• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Follow-up and still need help on ex-gf's virus!

M

mm

Flightless Bird
Follow-up and still need help on ex-gf's virus!

So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
just find 4 viruses like I said, it found 23 threats and 7 suspected
threats spread out over 230 occurrences.

However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think they
could be the problem. She doesn't even use the Baltimore County
Public Library anymore, because they only had dial-up.**

Nonetheless, when we booted to XP, it worked much better than before!!

She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.

What makes HTTP and HTTPS so different?

It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)

IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.


What did work after using the BitDefender Rescue CD that she said
didn't before:

1) She said nothing else worked before and most things worked now.

And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.

2) She can dl her email now!!

3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".

I restarted the computer but web browsing didn't improve.

I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.

I restarted the copmputer but web browsing didn't improve.

So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?


I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?





**Obsolete info: Many of the infected emails apppeared twice, once in
the Inbox and once in the Junk. I think she used Netscape for email at
the time. If it's anything like Eudora, moving to Junk left a copy in
the Inbox until she compressed the Inbox. Eudora will do this
automatically eventually, but maybe not Netscape.
 
P

PA Bear [MS MVP]

Flightless Bird
Why do you keep beginning new threads about this?

mm wrote:
> Follow-up and still need help on ex-gf's virus!
>
> So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
> just find 4 viruses like I said, it found 23 threats and 7 suspected
> threats spread out over 230 occurrences.
>
> However it turned out that EVERY one of them was in email she had
> received in 2003 and 2004 (and one in 2005). So I don't think they
> could be the problem. She doesn't even use the Baltimore County
> Public Library anymore, because they only had dial-up.**
>
> Nonetheless, when we booted to XP, it worked much better than before!!
>
> She still couldn't dl http websites with Firefox or IE, but IE did
> some checking and said that HTTPS and FTP worked, just not HTTP.
>
> What makes HTTP and HTTPS so different?
>
> It also suggest that the firewall was to blame. We both only use the
> Windows firewall. I went there and the list of exceptions didn't
> include Firefox or Netscape. The virus must have changed these,
> right? But rechecking those programs didn't help. (I see that on my
> computer, every program I installed that is listed in exceptions is
> checked as an actual exception (to the firewall). Only Remote Desktop
> and UPnP Framework are not checked, and I didn't install those.)
>
> IE also suggested that there were different ports for HTTP, HTTPS, and
> FTP, but under the Windows Firewall, I saw no place where the ports
> were specified. There is a button under "Advanced" called "Restore
> Defaults". I havent' had achance to google about that, but so far I'm
> afraid to use it for fear it will delete all the exceptions.
>
>
> What did work after using the BitDefender Rescue CD that she said
> didn't before:
>
> 1) She said nothing else worked before and most things worked now.
>
> And the apparent IE screen that wanted her to scan for viruses was
> actually in Firefox. Actually there were 5 tabs over 4 FF windows for
> the same screen but FF didn't start right, it gave the We're
> Embarrassed screen, and we were able to uncheck all 5 tabs.
>
> 2) She can dl her email now!!
>
> 3) When she clicked on the AVG icon in the sytray before it said:
> "application can not be executed if avgui.exe is infected", but now it
> worked. I could also dl updates for AVG and then I ran AVG
> (partially, 200,000 registry entries or files out of 1.1 million) and
> it found a trojan and an entry in the registry that pointed to it.
> And about 50 tracking cookies. I let AVG put them in the "virus
> vault".
>
> I restarted the computer but web browsing didn't improve.
>
> I started Spybot Search & Destroy, and it too was able to update its
> definitiions with no trouble, and then it quickly found one piece of
> "Malware" and more tracking cookies. I let Spybot quarantine them or
> whatever it does.
>
> I restarted the copmputer but web browsing didn't improve.
>
> So now she's running AVG until it completes. What are the chances it
> will find something important that it didn't find in the first 200,000
> registry entires and files? Don't all the scanners look in the most
> important places first?
>
>
> I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
> which I copied to CD's and will take over there, but maybe I'm
> spitting in the wind?
>
>
>
>
>
> **Obsolete info: Many of the infected emails apppeared twice, once in
> the Inbox and once in the Junk. I think she used Netscape for email at
> the time. If it's anything like Eudora, moving to Junk left a copy in
> the Inbox until she compressed the Inbox. Eudora will do this
> automatically eventually, but maybe not Netscape.
 
M

mm

Flightless Bird
On Sun, 5 Sep 2010 00:04:04 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:

>Why do you keep beginning new threads about this?


Thanks for raising the topic.

Because there seemed to be a logical break between what happened
yesterday and what happened today, and because there are so many new
threads started in between that I'm afraid most people won't see posts
to the old thread.

Plus FWIW this is only the second thread on this.

I'm interested in everyone's opinion about the best way to go.

Certainly if a week had passed, no one will be looking at an old
thread. I'm not sure where the borderline is.

Do people see posts in chronological order, or sorted by thread? I
normally see posts sorted by thread and on busy groups like this one,
may have to scroll up many pages to get to an old thread, if I even
remember that I wanted to check on it.

mm

>mm wrote:
>> Follow-up and still need help on ex-gf's virus!
>>
>> So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
>> just find 4 viruses like I said, it found 23 threats and 7 suspected
>> threats spread out over 230 occurrences.
>>
>> However it turned out that EVERY one of them was in email she had
>> received in 2003 and 2004 (and one in 2005). So I don't think they
>> could be the problem. She doesn't even use the Baltimore County
>> Public Library anymore, because they only had dial-up.**
>>
>> Nonetheless, when we booted to XP, it worked much better than before!!
>>
>> She still couldn't dl http websites with Firefox or IE, but IE did
>> some checking and said that HTTPS and FTP worked, just not HTTP.
>>
>> What makes HTTP and HTTPS so different?
>>
>> It also suggest that the firewall was to blame. We both only use the
>> Windows firewall. I went there and the list of exceptions didn't
>> include Firefox or Netscape. The virus must have changed these,
>> right? But rechecking those programs didn't help. (I see that on my
>> computer, every program I installed that is listed in exceptions is
>> checked as an actual exception (to the firewall). Only Remote Desktop
>> and UPnP Framework are not checked, and I didn't install those.)
>>
>> IE also suggested that there were different ports for HTTP, HTTPS, and
>> FTP, but under the Windows Firewall, I saw no place where the ports
>> were specified. There is a button under "Advanced" called "Restore
>> Defaults". I havent' had achance to google about that, but so far I'm
>> afraid to use it for fear it will delete all the exceptions.
>>
>>
>> What did work after using the BitDefender Rescue CD that she said
>> didn't before:
>>
>> 1) She said nothing else worked before and most things worked now.
>>
>> And the apparent IE screen that wanted her to scan for viruses was
>> actually in Firefox. Actually there were 5 tabs over 4 FF windows for
>> the same screen but FF didn't start right, it gave the We're
>> Embarrassed screen, and we were able to uncheck all 5 tabs.
>>
>> 2) She can dl her email now!!
>>
>> 3) When she clicked on the AVG icon in the sytray before it said:
>> "application can not be executed if avgui.exe is infected", but now it
>> worked. I could also dl updates for AVG and then I ran AVG
>> (partially, 200,000 registry entries or files out of 1.1 million) and
>> it found a trojan and an entry in the registry that pointed to it.
>> And about 50 tracking cookies. I let AVG put them in the "virus
>> vault".
>>
>> I restarted the computer but web browsing didn't improve.
>>
>> I started Spybot Search & Destroy, and it too was able to update its
>> definitiions with no trouble, and then it quickly found one piece of
>> "Malware" and more tracking cookies. I let Spybot quarantine them or
>> whatever it does.
>>
>> I restarted the copmputer but web browsing didn't improve.
>>
>> So now she's running AVG until it completes. What are the chances it
>> will find something important that it didn't find in the first 200,000
>> registry entires and files? Don't all the scanners look in the most
>> important places first?
>>
>>
>> I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
>> which I copied to CD's and will take over there, but maybe I'm
>> spitting in the wind?
>>
>>
>>
>>
>>
>> **Obsolete info: Many of the infected emails apppeared twice, once in
>> the Inbox and once in the Junk. I think she used Netscape for email at
>> the time. If it's anything like Eudora, moving to Junk left a copy in
>> the Inbox until she compressed the Inbox. Eudora will do this
>> automatically eventually, but maybe not Netscape.
 
J

John Wunderlich

Flightless Bird
mm <NOPSAMmm2005@bigfoot.com> wrote in
news:lrt586hm06utlvea9lgrq9hcq72maiprec@4ax.com:

> Follow-up and still need help on ex-gf's virus!
>
> So, my ex-gf ran BitDefender for 5 hours Friday night and it
> didn't just find 4 viruses like I said, it found 23 threats and 7
> suspected threats spread out over 230 occurrences.
>
> However it turned out that EVERY one of them was in email she had
> received in 2003 and 2004 (and one in 2005). So I don't think
> they could be the problem. She doesn't even use the Baltimore
> County Public Library anymore, because they only had dial-up.**
>
> Nonetheless, when we booted to XP, it worked much better than
> before!!
>
> She still couldn't dl http websites with Firefox or IE, but IE did
> some checking and said that HTTPS and FTP worked, just not HTTP.
>
> What makes HTTP and HTTPS so different?
>
> It also suggest that the firewall was to blame. We both only use
> the Windows firewall. I went there and the list of exceptions
> didn't include Firefox or Netscape. The virus must have changed
> these, right? But rechecking those programs didn't help. (I see
> that on my computer, every program I installed that is listed in
> exceptions is checked as an actual exception (to the firewall).
> Only Remote Desktop and UPnP Framework are not checked, and I
> didn't install those.)
>
> IE also suggested that there were different ports for HTTP, HTTPS,
> and FTP, but under the Windows Firewall, I saw no place where the
> ports were specified. There is a button under "Advanced" called
> "Restore Defaults". I havent' had achance to google about that,
> but so far I'm afraid to use it for fear it will delete all the
> exceptions.
>
>
> What did work after using the BitDefender Rescue CD that she said
> didn't before:
>
> 1) She said nothing else worked before and most things worked now.
>
> And the apparent IE screen that wanted her to scan for viruses
> was
> actually in Firefox. Actually there were 5 tabs over 4 FF windows
> for the same screen but FF didn't start right, it gave the We're
> Embarrassed screen, and we were able to uncheck all 5 tabs.
>
> 2) She can dl her email now!!
>
> 3) When she clicked on the AVG icon in the sytray before it said:
> "application can not be executed if avgui.exe is infected", but
> now it worked. I could also dl updates for AVG and then I ran AVG
> (partially, 200,000 registry entries or files out of 1.1 million)
> and it found a trojan and an entry in the registry that pointed to
> it. And about 50 tracking cookies. I let AVG put them in the
> "virus vault".
>
> I restarted the computer but web browsing didn't improve.
>
> I started Spybot Search & Destroy, and it too was able to update
> its definitiions with no trouble, and then it quickly found one
> piece of "Malware" and more tracking cookies. I let Spybot
> quarantine them or whatever it does.
>
> I restarted the copmputer but web browsing didn't improve.
>
> So now she's running AVG until it completes. What are the chances
> it will find something important that it didn't find in the first
> 200,000 registry entires and files? Don't all the scanners look
> in the most important places first?
>
>
> I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue
> Disk which I copied to CD's and will take over there, but maybe
> I'm spitting in the wind?
>
>
>
>
>
> **Obsolete info: Many of the infected emails apppeared twice,
> once in the Inbox and once in the Junk. I think she used Netscape
> for email at the time. If it's anything like Eudora, moving to
> Junk left a copy in the Inbox until she compressed the Inbox.
> Eudora will do this automatically eventually, but maybe not
> Netscape.


Sometimes one of the following freeware will fix problems like this
one:

LSPFix: <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.snapfiles.com/get/winsockxpfix.html>

It couldn't hurt to run them.
HTH,
John
 
N

Nil

Flightless Bird
On 05 Sep 2010, mm <NOPSAMmm2005@bigfoot.com> wrote in
microsoft.public.windowsxp.general:

> Do people see posts in chronological order, or sorted by thread?
> I normally see posts sorted by thread and on busy groups like this
> one, may have to scroll up many pages to get to an old thread, if
> I even remember that I wanted to check on it.


It's up to the newsreader program. You have no control over it, and to
keep starting brand new threads about the same topic is unproductive
and inconsiderate.

When a new post is introduced to a thread, most newsreaders will
display the thread in order by the new date.
 
M

mm

Flightless Bird
On Sat, 04 Sep 2010 22:07:33 -0700, John Wunderlich
<jwunderlich@lycos.com> wrote:

>Sometimes one of the following freeware will fix problems like this
>one:
>
>LSPFix: <http://www.cexx.org/lspfix.htm>
>WinsockXPFix <http://www.snapfiles.com/get/winsockxpfix.html>
>
>It couldn't hurt to run them.
>HTH,
> John


Thanks. I've downloaded them and I'm going to copy them to a CD and
take them with me when I go back there.
 
R

Randem

Flightless Bird
Here is something you can try to reset things: Go to Device Manager to open
your Network Adapter then delete your network adapters. After deleting
(uninstalling but leave the software), right click on the computer at the
top of the tree then select "Scan For Hardware Changes" to let Windows
reinstall the drivers.

This should give you a clean network to start with. Also download SmitFraud
and run this in safe mode.

--
The Top Script Generator for Jordan Russell's Inno Setup -
http://www.randem.com/innoscript.html
Free Utilities and Code - http://www.randem.com/freesoftutil.html
"mm" <NOPSAMmm2005@bigfoot.com> wrote in message
news:b5d68695iruvton5ltnb3noc1h9634emhr@4ax.com...
> On Sat, 04 Sep 2010 22:07:33 -0700, John Wunderlich
> <jwunderlich@lycos.com> wrote:
>
>>Sometimes one of the following freeware will fix problems like this
>>one:
>>
>>LSPFix: <http://www.cexx.org/lspfix.htm>
>>WinsockXPFix <http://www.snapfiles.com/get/winsockxpfix.html>
>>
>>It couldn't hurt to run them.
>>HTH,
>> John

>
> Thanks. I've downloaded them and I'm going to copy them to a CD and
> take them with me when I go back there.
 
D

Daave

Flightless Bird
mm wrote:
> On Sun, 5 Sep 2010 00:04:04 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>> Why do you keep beginning new threads about this?

>
> Thanks for raising the topic.
>
> Because there seemed to be a logical break between what happened
> yesterday and what happened today, and because there are so many new
> threads started in between that I'm afraid most people won't see posts
> to the old thread.



Although I sort of see what you are trying to accomplish, that strategy
is illogical and counterproductive. Fewer people will wind up reading
your disjointed posts.

If people responded to your initial thread, they will continue to
monitor that thread. Starting new threads on the same topic goes against
established Internet etiquette (Netiquette). There will always be a
context. It will be much more difficult to hunt through other threads to
try to discover pertinent information than to keep everything together
in the one ongoing thread.

Sure, if a *lot* of time has passed, I can see why you would want to
start a new thread. In that case, you should include a link to the
original thread for maximum success.
 
M

mm

Flightless Bird
On Sun, 5 Sep 2010 09:42:55 -0400, "Daave" <daave@example.com> wrote:

>mm wrote:
>> On Sun, 5 Sep 2010 00:04:04 -0400, "PA Bear [MS MVP]"
>> <PABearMVP@gmail.com> wrote:
>>
>>> Why do you keep beginning new threads about this?

>>
>> Thanks for raising the topic.
>>
>> Because there seemed to be a logical break between what happened
>> yesterday and what happened today, and because there are so many new
>> threads started in between that I'm afraid most people won't see posts
>> to the old thread.

>
>
>Although I sort of see what you are trying to accomplish, that strategy
>is illogical and counterproductive. Fewer people will wind up reading
>your disjointed posts.
>
>If people responded to your initial thread, they will continue to
>monitor that thread. Starting new threads on the same topic goes against
>established Internet etiquette (Netiquette).


Okay. I try to be a good Netizen, but I either never knew that
particular rule or I forgot it.

And I see there is a concensus here, so I won't do this in the future.

> There will always be a
>context. It will be much more difficult to hunt through other threads to
>try to discover pertinent information than to keep everything together
>in the one ongoing thread.


I certainly wouldn't expect anyone to do that, to hunt through other
threads.

It amazes me how much people are willing to do to answer questions.
Even those who complain that the poster should have googled will, it
seems usually, google themselves and tell the OP the answer.

Thanks.

>Sure, if a *lot* of time has passed, I can see why you would want to
>start a new thread. In that case, you should include a link to the
>original thread for maximum success.
>
 
M

mm

Flightless Bird
On Sat, 04 Sep 2010 22:59:57 -0400, mm <NOPSAMmm2005@bigfoot.com>
wrote:

>Follow-up and still need help on ex-gf's virus!
>
>So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
>just find 4 viruses like I said, it found 23 threats and 7 suspected
>threats spread out over 230 occurrences.
>
>However it turned out that EVERY one of them was in email she had
>received in 2003 and 2004 (and one in 2005). So I don't think they
>could be the problem. She doesn't even use the Baltimore County
>Public Library anymore, because they only had dial-up.**
>
>Nonetheless, when we booted to XP, it worked much better than before!!
>
>She still couldn't dl http websites with Firefox or IE, but IE did
>some checking and said that HTTPS and FTP worked, just not HTTP.
>
>What makes HTTP and HTTPS so different?


I see that they apparentely use different ports, and maybe the virus
only changed the system setting for HTTP.

>It also suggest that the firewall was to blame. We both only use the
>Windows firewall. I went there and the list of exceptions didn't
>include Firefox or Netscape. The virus must have changed these,
>right? But rechecking those programs didn't help. (I see that on my
>computer, every program I installed that is listed in exceptions is
>checked as an actual exception (to the firewall). Only Remote Desktop
>and UPnP Framework are not checked, and I didn't install those.)
>
>IE also suggested that there were different ports for HTTP, HTTPS, and
>FTP, but under the Windows Firewall, I saw no place where the ports
>were specified. There is a button under "Advanced" called "Restore
>Defaults". I havent' had achance to google about that, but so far I'm
>afraid to use it for fear it will delete all the exceptions.
>
>
>What did work after using the BitDefender Rescue CD that she said
>didn't before:
>
>1) She said nothing else worked before and most things worked now.
>
> And the apparent IE screen that wanted her to scan for viruses was
>actually in Firefox. Actually there were 5 tabs over 4 FF windows for
>the same screen but FF didn't start right, it gave the We're
>Embarrassed screen, and we were able to uncheck all 5 tabs.
>
>2) She can dl her email now!!
>
>3) When she clicked on the AVG icon in the sytray before it said:
>"application can not be executed if avgui.exe is infected", but now it
>worked. I could also dl updates for AVG and then I ran AVG
>(partially, 200,000 registry entries or files out of 1.1 million) and
>it found a trojan and an entry in the registry that pointed to it.
>And about 50 tracking cookies. I let AVG put them in the "virus
>vault".
>
>I restarted the computer but web browsing didn't improve.
>
>I started Spybot Search & Destroy, and it too was able to update its
>definitiions with no trouble, and then it quickly found one piece of
>"Malware" and more tracking cookies. I let Spybot quarantine them or
>whatever it does.
>
>I restarted the copmputer but web browsing didn't improve.
>
>So now she's running AVG until it completes. What are the chances it
>will find something important that it didn't find in the first 200,000
>registry entires and files? Don't all the scanners look in the most
>important places first?
>
>
>I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
>which I copied to CD's and will take over there, but maybe I'm
>spitting in the wind?


Well, the final problem seems to have been the FFox proxy settings.

My friend called me this morning. AVG finished scanning everything
and didn't find anything.

But she got a different message from Firefox, something about can't
find the proxy. So she knew I'd be sleeping that early and she called
another friend and he had her go to
Firefox/Options/Advanced/Network/[Connection] Settings and she was set
for Use System Proxy Settings. (So am I.) He had her change to No
Proxy, and now her FF works. As far as she has noticed, everything
works.

She hasn't checked IE yet, but neither did I yesterday. Maybe it
worked after I used AVG to remove the trojan. But it seems the virus
changed soemthiing in the "System Proxy Settings" so that they no
longer work. What in practice, before the virus, the difference
between them and "no proxy" was, I don't know.

Is there some way to find the System Proxy Settings and change them
back to their proper values?

Thank you all for the help, and even the criticism.


And thanks, Randem for yours. Can I call it a randem/om suggestion?
 
D

Daave

Flightless Bird
mm wrote:
> On Sun, 5 Sep 2010 09:42:55 -0400, "Daave" <daave@example.com> wrote:
>
>> mm wrote:
>>> On Sun, 5 Sep 2010 00:04:04 -0400, "PA Bear [MS MVP]"
>>> <PABearMVP@gmail.com> wrote:
>>>
>>>> Why do you keep beginning new threads about this?
>>>
>>> Thanks for raising the topic.
>>>
>>> Because there seemed to be a logical break between what happened
>>> yesterday and what happened today, and because there are so many new
>>> threads started in between that I'm afraid most people won't see
>>> posts to the old thread.

>>
>>
>> Although I sort of see what you are trying to accomplish, that
>> strategy is illogical and counterproductive. Fewer people will wind
>> up reading your disjointed posts.
>>
>> If people responded to your initial thread, they will continue to
>> monitor that thread. Starting new threads on the same topic goes
>> against established Internet etiquette (Netiquette).

>
> Okay. I try to be a good Netizen, but I either never knew that
> particular rule or I forgot it.
>
> And I see there is a concensus here, so I won't do this in the future.
>
>> There will always be a
>> context. It will be much more difficult to hunt through other
>> threads to try to discover pertinent information than to keep
>> everything together in the one ongoing thread.

>
> I certainly wouldn't expect anyone to do that, to hunt through other
> threads.
>
> It amazes me how much people are willing to do to answer questions.
> Even those who complain that the poster should have googled will, it
> seems usually, google themselves and tell the OP the answer.
>
> Thanks.


YW.
 
M

mm

Flightless Bird
She retold to me how this arose. Whatever it is started when she went
to www.letmewatchthis.com , to download a tv show or movie. She had
done this before with no trouble, but this time a screen came up in
Firefox, appearing to be an IE or Microsoft screen, warning her that
she might have a virus and to do a scan. She was suspicious, but not
enough and she ran the "scan" for a little bit before stopping it.

The website has been hacked, is that a fair conclusion? They'll fix
it eventually??
 
J

Jim

Flightless Bird
On Sun, 05 Sep 2010 12:02:14 -0400, mm <NOPSAMmm2005@bigfoot.com>
wrote:

>On Sat, 04 Sep 2010 22:59:57 -0400, mm <NOPSAMmm2005@bigfoot.com>
>wrote:
>
>>Follow-up and still need help on ex-gf's virus!
>>
>>So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
>>just find 4 viruses like I said, it found 23 threats and 7 suspected
>>threats spread out over 230 occurrences.
>>
>>However it turned out that EVERY one of them was in email she had
>>received in 2003 and 2004 (and one in 2005). So I don't think they
>>could be the problem. She doesn't even use the Baltimore County
>>Public Library anymore, because they only had dial-up.**
>>
>>Nonetheless, when we booted to XP, it worked much better than before!!
>>
>>She still couldn't dl http websites with Firefox or IE, but IE did
>>some checking and said that HTTPS and FTP worked, just not HTTP.
>>
>>What makes HTTP and HTTPS so different?




HyperText Transfer Protocol / Secure .





>
>I see that they apparentely use different ports, and maybe the virus
>only changed the system setting for HTTP.
>
>>It also suggest that the firewall was to blame. We both only use the
>>Windows firewall. I went there and the list of exceptions didn't
>>include Firefox or Netscape. The virus must have changed these,
>>right? But rechecking those programs didn't help. (I see that on my
>>computer, every program I installed that is listed in exceptions is
>>checked as an actual exception (to the firewall). Only Remote Desktop
>>and UPnP Framework are not checked, and I didn't install those.)
>>
>>IE also suggested that there were different ports for HTTP, HTTPS, and
>>FTP, but under the Windows Firewall, I saw no place where the ports
>>were specified. There is a button under "Advanced" called "Restore
>>Defaults". I havent' had achance to google about that, but so far I'm
>>afraid to use it for fear it will delete all the exceptions.
>>
>>
>>What did work after using the BitDefender Rescue CD that she said
>>didn't before:
>>
>>1) She said nothing else worked before and most things worked now.
>>
>> And the apparent IE screen that wanted her to scan for viruses was
>>actually in Firefox. Actually there were 5 tabs over 4 FF windows for
>>the same screen but FF didn't start right, it gave the We're
>>Embarrassed screen, and we were able to uncheck all 5 tabs.
>>
>>2) She can dl her email now!!
>>
>>3) When she clicked on the AVG icon in the sytray before it said:
>>"application can not be executed if avgui.exe is infected", but now it
>>worked. I could also dl updates for AVG and then I ran AVG
>>(partially, 200,000 registry entries or files out of 1.1 million) and
>>it found a trojan and an entry in the registry that pointed to it.
>>And about 50 tracking cookies. I let AVG put them in the "virus
>>vault".
>>
>>I restarted the computer but web browsing didn't improve.
>>
>>I started Spybot Search & Destroy, and it too was able to update its
>>definitiions with no trouble, and then it quickly found one piece of
>>"Malware" and more tracking cookies. I let Spybot quarantine them or
>>whatever it does.
>>
>>I restarted the copmputer but web browsing didn't improve.
>>
>>So now she's running AVG until it completes. What are the chances it
>>will find something important that it didn't find in the first 200,000
>>registry entires and files? Don't all the scanners look in the most
>>important places first?
>>
>>
>>I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
>>which I copied to CD's and will take over there, but maybe I'm
>>spitting in the wind?

>
>Well, the final problem seems to have been the FFox proxy settings.
>
>My friend called me this morning. AVG finished scanning everything
>and didn't find anything.
>
>But she got a different message from Firefox, something about can't
>find the proxy. So she knew I'd be sleeping that early and she called
>another friend and he had her go to
>Firefox/Options/Advanced/Network/[Connection] Settings and she was set
>for Use System Proxy Settings. (So am I.) He had her change to No
>Proxy, and now her FF works. As far as she has noticed, everything
>works.
>
>She hasn't checked IE yet, but neither did I yesterday. Maybe it
>worked after I used AVG to remove the trojan. But it seems the virus
>changed soemthiing in the "System Proxy Settings" so that they no
>longer work. What in practice, before the virus, the difference
>between them and "no proxy" was, I don't know.
>
>Is there some way to find the System Proxy Settings and change them
>back to their proper values?
>
>Thank you all for the help, and even the criticism.
>
>
>And thanks, Randem for yours. Can I call it a randem/om suggestion?
 
Top