High threat trojan virus or spyware

[Guest]

Hi:

I was reading up on all the posts, hopefully to find a fix for my problem.
It seems that not only spyware is constantly getting on the computer but
backdoor trojans as well. According to the posts there are quite a number of
users who are experiencing various problems with different trojans. My
concern is with the Amitis 1.3 trojan which falls into the RAT catagory.
Several days back I downloaded a media player from a web site called DIVX.
After this download is when I started to have strange problems with erratic
behavior on my computer. I have several spyware checkers and the one that
picked it out was CounterSpy. The funny or not so funny part of it is that I
cannot delete it automatically, manually, or whatever else. I cannot even
find files related to it. It's purposely hidden somewhere, but where? I
scanned everything, searched out everything but was not able to find it. I
found some resources and I found an excellent descriotion of Amitis on the
eTrust Spyware Encyclopedia at this web address.
"http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076220"
Not only is there a detailed description but screenshots of what the
interface looks like. You would not believe the activities that can have a
hacker plague your computer. For example, if you look at the 2nd screenshot,
middle column of buttons and take note a the 2 button from the bottom, you
will know what I am talking about. When searching for this program, I
momentarily found it and gives explicit warnings before entering the site. I
trided going back to it again so I could post that web address but unable to
find it. It is definitely a hackers download tool site. By the way the
author is named: "stacked_shit" who developed the program and is done in
Delphi. Also, my Norton antivirus checker did not pick this up. I even have
Pest Patrol, Spy Sweeper, Spybot Search and Destroy. Microsoft new spyware
checker which is the beta version and System Spyware Integrator which I found
a link in this forum. Like I said, the only one that found it was the
CounterSpy. Of course some of the others picked up different spyware and was
able to rid of it. Counterspy keeps indicating that I still has this very
serious threat and will not remove it. Please check out the encyclopedia on
eTrust so you can read the info in more detail and also if anyone has
experienced this on their computer and please let me know what you find. If
anyone has a sure fire way that I can find the trojan, I certainly will be
grateful. There are rotten apples in this World and determined to screw up
your computer. Before I go, I want to mention the tricks it plays on me.
1. Has made my computer sluggish.
2. When booting up to my desktop, it takes another two minutes before I can
do anything with or at least until my Norton Antivirus Monitor appears in my
sys tray and during this time, my drive sounds like a buzzer.
3. I found a folder in my computer cabinet that was labeled "help", opening
it up showed nothing and being that it is oin my documents folder, it would
be safe to delete it. When I did, the computer immediately shut-down without
going through the shut-down protocol. After it rebooted, the folder was gone
but still took a long time before I could do anything.
5. Believe this or not-it messed up my printer head alignment. I can under
something being a little out of align but this was bad. The printouts was
garbled. I realigned the heads and far it is aligned.

Thats it and please respnd to this message and believe me anything that is
pertenent will help. Thank you for reading this.

Regards

 

[David H. Lipman]

You wouldn't need all that software if you practice Safe Hex. Looking for freebies and
downloading stuff from the Internet from non-reputable locations is asking for trouble.

One last statement.

Here are the UseNet locations to get the facts on; viruses, worms, Trojans and spyware

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
alt.computer.security
alt.privacy.spyware

I see you are posting from Earthlink via Level 3 Communications using the MS CDO web
front-end so you have your work cut out for you.

--
Dave




| Hi:
|
| I was reading up on all the posts, hopefully to find a fix for my problem.
| It seems that not only spyware is constantly getting on the computer but
| backdoor trojans as well. According to the posts there are quite a number of
| users who are experiencing various problems with different trojans. My
| concern is with the Amitis 1.3 trojan which falls into the RAT catagory.
| Several days back I downloaded a media player from a web site called DIVX.
| After this download is when I started to have strange problems with erratic
| behavior on my computer. I have several spyware checkers and the one that
| picked it out was CounterSpy. The funny or not so funny part of it is that I
| cannot delete it automatically, manually, or whatever else. I cannot even
| find files related to it. It's purposely hidden somewhere, but where? I
| scanned everything, searched out everything but was not able to find it. I
| found some resources and I found an excellent descriotion of Amitis on the
| eTrust Spyware Encyclopedia at this web address.
| "http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076220"
| Not only is there a detailed description but screenshots of what the
| interface looks like. You would not believe the activities that can have a
| hacker plague your computer. For example, if you look at the 2nd screenshot,
| middle column of buttons and take note a the 2 button from the bottom, you
| will know what I am talking about. When searching for this program, I
| momentarily found it and gives explicit warnings before entering the site. I
| trided going back to it again so I could post that web address but unable to
| find it. It is definitely a hackers download tool site. By the way the
| author is named: "stacked_shit" who developed the program and is done in
| Delphi. Also, my Norton antivirus checker did not pick this up. I even have
| Pest Patrol, Spy Sweeper, Spybot Search and Destroy. Microsoft new spyware
| checker which is the beta version and System Spyware Integrator which I found
| a link in this forum. Like I said, the only one that found it was the
| CounterSpy. Of course some of the others picked up different spyware and was
| able to rid of it. Counterspy keeps indicating that I still has this very
| serious threat and will not remove it. Please check out the encyclopedia on
| eTrust so you can read the info in more detail and also if anyone has
| experienced this on their computer and please let me know what you find. If
| anyone has a sure fire way that I can find the trojan, I certainly will be
| grateful. There are rotten apples in this World and determined to screw up
| your computer. Before I go, I want to mention the tricks it plays on me.
| 1. Has made my computer sluggish.
| 2. When booting up to my desktop, it takes another two minutes before I can
| do anything with or at least until my Norton Antivirus Monitor appears in my
| sys tray and during this time, my drive sounds like a buzzer.
| 3. I found a folder in my computer cabinet that was labeled "help", opening
| it up showed nothing and being that it is oin my documents folder, it would
| be safe to delete it. When I did, the computer immediately shut-down without
| going through the shut-down protocol. After it rebooted, the folder was gone
| but still took a long time before I could do anything.
| 5. Believe this or not-it messed up my printer head alignment. I can under
| something being a little out of align but this was bad. The printouts was
| garbled. I realigned the heads and far it is aligned.
|
| Thats it and please respnd to this message and believe me anything that is
| pertenent will help. Thank you for reading this.
|
| Regards
|
|
|

 

[Guest]

Hi:

I was reading up on all the posts, hopefully to find a fix for my problem.
It seems that not only spyware is constantly getting on the computer but
backdoor trojans as well. According to the posts there are quite a number of
users who are experiencing various problems with different trojans. My
concern is with the Amitis 1.3 trojan which falls into the RAT catagory.
Several days back I downloaded a media player from a web site called DIVX.
After this download is when I started to have strange problems with erratic
behavior on my computer. I have several spyware checkers and the one that
picked it out was CounterSpy. The funny or not so funny part of it is that I
cannot delete it automatically, manually, or whatever else. I cannot even
find files related to it. It's purposely hidden somewhere, but where? I
scanned everything, searched out everything but was not able to find it. I
found some resources and I found an excellent descriotion of Amitis on the
eTrust Spyware Encyclopedia at this web address.
"http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076220"
Not only is there a detailed description but screenshots of what the
interface looks like. You would not believe the activities that can have a
hacker plague your computer. For example, if you look at the 2nd screenshot,
middle column of buttons and take note a the 2 button from the bottom, you
will know what I am talking about. When searching for this program, I
momentarily found it and gives explicit warnings before entering the site. I
trided going back to it again so I could post that web address but unable to
find it. It is definitely a hackers download tool site. By the way the
author is named: "stacked_shit" who developed the program and is done in
Delphi. Also, my Norton antivirus checker did not pick this up. I even have
Pest Patrol, Spy Sweeper, Spybot Search and Destroy. Microsoft new spyware
checker which is the beta version and System Spyware Integrator which I found
a link in this forum. Like I said, the only one that found it was the
CounterSpy. Of course some of the others picked up different spyware and was
able to rid of it. Counterspy keeps indicating that I still has this very
serious threat and will not remove it. Please check out the encyclopedia on
eTrust so you can read the info in more detail and also if anyone has
experienced this on their computer and please let me know what you find. If
anyone has a sure fire way that I can find the trojan, I certainly will be
grateful. There are rotten apples in this World and determined to screw up
your computer. Before I go, I want to mention the tricks it plays on me.
1. Has made my computer sluggish.
2. When booting up to my desktop, it takes another two minutes before I can
do anything with or at least until my Norton Antivirus Monitor appears in my
sys tray and during this time, my drive sounds like a buzzer.
3. I found a folder in my computer cabinet that was labeled "help", opening
it up showed nothing and being that it is oin my documents folder, it would
be safe to delete it. When I did, the computer immediately shut-down without
going through the shut-down protocol. After it rebooted, the folder was gone
but still took a long time before I could do anything.
5. Believe this or not-it messed up my printer head alignment. I can under
something being a little out of align but this was bad. The printouts was
garbled. I realigned the heads and far it is aligned.

Thats it and please respnd to this message and believe me anything that is
pertenent will help. Thank you for reading this.

Regards

http://www.windowsecurity.com/trojanscan/trojanscan.asp
http://tds.diamondcs.com.au/

 

[Guest]

Thanks for the post Dave. I just want to clearify a few things. You said
that I wasn't careful downloading. I thought that this DIVX site was for
real. I do download lots of software, Never in almost 9 years have I ran
into a problem that couldn't be solved with viruses or spyware. That is why
I have these tools. All the references brought up no information on what you
recommended. It keeps telling me that it cannot find the server. Your
statement between the asteriks stating:
************************************************************
I see you are posting from Earthlink via Level 3 Communications using the MS
CDO web
front-end so you have your work cut out for you.
************************************************************
I do not understand exactly what you are referring to that I have my work
cutout. I know that Earthlink is not my server but my connection is
controlled by whoeverhas put this on my computer. I wish that you can tell
me more what the MS-CDO web front-end is. I really could use quite a bit of
help on this as I am really stuck. How do you erraticate something when it
cannot be found with the exception of what my spyware detection indicates. I
have other posts on other forums which I still seek a response. I do
appreciate if you or someone else can give me a clearer understanding what I
should do. Would it be easier to install my win xp from scratch? Will this
remove all traces or should I zero the HD out? Should I purchase a software
package to wipe my drive clean? I know there are a lot of "what ifs" but I
am getting the feeling that more damage can be done if not taken care of this
trojan. Don't get me wrong. I do appreciate you communicating with me. I
hope others can see my messages as well and to hopefully send me any ideas.
Thanks again.

 

[David H. Lipman]

The MS CDO Web front-end to the MS News Groups is like riding a tricycle instead of a
motorcycle.

News Groups are based upon an old Internet protocol known as NNTP or Network News Transfer
Protocol which is done over TCP port 119. There is a server that "hosts" News Groups and
there is client software that accesses those News Groups.

An example News Client would be Outlook Express.
Other notable News Clients are; Forte Agent, Netscape Messenger and Micro-gravity. There
is a long list of News Clients.

The following URL will take your default News Client "here" !

news://msnews.microsoft.com/microsoft.public.windowsxp.security_admin

Note the part indicates the Protocol, NNTP, TCP port 119
This is the name of the News Server; msnews.microsoft.com
This is the name of the News Group; microsoft.public.windowsxp.security_admin

So by using this URL; news://msnews.microsoft.com/
You get to the Microsoft News Server. There you can view all the News Groups that server
provides and then find and "subscribe" to the News Group;
microsoft.public.windowsxp.security_admin

My ISP is Verizon. The vast majority of ISP's provide a News Server for their subscribers.
Verizon's News Server is; news.verizon.net
So the URL; news://news.verizon.net will take my defaulty News Client to the Verizon News
Server where I can view all the News Groups that their server provides and then find and
"subscribe" to the News Group; alt.comp.virus

The following URL will take my News Client (Outlook Ex[press) to the alt.comp.virus News
Group...
news://news.verizon.net/alt.comp.virus


Now unless you also are a Verizon subscriber, it won't work for you. You would have to use
Cox Communicatrion's News Server or pay a third party News Server company like Giganews.

The following URL at Earthlink will provide you with the News Server for your locale.
http://support.earthlink.net/mu/1/psc/img/walkthroughs/other/1694.psc.html

An example might be;
news://news.west.earthlink.net/microsoft.public.windowsxp.security_admin



--
Dave




| Thanks for the post Dave. I just want to clearify a few things. You said
| that I wasn't careful downloading. I thought that this DIVX site was for
| real. I do download lots of software, Never in almost 9 years have I ran
| into a problem that couldn't be solved with viruses or spyware. That is why
| I have these tools. All the references brought up no information on what you
| recommended. It keeps telling me that it cannot find the server. Your
| statement between the asteriks stating:
| ************************************************************
| I see you are posting from Earthlink via Level 3 Communications using the MS
| CDO web
| front-end so you have your work cut out for you.
| ************************************************************
| I do not understand exactly what you are referring to that I have my work
| cutout. I know that Earthlink is not my server but my connection is
| controlled by whoeverhas put this on my computer. I wish that you can tell
| me more what the MS-CDO web front-end is. I really could use quite a bit of
| help on this as I am really stuck. How do you erraticate something when it
| cannot be found with the exception of what my spyware detection indicates. I
| have other posts on other forums which I still seek a response. I do
| appreciate if you or someone else can give me a clearer understanding what I
| should do. Would it be easier to install my win xp from scratch? Will this
| remove all traces or should I zero the HD out? Should I purchase a software
| package to wipe my drive clean? I know there are a lot of "what ifs" but I
| am getting the feeling that more damage can be done if not taken care of this
| trojan. Don't get me wrong. I do appreciate you communicating with me. I
| hope others can see my messages as well and to hopefully send me any ideas.
| Thanks again.
|
|
| > Hi:
| > I was reading up on all the posts, hopefully to find a fix for my problem.
| > It seems that not only spyware is constantly getting on the computer but
| > backdoor trojans as well. According to the posts there are quite a number of
| > users who are experiencing various problems with different trojans. My
| > concern is with the Amitis 1.3 trojan which falls into the RAT catagory.
| > Several days back I downloaded a media player from a web site called DIVX.
| > After this download is when I started to have strange problems with erratic
| > behavior on my computer. I have several spyware checkers and the one that
| > picked it out was CounterSpy. The funny or not so funny part of it is that I
| > cannot delete it automatically, manually, or whatever else. I cannot even
| > find files related to it. It's purposely hidden somewhere, but where? I
| > scanned everything, searched out everything but was not able to find it. I
| > found some resources and I found an excellent descriotion of Amitis on the
| > eTrust Spyware Encyclopedia at this web address.
| > "http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076220"
| > Not only is there a detailed description but screenshots of what the
| > interface looks like. You would not believe the activities that can have a
| > hacker plague your computer. For example, if you look at the 2nd screenshot,
| > middle column of buttons and take note a the 2 button from the bottom, you
| > will know what I am talking about. When searching for this program, I
| > momentarily found it and gives explicit warnings before entering the site. I
| > trided going back to it again so I could post that web address but unable to
| > find it. It is definitely a hackers download tool site. By the way the
| > author is named: "stacked_shit" who developed the program and is done in
| > Delphi. Also, my Norton antivirus checker did not pick this up. I even have
| > Pest Patrol, Spy Sweeper, Spybot Search and Destroy. Microsoft new spyware
| > checker which is the beta version and System Spyware Integrator which I found
| > a link in this forum. Like I said, the only one that found it was the
| > CounterSpy. Of course some of the others picked up different spyware and was
| > able to rid of it. Counterspy keeps indicating that I still has this very
| > serious threat and will not remove it. Please check out the encyclopedia on
| > eTrust so you can read the info in more detail and also if anyone has
| > experienced this on their computer and please let me know what you find. If
| > anyone has a sure fire way that I can find the trojan, I certainly will be
| > grateful. There are rotten apples in this World and determined to screw up
| > your computer. Before I go, I want to mention the tricks it plays on me.
| > 1. Has made my computer sluggish.
| > 2. When booting up to my desktop, it takes another two minutes before I can
| > do anything with or at least until my Norton Antivirus Monitor appears in my
| > sys tray and during this time, my drive sounds like a buzzer.
| > 3. I found a folder in my computer cabinet that was labeled "help", opening
| > it up showed nothing and being that it is oin my documents folder, it would
| > be safe to delete it. When I did, the computer immediately shut-down without
| > going through the shut-down protocol. After it rebooted, the folder was gone
| > but still took a long time before I could do anything.
| > 5. Believe this or not-it messed up my printer head alignment. I can under
| > something being a little out of align but this was bad. The printouts was
| > garbled. I realigned the heads and far it is aligned.
| >
| > Thats it and please respnd to this message and believe me anything that is
| > pertenent will help. Thank you for reading this.
| >
| > Regards
| >
| >
| >

 

[Guest]

Thanks, Dave for all the info you have given me. There was another post by
"map" who gave me 2 links which had some downloads. One is GFI which I did
install but although it did not pick up my particular trojan, it warned me
that I was vulnerable and my IP address can be seen by the whole World. I
have been fighting this for months. I even am a member of GRC "Shield's-Up"
which has a wealth of info and posted some questions. I also do a scan on
PC-Pitstop which also indicated that I am vulnerable. Although these posts
are helpful, it seems that everyone has different recommendation to fix
something. When I'm really stuck, I do use forums. One thing I have learned
from all these experiences that I have to be more careful what I download on
my computer. You did say Safe Hex!! I thought that this was somewhat funny,
although serious. I don't want to get HEX HIV I'm only joking but I know
there is always help on this forum. Thanks for all the input.

Regards,

zzmel

The MS CDO Web front-end to the MS News Groups is like riding a tricycle instead of a
motorcycle.

News Groups are based upon an old Internet protocol known as NNTP or Network News Transfer
Protocol which is done over TCP port 119. There is a server that "hosts" News Groups and
there is client software that accesses those News Groups.

An example News Client would be Outlook Express.
Other notable News Clients are; Forte Agent, Netscape Messenger and Micro-gravity. There
is a long list of News Clients.

The following URL will take your default News Client "here" !

news://msnews.microsoft.com/microsoft.public.windowsxp.security_admin

Note the part indicates the Protocol, NNTP, TCP port 119
This is the name of the News Server; msnews.microsoft.com
This is the name of the News Group; microsoft.public.windowsxp.security_admin

So by using this URL; news://msnews.microsoft.com/
You get to the Microsoft News Server. There you can view all the News Groups that server
provides and then find and "subscribe" to the News Group;
microsoft.public.windowsxp.security_admin

My ISP is Verizon. The vast majority of ISP's provide a News Server for their subscribers.
Verizon's News Server is; news.verizon.net
So the URL; news://news.verizon.net will take my defaulty News Client to the Verizon News
Server where I can view all the News Groups that their server provides and then find and
"subscribe" to the News Group; alt.comp.virus

The following URL will take my News Client (Outlook Ex[press) to the alt.comp.virus News
Group...
news://news.verizon.net/alt.comp.virus


Now unless you also are a Verizon subscriber, it won't work for you. You would have to use
Cox Communicatrion's News Server or pay a third party News Server company like Giganews.

The following URL at Earthlink will provide you with the News Server for your locale.
http://support.earthlink.net/mu/1/psc/img/walkthroughs/other/1694.psc.html

An example might be;
news://news.west.earthlink.net/microsoft.public.windowsxp.security_admin



--
Dave




| Thanks for the post Dave. I just want to clearify a few things. You said
| that I wasn't careful downloading. I thought that this DIVX site was for
| real. I do download lots of software, Never in almost 9 years have I ran
| into a problem that couldn't be solved with viruses or spyware. That is why
| I have these tools. All the references brought up no information on what you
| recommended. It keeps telling me that it cannot find the server. Your
| statement between the asteriks stating:
| ************************************************************
| I see you are posting from Earthlink via Level 3 Communications using the MS
| CDO web
| front-end so you have your work cut out for you.
| ************************************************************
| I do not understand exactly what you are referring to that I have my work
| cutout. I know that Earthlink is not my server but my connection is
| controlled by whoeverhas put this on my computer. I wish that you can tell
| me more what the MS-CDO web front-end is. I really could use quite a bit of
| help on this as I am really stuck. How do you erraticate something when it
| cannot be found with the exception of what my spyware detection indicates. I
| have other posts on other forums which I still seek a response. I do
| appreciate if you or someone else can give me a clearer understanding what I
| should do. Would it be easier to install my win xp from scratch? Will this
| remove all traces or should I zero the HD out? Should I purchase a software
| package to wipe my drive clean? I know there are a lot of "what ifs" but I
| am getting the feeling that more damage can be done if not taken care of this
| trojan. Don't get me wrong. I do appreciate you communicating with me. I
| hope others can see my messages as well and to hopefully send me any ideas.
| Thanks again.
|
|
| > Hi:
| > I was reading up on all the posts, hopefully to find a fix for my problem.
| > It seems that not only spyware is constantly getting on the computer but
| > backdoor trojans as well. According to the posts there are quite a number of
| > users who are experiencing various problems with different trojans. My
| > concern is with the Amitis 1.3 trojan which falls into the RAT catagory.
| > Several days back I downloaded a media player from a web site called DIVX.
| > After this download is when I started to have strange problems with erratic
| > behavior on my computer. I have several spyware checkers and the one that
| > picked it out was CounterSpy. The funny or not so funny part of it is that I
| > cannot delete it automatically, manually, or whatever else. I cannot even
| > find files related to it. It's purposely hidden somewhere, but where? I
| > scanned everything, searched out everything but was not able to find it. I
| > found some resources and I found an excellent descriotion of Amitis on the
| > eTrust Spyware Encyclopedia at this web address.
| > "http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076220"
| > Not only is there a detailed description but screenshots of what the
| > interface looks like. You would not believe the activities that can have a
| > hacker plague your computer. For example, if you look at the 2nd screenshot,
| > middle column of buttons and take note a the 2 button from the bottom, you
| > will know what I am talking about. When searching for this program, I
| > momentarily found it and gives explicit warnings before entering the site. I
| > trided going back to it again so I could post that web address but unable to
| > find it. It is definitely a hackers download tool site. By the way the
| > author is named: "stacked_shit" who developed the program and is done in
| > Delphi. Also, my Norton antivirus checker did not pick this up. I even have
| > Pest Patrol, Spy Sweeper, Spybot Search and Destroy. Microsoft new spyware
| > checker which is the beta version and System Spyware Integrator which I found
| > a link in this forum. Like I said, the only one that found it was the
| > CounterSpy. Of course some of the others picked up different spyware and was
| > able to rid of it. Counterspy keeps indicating that I still has this very
| > serious threat and will not remove it. Please check out the encyclopedia on
| > eTrust so you can read the info in more detail and also if anyone has
| > experienced this on their computer and please let me know what you find. If
| > anyone has a sure fire way that I can find the trojan, I certainly will be
| > grateful. There are rotten apples in this World and determined to screw up
| > your computer. Before I go, I want to mention the tricks it plays on me.
| > 1. Has made my computer sluggish.
| > 2. When booting up to my desktop, it takes another two minutes before I can
| > do anything with or at least until my Norton Antivirus Monitor appears in my
| > sys tray and during this time, my drive sounds like a buzzer.
| > 3. I found a folder in my computer cabinet that was labeled "help", opening
| > it up showed nothing and being that it is oin my documents folder, it would
| > be safe to delete it. When I did, the computer immediately shut-down without
| > going through the shut-down protocol. After it rebooted, the folder was gone
| > but still took a long time before I could do anything.
| > 5. Believe this or not-it messed up my printer head alignment. I can under
| > something being a little out of align but this was bad. The printouts was
| > garbled. I realigned the heads and far it is aligned.
| >
| > Thats it and please respnd to this message and believe me anything that is
| > pertenent will help. Thank you for reading this.
| >
| > Regards
| >
| >
| >

 

[Guest]

Hey MAP:

Thanks for giving me those links. I downloaded and installed both of these
security tools. The one from GFI seemed to be thourough in it's scan but did
not actually pick up the trojan that I had. Note that I said had. This
security tool looks nice and the company gives you a 30 day free trial which
can be extended to 60 days. The downside of this is due to the extreamly
high price and is geared to Enterprise interests. As a home user, I feel it
is not necessary to have but would be nice. The other security tool is from
3DS and is unique in that it scans in the command mode, extreamly fast. Now
I don't know if these 2 security scan cleaned out the trojan automatically
because it did not tell me anything about what they found. I usually
download programs from well known sites like Snap Files, ZDNET, CNET, Tucows,
and many others that I am familiar with. I never had a problem with these
download sites. All I can say is that this Amitis trojan is no longer on my
system and anything connected with DIVX has been deleted with registry tools
and made certain there were no traces. That's it. I bet you never expected
to have so long, drawn out messages but I like to type. Thanks for your
help. As you can from my other posts that I answer everyone who responds to
me.

Best regards,

zzmel

 

[David H. Lipman]

Here's some more info...
Safe Hex:
http://www.claymania.com/safe-hex.html

Trojan/Adware removal:
http://www.claymania.com/removal-trojan-adware.html

I was easily able to determine your IP address from your post because I use MS Outlook
Express to view the MS News Groups and this is NOT a capability the MS CDO web front-end can
provide. It showed my you use Earthlink. From the header ...

X-WBNR-Posting-Host: 4.35.196.142

From that a DNS search provides it is an Earthlink address. Now the question I have for
you...

Is that a Broadband Internet connection (Cable, DSL, etc.) or is it a Dial-Up connection ?

--
Dave




| Thanks, Dave for all the info you have given me. There was another post by
| "map" who gave me 2 links which had some downloads. One is GFI which I did
| install but although it did not pick up my particular trojan, it warned me
| that I was vulnerable and my IP address can be seen by the whole World. I
| have been fighting this for months. I even am a member of GRC "Shield's-Up"
| which has a wealth of info and posted some questions. I also do a scan on
| PC-Pitstop which also indicated that I am vulnerable. Although these posts
| are helpful, it seems that everyone has different recommendation to fix
| something. When I'm really stuck, I do use forums. One thing I have learned
| from all these experiences that I have to be more careful what I download on
| my computer. You did say Safe Hex!! I thought that this was somewhat funny,
| although serious. I don't want to get HEX HIV I'm only joking but I know
| there is always help on this forum. Thanks for all the input.
|
| Regards,
|
| zzmel
|
| "David H. Lipman" wrote:
|
| > The MS CDO Web front-end to the MS News Groups is like riding a tricycle instead of a
| > motorcycle.
| >
| > News Groups are based upon an old Internet protocol known as NNTP or Network News
Transfer
| > Protocol which is done over TCP port 119. There is a server that "hosts" News Groups
and
| > there is client software that accesses those News Groups.
| >
| > An example News Client would be Outlook Express.
| > Other notable News Clients are; Forte Agent, Netscape Messenger and Micro-gravity.
There
| > is a long list of News Clients.
| >
| > The following URL will take your default News Client "here" !
| >
| > news://msnews.microsoft.com/microsoft.public.windowsxp.security_admin
| >
| > Note the part indicates the Protocol, NNTP, TCP port 119
| > This is the name of the News Server; msnews.microsoft.com
| > This is the name of the News Group; microsoft.public.windowsxp.security_admin
| >
| > So by using this URL; news://msnews.microsoft.com/
| > You get to the Microsoft News Server. There you can view all the News Groups that
server
| > provides and then find and "subscribe" to the News Group;
| > microsoft.public.windowsxp.security_admin
| >
| > My ISP is Verizon. The vast majority of ISP's provide a News Server for their
subscribers.
| > Verizon's News Server is; news.verizon.net
| > So the URL; news://news.verizon.net will take my defaulty News Client to the Verizon
News
| > Server where I can view all the News Groups that their server provides and then find and
| > "subscribe" to the News Group; alt.comp.virus
| >
| > The following URL will take my News Client (Outlook Ex[press) to the alt.comp.virus News
| > Group...
| > news://news.verizon.net/alt.comp.virus
| >
| >
| > Now unless you also are a Verizon subscriber, it won't work for you. You would have to
use
| > Cox Communicatrion's News Server or pay a third party News Server company like Giganews.
| >
| > The following URL at Earthlink will provide you with the News Server for your locale.
| > http://support.earthlink.net/mu/1/psc/img/walkthroughs/other/1694.psc.html
| >
| > An example might be;
| > news://news.west.earthlink.net/microsoft.public.windowsxp.security_admin
| >
| >
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Thanks for the post Dave. I just want to clearify a few things. You said
| > | that I wasn't careful downloading. I thought that this DIVX site was for
| > | real. I do download lots of software, Never in almost 9 years have I ran
| > | into a problem that couldn't be solved with viruses or spyware. That is why
| > | I have these tools. All the references brought up no information on what you
| > | recommended. It keeps telling me that it cannot find the server. Your
| > | statement between the asteriks stating:
| > | ************************************************************
| > | I see you are posting from Earthlink via Level 3 Communications using the MS
| > | CDO web
| > | front-end so you have your work cut out for you.
| > | ************************************************************
| > | I do not understand exactly what you are referring to that I have my work
| > | cutout. I know that Earthlink is not my server but my connection is
| > | controlled by whoeverhas put this on my computer. I wish that you can tell
| > | me more what the MS-CDO web front-end is. I really could use quite a bit of
| > | help on this as I am really stuck. How do you erraticate something when it
| > | cannot be found with the exception of what my spyware detection indicates. I
| > | have other posts on other forums which I still seek a response. I do
| > | appreciate if you or someone else can give me a clearer understanding what I
| > | should do. Would it be easier to install my win xp from scratch? Will this
| > | remove all traces or should I zero the HD out? Should I purchase a software
| > | package to wipe my drive clean? I know there are a lot of "what ifs" but I
| > | am getting the feeling that more damage can be done if not taken care of this
| > | trojan. Don't get me wrong. I do appreciate you communicating with me. I
| > | hope others can see my messages as well and to hopefully send me any ideas.
| > | Thanks again.
| > |
| > |
| > | > Hi:
| > | > I was reading up on all the posts, hopefully to find a fix for my problem.
| > | > It seems that not only spyware is constantly getting on the computer but
| > | > backdoor trojans as well. According to the posts there are quite a number of
| > | > users who are experiencing various problems with different trojans. My
| > | > concern is with the Amitis 1.3 trojan which falls into the RAT catagory.
| > | > Several days back I downloaded a media player from a web site called DIVX.
| > | > After this download is when I started to have strange problems with erratic
| > | > behavior on my computer. I have several spyware checkers and the one that
| > | > picked it out was CounterSpy. The funny or not so funny part of it is that I
| > | > cannot delete it automatically, manually, or whatever else. I cannot even
| > | > find files related to it. It's purposely hidden somewhere, but where? I
| > | > scanned everything, searched out everything but was not able to find it. I
| > | > found some resources and I found an excellent descriotion of Amitis on the
| > | > eTrust Spyware Encyclopedia at this web address.
| > | > "http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076220"
| > | > Not only is there a detailed description but screenshots of what the
| > | > interface looks like. You would not believe the activities that can have a
| > | > hacker plague your computer. For example, if you look at the 2nd screenshot,
| > | > middle column of buttons and take note a the 2 button from the bottom, you
| > | > will know what I am talking about. When searching for this program, I
| > | > momentarily found it and gives explicit warnings before entering the site. I
| > | > trided going back to it again so I could post that web address but unable to
| > | > find it. It is definitely a hackers download tool site. By the way the
| > | > author is named: "stacked_shit" who developed the program and is done in
| > | > Delphi. Also, my Norton antivirus checker did not pick this up. I even have
| > | > Pest Patrol, Spy Sweeper, Spybot Search and Destroy. Microsoft new spyware
| > | > checker which is the beta version and System Spyware Integrator which I found
| > | > a link in this forum. Like I said, the only one that found it was the
| > | > CounterSpy. Of course some of the others picked up different spyware and was
| > | > able to rid of it. Counterspy keeps indicating that I still has this very
| > | > serious threat and will not remove it. Please check out the encyclopedia on
| > | > eTrust so you can read the info in more detail and also if anyone has
| > | > experienced this on their computer and please let me know what you find. If
| > | > anyone has a sure fire way that I can find the trojan, I certainly will be
| > | > grateful. There are rotten apples in this World and determined to screw up
| > | > your computer. Before I go, I want to mention the tricks it plays on me.
| > | > 1. Has made my computer sluggish.
| > | > 2. When booting up to my desktop, it takes another two minutes before I can
| > | > do anything with or at least until my Norton Antivirus Monitor appears in my
| > | > sys tray and during this time, my drive sounds like a buzzer.
| > | > 3. I found a folder in my computer cabinet that was labeled "help", opening
| > | > it up showed nothing and being that it is oin my documents folder, it would
| > | > be safe to delete it. When I did, the computer immediately shut-down without
| > | > going through the shut-down protocol. After it rebooted, the folder was gone
| > | > but still took a long time before I could do anything.
| > | > 5. Believe this or not-it messed up my printer head alignment. I can under
| > | > something being a little out of align but this was bad. The printouts was
| > | > garbled. I realigned the heads and far it is aligned.
| > | >
| > | > Thats it and please respnd to this message and believe me anything that is
| > | > pertenent will help. Thank you for reading this.
| > | >
| > | > Regards
| > | >
| > | >
| > | >
| >
| >
| >