Follow-up and still need help on ex-gf's virus!


M

mm

Follow-up and still need help on ex-gf's virus!

So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
just find 4 viruses like I said, it found 23 threats and 7 suspected
threats spread out over 230 occurrences.

However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think they
could be the problem. She doesn't even use the Baltimore County
Public Library anymore, because they only had dial-up.**

Nonetheless, when we booted to XP, it worked much better than before!!

She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.

What makes HTTP and HTTPS so different?

It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)

IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.


What did work after using the BitDefender Rescue CD that she said
didn't before:

1) She said nothing else worked before and most things worked now.

And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.

2) She can dl her email now!!

3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".

I restarted the computer but web browsing didn't improve.

I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.

I restarted the copmputer but web browsing didn't improve.

So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?


I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?





**Obsolete info: Many of the infected emails apppeared twice, once in
the Inbox and once in the Junk. I think she used Netscape for email at
the time. If it's anything like Eudora, moving to Junk left a copy in
the Inbox until she compressed the Inbox. Eudora will do this
automatically eventually, but maybe not Netscape.
 
Ad

Advertisements

P

PA Bear [MS MVP]

Why do you keep beginning new threads about this?
Follow-up and still need help on ex-gf's virus!

So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
just find 4 viruses like I said, it found 23 threats and 7 suspected
threats spread out over 230 occurrences.

However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think they
could be the problem. She doesn't even use the Baltimore County
Public Library anymore, because they only had dial-up.**

Nonetheless, when we booted to XP, it worked much better than before!!

She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.

What makes HTTP and HTTPS so different?

It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)

IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.


What did work after using the BitDefender Rescue CD that she said
didn't before:

1) She said nothing else worked before and most things worked now.

And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.

2) She can dl her email now!!

3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".

I restarted the computer but web browsing didn't improve.

I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.

I restarted the copmputer but web browsing didn't improve.

So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?


I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?





**Obsolete info: Many of the infected emails apppeared twice, once in
the Inbox and once in the Junk. I think she used Netscape for email at
the time. If it's anything like Eudora, moving to Junk left a copy in
the Inbox until she compressed the Inbox. Eudora will do this
automatically eventually, but maybe not Netscape.
 
M

mm

Why do you keep beginning new threads about this?

Thanks for raising the topic.

Because there seemed to be a logical break between what happened
yesterday and what happened today, and because there are so many new
threads started in between that I'm afraid most people won't see posts
to the old thread.

Plus FWIW this is only the second thread on this.

I'm interested in everyone's opinion about the best way to go.

Certainly if a week had passed, no one will be looking at an old
thread. I'm not sure where the borderline is.

Do people see posts in chronological order, or sorted by thread? I
normally see posts sorted by thread and on busy groups like this one,
may have to scroll up many pages to get to an old thread, if I even
remember that I wanted to check on it.

mm
 
J

John Wunderlich

Follow-up and still need help on ex-gf's virus!

So, my ex-gf ran BitDefender for 5 hours Friday night and it
didn't just find 4 viruses like I said, it found 23 threats and 7
suspected threats spread out over 230 occurrences.

However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think
they could be the problem. She doesn't even use the Baltimore
County Public Library anymore, because they only had dial-up.**

Nonetheless, when we booted to XP, it worked much better than
before!!

She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.

What makes HTTP and HTTPS so different?

It also suggest that the firewall was to blame. We both only use
the Windows firewall. I went there and the list of exceptions
didn't include Firefox or Netscape. The virus must have changed
these, right? But rechecking those programs didn't help. (I see
that on my computer, every program I installed that is listed in
exceptions is checked as an actual exception (to the firewall).
Only Remote Desktop and UPnP Framework are not checked, and I
didn't install those.)

IE also suggested that there were different ports for HTTP, HTTPS,
and FTP, but under the Windows Firewall, I saw no place where the
ports were specified. There is a button under "Advanced" called
"Restore Defaults". I havent' had achance to google about that,
but so far I'm afraid to use it for fear it will delete all the
exceptions.


What did work after using the BitDefender Rescue CD that she said
didn't before:

1) She said nothing else worked before and most things worked now.

And the apparent IE screen that wanted her to scan for viruses
was
actually in Firefox. Actually there were 5 tabs over 4 FF windows
for the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.

2) She can dl her email now!!

3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but
now it worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million)
and it found a trojan and an entry in the registry that pointed to
it. And about 50 tracking cookies. I let AVG put them in the
"virus vault".

I restarted the computer but web browsing didn't improve.

I started Spybot Search & Destroy, and it too was able to update
its definitiions with no trouble, and then it quickly found one
piece of "Malware" and more tracking cookies. I let Spybot
quarantine them or whatever it does.

I restarted the copmputer but web browsing didn't improve.

So now she's running AVG until it completes. What are the chances
it will find something important that it didn't find in the first
200,000 registry entires and files? Don't all the scanners look
in the most important places first?


I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue
Disk which I copied to CD's and will take over there, but maybe
I'm spitting in the wind?





**Obsolete info: Many of the infected emails apppeared twice,
once in the Inbox and once in the Junk. I think she used Netscape
for email at the time. If it's anything like Eudora, moving to
Junk left a copy in the Inbox until she compressed the Inbox.
Eudora will do this automatically eventually, but maybe not
Netscape.

Sometimes one of the following freeware will fix problems like this
one:

LSPFix: <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.snapfiles.com/get/winsockxpfix.html>

It couldn't hurt to run them.
HTH,
John
 
N

Nil

Do people see posts in chronological order, or sorted by thread?
I normally see posts sorted by thread and on busy groups like this
one, may have to scroll up many pages to get to an old thread, if
I even remember that I wanted to check on it.

It's up to the newsreader program. You have no control over it, and to
keep starting brand new threads about the same topic is unproductive
and inconsiderate.

When a new post is introduced to a thread, most newsreaders will
display the thread in order by the new date.
 
Ad

Advertisements

R

Randem

Here is something you can try to reset things: Go to Device Manager to open
your Network Adapter then delete your network adapters. After deleting
(uninstalling but leave the software), right click on the computer at the
top of the tree then select "Scan For Hardware Changes" to let Windows
reinstall the drivers.

This should give you a clean network to start with. Also download SmitFraud
and run this in safe mode.
 
D

Daave

mm said:
Thanks for raising the topic.

Because there seemed to be a logical break between what happened
yesterday and what happened today, and because there are so many new
threads started in between that I'm afraid most people won't see posts
to the old thread.


Although I sort of see what you are trying to accomplish, that strategy
is illogical and counterproductive. Fewer people will wind up reading
your disjointed posts.

If people responded to your initial thread, they will continue to
monitor that thread. Starting new threads on the same topic goes against
established Internet etiquette (Netiquette). There will always be a
context. It will be much more difficult to hunt through other threads to
try to discover pertinent information than to keep everything together
in the one ongoing thread.

Sure, if a *lot* of time has passed, I can see why you would want to
start a new thread. In that case, you should include a link to the
original thread for maximum success.
 
M

mm

Although I sort of see what you are trying to accomplish, that strategy
is illogical and counterproductive. Fewer people will wind up reading
your disjointed posts.

If people responded to your initial thread, they will continue to
monitor that thread. Starting new threads on the same topic goes against
established Internet etiquette (Netiquette).

Okay. I try to be a good Netizen, but I either never knew that
particular rule or I forgot it.

And I see there is a concensus here, so I won't do this in the future.
There will always be a
context. It will be much more difficult to hunt through other threads to
try to discover pertinent information than to keep everything together
in the one ongoing thread.

I certainly wouldn't expect anyone to do that, to hunt through other
threads.

It amazes me how much people are willing to do to answer questions.
Even those who complain that the poster should have googled will, it
seems usually, google themselves and tell the OP the answer.

Thanks.
 
M

mm

Follow-up and still need help on ex-gf's virus!

So, my ex-gf ran BitDefender for 5 hours Friday night and it didn't
just find 4 viruses like I said, it found 23 threats and 7 suspected
threats spread out over 230 occurrences.

However it turned out that EVERY one of them was in email she had
received in 2003 and 2004 (and one in 2005). So I don't think they
could be the problem. She doesn't even use the Baltimore County
Public Library anymore, because they only had dial-up.**

Nonetheless, when we booted to XP, it worked much better than before!!

She still couldn't dl http websites with Firefox or IE, but IE did
some checking and said that HTTPS and FTP worked, just not HTTP.

What makes HTTP and HTTPS so different?

I see that they apparentely use different ports, and maybe the virus
only changed the system setting for HTTP.
It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)

IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.


What did work after using the BitDefender Rescue CD that she said
didn't before:

1) She said nothing else worked before and most things worked now.

And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.

2) She can dl her email now!!

3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".

I restarted the computer but web browsing didn't improve.

I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.

I restarted the copmputer but web browsing didn't improve.

So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?


I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?

Well, the final problem seems to have been the FFox proxy settings.

My friend called me this morning. AVG finished scanning everything
and didn't find anything.

But she got a different message from Firefox, something about can't
find the proxy. So she knew I'd be sleeping that early and she called
another friend and he had her go to
Firefox/Options/Advanced/Network/[Connection] Settings and she was set
for Use System Proxy Settings. (So am I.) He had her change to No
Proxy, and now her FF works. As far as she has noticed, everything
works.

She hasn't checked IE yet, but neither did I yesterday. Maybe it
worked after I used AVG to remove the trojan. But it seems the virus
changed soemthiing in the "System Proxy Settings" so that they no
longer work. What in practice, before the virus, the difference
between them and "no proxy" was, I don't know.

Is there some way to find the System Proxy Settings and change them
back to their proper values?

Thank you all for the help, and even the criticism.


And thanks, Randem for yours. Can I call it a randem/om suggestion?
 
D

Daave

mm said:
mm said:
On Sun, 5 Sep 2010 00:04:04 -0400, "PA Bear [MS MVP]"

Why do you keep beginning new threads about this?

Thanks for raising the topic.

Because there seemed to be a logical break between what happened
yesterday and what happened today, and because there are so many new
threads started in between that I'm afraid most people won't see
posts to the old thread.


Although I sort of see what you are trying to accomplish, that
strategy is illogical and counterproductive. Fewer people will wind
up reading your disjointed posts.

If people responded to your initial thread, they will continue to
monitor that thread. Starting new threads on the same topic goes
against established Internet etiquette (Netiquette).

Okay. I try to be a good Netizen, but I either never knew that
particular rule or I forgot it.

And I see there is a concensus here, so I won't do this in the future.
There will always be a
context. It will be much more difficult to hunt through other
threads to try to discover pertinent information than to keep
everything together in the one ongoing thread.

I certainly wouldn't expect anyone to do that, to hunt through other
threads.

It amazes me how much people are willing to do to answer questions.
Even those who complain that the poster should have googled will, it
seems usually, google themselves and tell the OP the answer.

Thanks.

YW.
 
Ad

Advertisements

M

mm

She retold to me how this arose. Whatever it is started when she went
to www.letmewatchthis.com , to download a tv show or movie. She had
done this before with no trouble, but this time a screen came up in
Firefox, appearing to be an IE or Microsoft screen, warning her that
she might have a virus and to do a scan. She was suspicious, but not
enough and she ran the "scan" for a little bit before stopping it.

The website has been hacked, is that a fair conclusion? They'll fix
it eventually??
 
Ad

Advertisements

J

Jim

HyperText Transfer Protocol / Secure .




I see that they apparentely use different ports, and maybe the virus
only changed the system setting for HTTP.
It also suggest that the firewall was to blame. We both only use the
Windows firewall. I went there and the list of exceptions didn't
include Firefox or Netscape. The virus must have changed these,
right? But rechecking those programs didn't help. (I see that on my
computer, every program I installed that is listed in exceptions is
checked as an actual exception (to the firewall). Only Remote Desktop
and UPnP Framework are not checked, and I didn't install those.)

IE also suggested that there were different ports for HTTP, HTTPS, and
FTP, but under the Windows Firewall, I saw no place where the ports
were specified. There is a button under "Advanced" called "Restore
Defaults". I havent' had achance to google about that, but so far I'm
afraid to use it for fear it will delete all the exceptions.


What did work after using the BitDefender Rescue CD that she said
didn't before:

1) She said nothing else worked before and most things worked now.

And the apparent IE screen that wanted her to scan for viruses was
actually in Firefox. Actually there were 5 tabs over 4 FF windows for
the same screen but FF didn't start right, it gave the We're
Embarrassed screen, and we were able to uncheck all 5 tabs.

2) She can dl her email now!!

3) When she clicked on the AVG icon in the sytray before it said:
"application can not be executed if avgui.exe is infected", but now it
worked. I could also dl updates for AVG and then I ran AVG
(partially, 200,000 registry entries or files out of 1.1 million) and
it found a trojan and an entry in the registry that pointed to it.
And about 50 tracking cookies. I let AVG put them in the "virus
vault".

I restarted the computer but web browsing didn't improve.

I started Spybot Search & Destroy, and it too was able to update its
definitiions with no trouble, and then it quickly found one piece of
"Malware" and more tracking cookies. I let Spybot quarantine them or
whatever it does.

I restarted the copmputer but web browsing didn't improve.

So now she's running AVG until it completes. What are the chances it
will find something important that it didn't find in the first 200,000
registry entires and files? Don't all the scanners look in the most
important places first?


I had also dl'd the Kapersky AV rescue disk and PandaSafe Rescue Disk
which I copied to CD's and will take over there, but maybe I'm
spitting in the wind?

Well, the final problem seems to have been the FFox proxy settings.

My friend called me this morning. AVG finished scanning everything
and didn't find anything.

But she got a different message from Firefox, something about can't
find the proxy. So she knew I'd be sleeping that early and she called
another friend and he had her go to
Firefox/Options/Advanced/Network/[Connection] Settings and she was set
for Use System Proxy Settings. (So am I.) He had her change to No
Proxy, and now her FF works. As far as she has noticed, everything
works.

She hasn't checked IE yet, but neither did I yesterday. Maybe it
worked after I used AVG to remove the trojan. But it seems the virus
changed soemthiing in the "System Proxy Settings" so that they no
longer work. What in practice, before the virus, the difference
between them and "no proxy" was, I don't know.

Is there some way to find the System Proxy Settings and change them
back to their proper values?

Thank you all for the help, and even the criticism.


And thanks, Randem for yours. Can I call it a randem/om suggestion?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top