|
Posted by =?Utf-8?B?ZmlzaGVybWFu?= on March 31, 2007, 8:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
John Gray
"Nick Skrepetos" wrote:
> wrote:
> > Nick - thanks for the diagnostic. I've run it and its with you now.
> >
> > Re "bak" folder. Yes - i have found two from the last seven days:-
> > spyware.dat.zlbak in C:\WINDOWS\system32\ZoneLabs 3.18 MB created 21Mar07
> > and
> > Personal_32_1033.dat.bak in C:\WINDOWS\pchealth\helpctr\Config\Cashe size
> > 158 KB created 30Mar07
> >
> > Re "HOSTS" file. Found it (and 2 "hosts" files) all 1 KB or less. How do i
> > reset it to the default state?
> >
> > Thanks again, John Gray
> >
> >
> >
> > "Nick Skrepetos" wrote:
> > > wrote:
> > > > My apologies, Nick.
> > > > I now wonder if SpyLock has copied your red corcle icon. Their webpage
> > > > looked very straight and easily fooled an amateur like me.
> > > > Thank you for your helpful comments and advice. I guess that i may still
> > > > have some of the original infection which may be why my attempts to try
> > > > uninstalling your program did not succeed, along with all the other
strange
> > > > symptoms that i still have. I will look for the "bak" folder and "HOSTS"
> > > > folder that you mentioned.
> > > > Again, my apologies.
> >
> > > > John Gray
> >
> > > > "Nick Skrepetos" wrote:
> > > > > > I and many others have had no problems with SAS.
> > > > > > I think it is a superb program and have used it since it came out.
> > > > > > The author is very consciencous.
> > > > > > I would contact their site for support.
> > > > > > I notice it appears to be down right now.
> >
> > > > > > Tom
> >
> >
> > > > > > |I would like to know if "superantispyware.com" free download is ok.
I saw
> > > > > > it
> > > > > > | recommended in the 3/13/2007 discussion "Can Viruses Do The
Following ..
> > > > > > | (Hide on a system and unzip late", but ...
> > > > > > |
> > > > > > | On 3/27/2007 something called Spylocked got thru my protections
and into
> > > > > > my
> > > > > > | laptop, put a red circle with diagonal bar in my tray and kept
beeping at
> > > > > > me.
> > > > > > | Clicking on it redirected me to spylocked.com where it said that
it is a
> > > > > > | rogue program that is installed by a Trojan called Zlob. I went to
the web
> > > > > > | and found several references to this and recommendations to
download free
> > > > > > | from SuperAntispyware, (SAS), to remove it. I did this, and SAS
appeared
> > > > > > to
> > > > > > | have removed it - the red circle disappeared but i noticed at the
end of
> > > > > > the
> > > > > > | scan that SAS was adding a lot of stuff as well as deleting.
> > > > > > | Today i find that both my Internet Explorer and Outlook Express
are not
> > > > > > | working properly. IE wont let me access some sites, particularly
some
> > > > > > | sercurity sites. OE wont send or receive at all from my laptop (i
can
> > > > > > still
> > > > > > | access email direct thru IE to MSN and Gmail). I notice that the
SAS icon
> > > > > > on
> > > > > > | my desktop looks very like the SpyLocked logo. My Lavasoft
Ad-Aware
> > > > > > appeared
> > > > > > | to have been taken over by the SAS - the icon is now the red
circle and it
> > > > > > | wont connect for updates. Windows Defender wont download updates
either.
> > > > > > SAS
> > > > > > | will not let me uninstall it. Nothing happens when i click on
SAS's Help
> > > > > > | page contact entries in their Preferences window. Hence i am
suspicious of
> > > > > > | the SAS program.
> > > > > > |
> > > > > > | Can anyone advise me of a relatively easy fix for this, and how to
stop it
> > > > > > | getting in again? Not too technical, please.
> > > > > > |
> > > > > > |
> >
> > > > > Tom,
> >
> > > > > SUPERAntiSpyware does not add anything when it is scanning, it also
> > > > > does not disable anything in your system. It is likley part of the
> > > > > infection you had overwrote entries in your HKCU and HKLM (registry)
> > > > > startup locations. Usually you will find a "bak" folder with the
> > > > > original file in it - the infection overwites all the files then when
> > > > > your system starts it executes those files then starts the original
> > > > > programs so it "appears" you are not infected, but yet you are. We
> > > > > call this the KUReplace trojan. Was that detected on your system?
> >
> > > > > You can uninstall SUPERAntiSpyware from within the Control Panel Add/
> > > > > Remove programs as you can any Windows Application. As for not being
> > > > > able to access certain "security" sites, it is likley your HOSTS file
> > > > > was hi-jacked by the infection - this again is common for the
> > > > > infections. You can reset the hosts file to the default state and you
> > > > > will likely be able to access those pages again. This has nothing to
> > > > > do with SUPERAntiSpyware.
> >
> > > > > SUPERAntiSpyware is on the Spyware Warrior trusted/recommended list as
> > > > > well as on the 2007 Pricelessware list. We are a reputable company
> > > > > with a reputable product, check around the web.
> >
> > > > > Nick Skrepetos
> > > > > SUPERAntiSpyware.com
> > > > >http://www.superantispyware.com-Hide quoted text -
> >
> > > > - Show quoted text -
> >
> > > Run this diagnostic and I can look and see what the status of your
> > > system is and let you know if you are still infected:
> > >http://www.superantispyware.com/diagnostic.html?id=nicks
> >
> > > Nick Skrepetos
> > > SUPERAntiSpyware.com
> > >http://www.superantispyware.com- Hide quoted text -
> >
> > - Show quoted text -
>
> Those BAK files are ok, the infection creates "bak" FOLDERS, so no
> worries there. E-mail me your hosts file(s) to nicks AT
> superantispyware.com and I'll check them out.
>
> -Nick
>
>
>
| 
XML site map