[nfbcs] Problem solved WAS Re: Trojan aftermath: help needed.
Alan Wheeler
awheeler at neb.rr.com
Mon Dec 15 16:45:04 UTC 2008
Steve,
After losing patience with not being able to download my podcasts, I went to the Apple forums and asked for help. It was noticed from my diagnostics report (generated by iTunes) that I was using a proxy server. Once I turned off the proxy server, this solved all my problems.
+-+-+-
For God so loved the world, that he gave his one and only Son, that whoever believes in him should not perish, but
have eternal life. John 3:16
~~~
Alan D Wheeler
awheeler at neb.rr.com
IM me at: outlaw-cowboy at live.com
Skype: redwheel1
Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at www.theqonline.net
----- Original Message -----
From: "Steve Jacobson" <steve.jacobson at visi.com>
To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
Sent: Friday, December 12, 2008 03:23
Subject: Re: [nfbcs] Trojan aftermath: help needed.
> Alan,
>
> I am using Internet Explorer 6, and while it has a similar error page, the wording is different. Are you using IE 7, and if you are, can anyone else confirm that this is
> indeed an IE 7 page? If you are still on IE 6, I would be suspicious that this page has been altered even though it is functionally similar. Wow!
>
> If you are able to send or receive e-mail from the machine that was infected, it would indicate that your network is still functioning and that a connection is being
> made. There are various network components that could have been affected, though. Another possible simple cause is that this virus affects DNS lookups. If you
> had to code DNS Server addresses for your internet service provider, you might check to see if they are still there. Going to a command prompt and typing
> IPCONFIG might also yield some useful information about your connection. you might, unfortunately, need some local help on this.
>
> On Fri, 12 Dec 2008 11:16:45 -0600, Alan Wheeler wrote:
>
> From: "Alan Wheeler" <awheeler at neb.rr.com>
> To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
> References: <auto-000078298780 at mailfront1.g2host.com>
> Date: Fri, 12 Dec 2008 11:16:45 -0600
> MIME-Version: 1.0
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.5512
> x-mimeole: Produced By Microsoft MimeOLE V6.00.2900.5579
> Subject: Re: [nfbcs] Trojan aftermath: help needed.
> X-BeenThere: nfbcs at nfbnet.org
> X-Mailman-Version: 2.1.11.cp2
> Precedence: list
> Reply-To: NFBnet NFBCS Mailing List <nfbcs at nfbnet.org>
> List-Id: NFBnet NFBCS Mailing List <nfbcs_nfbnet.org.nfbnet.org>
> List-Unsubscribe: <http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org>,
> <mailto:nfbcs-request at nfbnet.org?subject=unsubscribe>
> List-Archive: <http://www.nfbnet.org/pipermail/nfbcs_nfbnet.org>
> List-Post: <mailto:nfbcs at nfbnet.org>
> List-Help: <mailto:nfbcs-request at nfbnet.org?subject=help>
> List-Subscribe: <http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org>,
> <mailto:nfbcs-request at nfbnet.org?subject=subscribe>
> Content-Type: multipart/mixed; boundary="===============0571220145255270148=="
> Sender: nfbcs-bounces at nfbnet.org
> Errors-To: nfbcs-bounces at nfbnet.org
> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
> X-AntiAbuse: Primary Hostname - host.nfbnet.org
> X-AntiAbuse: Original Domain - visi.com
> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
> X-AntiAbuse: Sender Address Domain - nfbnet.org
> X-Source:
> X-Source-Args:
> X-Source-Dir:
>
> This is a multi-part message in MIME format.
>
> --===============0571220145255270148==
> Content-Type: multipart/related; type="text/plain";
> boundary="----=_NextPart_000_023A_01C95C4B.1E3A9C70"
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_023A_01C95C4B.1E3A9C70
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Steve,
> Below is the page displayed in IE when I open it. As you can see, it's =
> fairly typical and gives no hint that IE is corrupted.
>
> Internet Explorer cannot display the webpage=20
> =20
> Most likely causes:
> a.. You are not connected to the Internet.=20
> b.. The website is encountering problems.=20
> c.. There might be a typing error in the address.=20
> =20
> What you can try:=20
> Diagnose Connection Problems =20
> =20
> More information=20
> =20
>
> +-+-+-
>
> For God so loved the world, that he gave his one and only Son, that =
> whoever believes in him should not perish, but
> have eternal life. John 3:16
> ~~~
>
> Alan D Wheeler
> awheeler at neb.rr.com
> IM me at: outlaw-cowboy at live.com
> Skype: redwheel1
> Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at =
> www.theqonline.net
>
> ----- Original Message -----=20
> From: "Steve Jacobson" <steve.jacobson at visi.com>
> To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
> Sent: Friday, December 12, 2008 10:33
> Subject: Re: [nfbcs] Trojan aftermath: help needed.
>
>
>> Alan,
>>=20
>> Hopefully I can save you a little time. I did a search on this =
> category of Trojans, and I am over my head on this one. My interest in =
> what Internet Explorer said was=20
>> only whether you were getting the typical error that you could not be =
> connected to the site or whether it was some other type of error that =
> might point more=20
>> specifically to Internet Explorer being corrupted. I fear you may =
> need to get some local help. Someone suggested System Restore. Unless =
> you truly know when you=20
>> got the virus, you may well restore the virus. I see that one even =
> needs to be careful of removal tools out there as they could be =
> variations on the trojan itself. I=20
>> would be surprised if anybody's warranty would cover this but I =
> suppose it is worth checking. Also, if it is a Dell machine, asking =
> Dell makes sense since they may=20
>> have a tool. This looks like a real bad one and I'm sorry to hear =
> that you were infected.
>>=20
>> On Fri, 12 Dec 2008 09:19:14 -0600, Alan Wheeler wrote:
>>=20
>>>Steve,
>>>Okay, First of all, let's run down the programs:
>>>1. Internet Explorer: I open it, and no matter what page I go to, I =
> get a page saying "Internet Explorer cannot display the page. In a =
> separate message I will copy=20
>> and paste the entire page for you to review.
>>>2. iTunes and Juice: The programs open, but cannot, apparently, =
> connect to download. I discovered that Juice wasn't in my Firewall =
> exceptions. I added it, and it=20
>> scanned the feeds but found nothing. This leads me to suspect there =
> is still a connectivity issue. As for iTunes? It doesn't seem to be =
> able to connect to the proper=20
>> servers at all. I even ran a diagnostic on it, and had no luck.
>>=20
>>>I have run Spybot search and destroy, AVG Free antivirus, and even =
> system mechanic trying to rid myself of any and all remnants of this =
> trojan.
>>=20
>>>The trojan itself is a variant of the Zlob trojan. It disguises =
> itself as any number of antivirus/anti-spyware programs that claim to =
> want to scan your system and then=20
>> offer you a program to purchase to clean your computer. This is =
> merely a ploy to get credit card information.
>>=20
>>>Plus, instead of scanning your computer, it is infecting it.
>>=20
>>>Some of the examples of the fake program names include, but are not =
> limited to:
>>>antivirus Protection 2009,
>>>AVP 2009,
>>>VRT 2009 (VRT standing for Virus Removal Tool), etc.
>>=20
>>>Hope this helps.
>>=20
>>=20
>>=20
>>>+-+-+-
>>=20
>>> For God so loved the world, that he gave his one and only Son, that =
> whoever believes in him should not perish, but
>>> have eternal life. John 3:16
>>>~~~
>>=20
>>>Alan D Wheeler
>>>awheeler at neb.rr.com
>>>IM me at: outlaw-cowboy at live.com
>>>Skype: redwheel1
>>>Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at =
> www.theqonline.net
>>=20
>>>----- Original Message -----=20
>>>From: "Steve Jacobson" <steve.jacobson at visi.com>
>>>To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
>>>Sent: Friday, December 12, 2008 08:36
>>>Subject: Re: [nfbcs] Trojan aftermath: help needed.
>>=20
>>=20
>>>> Alan,
>>>>=20
>>>> I don't have a lot of faith that we can help you via long distance, =
> but what do you mean when you say that Internet Explorer, I Tunes, and =
> Juice don't work. Let's=20
>>>> take Internet Explorer first. What exactly happens when you run it? =
> All three of these application use your network so there could be =
> network or firewall=20
>> difficulties. =20
>>>> How did you get the Trojan off? I don't mean that we need complete =
> instructions, only did someone help you or did you follow instructions =
> from a web site or run=20
>> a=20
>>>> removal tool of some kind? Are you using the same machine for =
> e-mail and is that working all right? Out of curiosity, do you know how =
> you got this thing, I'd like=20
>> to=20
>>>> avoid it. =20
>>>>=20
>>>> On Fri, 12 Dec 2008 07:35:45 -0600, Gary Wunder wrote:
>>>>=20
>>>>>Hi Alan. I thought part of buying Dell was ongoing customer support. =
> Might=20
>>>>>this be something that comes with your warranty? If worse comes to =
> worse, do=20
>>>>>you have your original installation disks or the image they place on =
> a=20
>>>>>protected part of the disk?
>>>>=20
>>>>>Gary
>>>>=20
>>>>=20
>>>>>----- Original Message -----=20
>>>>>From: "Alan Wheeler" <awheeler at neb.rr.com>
>>>>>To: "NFBCS list" <nfbcs at nfbnet.org>
>>>>>Sent: Thursday, December 11, 2008 5:30 PM
>>>>>Subject: [nfbcs] Trojan aftermath: help needed.
>>>>=20
>>>>=20
>>>>>> Okay, so I got this zlob trojan/AntiVirus Protection 2009 trojan =
> and=20
>>>>>> cleaned it off my system, as best I could, anyway, but now I =
> cannot get=20
>>>>>> Internet Explorer to work, nor can I get iTunes or Juice =
> Podcatcher to=20
>>>>>> work, either.
>>>>>>
>>>>>> I am assuming there is something in the registry I need to fix, =
> but have=20
>>>>>> no clue what it is. Can anyone help me with this? Please bear in =
> mind=20
>>>>>> that I am a regedit virgin, so to speak, and need detailed =
> step-by-step=20
>>>>>> instructions and maybe some hand-holding, aftedr a fashion. Can =
> anyone=20
>>>>>> help with this?
>>>>>>
>>>>>>
>>>>>> I am operating a Dell Optiplex 740; AMD Athlon 64 X2 Dual core =
> processor=20
>>>>>> 4200+
>>>>>> 1.79 Ghz, 1.93 GB of ram. My OS is Windows XP Home, service pack =
> 3.
>>>>>>
>>>>>> If you need any further info, please write me at =
> awheeler at neb.rr.com and=20
>>>>>> ask.
>>>>>>
>>>>>> +-+-+-
>>>>>>
>>_______________________________________________
>>nfbcs mailing list
>>nfbcs at nfbnet.org
>>http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>To unsubscribe, change your list options or get your account info for nfbcs:
>>http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40visi.com
>
>
>
>
>
> _______________________________________________
> nfbcs mailing list
> nfbcs at nfbnet.org
> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
> To unsubscribe, change your list options or get your account info for nfbcs:
> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/awheeler%40neb.rr.com
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.176 / Virus Database: 270.9.17/1846 - Release Date: 12/12/2008 6:59 PM
More information about the NFBCS
mailing list