'Reply (E-mail) link

[Colin]

I tried sending message via E-mail link on this page and
recieved this reply:

"This is the Postfix program at host eyre.southern.net.au.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Postfix program

<[email protected]>: Host or domain name
not found. Name service
error for name=msn.com.plugh.org type=A: Host not
found"

The reply came with an attachment which I will not open,
nor will I reply directly, because I do not trust this
type of e-mail. There is no need to send plain
information in an attachment.

My original message:

Hi Bill,
Observations from a non-tech:
Nice interface, easy to use, very informative, allowing
me to make decisions about unknown or suspect files.
But:
Main page says "Spyware definitions... Last updated on
September 1 2005..."
In Avanced Tools pages selected item colour bar becomes
more and misaligned towards bottom of items lists untill
it is completely off target.
Does not remove adware from Fun Web Products and
Flashget - keep reappearing every startup. Although it
did, almost completely, remove Flasget from system - I
was nearly ready to uninstall it anyway since I got
Getright instead. I found some of Flashgit's original
install file in an area called PREFETCH [I don't know why
it wanted to install itself there] and deleted that, but
adware persists.
Does not remove IE Toolbar {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} ..file is missing.
'Learn more about this' Toolbar link only tells me that
information currently not available.

Not really related to original message, but, I hope it
helps.
Regards,
Colin

-----Original Message-----
From: "Bill Sanderson" <[email protected]>
Sent: 1/11/2005 8:11:43 AM
Subject: My take on the "Suspected Spyware Report"
submission problems

 

[Ron Chamberlin]

Colin,
This address you mailed to is munged to protect the incredibly hard working
Bill from getting his inbox inundated with mail and critters.
The NG's are really the best way for all of us to share our experiences,
trials, tribulations, answers, and they help us all learn.

Ron Chamberlin
MS-MVP

 

[Bill Sanderson]

Hi Bill,
Observations from a non-tech:
Nice interface, easy to use, very informative, allowing
me to make decisions about unknown or suspect files.
But:
Main page says "Spyware definitions... Last updated on
September 1 2005..."
In Avanced Tools pages selected item colour bar becomes
more and misaligned towards bottom of items lists untill
it is completely off target.
Does not remove adware from Fun Web Products and
Flashget - keep reappearing every startup. Although it
did, almost completely, remove Flasget from system - I
was nearly ready to uninstall it anyway since I got
Getright instead. I found some of Flashgit's original
install file in an area called PREFETCH [I don't know why
it wanted to install itself there] and deleted that, but
adware persists.
Does not remove IE Toolbar {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} ..file is missing.
'Learn more about this' Toolbar link only tells me that
information currently not available.

Thanks, Colin--these are useful observations. I have my email munged to
avoid some virus and spam problems. It is better to keep replies here in
the newsgroups because thats where Microsoft has a chance to read them, and
add items to their list of fixes needed in the product.

Please try to send a Tools, Suspected Spyware report and list the residual
items that the product hasn't cleaned for you.

I'm a little concerned about the definition dates you are seeing--is your
system set to a non-default date format? If you look in Help, About, are
you on the 5680 Definition version?

You might also try a scan in safe mode to see whether it can clean these
pests that way.

 

[Colin]

Yes, thanks Ron,
I appreciate that. I'm sure a lot are incredibly hard
working - it's about as much as I can do to work through
one page of this stuff. I pick up the odd bit of useful
info along the way and, I hope, can pass on a little as
well.
I guess that the email link might work if I pick on
someone who's not so snowed under.
Cheers, Colin.

 

[colin]

Hi Bill,

I'm a little concerned about the definition dates you are seeing--is your
system set to a non-default date format? If you look in Help, About, are
you on the 5680 Definition version?

Yes, it says: "Spyware Definition Version: 5680(1/9/2005
3:38:57 PM)" even though I have checked for updates in
the meantime. I don't know about default/non-default date
format; system is set to correct local time = UTC+11.
Also:

You might also try a scan in safe mode to see whether it can clean these
pests that way.

I'll try that later - along with your other suggestions.
Is it a good idea to turn off 'System Restore' before
scanning as well?

 

[Bill Sanderson]

I would leave System Restore strictly alone. I don't agree with advice
about turning that off.

When you have cleaned a machine after a virus infection, and are sure it is
in good, stable, clean condition, it may make sense to remove old System
Restore points, because they may contain the virus code, which would be
activated if the Restore point were used.

This--using a Restore Point that contained active malware at the time it was
created--is the only risk of viruses, etc, in the System Restore storage
area.

I would recommend having a System Restore point made before you start
scanning for the first time on a machine, because I see so many folks here
blindly saying Sure--delete everything found--without looking closely at
some of the findings, and then things break.

The broken things can mostly be fixed with advice from these groups, but not
in every case, and System Restore can get your system back in a hurry if you
can't take the time to dredge through these groups for advice. Sure--it
brings back the malware too--but you were living with that already.

So--I like System Restore, and mess with it as seldom as possible.

(otoh, my main machine at home has it turned off because I'm nearly out of
space on the OS partition, and have been for many months--I'm definitely
living dangerously.)

 

[Colin]

Hi again, Bill,

I'm a little concerned about the definition dates you are seeing--is your
system set to a non-default date format? If you look in Help, About, are
you on the 5680 Definition version?

I was thinking 1/9/2005 could mean either January 9th or
1st September. Antispyware, under 'Quick Stats' says
precisely "September 1, 2005"

Also:

You might also try a scan in safe mode to see whether it can clean these
pests that way.

Well now I've tried that. Antispyware did NOT detect
ANYTHING in 'safe mode' [neither did it detect anything
with 'system restore' off]!
Upon restarting my computer in normal mode I got error
message: Acceess Violation 0x7C97084B (tried to write
0x00030FFC) Programme Terminated"
Also Antispyware popup alert windows appeared: one
reffering to Popular Screensavers Adware Bundler, and one
to Yahoo Companion BHO,both of which I have tried to
remove a number of times previously. I signed off from
Yahoo a long time ago, why is their crap still on my
machine?

What concerns me more, more than a little, is that now
some of my display - task bar, menus and open windows -
appears like still in 'safe mode'; desktop looks normal.

Any more good ideas?
Colin.

 

[Alec]

Most people, myself included have their reply function
for emails to attach the original text, instead of
include the text in the message.
some like to keep the text in the message and just to
type above it.
If you're sure you sent the email and it's being returned
to you I doubt there's anything to it. And, if there was
that means the entire site has been comprimised. If that
was the case the easiest way to infect everyones system
would be to place a virus in the send key of the message
box. Or on the links to the first page of the newsgroup.

 

[Bill Sanderson]

You clearly still have some malware in place.

I would submit a Tools, suspected spyware report, and list the items you
mention below which remain on your machine even after cleaning with this
product in safe mode.

Hi again, Bill,

I'm a little concerned about the definition dates you are seeing--is your
system set to a non-default date format? If you look in Help, About, are
you on the 5680 Definition version?

I was thinking 1/9/2005 could mean either January 9th or
1st September. Antispyware, under 'Quick Stats' says
precisely "September 1, 2005"

Also:

You might also try a scan in safe mode to see whether it can clean these
pests that way.

Well now I've tried that. Antispyware did NOT detect
ANYTHING in 'safe mode' [neither did it detect anything
with 'system restore' off]!
Upon restarting my computer in normal mode I got error
message: Acceess Violation 0x7C97084B (tried to write
0x00030FFC) Programme Terminated"
Also Antispyware popup alert windows appeared: one
reffering to Popular Screensavers Adware Bundler, and one
to Yahoo Companion BHO,both of which I have tried to
remove a number of times previously. I signed off from
Yahoo a long time ago, why is their crap still on my
machine?

What concerns me more, more than a little, is that now
some of my display - task bar, menus and open windows -
appears like still in 'safe mode'; desktop looks normal.

Any more good ideas?
Colin.

.

 

[Colin]

Hi Alec,
I don't know anything about 'most people'. Almost every
email i've sent or recieved retains a copy of the
original message in text body; e.g. see the string of
messages below. I have to manually delete them to stop
the string from getting too long. Why bother 'attaching'
original? I don't open any attachments unless I know and
trust the source, as a precaution against viruses. I have
been caught once or twice, and there are some
bogus 'returned mail' notifications carrying viruses that
I know of.
Surely, any important information from an official source
could be sent in plain text in the body of an email!
I wasn't trying to suggest anything about the email link
on this site, except that, perhaps, it didn't work.
Anyway the NG discussion seems to be a better way for
everybody to learn from everyone else.

Colin

-----Original Message-----
Most people, myself included have their reply function
for emails to attach the original text, instead of
include the text in the message.
some like to keep the text in the message and just to
type above it.
If you're sure you sent the email and it's being returned
to you I doubt there's anything to it. And, if there was
that means the entire site has been comprimised. If that
was the case the easiest way to infect everyones system
would be to place a virus in the send key of the message
box. Or on the links to the first page of the newsgroup.

-----Original Message-----
I tried sending message via E-mail link on this page and
recieved this reply:

"This is the Postfix program at host eyre.southern.net.au.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Postfix program

<[email protected]>: Host or domain name
not found. Name service
error for name=msn.com.plugh.org type=A: Host not
found"

The reply came with an attachment which I will not open,
nor will I reply directly, because I do not trust this
type of e-mail. There is no need to send plain
information in an attachment.

My original message:

Hi Bill,
Observations from a non-tech:
Nice interface, easy to use, very informative, allowing
me to make decisions about unknown or suspect files.
But:
Main page says "Spyware definitions... Last updated on
September 1 2005..."
In Avanced Tools pages selected item colour bar becomes
more and misaligned towards bottom of items lists untill
it is completely off target.
Does not remove adware from Fun Web Products and
Flashget - keep reappearing every startup. Although it
did, almost completely, remove Flasget from system - I
was nearly ready to uninstall it anyway since I got
Getright instead. I found some of Flashgit's original
install file in an area called PREFETCH [I don't know why
it wanted to install itself there] and deleted that, but
adware persists.
Does not remove IE Toolbar {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} ..file is missing.
'Learn more about this' Toolbar link only tells me that
information currently not available.

Not really related to original message, but, I hope it
helps.
Regards,
Colin

-----Original Message-----
From: "Bill Sanderson"

Sent: 1/11/2005 8:11:43 AM
Subject: My take on the "Suspected Spyware Report"
submission problems


.

.