Whoa ... I have been in a massive war with some extremely nasty trojans and malware/spyware/adware over the last 3 days. I -still- don't know exactly what it was, but it was the most persistent and aggravating piece of crap that I have ever come across. To try and mask itself, it dropped over 40 different spyware/adware/malware and trojans onto my system. It actually uninstalled my Firefox browser leaving my only option as IE. It morphed its name and form at least 3 times, once when I was right in the middle of killing it off. I -think- I finally killed it, but I thought that 2 other times and it re-appeared.

What I love is all the people who think that all you need is to make sure you're patched and have some protection. That's a false security.

My security consists of active memory resident virus, trojan and spyware scanners - I do update checks once per day before I head to work. E-mail interceptors and filters. Multiple lockdowns of registry and internet options. Up to date windows patches. As well as once weekly (or sooner if I think something doesn't look right) full scans using Adaware, Spybot S&D, Pest Patrol and HijackThis. And I still got hit. Disturbing part was I wasn't doing anything at the time. I had just opened IE, started a search on Google and was about to go to a site when I noticed increased network activity and my HD light was on solid. Not sure where it sneaked through which worries me a bit.

Ah well ... need to get some rest and hope I'm done. Be back reading and posting in a couple days.

-=>Donald

My husbands laptop suffered from this a month ago...... and made using it nearly impossible. Our solution after trying a bazillion different things was to finally just wipe out the hard drive and do a clean install of windows..... Not sure if it actually worked or not.... sigh Pure torture.... Wish there was a way to hunt them down and skin them alive.... the bastards!

grrr... those sneaky rotten nasty little hollow horses! :p

Attached Link: http://www.grc.com/default.htm

:) wonder why they called it a Trojan horse when it had Greeks inside it. lol Sorry to hear of your troubles Donald and Michelle - just hope nothing like that happens to me because I am not sure what I would do. Give the 'puter a hot lemon drink ? I use mainly web mail because they say that is safer, and have firewall and virus protection, but apart from that what can you do? Oh and I also follow advice from this link. Richard

rub rub*...feeling better Donald....rub *rub....sigh what big Shoulders You have....bugger those nasty buggers and their Trojans!

Hmmm. Three things. 1- Maybe you installed some program which was the culpret. I inadvertently installed something called setup.exe yeah. It set me up for something allright. That was a huge mistake. 2.- Although Firefox is more secure than IE. I think hackers are starting to target Mozilla and Firefox more simply because it use is starting to become more prevalent ( Mozilla and Firefox not the virus. ) 3.- Not sure if this applies or not. But avoid ornop sites which you regurly don't frequent. Expecially the redirecting type. Stick to HHank Movies or VIDSVIDSVIDS or SCREWEDUPMOVIES. ( If you have been there you know what I mean. ) 4. - You may want to consider getting ZONEALAARM or someting which actively monitors EVERYTHING which is running or installed. You may still be hit but atleast the software will tell you when something is up as opposed to you noticing that the hard drive is being accessed a lot. I'm a fan of TrendMicro. 5. - It is called a Trogan horse as I recall because it was a gift horse in the TROJAN style. BEST of Luck againt the virus. Bsteph

Tedz - Thank you my friend. You know, I think we have a business opportunity here. Maybe a side branch to BrickShopping Inc (tm). It involves these nice, heavy rubber coated steel poles I have and tracking a few of these people down for a fee. I think we can make millions. What'aya say? :)

'chelle - See, that's my biggest problem, I simply refuse to let the #$(&#;$# win. I never have and I will never wipe my system because of it. It's one of my character flaws. :) Think I won another round, but only time will tell.

Onslow - I have 2 layers of protection to my e-mail. I don't think it came in that route.

B - Yea, I have a software firewall monitor running. Forget to mention that - ZoneAlarm Pro. What was sneaky is that it used IE completely against me. It started by forcing a bunch of sites into my TRUSTED SITES list and then reconfiguring IE to the lowest possible security settings on my trusted zones (there were 2 I know for sure should have been PROMPT ME settings that were set to ENABLE by it). With the security I had in place, it shouldn't have been able to do that. So now I have to find out where the chink in the armor is. I Don't think it was anything I installed. I rarely download anything I've gotten off the web. And when I do, it's usually from a size like ZDNet's Download site (a legit site).

Problem is, this may go back a long time. Could have easily been a sleeper that just triggered. Will just have to keep my eyes open.

What I love is, protecting against and fixing this kind of crap is part of what I get paid for in a mission critical production environment. If I have this much trouble stopping or getting rid of this stuff, what chance does the average computer user have?

-=>Donald

Message edited on: 02/08/2005 15:21

'ZDNet - a legit site' ;-) How sweet :-)
For example the openwares-group is known to infect freeware-progs with spyware and then tell it is their own product, contribute it free through zdnet, ...
Look at the disccussions in http://methlabs.org/ who offer Peerguardian against IP-sniffers. Well download it from any site other than methlabs.org and you wil have the infected version, I'll bet!
Regards, Volker Harun

Message edited on: 02/08/2005 18:32

Donald, I hate to point out the obvious but have you ever thought that the reason you got this Trojan was because of what you do? If a hacker sees a challenge they go for it. A network admin is a sweet target. one that is in chaege of an enviorment that is "Mission Critical" is even sweeter. The trojan may not have morphed while you were fixing it. The greeks were already in the city. Fighting is exactly what you were doing. Thing is I bet it was with a live hacker. There are very few trojans that can penetrate that type of redundancy without being rather target specific. Check your back to make sure there isn't a red circle on it. Magick Michael

I completely got rid of Adaware. Running it screwed up my IE and made 3 other programs lose files. I use Spybot and at least it tells you what you are going to toss. I will never use Smiley Central and despise people who send me emails using it. My other PC has been solid as a rock without any spy/ad protection. Never had a problem with it in 4 years. The only thing on it is a regularly updated Norton AV. No Cleensweep or frills. This new PC has been a nightmare since I tried all those programs designed to stop attacks. I will be taking it in for a 3rd reformat next week, to try to get IE working again. Then will run it without all the crap. I think SP2 is one other reason for all this. I did believe in Firefox,but now it seems there is problems happening already. Leads me to think that all these big companies actually send this stuff out themselves. What happens when there is word of a virus...people flock in millions to install AV programs. Put a threat out of spybots....people go install Adaware and the like. Jobsites get bombarded with broken windows and vandalism....3 days later a security company comes knocking asking if you need a guard. That's my thought.