[nfbcs] Trojan aftermath: help needed.

Alan Wheeler awheeler at neb.rr.com
Fri Dec 12 17:16:45 UTC 2008 

Steve,
Below is the page displayed in IE when I open it.  As you can see, it's fairly typical and gives no hint that IE is corrupted.

        Internet Explorer cannot display the webpage 
         
         Most likely causes:
        a.. You are not connected to the Internet. 
        b.. The website is encountering problems. 
        c.. There might be a typing error in the address. 
     
         What you can try: 
           Diagnose Connection Problems  
     
           More information 
     

+-+-+-

   For God so loved the world, that he gave his one and only Son, that whoever believes in him should not perish, but
 have eternal life. John 3:16
~~~

Alan D Wheeler
awheeler at neb.rr.com
IM me at: outlaw-cowboy at live.com
Skype: redwheel1
Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at www.theqonline.net

----- Original Message ----- 
From: "Steve Jacobson" <steve.jacobson at visi.com>
To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
Sent: Friday, December 12, 2008 10:33
Subject: Re: [nfbcs] Trojan aftermath: help needed.


> Alan,
> 
> Hopefully I can save you a little time.  I did a search on this category of Trojans, and I am over my head on this one.  My interest in what Internet Explorer said was 
> only whether you were getting the typical error that you could not be connected to the site or whether it was some other type of error that might point more 
> specifically to Internet Explorer being corrupted.  I fear you may need to get some local help.  Someone suggested System Restore.  Unless you truly know when you 
> got the virus, you may well restore the virus.  I see that one even needs to be careful of removal tools out there as they could be variations on the trojan itself.  I 
> would be surprised if anybody's warranty would cover this but I suppose it is worth checking.  Also, if it is a Dell machine, asking Dell makes sense since they may 
> have a tool.  This looks like a real bad one and I'm sorry to hear that you were infected.
> 
> On Fri, 12 Dec 2008 09:19:14 -0600, Alan Wheeler wrote:
> 
>>Steve,
>>Okay, First of all, let's run down the programs:
>>1. Internet Explorer: I open it, and no matter what page I go to, I get a page saying "Internet Explorer cannot display the page.  In a separate message I will copy 
> and paste the entire page for you to review.
>>2. iTunes and Juice: The programs open, but cannot, apparently, connect to download.  I discovered that Juice wasn't in my Firewall exceptions.  I added it, and it 
> scanned the feeds but found nothing.  This leads me to suspect there is still a connectivity issue.  As for iTunes?  It doesn't seem to be able to connect to the proper 
> servers at all.  I even ran a diagnostic on it, and had no luck.
> 
>>I have run Spybot search and destroy, AVG Free antivirus, and even system mechanic trying to rid myself of any and all remnants of this trojan.
> 
>>The trojan itself is a variant of the Zlob trojan.  It disguises itself as any number of antivirus/anti-spyware programs that claim to want to scan your system and then 
> offer you a program to purchase to clean your computer.  This is merely a ploy to get credit card information.
> 
>>Plus, instead of scanning your computer, it is infecting it.
> 
>>Some of the examples of the fake program names include, but are not limited to:
>>antivirus Protection 2009,
>>AVP 2009,
>>VRT 2009 (VRT standing for Virus Removal Tool), etc.
> 
>>Hope this helps.
> 
> 
> 
>>+-+-+-
> 
>>   For God so loved the world, that he gave his one and only Son, that whoever believes in him should not perish, but
>> have eternal life. John 3:16
>>~~~
> 
>>Alan D Wheeler
>>awheeler at neb.rr.com
>>IM me at: outlaw-cowboy at live.com
>>Skype: redwheel1
>>Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at www.theqonline.net
> 
>>----- Original Message ----- 
>>From: "Steve Jacobson" <steve.jacobson at visi.com>
>>To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
>>Sent: Friday, December 12, 2008 08:36
>>Subject: Re: [nfbcs] Trojan aftermath: help needed.
> 
> 
>>> Alan,
>>> 
>>> I don't have a lot of faith that we can help you via long distance, but what do you mean when you say that Internet Explorer, I Tunes, and Juice don't work.  Let's 
>>> take Internet Explorer first.  What exactly happens when you run it?  All three of these application use your network so there could be network or firewall 
> difficulties.  
>>> How did you get the Trojan off?  I don't mean that we need complete instructions, only did someone help you or did you follow instructions from a web site or run 
> a 
>>> removal tool of some kind?  Are you using the same machine for e-mail and is that working all right?  Out of curiosity, do you know how you got this thing, I'd like 
> to 
>>> avoid it.  
>>> 
>>> On Fri, 12 Dec 2008 07:35:45 -0600, Gary Wunder wrote:
>>> 
>>>>Hi Alan. I thought part of buying Dell was ongoing customer support. Might 
>>>>this be something that comes with your warranty? If worse comes to worse, do 
>>>>you have your original installation disks or the image they place on a 
>>>>protected part of the disk?
>>> 
>>>>Gary
>>> 
>>> 
>>>>----- Original Message ----- 
>>>>From: "Alan Wheeler" <awheeler at neb.rr.com>
>>>>To: "NFBCS list" <nfbcs at nfbnet.org>
>>>>Sent: Thursday, December 11, 2008 5:30 PM
>>>>Subject: [nfbcs] Trojan aftermath: help needed.
>>> 
>>> 
>>>>> Okay, so I got this zlob trojan/AntiVirus Protection 2009 trojan and 
>>>>> cleaned it off my system, as best I could, anyway, but now I cannot get 
>>>>> Internet Explorer to work, nor can I get iTunes or Juice Podcatcher to 
>>>>> work, either.
>>>>>
>>>>> I am assuming there is something in the registry I need to fix, but have 
>>>>> no clue what it is.  Can anyone help me with this?  Please bear in mind 
>>>>> that I am a regedit virgin, so to speak, and need detailed step-by-step 
>>>>> instructions and maybe some hand-holding, aftedr a fashion.  Can anyone 
>>>>> help with this?
>>>>>
>>>>>
>>>>> I am operating a Dell Optiplex 740; AMD Athlon 64 X2 Dual core processor 
>>>>> 4200+
>>>>> 1.79 Ghz, 1.93 GB of ram.  My OS is Windows XP Home, service pack 3.
>>>>>
>>>>> If you need any further info, please write me at awheeler at neb.rr.com and 
>>>>> ask.
>>>>>
>>>>> +-+-+-
>>>>>
>>>>>   For God so loved the world, that he gave his one and only Son, that 
>>>>> whoever believes in him should not perish, but
>>>>> have eternal life. John 3:16
>>>>> ~~~
>>>>>
>>>>> Alan D Wheeler
>>>>> awheeler at neb.rr.com
>>>>> IM me at: outlaw-cowboy at live.com
>>>>> Skype: redwheel1
>>>>> Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at 
>>>>> www.theqonline.net
>>>>> _______________________________________________
>>>>> nfbcs mailing list
>>>>> nfbcs at nfbnet.org
>>>>> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>>>> To unsubscribe, change your list options or get your account info for 
>>>>> nfbcs:
>>>>> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/gwunder%40earthlink.net
>>>>> 
>>> 
>>> 
>>>>_______________________________________________
>>>>nfbcs mailing list
>>>>nfbcs at nfbnet.org
>>>>http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>>>To unsubscribe, change your list options or get your account info for nfbcs:
>>>>http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40visi.com
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> nfbcs mailing list
>>> nfbcs at nfbnet.org
>>> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>> To unsubscribe, change your list options or get your account info for nfbcs:
>>> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/awheeler%40neb.rr.com
> 
> 
>>--------------------------------------------------------------------------------
> 
> 
> 
>>No virus found in this incoming message.
>>Checked by AVG - http://www.avg.com 
>>Version: 8.0.176 / Virus Database: 270.9.17/1844 - Release Date: 12/11/2008 8:58 PM
> 
> 
>>_______________________________________________
>>nfbcs mailing list
>>nfbcs at nfbnet.org
>>http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>To unsubscribe, change your list options or get your account info for nfbcs:
>>http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40visi.com
> 
> 
> 
> 
> 
> _______________________________________________
> nfbcs mailing list
> nfbcs at nfbnet.org
> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
> To unsubscribe, change your list options or get your account info for nfbcs:
> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/awheeler%40neb.rr.com


--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.176 / Virus Database: 270.9.17/1845 - Release Date: 12/12/2008 9:02 AM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: info_48.png
Type: image/png
Size: 6993 bytes
Desc: not available
URL: <http://nfbnet.org/pipermail/nfbcs_nfbnet.org/attachments/20081212/9cd5ec60/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bullet.png
Type: image/png
Size: 3169 bytes
Desc: not available
URL: <http://nfbnet.org/pipermail/nfbcs_nfbnet.org/attachments/20081212/9cd5ec60/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: down.png
Type: image/png
Size: 3414 bytes
Desc: not available
URL: <http://nfbnet.org/pipermail/nfbcs_nfbnet.org/attachments/20081212/9cd5ec60/attachment-0002.png>

More information about the NFBCS mailing list