|
Posted by =?Utf-8?B?Qi4gQ2hlcm5pY2s=?= on August 28, 2005, 9:11 pm
If you were Registered and logged in, you could reply and use other advanced thread options
possibility you did get a non-viral malware infection. I strongly suggested
replaceing Ad-aware6 with Ad-aware SE and updating it with the latest
signatures then perform a scan with the new version."
Are you saying that you tested eTrust and it failed, or that you just don't
have confidence in eTrust? I should point out that I keep my antivirus
subscription up to date.
"David H. Lipman" wrote:
>
> | First I'm sorry I can't provide greater detail, but what happened was that I
> | got careless and accidentally visited a website supposedly crawling with
> | spyware (emp3world.com). Basically I got suspicious about what I saw,
> | googled the site and found some hits associating it with something called
> | 'Dial 300263 executable'.
> | I immediately physically disconnected from the phone line and did complete
> | scans with eTrust EzAntiVirus and AdAware 6, both of which found nothing.
> |
> | 1st, can I stop hyperventilating?
> |
> | 2nd, I thought I had clicked on emp3world but when I looked at the dropdown
> | list of the Back button, I found that another website had somehow been
> | inserted inbetween the current site and my Google search:
> | www.cashventure.com/sgo.ph?id=4.
> |
> | Can someone explain what happened here? I am a programmer but not a hacker
> | or a web expert.
>
> Ad-aware6 is no longer supported nor updated. It has been superceded by
Ad-aware SE v1.06
>
> I recomend removin the old version and installing the new version.
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> Accessing the emp3world web site tried to install a ActiveX OCX malware file
as indicated by
> McAfee VirusScan v7.1E.
> The following is the log file from McAfee...
> 8/28/2005 6:56:06 PM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
> Internet Files\Content.IE5\WCZFECUD\mp3[1].ocx Adware-UCMore
>
> Everytime I access that web site, I get a different response. Ad additional
access to the
> site tried to install ISTbar malware...
> 8/28/2005 7:01:18 PM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
> Internet Files\Content.IE5\FZ4HCZOS06_mp3[1].cab06_MP3[1].CAB
Adware-ISTbar
>
>
> Therefore if if eTrust missed this OCX file there is the possibility you did
get a non-viral
> malware infection. I strongly suggested replaceing Ad-aware6 with Ad-aware SE
and updating
> it with the latest signatures then perform a scan with the new version.
>
> I also suggest using the following Multi AV scanning tool. It has scanners
for; sophos,
> McAfee and Trend Micro.
>
> Since McAfee found the OCX associated with "Adware-UCMore" and the CAB file
associated with
> "Adware-ISTbar" trying to be installed into IE, I suggest using the McAfee
module in the
> Multi AV scanning tool. You can use the Sophos and Trend modules but I
suggest starting
> with the McAfee module.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
scripts, one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE.
It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command
Line Scanners to
> remove viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or
you can
> download the files and perform a scan in Normal Mode. Once you have downloaded
the files
> needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to
run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
| 
XML site map