[nfbcs] Problem solved WAS Re: Trojan aftermath: help needed.
Steve Jacobson
steve.jacobson at visi.com
Mon Dec 15 19:24:38 UTC 2008
Alan,
That makes sense now that you mention it, and this detail may help someone else. Thanks.
On Mon, 15 Dec 2008 10:45:04 -0600, Alan Wheeler wrote:
>Steve,
>After losing patience with not being able to download my podcasts, I went to the Apple forums and asked for help. It was noticed from my diagnostics report
(generated by iTunes) that I was using a proxy server. Once I turned off the proxy server, this solved all my problems.
>+-+-+-
> For God so loved the world, that he gave his one and only Son, that whoever believes in him should not perish, but
> have eternal life. John 3:16
>~~~
>Alan D Wheeler
>awheeler at neb.rr.com
>IM me at: outlaw-cowboy at live.com
>Skype: redwheel1
>Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at www.theqonline.net
>----- Original Message -----
>From: "Steve Jacobson" <steve.jacobson at visi.com>
>To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
>Sent: Friday, December 12, 2008 03:23
>Subject: Re: [nfbcs] Trojan aftermath: help needed.
>> Alan,
>>
>> I am using Internet Explorer 6, and while it has a similar error page, the wording is different. Are you using IE 7, and if you are, can anyone else confirm that this is
>> indeed an IE 7 page? If you are still on IE 6, I would be suspicious that this page has been altered even though it is functionally similar. Wow!
>>
>> If you are able to send or receive e-mail from the machine that was infected, it would indicate that your network is still functioning and that a connection is being
>> made. There are various network components that could have been affected, though. Another possible simple cause is that this virus affects DNS lookups. If
you
>> had to code DNS Server addresses for your internet service provider, you might check to see if they are still there. Going to a command prompt and typing
>> IPCONFIG might also yield some useful information about your connection. you might, unfortunately, need some local help on this.
>>
>> On Fri, 12 Dec 2008 11:16:45 -0600, Alan Wheeler wrote:
>>
>> From: "Alan Wheeler" <awheeler at neb.rr.com>
>> To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
>> References: <auto-000078298780 at mailfront1.g2host.com>
>> Date: Fri, 12 Dec 2008 11:16:45 -0600
>> MIME-Version: 1.0
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2900.5512
>> x-mimeole: Produced By Microsoft MimeOLE V6.00.2900.5579
>> Subject: Re: [nfbcs] Trojan aftermath: help needed.
>> X-BeenThere: nfbcs at nfbnet.org
>> X-Mailman-Version: 2.1.11.cp2
>> Precedence: list
>> Reply-To: NFBnet NFBCS Mailing List <nfbcs at nfbnet.org>
>> List-Id: NFBnet NFBCS Mailing List <nfbcs_nfbnet.org.nfbnet.org>
>> List-Unsubscribe: <http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org>,
>> <mailto:nfbcs-request at nfbnet.org?subject=unsubscribe>
>> List-Archive: <http://www.nfbnet.org/pipermail/nfbcs_nfbnet.org>
>> List-Post: <mailto:nfbcs at nfbnet.org>
>> List-Help: <mailto:nfbcs-request at nfbnet.org?subject=help>
>> List-Subscribe: <http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org>,
>> <mailto:nfbcs-request at nfbnet.org?subject=subscribe>
>> Content-Type: multipart/mixed; boundary="===============0571220145255270148=="
>> Sender: nfbcs-bounces at nfbnet.org
>> Errors-To: nfbcs-bounces at nfbnet.org
>> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
>> X-AntiAbuse: Primary Hostname - host.nfbnet.org
>> X-AntiAbuse: Original Domain - visi.com
>> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
>> X-AntiAbuse: Sender Address Domain - nfbnet.org
>> X-Source:
>> X-Source-Args:
>> X-Source-Dir:
>>
>> This is a multi-part message in MIME format.
>>
>> --===============0571220145255270148==
>> Content-Type: multipart/related; type="text/plain";
>> boundary="----=_NextPart_000_023A_01C95C4B.1E3A9C70"
>>
>> This is a multi-part message in MIME format.
>>
>> ------=_NextPart_000_023A_01C95C4B.1E3A9C70
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>> Steve,
>> Below is the page displayed in IE when I open it. As you can see, it's =
>> fairly typical and gives no hint that IE is corrupted.
>>
>> Internet Explorer cannot display the webpage=20
>> =20
>> Most likely causes:
>> a.. You are not connected to the Internet.=20
>> b.. The website is encountering problems.=20
>> c.. There might be a typing error in the address.=20
>> =20
>> What you can try:=20
>> Diagnose Connection Problems =20
>> =20
>> More information=20
>> =20
>>
>> +-+-+-
>>
>> For God so loved the world, that he gave his one and only Son, that =
>> whoever believes in him should not perish, but
>> have eternal life. John 3:16
>> ~~~
>>
>> Alan D Wheeler
>> awheeler at neb.rr.com
>> IM me at: outlaw-cowboy at live.com
>> Skype: redwheel1
>> Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at =
>> www.theqonline.net
>>
>> ----- Original Message -----=20
>> From: "Steve Jacobson" <steve.jacobson at visi.com>
>> To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
>> Sent: Friday, December 12, 2008 10:33
>> Subject: Re: [nfbcs] Trojan aftermath: help needed.
>>
>>
>>> Alan,
>>>=20
>>> Hopefully I can save you a little time. I did a search on this =
>> category of Trojans, and I am over my head on this one. My interest in =
>> what Internet Explorer said was=20
>>> only whether you were getting the typical error that you could not be =
>> connected to the site or whether it was some other type of error that =
>> might point more=20
>>> specifically to Internet Explorer being corrupted. I fear you may =
>> need to get some local help. Someone suggested System Restore. Unless =
>> you truly know when you=20
>>> got the virus, you may well restore the virus. I see that one even =
>> needs to be careful of removal tools out there as they could be =
>> variations on the trojan itself. I=20
>>> would be surprised if anybody's warranty would cover this but I =
>> suppose it is worth checking. Also, if it is a Dell machine, asking =
>> Dell makes sense since they may=20
>>> have a tool. This looks like a real bad one and I'm sorry to hear =
>> that you were infected.
>>>=20
>>> On Fri, 12 Dec 2008 09:19:14 -0600, Alan Wheeler wrote:
>>>=20
>>>>Steve,
>>>>Okay, First of all, let's run down the programs:
>>>>1. Internet Explorer: I open it, and no matter what page I go to, I =
>> get a page saying "Internet Explorer cannot display the page. In a =
>> separate message I will copy=20
>>> and paste the entire page for you to review.
>>>>2. iTunes and Juice: The programs open, but cannot, apparently, =
>> connect to download. I discovered that Juice wasn't in my Firewall =
>> exceptions. I added it, and it=20
>>> scanned the feeds but found nothing. This leads me to suspect there =
>> is still a connectivity issue. As for iTunes? It doesn't seem to be =
>> able to connect to the proper=20
>>> servers at all. I even ran a diagnostic on it, and had no luck.
>>>=20
>>>>I have run Spybot search and destroy, AVG Free antivirus, and even =
>> system mechanic trying to rid myself of any and all remnants of this =
>> trojan.
>>>=20
>>>>The trojan itself is a variant of the Zlob trojan. It disguises =
>> itself as any number of antivirus/anti-spyware programs that claim to =
>> want to scan your system and then=20
>>> offer you a program to purchase to clean your computer. This is =
>> merely a ploy to get credit card information.
>>>=20
>>>>Plus, instead of scanning your computer, it is infecting it.
>>>=20
>>>>Some of the examples of the fake program names include, but are not =
>> limited to:
>>>>antivirus Protection 2009,
>>>>AVP 2009,
>>>>VRT 2009 (VRT standing for Virus Removal Tool), etc.
>>>=20
>>>>Hope this helps.
>>>=20
>>>=20
>>>=20
>>>>+-+-+-
>>>=20
>>>> For God so loved the world, that he gave his one and only Son, that =
>> whoever believes in him should not perish, but
>>>> have eternal life. John 3:16
>>>>~~~
>>>=20
>>>>Alan D Wheeler
>>>>awheeler at neb.rr.com
>>>>IM me at: outlaw-cowboy at live.com
>>>>Skype: redwheel1
>>>>Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at =
>> www.theqonline.net
>>>=20
>>>>----- Original Message -----=20
>>>>From: "Steve Jacobson" <steve.jacobson at visi.com>
>>>>To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
>>>>Sent: Friday, December 12, 2008 08:36
>>>>Subject: Re: [nfbcs] Trojan aftermath: help needed.
>>>=20
>>>=20
>>>>> Alan,
>>>>>=20
>>>>> I don't have a lot of faith that we can help you via long distance, =
>> but what do you mean when you say that Internet Explorer, I Tunes, and =
>> Juice don't work. Let's=20
>>>>> take Internet Explorer first. What exactly happens when you run it? =
>> All three of these application use your network so there could be =
>> network or firewall=20
>>> difficulties. =20
>>>>> How did you get the Trojan off? I don't mean that we need complete =
>> instructions, only did someone help you or did you follow instructions =
>> from a web site or run=20
>>> a=20
>>>>> removal tool of some kind? Are you using the same machine for =
>> e-mail and is that working all right? Out of curiosity, do you know how =
>> you got this thing, I'd like=20
>>> to=20
>>>>> avoid it. =20
>>>>>=20
>>>>> On Fri, 12 Dec 2008 07:35:45 -0600, Gary Wunder wrote:
>>>>>=20
>>>>>>Hi Alan. I thought part of buying Dell was ongoing customer support. =
>> Might=20
>>>>>>this be something that comes with your warranty? If worse comes to =
>> worse, do=20
>>>>>>you have your original installation disks or the image they place on =
>> a=20
>>>>>>protected part of the disk?
>>>>>=20
>>>>>>Gary
>>>>>=20
>>>>>=20
>>>>>>----- Original Message -----=20
>>>>>>From: "Alan Wheeler" <awheeler at neb.rr.com>
>>>>>>To: "NFBCS list" <nfbcs at nfbnet.org>
>>>>>>Sent: Thursday, December 11, 2008 5:30 PM
>>>>>>Subject: [nfbcs] Trojan aftermath: help needed.
>>>>>=20
>>>>>=20
>>>>>>> Okay, so I got this zlob trojan/AntiVirus Protection 2009 trojan =
>> and=20
>>>>>>> cleaned it off my system, as best I could, anyway, but now I =
>> cannot get=20
>>>>>>> Internet Explorer to work, nor can I get iTunes or Juice =
>> Podcatcher to=20
>>>>>>> work, either.
>>>>>>>
>>>>>>> I am assuming there is something in the registry I need to fix, =
>> but have=20
>>>>>>> no clue what it is. Can anyone help me with this? Please bear in =
>> mind=20
>>>>>>> that I am a regedit virgin, so to speak, and need detailed =
>> step-by-step=20
>>>>>>> instructions and maybe some hand-holding, aftedr a fashion. Can =
>> anyone=20
>>>>>>> help with this?
>>>>>>>
>>>>>>>
>>>>>>> I am operating a Dell Optiplex 740; AMD Athlon 64 X2 Dual core =
>> processor=20
>>>>>>> 4200+
>>>>>>> 1.79 Ghz, 1.93 GB of ram. My OS is Windows XP Home, service pack =
>> 3.
>>>>>>>
>>>>>>> If you need any further info, please write me at =
>> awheeler at neb.rr.com and=20
>>>>>>> ask.
>>>>>>>
>>>>>>> +-+-+-
>>>>>>>
>>>_______________________________________________
>>>nfbcs mailing list
>>>nfbcs at nfbnet.org
>>>http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>>To unsubscribe, change your list options or get your account info for nfbcs:
>>>http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40visi.com
>>
>>
>>
>>
>>
>> _______________________________________________
>> nfbcs mailing list
>> nfbcs at nfbnet.org
>> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>> To unsubscribe, change your list options or get your account info for nfbcs:
>> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/awheeler%40neb.rr.com
>--------------------------------------------------------------------------------
>No virus found in this incoming message.
>Checked by AVG - http://www.avg.com
>Version: 8.0.176 / Virus Database: 270.9.17/1846 - Release Date: 12/12/2008 6:59 PM
>_______________________________________________
>nfbcs mailing list
>nfbcs at nfbnet.org
>http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>To unsubscribe, change your list options or get your account info for nfbcs:
>http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40visi.com
More information about the NFBCS
mailing list