Hi,
I am having problems with the internet on my user only. I keep getting this Forblehudupe bar every time I change a page and instead of getting a "This page cannot be displayed" I get one of these MP3s, Movies pages instead, with an address in the documents and settings\jamie folder. It is really annoying me and I don't know how the PC could have got this virus/trojan etc. as we have the built in firewall on. Can anyone help?
JAMIE
I think I am infected!
-
Neil Jones
- Posts: 661
- Joined: Thu 11 Sep, 2003 20.03
- Location: West Midlands
http://www.lavasoft.de for Adware 6 - download, update, install, scan. Remove all found objects. Free.
Next, http://www.grisoft.com for Anti Virus software if you have none already. It's free so no excuses.
Regarding the firewall - if you have spyware it will usually come in through an application you've granted internet access to (Kazza is a culprit at doing this in the background such is the amount of crap it comes with), althuogh the WinXP firewall is very basic (monitors incoming traffic only) compared to something like ZoneAlarm (which monitors both incoming and outgoing traffic). WinXP SP2 will apparently uphaul this entire area of Windows when it comes out next month.
But having said that, IMO for an infection to happen one of two things needs to happen:
1) As I've explained above re: the firewall (a "backdoor" if you like)
2) Saving and subsequent opening of attachments regardless from email clients, by far the most common method
Next, http://www.grisoft.com for Anti Virus software if you have none already. It's free so no excuses.
Regarding the firewall - if you have spyware it will usually come in through an application you've granted internet access to (Kazza is a culprit at doing this in the background such is the amount of crap it comes with), althuogh the WinXP firewall is very basic (monitors incoming traffic only) compared to something like ZoneAlarm (which monitors both incoming and outgoing traffic). WinXP SP2 will apparently uphaul this entire area of Windows when it comes out next month.
But having said that, IMO for an infection to happen one of two things needs to happen:
1) As I've explained above re: the firewall (a "backdoor" if you like)
2) Saving and subsequent opening of attachments regardless from email clients, by far the most common method
-
Anonymous
I have Norton 2003 with all new virus definitions, AdAdaware and Spybot Search and Destroy. None of them seem to pick anything up however Norton did about a month ago saying we have a trojan which it quarantined. However if this was it, it has returned. It is now affecting the main user which is a pain. I think I have found the culprit folder "File scr real" which had three .exe files. Two can be deleted but every time I click once on the third to delete it "Tick this" it makes everything vanish except the background, bringing everything bar My Computer back a few moments later. The folder in question is read only and when you change it it changes itself back.
One last thing, when spybot search and destroy was analysing my startup list, it says that a file called msconfig is a unknown virus, trojan or spyware not to be confused with valid entry with the filename \"msconfig.exe"\. However there is no other entry with that name. Do you think I should disable this msconfig virus/trojan/spyware?
JAMIE
PS I do have Kazaa Lite K++ which didn't appear to come with any spyware but does anybody know if Messenger Plus a MSN Messenger add-on could be the culprit?
One last thing, when spybot search and destroy was analysing my startup list, it says that a file called msconfig is a unknown virus, trojan or spyware not to be confused with valid entry with the filename \"msconfig.exe"\. However there is no other entry with that name. Do you think I should disable this msconfig virus/trojan/spyware?
JAMIE
PS I do have Kazaa Lite K++ which didn't appear to come with any spyware but does anybody know if Messenger Plus a MSN Messenger add-on could be the culprit?
MSGplus has spyware *IF* and only if you agree to have it installed during setup. If you clicked yes when it asked if it could install the sponsor program it'll be there. I think uninstalling MSGplus and reinstalling should get shot of it but I'd give your system a scan with Ad-aware nonethless (link in Neil's post).
If you didn't install that it might have been something sneaking through one of the security holes in IE, another problem sorted in SP2.
If you didn't install that it might have been something sneaking through one of the security holes in IE, another problem sorted in SP2.
"He has to be larger than bacon"
-
Anonymous
I remember now Hyma-I was rushing through the installation thinking it was a license agreement so I clicked yes. Just after my previous post I managed to delete the offending files and clear them from the recycle bin. No problems at the moment and I followed your advice of scanning the PC with Ad-Adaware and no problems! Thank you both for your help,
JAMIE
JAMIE