Re: Hit by a Trojan.


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:lFIbf.8962$dU6.4848@xxxxxxxxxxx


> From: "Peter Nolan" <nospam@xxxxxxxxxx>
> |
> | Hello Dave,
> |
> | Many thanks for your comprehensive reply. I appreciate it very much.
> | You will be startled perhaps to hear that in the six years that I've
been
> | using the PC I'm using right now which is a Compaq Presario 5410 that
I've
> | upgraded with respect to memory and adding a 20Gigs slave drive I have
never
> | used anti-virus software apart from a short period when I had an
up-to-date
> | InoculatelIT Personal Edition that I didn't continue to update as time
went
> | by. It looks like it is no longer available from Computer Associates who
> | appear to market eTrust Anti-Virus software. I visit technical and
> | quasi-techical sites exclusively and my guess is it is for this reason I
> | have been free from attack by infernal malware. However a few weeks ago
I
> | strayed just once to a site I would not normally visit and while it
wasn't
> | porn it was of a technical nature either. A pop-up appeared that began
> | drifting slowly down the text I was trying to read and when I clicked on
> | what appeared to be the close button I activated the Trojan. Access to
> | Google became impossible and when I was finally able to run a scan using
> | eTrust's program it listed ibm00001.exe as a possible offender but then
> | didn't fix the problem. Still it was great to know what the infection
was
> | and I happened to be in a thread in comp.lang.visual.basic.misc asking a
> | question in a thread I posted entitled "Computing for Outlook Express in
VB"
> | when I mentioned being hit by this Trojan. One of the group's experts
gave
> | me the link for Bleeping Computer and armed as I was with all the tools
I
> | needed to fix the problem I made a mistake because, believe it or not I
was
> | feeling nervous, and cannot now use the great programme AutoRuns.exe
> | provided by Bleeping Computer. I'm delighted to say however that good
has
> | come from bad and took action in the form of buying a Mini Mac that I
hope
> | to set up as my portal to the Internet. Another of the
> | comp.lang.visual.basic.misc advised me to switch to Linux and I was
advised
> | many times in same thread to do a full restore/reformat of my HDD using
the
> | CD that returns my beautiful PC to it's original state. Incidentally, or
> | perhaps not incidentally I have a copy of BcWipe that wipes deleted
files
> | clean or makes them unreadable after say one or two passes. So if push
comes
> | to shove as we say here in Ireland I may in the end do a full restore
> | followed by a seven pass wipe of all deleted files using BcWipe because
such
> | a seven pass wipe is recommended by the US Navy computer experts.
> | I bought Norton Internet Security 2005 but this huge program that was
many
> | times bigger than I imagined it would be seemed to overpower my old and
now
> | well out of date PC and I uninstalled it as it made using OE difficult.
> | I will do the best I can to implement your dazzling protocol but this
> | particular Trojan sends another pop-up the desktop when I visit even the
> | very safe websites I normally visit if there is such a thing as a sake
site.
> | I now know that to interact with doggone pop up in any of the four
possible
> | ways I can it will hit me again and make a bad situation worse so I
press
> | ctrl+alt+del that forces me out of !E 6 altogether and I have to start
all
> | over again continuing to be frustrated by this pop-up till at some point
it
> | doesn't appear. So using the Internet is now pointless with this pesky
> | pop-up ready to harass me now every time.
> | When I stated that I had access to the ibm00001.dll and could read some
of
> | it's contents I was hoping it might contain something like a registry
entry
> | that would by deleting such an entry completely immobilise this Trojan.
For
> | example there is "Address of Entry Point": 00006c2a in the DLL and I
> | thought perhaps this might be the kind of thing at a deep level to
prevent
> | the Trojan from working.
> | I want you to know how much I appreciate your magnanimous reply.
> |
> | Many thanks,
> |
> | Peter Nolan. Ph.D.(physicist)
> | Dublin.
> |
>
> If you are getting many IE Pop-Ups then adware/syware types of malware
could on the
> platform.
>
> You can switch from using IE as the Default Browser to FireFox or Opera.
If for your
> profession you require IE (and I know there are requirements on that
Browser) then I suggest
> that you use anti spyware software.
>
> Please download, install and update the following software...
>
> Ad-aware SE v1.06
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> SpyBot Search and Destroy v1.4
> http://security.kolla.de/
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> I also suggest downloading, installing and updating BHODemon for any
Browser Helper Objects
> that may be on the PC.
>
> BHODemon
> http://www.definitivesolutions.com/bhodemon.htm
>
>
> I await the results of you running the Multi AV Scanning Tool and the
above anti spyware
> applications.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm


Hello Dave,

Once again many, many thanks for your great reply. Because of that infernal
pop-up that dogs me every step when I use IE 6.0 using IE 6 is pretty much a
non starter at the moment. I was hoping for a lethal but ultra-simple way to
immobilise this Trojan but I'm mistaken I guess to think that something as
simple as a registry entry from that DLL might do the trick but never mind.
I have heard a whole lot of recommendations for FireFox. I'm about to put my
beautiful six year old Presario away and set up the new Mini Mac as my
gateway to the Internet but not without installing AV SW on the Mac first. I
will be very safe in any case but I gather that hackers are sending out
salvos of malware that no longer makes the national news' bulletins like on
occasions in the past.
So I plan to set aside my Presario in it's now corrupted state and just live
with it.
I also have a brand new HP Compaq SR1519UK PC still in it's box and will set
this up too as I am an intermedite level VB programmr with limited
experience. I want to learn VC++ as well and this I hope to do on the HP
Compaq 1519UK. Still all is not lost and who knows I may be able to clean up
my aging Presario at some point something I will always want to do.
I reckon I could attempt to install Norton Internet Security 2005 on my
updated, faster and quieter 20Gig Seagate HDD and It's likly the install
will complete fully unlike when, assuming incorrectly this program was
small, I attempted an install it on the tiny 4.3Gig master HDD that came
with the Presario at the start. Time will tell and by time mean only the
next few days. I copied and pasted your knock-out replies in a folder and
hope to implement all your instructions.

Warm regards,

Peter.
Dublin.


.