download a game that I already owned on DVD,
not sure where your getting the freeware angle from.
The DVD had become unreadable, so my options were:
* Don't play the game ever
* Buy a used copy on ebay
* Download an image from the usenet, and use my legit serial number


Re: bad virus






Quoted text here. Click to load it


| As per the OP, I was trying to download a game that I already owned on DVD,
| not sure where your getting the freeware angle from.
| The DVD had become unreadable, so my options were:
| * Don't play the game ever
| * Buy a used copy on ebay
| * Download an image from the usenet, and use my legit serial number


OK, it wasn't freeware.

Your *ONLY* option was to BUY another copy!


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it


Well, if you're volunteering to kick me in the ass, I just may take you up on
that


Re: bad virus








Quoted text here. Click to load it







| Well, if you're volunteering to kick me in the ass, I just may take you up on
| that


I infer you've learned an important lesson here!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it

Lets hope.
I often do things i regret, and know as I'm doing them I very well might
regret it.
Somewhat of a risk taker, I guess you'd say.

But I must say, ignoring the warning of anti virus software, disabling it,
then clicking on the exe file, crosses the line from risk taking into
another realm.
Suffice it to say that I won't do that again.


Re: bad virus




Quoted text here. Click to load it

You can also look at it this way. You have a problem with a program that
you downloaded and executed, contact the person that you got the program
from for help. If you cannot contact that person, you shouldn't have
trusted the file. Continuing to operate in this manner, it is only a
matter of time before you get something that the AV won't even
recognize.

Don't beat yourself up over ignoring the AV's warning - beat yourself up
over even allowing your AV to scan that program.




Re: bad virus



@news.eternal-september.org:

Quoted text here. Click to load it

I can't say I will never download a usenet binary again, lifes too short to
get all tied up in knots about little things like that.

Up to date anti virus, heed its warnings, you should be fine 99% of the time.

The one caution I may take is not download certain binaries the day they are
posted, in case it contains new infections not yet in the AV database.


Re: bad virus



Quoted text here. Click to load it

That's a good idea, at least a small cooling off period to make the zero
day window of opportunity smaller. Let someone else be the canary.



Re: bad virus




Quoted text here. Click to load it


Apparently. :)

Quoted text here. Click to load it

I do enjoy your sense of humour... I had you pegged as a lowly pirate who
got bit and was going to trash on you accordingly, but.. I was just so
off with my analysis of you; Your not some little irrating pirate, your
just a fellow who tried to save a little cash... :)


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh..
nudge this boulder right down a cliff." - Goblin Warrior


Re: bad virus




Quoted text here. Click to load it

Well, I used to dl alot back in the day, almost just because I could.
Loads of apps and games, most I never even used.
I gave that all up, and pretty much pay as I go - Plus, most of these games
its impossible to play online without a legit copy, pirated copies & serial
numbers used more than once are flagged and blacklisted and banned from the
server.

I didn't feel too guilty about dl'ing something I already owned.
True, its not their fault the DVD got messed up, then again all it has ever
did was just sit there, not like my kids were playing frisbee with it.
I got it, installed the game, and there it sat in its case and DVD cover
until I needed it again.
I have no idea how it got messed up.


Re: bad virus




Quoted text here. Click to load it

Crummy option...


Another crummy option...

Quoted text here. Click to load it

Technically illegal option.

Perhaps contacting the games publisher, and inquiring about a new dvd?


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: bad virus




Quoted text here. Click to load it

Ebays a good option, and in fact about the only one for alot of these older
games - Besides downloading an image on the usenet.
Only down side is you have to wait a while for it, obviously.

Highly unlikely any game publisher would feel obliged to send another copy,
and in fact probably do not even stock them.


Re: bad virus




Quoted text here. Click to load it

You never know how many copies are sitting on a shelf someplace in a
storage facility. For the cost of shipping alone in some cases, many
vendors will ship you new media. :) It's the key you paid for that proves
you own it anyway, not usually the disc itself.

With Ebay, you can't always be sure what your getting is what it should
be. Of course, that's true for damn near everything anymore...


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: bad virus




Quoted text here. Click to load it

They may have a way to send you a link for a downloadable one. This
would be a more trustworthy channel.



Re: bad virus




only one for alot of these older
Quoted text here. Click to load it


Sorry I'm late to the party, but is this what you were looking for?

http://www.gamestop.com/Catalog/ProductDetails.aspx?product_id=68393

Regards,

Len Agoado
agoado@msn.com



Re: bad virus




Quoted text here. Click to load it

Yup, I've already had a new copy for a few days, $8 shipped for a sealed DVD
from ebay.

Re: bad virus



From: gufus
Subj: Re: bad virusSat, 20 Mar 2010 19:59:02 -0600

From: David H. Lipman---? To: Xray
Subj: Re: bad virusSat, 20 Mar 2010 18:26:10 -0400

Hello, David!

You wrote on Sat, 20 Mar 2010 18:26:10 -0400:


??>>> Xray wrote:

??>>>> "Beauregard T. Shagnasty" wrote:
??>>>>> Xray wrote:
??>>>>>> Ok heres what happened, I feel like quite an idiot.

??>>>>>> In a panic I reactivated the anti virus, but it was too late.

DHL> In certain circles I am well known for investgating Usenet binaries.

Vcool..

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: bad virus




| $3fd$1@news.eternal-september.org:

Quoted text here. Click to load it




| Yes, I realize it was too late - And so do most people who slam on the brakes
| before slamming into a light pole.
| I didn't get infected from a web site, I got infected from a 3gb file I
| downloaded from the usenet, after I carelessly turned off my anti virus.

Quoted text here. Click to load it



| Browsers fine, firewalls fine, thanks.


All the software won't protect you if you don't practice Safe Hex -- YOU DIDN'T !

Usenet binaries are FULL of injected trojans.  Either the binary is the trojan,
a
legitimate application is repackaged with a trojan or some other methos but
Usenrt
binaries can NOT be trusted -- EVER.

As for you problem ...  What virus ?

It sounds like you got infected alright but NOT with a "virus" ?

%windir%\system32\lowsec  is indicative of a Zeus bit (zbot) trojan.  A bank
account
compramising trojan.

And other non-viral malware.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it

True, though my anti virus program is hosed, so I don't know what I have in
the way of a virus.

Here is what I seem to have, at least this is what spybot is detecting.
A total of 21 infected files, spybot locks up with an error "cannot create
file c/windows/system32/drivers/ect/hosts access is denied" when trying to
delete any of these.
Malwarebytes is unable to install, so they are known and located, removing
them is the problem.


--- Search result list ---
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  safebrowsing-cache.google.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  urs.microsoft.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  paysoftbillsolution.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected
host, nothing done)
  protected.maxisoftwaremart.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host
(Redirected host, nothing done)
  www.securesoftwarebill.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host
(Redirected host, nothing done)
  secure.paysecuresystem.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host
(Redirected host, nothing done)
  paysoftbillsolution.com=74.125.45.100

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (kulisizaru) (Registry
value, nothing done)
  HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\kulisizaru

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (kulisizaru) (Registry
value, nothing done)
  HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\kulisizaru

Virtumonde.prx: [SBI $1FB893A0] Autorun settings (kulisizaru) (Registry
value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\kulisizaru










--- Browser helper object list ---
(Browser Defender BHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Browser Defender BHO
        CLSID name: PC Tools Browser Guard BHO
              Path: C:\Program Files\Spyware Doctor\BDT\
         Long name: PCTBrowserDefender.dll
        Short name:       PCTBRO~1.DLL
    Date (created): 3/20/2010 4:41:16 PM
Date (last access): 3/20/2010 6:21:18 PM
 Date (last write): 11/10/2009 10:28:12 AM
          Filesize:             395216
        Attributes:           archive
               MD5: 3E1873E478CC25C9495C319B2B34A1C4
             CRC32:           7C1BB94B
           Version:           2.0.6.11

()
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name:
        CLSID name:
              Path:                  
         Long name:       lerobido.dll





Site Timeline