[AT] Off topic, computer related.

charliehill charliehill at embarqmail.com
Wed Mar 17 10:23:38 PDT 2010 

For those interested,  here is what I'm trying to do now.

http://forums.techguy.org/malware-removal-hijackthis-logs/671111-win32-nsanti-how-get-rid-4.html

Charlie
----- Original Message ----- 
From: "Larry Mason" <lcmason at uslink.net>
To: "Antique tractor email discussion group" <at at lists.antique-tractor.com>
Sent: Wednesday, March 17, 2010 12:32 PM
Subject: Re: [AT] Off topic, computer related.


> Go to this website and follow the instructions closely:
> http://www.bleepingcomputer.com/virus-removal/remove-security-essentials-2010
> These types of viruses often disable portions of the antivirus program 
> that
> is being downloaded, but still let the program say that no problems were
> found, They are a pain to get rid of. Good luck.
> Larry Mason
> Hackensack MN
> Still 36" ice on the big lakel
> --------------------------------------------------
> From: "charliehill" <charliehill at embarqmail.com>
> Sent: Tuesday, March 16, 2010 7:11 AM
> To: "Antique tractor email discussion group" 
> <at at lists.antique-tractor.com>
> Subject: Re: [AT] Off topic, computer related.
>
>> Guys at this point I don't know what to do.  I've apparently defeated the
>> initial problem with "security essentials 2010" but still have a severe
>> problem.  I first beat it back with Malware Bytes which I had from a
>> similar
>> problem last year.  Then the problem came back.  I downloaded the latest
>> edition of Trend Micro House Call and beat it back again.  I thought it
>> was
>> gone.   Then it started immediately showing up again by redirecting any
>> attempt I made to go to any website I found on a search engine.  To beat
>> that I downloaded Firefox browser directly from a link supplied to me by
>> e-mail by Mike Sloane.  At some point early in this whole process I
>> dowloaded PCTools Spyware doctor.  It found a bunch of stuff but wouldn't
>> remove it without my paying them $40.00.   I started doing searches with
>> Firefox to find solutions and almost immediately Firefox began being
>> redirected to bad sites.
>>
>> I went back and ran Malware Bytes again and it didn't find a thing but 
>> the
>> problem was still there.  I could type in a search for a site, say
>> microsoft, click on the link that I knew was a legit microsoft link and I
>> would be redirected to a spam site that looked like a search engine.  It
>> would immediately start to cascade to other sites.  I'm sure trying to
>> take
>> me back to the bug.  I went back and ran House Call again.  It didn't 
>> find
>> anything but the problem was still there.  I would try to run an internet
>> search for a solution and regardless of running the search on Firefox or
>> IE
>> I'd get re-directed.   I thought about Spyware Dr. which I had already
>> downloaded but not paid for, so I put my credit card acct # at risk to 
>> pay
>> them $40.  I ran the program and even though the other programs said I 
>> was
>> clean it found 170 problems.  Most of them just tracking cookies and the
>> like but 10 of them moderate to high risk trojans, bots and root kits.  I
>> removed all of them.  Went back to try a web search again and immediately
>> got a re-direct.  I managed to get into the Microsoft site and downloaded
>> their newest Browser edition.  During that download Microsoft searched 
>> for
>> threats and found none. As soon as I ran a search on that browser I got
>> re-directed.  I went back to PC tools and instead of runing it's
>> Intelliguard (recommended) search.  I ran the full search.  It took most
>> of
>> the night last night.  This morning I fixed the problems it found (by the
>> way while Spyware Dr was running I unplugged the modem).  Then I plugged
>> the
>> modem back in and did a search on the brand new IE 8 browser and
>> immediately
>> got re-directed.
>>
>> That brings us up to now and represents probably 20 hours of working time
>> over a 48 or so hour period.  I also ran Trend Micro's  RU boted and Root
>> Kit dectection searches.  RU boted will tell me I've got a bot and tell 
>> me
>> to search with Housecall but housecall doesn't find it.
>> All of this time and for a long time in the past I've been running Zone
>> Alarm full configured Pro version which is a firewall with virus and
>> spyware
>> protection.
>>
>> The only thing I can figure is this thing has wormed it's way into a
>> legitimate program that Zone Alarm is allowing to access the internet but
>> which one?
>>
>> I just ran Spyware Dr again while I was typing this.  This time it only
>> found 5 tracking cookies.  Apparently all of them got on in the 2 or 3
>> seconds it took me to shut down the most recent web search re-direct.
>>
>> My computer appears to be running fine right now as long as I don't try 
>> to
>> do any sort of internet search.  I'm also wary of my favorites file.
>> Something along the way ( I don't remember the specifics right now) led 
>> me
>> to believe my favorites files were corrupted.  I've got litterally
>> hundreds
>> of favorites, probably thousands carefully sorted in files by subject.
>> It's
>> my own personal information library for both work and personal stuff. 
>> The
>> thought of having to delete all of them is not pleasant and the task of
>> manually copying each of them to paper so that they can be reloaded is
>> daunting.
>>
>> I can't even do online searches to find a solution because when I do I 
>> get
>> re-infected or at the least re-directed.
>>
>> If anyone has a clue about a problem with web search re-direction 
>> problems
>> please let me know.  If you know of a site that deals with it please send
>> me
>> the link via e-mail in clickable form because I can't run a search for 
>> it.
>>
>> Thanks and beware.  There is one bad bug out there.  Either that or I'm
>> being deliberately targeted which I'm now starting to consider as a real
>> possibility.
>>
>> Charlie
>>
>>
>> ----- Original Message ----- 
>> From: "Dan Folske" <dfolske at nccray.net>
>> To: "Antique tractor email discussion group"
>> <at at lists.antique-tractor.com>
>> Sent: Monday, March 15, 2010 7:34 PM
>> Subject: Re: [AT] Off topic, computer related.
>>
>>
>>> My secretaries computer got hit with XP Internet Security a week ago.
>>>
>>> Windows XP Pro, MacAfee Antivirus, and IE 8
>>>
>>> A combination of Malwarebytes Anti-malware and ComboFix seemed to get it
>>> off
>>> but it was still locking up and running slow.
>>> I was hoping to get by without wiping the hard drive so I sent it to our
>>> tech department and guess what? They wiped it!
>>>
>>> They reloaded the University IT supported software but I spent all day
>>> today
>>> reinstalling purchased software and reloading backed up data.  Gave it
>>> back
>>> to the secretary this afternoon and MacAfee Scan on Demand picked up
>>> another
>>> virus within half an hour.
>>>
>>> It is still locking up once in a while so I may have a hardware issue as
>>> well.
>>>
>>> I use IE 8, Chrome and Firefox on my machines because each one has some
>>> sites or apps that they don't seem to work on while one of the others 
>>> do.
>>>
>>>
>>> _______________________________________________
>>> AT mailing list
>>> http://www.antique-tractor.com/mailman/listinfo/at
>>>
>>>
>>>
>>>
>>> =======
>>> Email scanned by PC Tools - No viruses or spyware found.
>>> (Email Guard: 7.0.0.18, Virus/Spyware Database: 6.14560)
>>> http://www.pctools.com/
>>> =======
>>
>>
>>
>>
>>
>> =======
>> Email scanned by PC Tools - No viruses or spyware found.
>> (Email Guard: 7.0.0.18, Virus/Spyware Database: 6.14560)
>> http://www.pctools.com/
>> =======
>> _______________________________________________
>> AT mailing list
>> http://www.antique-tractor.com/mailman/listinfo/at
>>
> _______________________________________________
> AT mailing list
> http://www.antique-tractor.com/mailman/listinfo/at
>
>
>
>
> =======
> Email scanned by PC Tools - No viruses or spyware found.
> (Email Guard: 7.0.0.18, Virus/Spyware Database: 6.14580)
> http://www.pctools.com/
> ======= 





=======
Email scanned by PC Tools - No viruses or spyware found.
(Email Guard: 7.0.0.18, Virus/Spyware Database: 6.14580)
http://www.pctools.com/
=======

More information about the AT mailing list