Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafeawe

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Trojan virus-cookie?

Q 13 Mar 04 - 02:16 PM
Q 13 Mar 04 - 02:26 PM
GUEST,Jon 13 Mar 04 - 02:30 PM
GUEST,Jon 13 Mar 04 - 02:33 PM
Q 13 Mar 04 - 02:55 PM
JohnInKansas 13 Mar 04 - 04:40 PM
Q 13 Mar 04 - 05:38 PM
MMario 13 Mar 04 - 05:41 PM
JohnInKansas 13 Mar 04 - 06:52 PM
GUEST,Jon 14 Mar 04 - 08:10 AM
Blackcatter 14 Mar 04 - 08:52 AM
GUEST,Jon 14 Mar 04 - 09:16 AM
JohnInKansas 14 Mar 04 - 01:15 PM
GUEST, C:\System Volume Information\_restore{E2006 03 Apr 04 - 11:32 AM
JohnInKansas 03 Apr 04 - 11:41 AM
GUEST 26 Jun 04 - 04:50 PM
GUEST 26 Jun 04 - 04:51 PM
Bill D 26 Jun 04 - 05:03 PM
JohnInKansas 26 Jun 04 - 07:18 PM
Sorcha 26 Jun 04 - 08:19 PM
Cluin 27 Jun 04 - 06:30 PM
Don Firth 27 Jun 04 - 09:11 PM
GUEST,Gem, thegem@sbcglobal.net 08 Nov 04 - 08:31 PM
Shanghaiceltic 08 Nov 04 - 10:16 PM
katlaughing 11 Jan 08 - 10:55 AM
katlaughing 11 Jan 08 - 11:09 AM
katlaughing 11 Jan 08 - 11:21 AM
katlaughing 11 Jan 08 - 11:49 AM
Mick Pearce (MCP) 11 Jan 08 - 11:55 AM
JohnInKansas 11 Jan 08 - 02:56 PM
katlaughing 11 Jan 08 - 03:18 PM
katlaughing 11 Jan 08 - 03:25 PM
katlaughing 11 Jan 08 - 03:33 PM
Mick Pearce (MCP) 11 Jan 08 - 04:09 PM
katlaughing 11 Jan 08 - 04:35 PM
katlaughing 11 Jan 08 - 06:18 PM
Mick Pearce (MCP) 11 Jan 08 - 07:23 PM
katlaughing 11 Jan 08 - 07:34 PM
GUEST,Baudine 14 Jan 08 - 12:05 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:




Subject: Trojan virus-cookie?
From: Q
Date: 13 Mar 04 - 02:16 PM

John in Kansas remarked on 'Trojan' a couple of years ago. Is there anything new?
My latest scan by Symantec discovered and quarantined four files of "Trojan Byte Verify," 1. Beyond Class, 2. Black Box Class, 3. Dummy Class and 4. Verifer Bug Class.
Apparently these are related to cookies. What is the best 'stopper'? How do they work? Any way of removing the quarantined files? Yep, the Dummy 'class' fits me, I know nothing about this stuff.

Apparently I picked them up while searching for lyrics the last two days.

Perhaps this should be posted as BS, but perhaps many of us looking for lyrics have picked them up.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: Q
Date: 13 Mar 04 - 02:26 PM

Just read the current thread 'Adware threats.' Looks related.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: GUEST,Jon
Date: 13 Mar 04 - 02:30 PM

Cookies are just text files. I've not looked it up but the word Class would suggest to me that you probably have picked up some unwanted Java from some website.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: GUEST,Jon
Date: 13 Mar 04 - 02:33 PM

Here you go first search on Google yeilded this. Here is one post from the thread:

Just a bit of background.....

This trojan horse is a Java program that is inserted into a web page and exploits a security vulnerability in Microsoft VM (Virtual machine) when someone views that web page. VM is what allows Java programs to run on Windows platforms. Microsoft issued a security alert about this in April 2003 and a patch to fix it was made available via 'Windows Update'. This patch will show up in Critical updates as Microsoft VM Security Update 816093.

To help protect your system against viruses, worms and trojans like this one it's a good idea to get into the habit of regularly running Windows update and installing recommended critical security updates as soon as possible.

This trojan can also infect a computer via email though if you use Outlook express, the latest versions would have automatically blocked this.

Common symptoms of this trojan are that your Internet Explorer home page is changed. It can also add pornographic websites to your favourites list or install dialler programs that try to dial in to pornographic websites.
Jon


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: Q
Date: 13 Mar 04 - 02:55 PM

Update 816093 was installed last August. Has 'Trojan' evolved?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: JohnInKansas
Date: 13 Mar 04 - 04:40 PM

"Trojans" are just one type of virus. Any "file" that attempts to "replicate" itself and/or send copies of itself to other machines is a virus. A "Trojan" is just one that installs itself and waits for a while before doing something, instead of immediately trashing things.

The have been more than a dozen new versions of just ONE new virus form that first appeared less than a month ago. Some individual sites have reported that, sporadically, up to 15% of their email traffic was being generated just by variants of this one worm, attempting to send itself to infect more machines during the past couple of weeks. (SPAM mailers accounted for more than 60% of all email on all sites in February, so legitimate users only get 25% as a leftover?)

There are a few thousand identified viruses in circulation on the internet. Any slimeball with a 6 week course, or a few hours at the right sites, can "modify" any virus and restart it, although most of the "copy and paste" a-holes won't change the "signature" enough to cause a major problem.

They do evolve. If you use email, or browse the internet, you MUST have a decent AntiVirus installed, and you MUST update the "signature files" at least weekly if you expect to maintain reasonable protection from this crud.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: Q
Date: 13 Mar 04 - 05:38 PM

Symantec adds updates almost daily but this one still got through.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: MMario
Date: 13 Mar 04 - 05:41 PM

your virus scanner should have an option to permanently delete quarentined files. If it does NOT - use the report of where they are quarentined to locate them with windows "find file" utility and delete them. Don't forget to empty the trash.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: JohnInKansas
Date: 13 Mar 04 - 06:52 PM

Symantec does post updates daily, but if you want them on a daily basis you have to go get them. If you use their "automatic update" system, they usually update on Wednesdays. They do occasionally send autoupdates more often if there's a specific threat for which a new signature needs to get out.

As pointed out by Jon, in addition to keeping your AV up to date, you do need to periodically check with Microsoft for Windows OS updates. If you use one of the more recent systems, XP, 2k, and I think for ME, you can get updates automatically. They will download them, in background, when you connect to the web, and will tell you when one is available. You still have to chose when (or whether) to install each of them.

I don't believe you can get auto update for Win98, and certainly not for Win95. There should be few of them, since Mickey announced that Win98 is considered "unsupported" almost two years ago, and will not write new updates unless there is an "incredibly critical" need for one. You should still check occasionally.

Since IE is an integral component of Windows, if you use Windows you should get updates to Internet Explorer regardless of whether you use it as your browser and regardless of what version of Windows you use.

Clarification: Adware is not considered a virus, since it doesn't replicate itself or attempt to send anything to anyone other than to the sites that put it there. It then reports data that it has "collected" by observing (usually) only what sites you've visited. Most of the frequently used adware does not identify what machine or user the information comes from.

Some adware does identify you and every site that you visit. For the most part, adware of this sort is found only in "download programs" for file sharing sites, and removing the adware will disable the program. If you read the privacy statement that was presented when you downloaded the software, you will find that by downloading their program you agreed to let them track everything you do - although often you have to follow links to other agreements "incorporated by attachment" to find this.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: GUEST,Jon
Date: 14 Mar 04 - 08:10 AM

a bit of pedantry... Strictly speaking, a trojan is not a virus (although AV software does deal with them). To quote from the help file from my AV software:
Trojans, or Trojan horses, are small seemingly harmless programs. To cause any damage, these programs must be installed onto your system. Once a Trojan is installed, it has all the same privileges as the user of the computer and can exploits the system to do something the user did not intend. The main difference between Trojans and viruses is that Trojans cannot replicate or spread on their own.

Jon


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: Blackcatter
Date: 14 Mar 04 - 08:52 AM

I would also urge people to download a program called Spybot. It is an effective tool in identifying and removing adware and spyware from your computer. Spybot was the top reccommendation of PC Magazine last fall in its acticle about anti-spyware programs, and it's free for download. Just do a google search for it, or go to a site like cNet.com.

It is just one more item in the long list of what safe surfers should employ.

Also - using Netscape instead of IE has been wonderful for me. Netscape turns off different levels of Java and has an automatic pop-up stopper in it. Of course Opera is probably even safer.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Trojan virus-cookie?
From: GUEST,Jon
Date: 14 Mar 04 - 09:16 AM

Just another thought in relation to Q's "Update 816093 was installed last August. Has 'Trojan' evolved?" which may be way of the mark...

As far as I understand it, it is quite possible to have more than one Java machine on a system. I have Sun's Java 2, v 1.4.1_01 on this PC and according to my control panel settings that currently makes that the default plugin for both IE and Netscape. Presumably that means it overrides the MS Virtual Machine(VM)

John's comments which I will paraphrase as "a schoolkid with a few hrs of computer experience could modify malicious software" of course still stand.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: JohnInKansas
Date: 14 Mar 04 - 01:15 PM

Jon -

Pedantry accepted, but it does make a difference which dictionary you use. "Trojan" refers to disguise and delayed result. A virus has to have a "payload" that does something. The "viral component" gets it in, and the "payload" is what it does after it's there. A "viruse" can have a Trojan, Worm, or several other kinds of "payload," and the terms are used perhaps too loosely in much discussion. Just saying "it's a Trojan virus" usually means "it's a virus with a Trojan payload."

I haven't bothered to look much at alternative Java, but the point to keep in mind is that you cannot remove IE from the machine and still have "Windows." Even if you default to do some functions with another program, the IE components are still there and are probably still "called" for integral Windows functions. I would assume that the IE functions are still "callable" by intrusive programs, so I would be reluctant to assume that using Sun Java as the "Java default" is a sure-fire protection against an intruder exploiting an MS VM "property."

As long as you have Windows on your machine, I would recommend that you keep up to date on Windows patches - which are largely IE patches if that's how you choose to look at them. Even Mickey can't separate "IE" and "Windows" intelligibly.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: GUEST, C:\System Volume Information\_restore{E2006
Date: 03 Apr 04 - 11:32 AM


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: JohnInKansas
Date: 03 Apr 04 - 11:41 AM

Well, I haven't seen that GUEST ident before (that I recall).

Just a refresh?

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: GUEST
Date: 26 Jun 04 - 04:50 PM

Hi, I've been infected with the dummy class 'trojan'. Its affected some of my facilities, namely search. I cannot search anything on my pc, simply because the application doesnt work. Furthermore, My java capabilities online have also been affected, so i cant 'submit' things. Also, when i click on 'my documents', most of the files require a program to open with. So the trojan has also affected some of the routes.

Am wondering, Whether installing nortons will actually get rid of the problem? I mean the damage is done.. So its best i seek someone who can fix it rather than buying and installing nortons, which may quarantine the infected files, but won't fix the damage thats already done.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: GUEST
Date: 26 Jun 04 - 04:51 PM

Any advice from anyone?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Bill D
Date: 26 Jun 04 - 05:03 PM

well, it is Saturday, and traffic in here drops off a lot on the weekends...

"the application doesnt work".... which application? There are lots of search applications. What is your usual procedure to do a search?

"java capabilities online"...hmmmm? That is sort of unclear about what you actually DO. and 'submit' what TO what?

" most of the files require a program to open with" are you saying Explorer is not working? Can you download & install programs? If so try Turbo Navigator as a file manager to bypass Explorer..(it is better, anyway...I haven't opened Explorer in ages!) and Power Desk is even better...)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: JohnInKansas
Date: 26 Jun 04 - 07:18 PM

No one should ever be connecting to the web without some AV program installed and current. Doing so will just mean you spend all your time fixing infections instead of enjoying the web.

It is necessary to distinguish between viruses, spyware, and adware. They are different things, and require different treatment.

Your first step should always be to make sure you get the viruses. You can usually do this by visiting the website of any reputable AV provider and letting the site scan your machine.

"Programs" that take over machine functions may be payload carried by a virus to get it on your machine, but often are not, themselves, considered to be "viral." You may be the victim of a malicious virus, but more likely you've encountered malicious spyware or adware. Download, or if necessary have a friend download for you, the installation for Spybot (preferred) or AdAware (pretty good too). Install and run them and they may be able to remove the corruption.

It takes both a good Anti Virus program, and a good antispyware program to keep your machine clean, if you're unlucky enough to visit places where you can be infected (by a virus) or just affected (by spyware).

If the AV and Spyware scans don't fix the problem, you are probably facing "major surgery" on your system, and much more specific information will be needed. A local expert who can "hands-on" inspect your machine is more likely to be effective than trying to follow suggestions here.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Sorcha
Date: 26 Jun 04 - 08:19 PM

No, JUST adding Norton won't fix the virus you have. It MIGHT fix it after it's downloaded and RUN.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Cluin
Date: 27 Jun 04 - 06:30 PM

Guest, Sounds like you've picked up something like a variant of the CoolWebSearch scumware. I got infected a couple months back (just by surfing) and used CWShredder, Spybot S&D and Ad-aware to remove it all and get things back to normal. It took all three utilities, which I'd recommend all (yeah, I know, except for you Mac people...) to download and update and use often. Things are getting dirty out there.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Don Firth
Date: 27 Jun 04 - 09:11 PM

Sometimes Trojans come in on small "ad hoc" Active-X files you download from a website that offers some sort of presentation. I picked one up that way this afternoon and discovered it only when Zone Alarm popped up to inform me that "stcloader.exe" was trying to access the internet and did I want to let it? Not knowing what it was, I checked "no," then I ran a search and found it in four places on my hard drive, all dated today. To find out about it, I typed "stcloader.exe" into the google search box and turned up all kinds of stuff. It's spyware that tracks your internet activity and reports back to whoever put it on. Also, it enables certain pop-up ads even if you have a pop-up blocker.

I have Norton AntiVirus which I've set to update automatically (sometimes two or three times a day!), but this thing got through undetected—as do spyware cookies and such, because they are not exactly viruses. Zone Alarm (excellent firewall) alerted me that it was trying to become active, so I blocked it and checked it out, as I said. When I ran a Norton AntiVirus scan, Norton reported that I was clean—of viruses. Then I ran SpyHunter. SpyHunter spotted it in all four places, and three others like it. With a click of the mouse button, I nailed the buggers and blew them into oblivion. Remind me to run the SpyHunter scan at least once a day.

Antivirus programs don't necessarily catch these things. I strongly recommend a good firewall, like Zone Alarm, and a program like SpyHunter or SpySubtract. The latter programs don't catch them coming in, but they find them whenever you scan with them and allow you to blitz them. When SpyHunter finds this stuff, it can also tell you what it does and who put it there.

Don Firth


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: GUEST,Gem, thegem@sbcglobal.net
Date: 08 Nov 04 - 08:31 PM

I have worker.class, counter.class, verifierbug.class, arc.zip-53b4229a-4c856cf4, except the last one there are three Trojan.Byte viruses and the fourth one, I am not sure.

All these viruses are quarantined, but I do not see any virus in the quarantine, nor do I see if I scan the whole computer for virus.

But, I see them all in the virus history, how to delete them permenentaly, if I try right click and use permenently delete, it does nothing??.

If I try to move to quarantine, nothing happens, if I try clean, nothing happens.

But, I want to delete it permently from the virus history, do anyone knows how to do, a step by step procedure, your effort to help will be greatly appreciated. I tried to look for information in the microsoft website and Norton, but I don't think it is any simpler to follow up their steps.

thanks, Thegem


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Shanghaiceltic
Date: 08 Nov 04 - 10:16 PM

I have been using a trial version of SpySubtract along with CWShredder, Adaware and Spybot to get rid of a file on my systems which activates everytime I open a webbrowser. I get things like 'asian friends' opening up and then also offers of free check of my software for files in my registry. These people are absolute bastards. Haning them by their nuts from the Christmas tree would be too good for them.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 10:55 AM

Anyone run across "Trojan Horse Agent MQO?" I have adaware and spybot doing scheduled scans, AVG and Kerio, but a scan today showed up some trojan virus which have been isolated by AVG. Is that enough or do I need to run some kind of removal program. Also, could that be the problem which keeps causing my monitor to go black, then Windows to reboot? (It was the overheated monitor as it has happened with the new monitor, too.)

Thanks!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 11:09 AM

Could this be as simple as emptying the Virus Vault in AVG? (In all my years on the internet, my computer has never had a virus. I feel as though my computer has a "social disease!")


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 11:21 AM

Sorry, just thought of a couple more things:

Can a virus come in on a windows update? I didn't have any problems until I finally gave in and told the annoying popup thingie to go ahead and load the updates.

Also, the printout list from the Virus Vault does not list the Trojan name I listed above. All are in C drive.

It shows 19 Trojan Generic2.IN or LT or IR or U etc. except for one which has "Downloade?(can't read the ending)

Several of them say "System Volume Information\_restore etc. and a few end in exe.

There are also some that say C:\WINDOWS\System32 then several different characters; of those all end in either .dll or exe.

Thanks!

There are also several which are


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 11:49 AM

Well that's one mystery solved and me left feeling like an idjit. I just checked the vaults in spybot and adaware and found they have not been running the automatic scans I'd set up as I didn't tick the box which says to "wake computer" to run the tasks! Have now and am running both programs. At least I know now how a virus got through. Unbelievable!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Mick Pearce (MCP)
Date: 11 Jan 08 - 11:55 AM

kat

It's unlikely that a virus would come in on a genuine windows update, was your popup thingie a genuine windows update?

Is your scan showing lots of xyz.exe files (where x,y,z are different letters) in C:\Windows\System32? If so, that's a genuine problem.

Depending on what AVG does with them, you could try the following - empty the virus vault, then reboot your system, then rerun the scans (antivirus and antimalware).

If AVG removed it your new scan will probably be clean. If it's not removing it, or if it's removing only currently active copies, you'll probably find it's come back in the second scan.

If it does come back, post again and I'll see if I can help.

Mick


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: JohnInKansas
Date: 11 Jan 08 - 02:56 PM

If you have an indication of infection that's been on the machine for a while, it's quite likely that backups in System Restore have been infected. If so, in some cases, when you remove an infection, the next boot will find "missing entries" and System Restore may automatically put the infection back. NO AVG CAN CLEAN the stored backups in System Restore.

1. You should use Start|Run|regedit Export to save a copy of your Registry outside the System Restore vault, where you can if necessary get back at least to your present condition. (Even if it is infected, it may be better than a total crash.)

2. After getting the registry back up saved where you can get to it if needed as a last resort, TURN OFF Sytem Restore. This will delete ALL BACKUPS that System Restore has made, so that an infected old one can't be put back when you reboot.

3. If your machine hasn't been waking up to scan, it may not have been waking up for updates, so you should update at least the "definitions" for your AVG.

4. Especially if Trojans are indicated, it usually is more effective to run a full scan in SAFE MODE. Some AV programs require you to "run from a command prompt" in Safe Mode, so you'll need to determine whether this applies to AVG, and find the command. (If you can't find a way to run a full scan in AVG in Safe Mode, obviously running the scan in normal Windows is better than not going ahead and running it.)

5. (Optional) For getting into Safe Mode, Norton suggests a procedure that's much cleaner than the usual reboot - punch buttons and hope - suggested by most others. The method is included (Step 2 & 3 for WinXP, with a separate instruction for Vista) at Scanning for Threats in Safe Mode. A step is missing in their description however, in Step 3. To return to Normal mode, in addition to the "uncheck" on the "boot" tab, you should also move the check on the "general" tab back to "Boot Normally." It works as described, but you'll get an extra "say-what" from Windows asking if you want to boot normally.

Use your normal "safe boot" method if it works, or the Norton one if you don't remember which key your computer wants or if you have trouble "catching" the right spot in the boot cycle.

6. (personal preference) After getting a clean scan in Safe Mode, I always feel better running a fresh AV update and another "normal" full scan in Normal mode, but then I'm told I'm a little AR at times.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 03:18 PM

Thank you, guys!

9 of the 19 have restore in their names. There are several which do have the system32 with various letters after, then either dll or exe at the end.

Then there are the system volume information\restore which all end with:

{CD53596A-5812-49DB-AF84-A728

I am off to try a couple of things. John, if I have to do what you have recommended, i will wait for Rog to help over the weekend.

Thank you, both!

kat


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 03:25 PM

Mick, sorry I didn't answer you. Yes, I *think* it was a genuine Windows update as that is what has been set to run, BUT I am going to turn the automatic thing off as I hate it and it seems to cause problems.

Also, I forgot to say, when I looked at Adaware and Spybot's scans, from this morning, there was only one thing in Adaward and only a handful in Spybot, all quarantined and then deleted, so I don't think anything came through that way.

I think AVG was catching them, but i was missing the reports. After it would reboot Windows, not the harddrive, I would hear that plonking tone, but nothing would show up on the screen so we couldn't figure out what it was. Now, I think it was AVG telling me it had found a trojan, so maybe they have been quarantined all along, by AVG, and have not infected my system? Is that possible? I've just emptied my vault and am running a new virus scan. Will keep you posted.

Thanks,

kat


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 03:33 PM

Just got another update alert. It is definitely genuine Windows and now they've sent a critical update which might be related?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Mick Pearce (MCP)
Date: 11 Jan 08 - 04:09 PM

kat

The critical update is most unlikely to be related to your immediate problems. Microsoft are sending them out all the time to fix (usually) security loopholes in the software, as this one does. While it's not impossible for an update to be compromised, I'm sure Microsoft (and most large software companies) go to great lengths to see that that doesn't happen; they have enough complaints already without that! (Not that I complain about them; they get attacked (by hackers) more often because it's a large platform base to aim at. I have a dual boot Linux (Fedora) on my machine, but I used XP almost all of the time. I have Firefox and the soon to be neglected Netscape on my machine but I use IE almost all the time. The only major MS component I don't use is the Windows Media Player - I use Jet as standard. As long as you take care (and, as they say, RTFM) Windows is fine).

Mick


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 04:35 PM

Yeah, I am sure you are right, Mick. I've never had reason to complain, really, about anything to do with MS. I haven't used IE or OE either one for a long time though. I guess this just proves you're not immune even if you don't use IE.

I have rebooted and my virus scan has come up with the original Trojan Horse Agent.MQO. When the scan is done, I'll see if i can get rid of it now that AVG has found it, again.

Thanks, again,

kat


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 06:18 PM

Now I don't know what to think. I went to MS and downloaded their Malicious Software Removal Tool which scanned and said there were no infected files and their Tool was just updated on the 8th of January 2008.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: Mick Pearce (MCP)
Date: 11 Jan 08 - 07:23 PM

kat

The Malicious Software Removal Tool isn't a total scanner. It scans for and removes a limited number of particularly malicious infections. The current list is give here (I think - it's update date is the 8th): MSRT. If you don't have one of the listed infections it's not likely to find anything.

Mick


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: katlaughing
Date: 11 Jan 08 - 07:34 PM

Great. Thanks, Mick. I just did a search on that website and they have nothing regarding the THAMQO. I am going to wait and have Rog help me with this.

Thanks, again. Feeling a might discouraged.:-[

kat


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Trojan virus-cookie?
From: GUEST,Baudine
Date: 14 Jan 08 - 12:05 AM

Trojan Horse Agent.MQO is associated with HP VIEW toolbar. AutoTBar.exe. Check out your start up menu and it will probably be loading on startup.

If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled. AutoTBar.exe. I had the same problem but was able to "HEAL" it by using the AVG virus program.

It is now gone.


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 1 November 3:27 AM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.