The massege on the screen.

[Guest]

Dear Ms./Mr.
Since several days on my screen appeared a massage, named “Privacy Alertâ€. There is explanation that …â€my computer may be recording many or all of my internet activities. Personal privacy protection is possible. See what may be on your computer
Pictures, audio, and video file
Websites visited, coolies, cache, chat sessions, and instant message
And much moreâ€
There are two links
Get Privacy Protection Nowâ€
Continue What I Was Doing…â€
When I click on the links, the massage disappears. And after a second, one more time appear
Now all the time on my screen there is that massage, and I can not use all places of the screen
Please help me
Yours sincerely
Georgi.

 

[Chuck]

Dear Ms./Mr.,
Since several days on my screen appeared a massage, named “Privacy Alert”. There is explanation that …”my computer may be recording many or all of my internet activities. Personal privacy protection is possible. See what may be on your computer:
Pictures, audio, and video files
Websites visited, coolies, cache, chat sessions, and instant messages
And much more…
There are two links:
Get Privacy Protection Now…
Continue What I Was Doing…”
When I click on the links, the massage disappears. And after a second, one more time appear.
Now all the time on my screen there is that massage, and I can not use all places of the screen.
Please help me.
Yours sincerely,
Georgi.

Georgi,

This is spam - of one of two possible origins and solutions. The
products being advertised are crap.

The first possibility is Messenger Service spam. Is the title of the
window "Messenger Service"? If so, you need to protect youself with a
NAT router or personal firewall to block these messages, and eliminate
many more real threats.

To easily turn these messages off (but provide no further protection),
you can use a free product such as Shoot The Messenger
<http://grc.com/stm/shootthemessenger.htm>.

If you're already protected, you may be seeing spyware. Use
HijackThis, Spybot S&D, and expert advice at SWI Forums (all free).
Complete instructions are available at:
http://forums.spywareinfo.com/index.php?showtopic=5187

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Tahnk you friend
This message appere when I do not use Internet Explorer or MSN Explorer. It appere at once when I conect to my network. This message is a very simple. Red of coler and thre is a crose inside. After there is that headline "Privacy ALERT
and after "What you didn't know" All these messages are in red color. After there is a message "Your computer..." At the bothen in blue letters there are two links: "Get Privacy Protection Now" and "Continue What I Was Doing...
The message appear when I am in connection with network. When I disable the connection the message disappear. The meashure are approcsimately 8/9 centimetres
Georgi

 

[Chuck]

Tahnk you friend,
This message appere when I do not use Internet Explorer or MSN Explorer. It appere at once when I conect to my network. This message is a very simple. Red of coler and thre is a crose inside. After there is that headline "Privacy ALERT"
and after "What you didn't know" All these messages are in red color. After there is a message "Your computer..." At the bothen in blue letters there are two links: "Get Privacy Protection Now" and "Continue What I Was Doing..."
The message appear when I am in connection with network. When I disable the connection the message disappear. The meashure are approcsimately 8/9 centimetres.
Georgi.

Georgi,

Sounds like Messenger Service spam, so start with ShootTheMessenger.
If that helps, then please get a NAT router and / or personal firewall
for further protection.

But do spyware check too.

Everything but a NAT router is free. And it's all good in the long
run.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Dear Friend
I downloaded a HijackThis, a program examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers.
This is result of the scaning. Which of the files I have to delite
Hujackthis-Log of scaning-14.02.200
Logfile of HijackThis v1.97.
Scan saved at 22:23:01, on 14.2.2004 г
Platform: Windows XP SP1 (WinNT 5.01.2600
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106
Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\lsass.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.ex
C:\WINDOWS\system32\spoolsv.ex
C:\WINDOWS\System32\Ati2evxx.ex
C:\WINDOWS\System32\drivers\CDAC11BA.EX
C:\Program Files\Norton AntiVirus\navapsvc.ex
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EX
C:\WINDOWS\System32\CAP3RSK.EX
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\wanmpsvc.ex
C:\Program Files\Norton AntiVirus\SAVScan.ex
C:\WINDOWS\Explorer.EX
C:\WINDOWS\System32\atiptaxx.ex
C:\Program Files\Common Files\Symantec Shared\ccApp.ex
C:\Program Files\QuickTime\qttask.ex
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.ex
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
C:\WINDOWS\System32\ctfmon.ex
C:\Program Files\Messenger\msmsgs.ex
C:\Program Files\System Soap Pro\soap.ex
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EX
C:\WINDOWS\Datecs\Flex2K.ex
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EX
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.ex
C:\Program Files\Aluria Software\ASE\ASE Scheduler.ex
C:\Documents and Settings\Георги Митов\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.ex

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.co
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.oc
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.ex
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.ex
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EX
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.ex
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EX
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottim
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.ex
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
O4 - HKLM\..\Run: [Aluria's Spyware Eliminator] C:\Program Files\Aluria Software\ASE\ASE.ex
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.ex
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroun
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe mi
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.ex
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EX
O4 - Global Startup: Canon LASER SHOT LBP-1120 Є¬єAµшµЎ.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EX
O4 - Global Startup: FlexType 2K.lnk =
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1075376603769
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38015.1517708333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0C7519F-F4D5-4AE4-A508-1CCAF2941ED9}: NameServer = 217.75.142.1,217.75.128.9
I look forward to hearing from you.
Best Regards,
Georgi Mittov.

 

[Chuck]

Dear Friend,
I downloaded a HijackThis, a program examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers.
This is result of the scaning. Which of the files I have to delite?

Georgi,

HijackThis comes with explicit instructions to have the log reviewed
by experts before selecting anything for removal. I am,
unfortunately, not yet an expert.

I do see various references to the folllowing products, identified as
spyware in various authoritative websites:
C:\PROGRA~1\MyWay - MyWebSearch
C:\Program Files\System Soap Pro

Please start by getting a network recovery program which is useful in
some cases. Removal of some spyware may damage your access to the
internet, and running LSPFix may restore it. Download LSPFix first.
http://www.cexx.org/lspfix.htm

Next, get CoolWebShredder, a removal tool for a persistent and
versatile trojan.
http://www.majorgeeks.com/download4086.html

After running CWS, run HijackThis again, and remove any references to
MyWay, MyWebSearch, mwsoemon.exe, soap.exe, and System Soap. Reboot,
and delete the folder, and all contents of, "C:\Program Files\System
Soap Pro".

Rerun HJT a third time, and post back here with results.

Please have your final HJT log reviewed by one of the experts in
either of:
http://63.247.79.145/~coyote/forums/index.php?act=idx
<http://www.wilderssecurity.com/index.php?board=17>
<http://forums.net-integration.net/index.php?s=8a1e9d7c1978cff54ca06a3210c7c1b0&showforum=32>
<http://www.spywareinfo.com/forums/index.php?s=68ddc23721b063d5411ece09e5ac93f9&showforum=11>
(The latter may or may not respond for you as I have read reports that
the SWI site is currently under DOS attack). All of these forums
appear to be rather busy right now, so be patient.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.