Spyquakeware is back!!!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Sorry to repost,  guys but the removal method worked really well and the
system was fine for about three days

Today Spyquakeware is back again in all its glory with all its multiple
popups and annoying critical system errors.

I know how to remove it from my earlier posting but I am reposting to see if
anyone knows what let it through? How do I stop it and do I need to move
away from AVG? Or do I just need to update my hosts file or spybot's
immunisation database? Is it combating any new Spybot immunisation database
yet?

And WHAT is the phone number of the government agency to whom to report this
virus? (Simply because of its effects and the time it take to remove and the
paroxysms one has to go through to do this, I don't accept the assertion
that this isn't a virus, it's merely spyware or adware.  In its Critical
System Error IT CALLS ITSELF A VIRUS!)



Re: Spyquakeware is back!!!

On Thu, 15 Jun 2006 09:31:54 -0400, news.rcn.com <news.rnc.com> wrote:

Quoted text here. Click to load it

What version(s) of Java do you have installed?  If it's less than
jre-1_5_0_07, uninstall all current versions (ensure the java
directory under "Program Files" is empty, and then install the
lastest version from http://www.java.com .

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Spyquakeware is back!!!

David W. Hodgins replied to "news.rnc.com":

Quoted text here. Click to load it

I'm not having problems with malware right now, but:
Using W2K (SP4, German version, current updates) I've checked my Java
Runtime version in the control panel. It says "Version 1.5.0 (Build
1.5.0_06-b05)". When I click on the "Update now" button it says
something like "On this system the current Java platform is already
installed".

A look at the German version of the java.com website confirms what you
wrote. There is a newer version, which I've downloaded right now. Why
didn't the update-option find the new version? Any idea?

Gabriela

Re: Spyquakeware is back!!!

On Thu, 15 Jun 2006 22:53:52 +0200, Gabriela Salvisberg

Quoted text here. Click to load it

Don't know why it didn't update, but the English version of xp behaves
exactly like you describe with the German version of win2k. I updated
it manually too and this version also reckons it's the latest version.


Jim.


Re: Spyquakeware is back!!!


Quoted text here. Click to load it
you

Same thing here with Win98SE...

Chas.



Re: Spyquakeware is back!!!

On that special day, , ("news.rcn.com" <news.rnc.com>) said...

Quoted text here. Click to load it

Don't use internet Explorer, switch to a mozilla flavour (Firefox,
Seamonkey), or Opera. The IE loopholes are very well known among
malware programmers, and their target of choice.

See the latest Microsoft Windows Update details for more information.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Re: Spyquakeware is back!!!

Thanks guys but I had already done all of that last time and don't use IE
any more. As far as I can see, this virus seems to propagate itself by IE
being installed rather than being in use. (I DO use a highly updated
Firefox).

I suppose it might be coming in through a vulnerability in Outlook's browser
capability but MS doesn't seem to know much about how Outlook does and/or
doesn't work. I currently have a thread out there asking them why it
constantly thinks it wasn't closed properly last time and despite lots of
people having chimed in with reports of the same problem, no one seems to
know the answer.

Again, I wonder if this has anything to do with the constant spywarequake
infestations?


Quoted text here. Click to load it



Re: and here are the trojans found by Panda apparently let in by AVG (?) since Monday.

C:\Program Files\Common Files\Y1123OA.exe\Y1123OA.exe ... Found potentially
unwanted program Adware-ClickSpring.
        The file or process has been deleted.
C:\WINDOWS\SYSTEM32\winayt32.dll ... Found the BackDoor-CVT trojan !!!
        The file or process has been deleted.
C:\WINDOWS\SYSTEM327189b5.exe ... Found the Generic Downloader.ab trojan
!!!
        The file or process has been deleted.
C:\WINDOWS\SYSTEM32\rmzdzx.dll ... Found the FakeAlert-B trojan !!!
        The file or process has been deleted.
C:\Documents and Settings\Valued Sony Customer\Local Settings\Application
Data7189b5.exe ... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0057498.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0057503.exe
... Found the Puper trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0057538.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0058585.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0058545.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0058550.exe
... Found the Puper trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP343\A0058568.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP344\A0058611.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP344\A0058625.exe
... Found the Puper trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP344\A0058717.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP345\A0060718.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP346\A0060741.exe
... Found potentially unwanted program PrcViewer.
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP346\A0060866.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP346\A0061072.exe\A0061072.exe
... Found potentially unwanted program Adware-ClickSpring.
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP346\A0061073.dll
... Found the BackDoor-CVT trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP346\A0061074.exe
... Found the Generic Downloader.ab trojan !!!
        The file or process has been deleted.
C:\System Volume
Information\_restore\RP346\A0061075.dll
... Found the FakeAlert-B trojan !!!
        The file or process has been deleted.



Re: sorry, that was the McAfee module wihch found them after running Panda


"news.rcn.com" <news.rnc.com> wrote in message
Quoted text here. Click to load it
Information\_restore\RP346\A0061072.exe\A0061072.exe
Quoted text here. Click to load it



Re: and here are the trojans found by Panda apparently let in by AVG (?) since Monday.

From: "news.rcn.com" <news.rnc.com>

| C:\Program Files\Common Files\Y1123OA.exe\Y1123OA.exe ... Found potentially
| unwanted program Adware-ClickSpring.
|         The file or process has been deleted.
| C:\WINDOWS\SYSTEM32\winayt32.dll ... Found the BackDoor-CVT trojan !!!
|         The file or process has been deleted.
| C:\WINDOWS\SYSTEM327189b5.exe ... Found the Generic Downloader.ab trojan
| !!!
|         The file or process has been deleted.
| C:\WINDOWS\SYSTEM32\rmzdzx.dll ... Found the FakeAlert-B trojan !!!
|         The file or process has been deleted.

< snip >

Oh, there 'ya go a FakeAlert Trojan and Donloader Trojans !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Spyquakeware is back!!!

From: "news.rcn.com" <news.rnc.com>

| Thanks guys but I had already done all of that last time and don't use IE
| any more. As far as I can see, this virus seems to propagate itself by IE
| being installed rather than being in use. (I DO use a highly updated
| Firefox).
|
| I suppose it might be coming in through a vulnerability in Outlook's browser
| capability but MS doesn't seem to know much about how Outlook does and/or
| doesn't work. I currently have a thread out there asking them why it
| constantly thinks it wasn't closed properly last time and despite lots of
| people having chimed in with reports of the same problem, no one seems to
| know the answer.
|
| Again, I wonder if this has anything to do with the constant spywarequake
| infestations?

You or someone is NOT practicing safe Hex on the computer and you are getting
re-infected
with ZLob/Puper/FakeAlert Trojans and causing the SpywareQuake malware to be
installed.

You need to amke sure *all( software is up-to-date with patches/hotfixes and you
must secure
the platform !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Spyquakeware is back!!!


Quoted text here. Click to load it
Not sure what else i can do: Symantec and GRC checks seem to be telling me
that i am pretty well protected already. If this wont do (which it seems it
wont), what else can I try?

Quoted text here. Click to load it



Re: Spyquakeware is back!!!

<news.rnc.com>
says...
Quoted text here. Click to load it

You got your firewall on? With no stupid exceptions?
You got passwords on ALL usernames on the machine, including Administrator which
is
only visible (to you) in Safe Mode?
Disabled remote login?
Disabled Remote Assistance Requests?

--
News: use seven bits;
or accept you cannot know
how it looks elsewhere.

Re: Spyquakeware is back!!!

From: "news.rcn.com" <news.rnc.com>

|
Quoted text here. Click to load it
| Not sure what else i can do: Symantec and GRC checks seem to be telling me
| that i am pretty well protected already. If this wont do (which it seems it
| wont), what else can I try?
|

Change the motive operandi of the way you or your family use the computer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Spyquakeware is back!!!

news.rcn.com wrote:
Quoted text here. Click to load it

well, here's a little tidbit... outlook uses IE to render your emails...
so if you're still using outlook (and you haven't turned off html
rendering entirely - if that's even possible) then you are in fact still
using IE...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Dateline Fri 16th June 8.45am


Quoted text here. Click to load it
I suspected that was the case: then there is a serious deficiency in AVG if
it doesn't take account of this?  I was wondering why NIS always told me
that it had detected a virus coming in while downloading email and was
deleting it whereas AVG SEEMS to work independently of Outlook and tells me
it has found this virus in some temp folder.  Or is it constantly scanning
and hopefully finding these things before they do any damage?  Isn't the
point of a virus that the person writing it will find a way of hiding it
from AV software if it is already installed somewhere on the system? Or does
AVG detect them before that stage and put them in those folders? (seems
unlikely if those folders are temporary internet folders?)

MEANWHILE Dateline Fri 16th June 8.45 am: AVG suddenly decided to update
itself and run a full scan and HEY PRESTO they must be reading these posts:
it has suddenly started to detect the zlob trojan downloader!! 8 of them
including two .exe files.  I suppose it is an open question now whether it
would have been aware of the BackDoor-CVT trojan, the FakeAlert-B trojan,
the Generic Downloader.ab trojan, or the Puper trojan?  But am I being
churlish in wondering why it let them in in the first place for McAfee to
find?  They all sound pretty dangerous to me?

And does it still feel the need to ignore the potentially unwanted program
Adware-ClickSpring,  and   the potentially unwanted program PrcViewer which
in slowing down my system were certainly acting like viruses?

Quoted text here. Click to load it



Re: Dateline Fri 16th June 8.45am


"news.rcn.com" <news.rnc.com> wrote in message

Quoted text here. Click to load it


AVG up-daters for the past week have included at least 4 variants of the
Zlob - together with any number of other nasties.
These variants are being churned out by an automatic engine, and the AV
companies are playing catch-up. Unless YOU moderate YOUR surfing/email
habits, you WILL get infected again - guaranteed! - even with the world's
best kit and software.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's


Re: Dateline Fri 16th June 8.45am



| AVG up-daters for the past week have included at least 4 variants of the
| Zlob - together with any number of other nasties.
| These variants are being churned out by an automatic engine, and the AV
| companies are playing catch-up. Unless YOU moderate YOUR surfing/email
| habits, you WILL get infected again - guaranteed! - even with the world's
| best kit and software.
|

The organization(s) that are generating ZLob installer packages (well known to
be fake Codec
installers with Internet Domins with "codec" in the name) are auto-generating
numerous
variants.  They are being generated faster than the AV companies are able to
create
signature files for.  It took six weeks to get McAfee to recognize these
installers using
Heuristics as "New Malware N" and more specififically as "ZLob.dr".  This is a
tough battle
that the AV companies are "just" starting to cope with.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: nothing whatsoever to do with moderating surfing habits


Quoted text here. Click to load it
(Yes, I suspected it was nothing whatsoever to do with the slightly
offensively posted suggestion of moderating surfing habits)
Quoted text here. Click to load it



Re: nothing whatsoever to do with moderating surfing habits


"news.rcn.com" <news.rnc.com> wrote in message
Quoted text here. Click to load it


No what I said was perfectly valid.
It's YOUR surfing habits that get you to sites where these trojans are being
distributed - and until you realise that, then your system is never going to
be 'safe'.

You put your finger in the fire, it got burned.....you then went back and
put the same finger in the same fire?? and you're surprised you got burned
again???

What I said was not intended to be offensive - but if the cap fits, wear
it - it was intended to remind you that your safety on the Internet is YOUR
responsibility, and you can't just install a piece of software and then run
crying to mummy because the nasty software didn't stop you putting your
finger in the fire again.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's


Site Timeline