Uh, excuse me for existing, but I'm still looking for an answer

G

Gary Tayman

Okay, I'm really, really, really sorry that I started another thread with
this, after it was made clear that it is an unpardonable sin to move a
subject to another thread, but I did this to resolve another unpardonable
sin, which was a very unintentional cross-posting. You see, I thought I was
being a good little boy, by hitting the reply button to keep it in the
thread, but little did I know until getting screamed at, that the reply went
to other newsgroups.

Those who are throwing flames, please throw them at the hijackers instead of
those of us who merely wish to fix it. Y'all must be following the examples
of politicians . . l

Okay, now that that's off my chest . . .
The URL you posted is hosted in Athens, Greece. It is a source of malware
(one thing that should clue you in is that the 'Search' function does
nothing, and there are no other pages to the site reached through the URL.)
All of the links to installable programs are to other websites.
Click to expand...
To be honest, I never went there. I posted it so that you, or others, could
investigate. That's why I said "DON'T CLICK" afterward, as I didn't know
what clicking on this URL would do.
Evidently you followed the diagnostic tree right to where they wanted you.
And then you installed 'Brave Sentry'. spywarewarrior.com has this to say
about 'Brave Sentry':
"aggressive advertising, desktop hijacking (1, 2); false positives work as
goad to purchase; inadequate scan reporting; same app as PestTrap,
PestWiper, SpyDemolisher, SpySheriff, SpyTrooper, SpywareNo, & Spyware-Stop
[A: 3-9-06 / U: 3-9-06]
Click to expand...

Actually I didn't follow any diagnostic tree -- anything that got where it
is was installed for me, by the internet hijacker.

So -- it appears this link in the "favorites" list is only a link to the
malicious website and nothing else, so I'll simply delete it. I can also
say, and thank you to everyone by the way, that with the help of several
people here I've located and deleted what appears to be just about
everything. However there's one item left, and that's the yellow shield at
the bottom right corner of the desktop. It shows up about two minutes after
booting the computer, and displays a message "Updates are ready for your
computer. Click here to install these updates." My assumption is that
clicking this would either take me to a malicious website, or run some sort
of batch file or program that may still be lurking and none of my virus and
spyware programs have been able to detect. My question is, does anyone here
have a clue as to where to find this "desktop shield" so I can manually
delete it from the desktop?
 
D

David H. Lipman

From: "Gary Tayman" <[email protected]>


| Actually I didn't follow any diagnostic tree -- anything that got where it
| is was installed for me, by the internet hijacker.
|
| So -- it appears this link in the "favorites" list is only a link to the
| malicious website and nothing else, so I'll simply delete it. I can also
| say, and thank you to everyone by the way, that with the help of several
| people here I've located and deleted what appears to be just about
| everything. However there's one item left, and that's the yellow shield at
| the bottom right corner of the desktop. It shows up about two minutes after
| booting the computer, and displays a message "Updates are ready for your
| computer. Click here to install these updates." My assumption is that
| clicking this would either take me to a malicious website, or run some sort
| of batch file or program that may still be lurking and none of my virus and
| spyware programs have been able to detect. My question is, does anyone here
| have a clue as to where to find this "desktop shield" so I can manually
| delete it from the desktop?
|

It means you are infected and it is prompting you to get further infected !

Phil was a little over exuberant in his reply about excessive cross-posting. You were
following the thread and all were On Topic (well Symantec is On Topic if you use their
software). Six News Groups is about the max. Any more than six is considered excessive.

Either take the steps that have been provided to you or...



Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
 
G

Gary Tayman

David H. Lipman said:
Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...
Click to expand...

Again, thank you for getting back with me.

The computer dealer originally recommended that I DL and run Hijack this,
and I tried this running Mozilla and it wouldn't work. And at the time IE
was unusable.

Will Hijack this find and remove it? Or will it give me a log that a guru
can decipher to tell me where to delete it? I'm sorry about asking such
questions repeatedly, but I hate buying one program after another to fix a
stupid problem, only to find that after paying for it I don't get complete
resolution. Plus I'm sure others are following along, and don't want to ask
the same questions themselves.
 
D

David H. Lipman

From: "Gary Tayman" <[email protected]>


| Again, thank you for getting back with me.
|
| The computer dealer originally recommended that I DL and run Hijack this,
| and I tried this running Mozilla and it wouldn't work. And at the time IE
| was unusable.
|
| Will Hijack this find and remove it? Or will it give me a log that a guru
| can decipher to tell me where to delete it? I'm sorry about asking such
| questions repeatedly, but I hate buying one program after another to fix a
| stupid problem, only to find that after paying for it I don't get complete
| resolution. Plus I'm sure others are following along, and don't want to ask
| the same questions themselves.
|

HiJack This! is NOT a anti malware program. It is a utility to collate certain aspects of
the OS into a log file in which an expert can narrow down where malware may be
located/loaded. While it is a good tool, it does not show all the locations where malware
may be loaded. But again, it does not remove malware. It takes specific knowledege and a
user's manual actions.

The forums I posted have experts that can examine the log file and give you the feedback
you need. They will also guide you through a complete cleaning process.
 
Y

YoKenny

: >>

Again, thank you for getting back with me.

The computer dealer originally recommended that I DL and run Hijack
this, and I tried this running Mozilla and it wouldn't work. And at
the time IE was unusable.

Will Hijack this find and remove it? Or will it give me a log that a
guru can decipher to tell me where to delete it? I'm sorry about
asking such questions repeatedly, but I hate buying one program after
another to fix a stupid problem, only to find that after paying for
it I don't get complete resolution. Plus I'm sure others are
following along, and don't want to ask the same questions themselves.
Click to expand...

HijackThis logs should be analysed by a guru but they are quick to respond
with an answer.

Post the log in a forum where gurus hang out:
http://aumha.net

Please read about prevention protection:
http://boards.cexx.org/viewtopic.php?t=11523

Install SiteAdvisor that will show you if you are visiting a bad site:
http://www.siteadvisor.com
 
N

Noel Paton

pcbutts1 said:
I am the only Guru in this group that will do that for you.
Click to expand...



No - you are the obly one moronic enough to demand that people break all
rules of good sense!
You are NOT a Guru - in any way, shape, or form., and none of the *real*
Gurus' (who would deny the title anyhow) would make such a request in a
Usenet newsgroup.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
O

Offbreed

David said:
Six News Groups is about the max. Any more than six is considered
excessive.
Click to expand...

Practically speaking, more than two almost always means someone is
trying to start a cross ng flame war, so I filter them. ("Two" means the
same about half the time.)

But, I have time to hang out in nastier news groups.
 
P

Peter Seiler

pcbutts1 - 29.04.2006 17:40 :
Run Hijackthis save the log file and post your log to this group so I can
analyze it. I am the only Guru in this group that will do that for you.
Click to expand...

a real "guru" would never nominated itself but by others. If you are
the only "guru" to help in this case, why not recommend to send the log
directly to you via email? This way you possibly get more friends in
this ng. Your way is only for confrontation.

And: A real "guru" would demonstrate a much more sparkling example in
usenet behavior. Your always fullquoting, and more, placing your
fullquotings always after your sig line (should be onla max. 4 lines as
every newbie in usenet should learn/know) is NO sparkling example given
by a true guru. You are not a "guru" but more an unlearnable ignorant
only searching for confrontions.
 
L

Lou

pcbutts1 - 29.04.2006 17:40 :


a real "guru" would never nominated itself but by others. If you are
the only "guru" to help in this case, why not recommend to send the log
directly to you via email? This way you possibly get more friends in
this ng. Your way is only for confrontation.

And: A real "guru" would demonstrate a much more sparkling example in
usenet behavior. Your always fullquoting, and more, placing your
fullquotings always after your sig line (should be onla max. 4 lines as
every newbie in usenet should learn/know) is NO sparkling example given
by a true guru. You are not a "guru" but more an unlearnable ignorant
only searching for confrontions.
Click to expand...

Peter,

http://pcbutts1.blogspot.com/2006/04/truth_07.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Looking For Anti-Virus Test 12
Should I buy Trend Micro Titanium Antivirus+ 2012? For internet security? 13
Still looking for an answer 1
Another new name for SpyFalcon 3
Still looking for answer to laptop problem. 2
looking for an ISO for Win XP Black x64 0
Still looking for an answer 14
Finally removed that update shield 1

Top