Re: I picked up a trojan [Warning!]

From: Mike Burgess (winhelp2002_at_spamthis.com)
Date: 03/22/04 

Date: Sun, 21 Mar 2004 21:02:54 -0500

Sandi,
Well nothing happened to me either .......
But those nasties are there ..........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid 

--
"Sandi Hardmeier" <sandi_hardmeier@mvps.org> wrote in message
news:A04833E7-A908-4B1A-986B-C562929B095F@microsoft.com...
> Ah, such is the 'risk' of beta testing.  When visiting the site, nothing
happened at all; nilch, nada - no active x warning or prompt to download or
anything else.... hooray for XP SP2 - now to go and work out what setting I
have got right that completely silenced the malware - it must have been one
of the 'never download stuff by....' selections I made.
>
> Thanks for stepping in.
>
> -- 
> Hyperlinks are used to ensure advice remains current
> Do  NOT send me an email. I will NOT see it (thank the spammers and
viruses)
> _______________________________________
> Sandi - Microsoft MVP since 1999 (IE/OE)
> http://www.mvps.org/inetexplorer
>
>
>      ----- Mike Burgess wrote: -----
>
>      Phil,
>      It's a shame your post got so far off topic ..........
>
>      Yes, that *is* an infected site!
>      Restart in Safe Mode and run a full scan, post back with your
results.
>      --
>      When you access that site it loads a javascript that attempts to
load:
>      "install.xxxtoolbar.com" = ISTBar Trojan
>
>      It then loads from an <IFrame>:
>      "loadfox.exe" from "extreme-virgins.com" (a trojan that downloads
several
>      other files)
>
>      Another script then loads via HTA\exploit:
>      "msxmidi.exe" = TrojanDownloader.Win32.WinShow.p
>      --
>      Go to: http://mvps.org/winhelp2002/unwanted.htm
>      Download "Hijack This!" [freeware]
>
>      Unzip, double-click "HijackThis.exe" and Press "Scan".
>
>      When the scan is finished, the "Scan" button will change into a "Save
Log"
>      button.
>      Click: "Save Log" (generates: "hijackthis.log")
>
>      Next, go to the below location:
>      http://www.spywareinfo.com/forums/
>
>      Sign in, go to the "Spyware and Hijackware Removal" section.
>      Press "New Topic", copy and paste hijackthis.log into your new
message.
>
>      Post back with the URL where you posted if you want help with your
log.
>      ____________________________________________________________
>      Mike Burgess  [MVP Windows Shell\User]
http://www.mvps.org/winhelp2002/
>      Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
>      http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
>      Please post replies to this Newsgroup, email address is invalid
>      --
>
>      "phil" <rofer@rofer.com> wrote in message
>      news:euex0ilDEHA.3692@tk2msftngp13.phx.gbl...
>      > hi,
>      >> i got a trojan from the following website: {URL removed}
>      >> my avast antivirus called it "Win32 Trojan-gen (UPX)".  but it
didn't seem
>      > to fix or repair it.
>      >> can anyone offer any assistance for this?
>      >> thanks,,,
>      >> phil
>      >>
Loading