[AT] Off topic, computer related.

Henry Miller hank at millerfarm.com
Tue Mar 16 06:55:03 PDT 2010 

On program I haven't heard mentioned is Spybot Search&Destroy 
(http://www.safer-networking.org/).   Free (donation recommended) and worth a 
shot.   Last time I needed it, I had to download it on a different computer 
and transfer it via USB stick because whatever is causing problems blocks that 
site.   

That said, I think it is time for you to start over.   Backup all your data 
(and only data - you don't know how your programs are infected), erase 
everything on your computer, reinstall, then apply the latest updates.   You 
want to be behind a firewall for this because there are some bugs on the 
install system that can be used to infect your computer before you get the 
updates downloaded.  Might be worth paying someone $50 to do this just because 
they are experienced (but do your own backups first - they won't save anything 
from your computer for $50, and besides you need backups anyway).

Make sure you turn automatic updates on.  Microsoft is pretty good about 
getting patches out quickly.

Did I mention you need backups?   I've heard too many stories about people who 
lost critical data because they were too lazy to do backups.

On Tuesday 16 March 2010 07:11:09 charliehill wrote:
> Guys at this point I don't know what to do.  I've apparently defeated the
> initial problem with "security essentials 2010" but still have a severe
> problem.  I first beat it back with Malware Bytes which I had from a
>  similar problem last year.  Then the problem came back.  I downloaded the
>  latest edition of Trend Micro House Call and beat it back again.  I
>  thought it was gone.   Then it started immediately showing up again by
>  redirecting any attempt I made to go to any website I found on a search
>  engine.  To beat that I downloaded Firefox browser directly from a link
>  supplied to me by e-mail by Mike Sloane.  At some point early in this
>  whole process I dowloaded PCTools Spyware doctor.  It found a bunch of
>  stuff but wouldn't remove it without my paying them $40.00.   I started
>  doing searches with Firefox to find solutions and almost immediately
>  Firefox began being redirected to bad sites.
> 
> I went back and ran Malware Bytes again and it didn't find a thing but the
> problem was still there.  I could type in a search for a site, say
> microsoft, click on the link that I knew was a legit microsoft link and I
> would be redirected to a spam site that looked like a search engine.  It
> would immediately start to cascade to other sites.  I'm sure trying to take
> me back to the bug.  I went back and ran House Call again.  It didn't find
> anything but the problem was still there.  I would try to run an internet
> search for a solution and regardless of running the search on Firefox or IE
> I'd get re-directed.   I thought about Spyware Dr. which I had already
> downloaded but not paid for, so I put my credit card acct # at risk to pay
> them $40.  I ran the program and even though the other programs said I was
> clean it found 170 problems.  Most of them just tracking cookies and the
> like but 10 of them moderate to high risk trojans, bots and root kits.  I
> removed all of them.  Went back to try a web search again and immediately
> got a re-direct.  I managed to get into the Microsoft site and downloaded
> their newest Browser edition.  During that download Microsoft searched for
> threats and found none. As soon as I ran a search on that browser I got
> re-directed.  I went back to PC tools and instead of runing it's
> Intelliguard (recommended) search.  I ran the full search.  It took most of
> the night last night.  This morning I fixed the problems it found (by the
> way while Spyware Dr was running I unplugged the modem).  Then I plugged
>  the modem back in and did a search on the brand new IE 8 browser and
>  immediately got re-directed.
> 
> That brings us up to now and represents probably 20 hours of working time
> over a 48 or so hour period.  I also ran Trend Micro's  RU boted and Root
> Kit dectection searches.  RU boted will tell me I've got a bot and tell me
> to search with Housecall but housecall doesn't find it.
> All of this time and for a long time in the past I've been running Zone
> Alarm full configured Pro version which is a firewall with virus and
>  spyware protection.
> 
> The only thing I can figure is this thing has wormed it's way into a
> legitimate program that Zone Alarm is allowing to access the internet but
> which one?
> 
> I just ran Spyware Dr again while I was typing this.  This time it only
> found 5 tracking cookies.  Apparently all of them got on in the 2 or 3
> seconds it took me to shut down the most recent web search re-direct.
> 
> My computer appears to be running fine right now as long as I don't try to
> do any sort of internet search.  I'm also wary of my favorites file.
> Something along the way ( I don't remember the specifics right now) led me
> to believe my favorites files were corrupted.  I've got litterally hundreds
> of favorites, probably thousands carefully sorted in files by subject. 
>  It's my own personal information library for both work and personal stuff.
>   The thought of having to delete all of them is not pleasant and the task
>  of manually copying each of them to paper so that they can be reloaded is
>  daunting.
> 
> I can't even do online searches to find a solution because when I do I get
> re-infected or at the least re-directed.
> 
> If anyone has a clue about a problem with web search re-direction problems
> please let me know.  If you know of a site that deals with it please send
>  me the link via e-mail in clickable form because I can't run a search for
>  it.
> 
> Thanks and beware.  There is one bad bug out there.  Either that or I'm
> being deliberately targeted which I'm now starting to consider as a real
> possibility.
> 
> Charlie
> 
> 
> ----- Original Message -----
> From: "Dan Folske" <dfolske at nccray.net>
> To: "Antique tractor email discussion group" <at at lists.antique-tractor.com>
> Sent: Monday, March 15, 2010 7:34 PM
> Subject: Re: [AT] Off topic, computer related.
> 
> > My secretaries computer got hit with XP Internet Security a week ago.
> >
> > Windows XP Pro, MacAfee Antivirus, and IE 8
> >
> > A combination of Malwarebytes Anti-malware and ComboFix seemed to get it
> > off
> > but it was still locking up and running slow.
> > I was hoping to get by without wiping the hard drive so I sent it to our
> > tech department and guess what? They wiped it!
> >
> > They reloaded the University IT supported software but I spent all day
> > today
> > reinstalling purchased software and reloading backed up data.  Gave it
> > back
> > to the secretary this afternoon and MacAfee Scan on Demand picked up
> > another
> > virus within half an hour.
> >
> > It is still locking up once in a while so I may have a hardware issue as
> > well.
> >
> > I use IE 8, Chrome and Firefox on my machines because each one has some
> > sites or apps that they don't seem to work on while one of the others do.
> >
> >
> > _______________________________________________
> > AT mailing list
> > http://www.antique-tractor.com/mailman/listinfo/at
> >
> >
> >
> >
> > =======
> > Email scanned by PC Tools - No viruses or spyware found.
> > (Email Guard: 7.0.0.18, Virus/Spyware Database: 6.14560)
> > http://www.pctools.com/
> > =======
> 
> =======
> Email scanned by PC Tools - No viruses or spyware found.
> (Email Guard: 7.0.0.18, Virus/Spyware Database: 6.14560)
> http://www.pctools.com/
> =======
> _______________________________________________
> AT mailing list
> http://www.antique-tractor.com/mailman/listinfo/at
>

More information about the AT mailing list