Re: AIM Send out random messages
From: Lord Loki (LordLoki_at_discussions.microsoft.com)
Date: 05/23/05
- Previous message: Imhotep: "Re: Losing Control of my Computer"
- In reply to: Jim Carlock: "Re: AIM Send out random messages"
- Next in thread: Jim Carlock: "Re: AIM Send out random messages"
- Reply: Jim Carlock: "Re: AIM Send out random messages"
- Reply: PA Bear: "Re: AIM Send out random messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 May 2005 21:25:01 -0700
Ok, I retried to scan my computer in safe mode (this time using the msconfig
method...) and norton still wont open >.<
I downloaded the latest virus definations for intellegent updator... however
when i go to install them it says i cannot, and that its expired...
"Your virus protection cannot be updated.
Your subscription as expired. You must renew your subscription to continue
using Intellegent Updater. Run LiveUpdate from Norton AntiVirus to renew your
subscription and then run Intellegent Updater again."
i ran live update again, just to be sure, its fully updated, tried
installing again and got the same message... i JUST bought norton a few
months ago its definatly not expired... is live update something i have to
pay for myself? (darn... more and more problems keep on coming...)
i'm not so sure i'm ready for the HijackThis thing... with my luck i'd
accidently delete something very important...
also... i deleted aim, but aim was no longer connected to the virus once it
got in right? so if i reinstalled it, it'd be ok... because the one virus i
did delete was most likely THE aim virus? (since it gets passed through aim,
and thats what it does...) so i could reinstall aim? or should i wait longer?
Jim, you think its a trojan and i'm being hacked? or atleast my computer is
being used for whatever?
what kind of "non-viral backdoor" something OTHER than spywar, adware,
trojans, worms, and viruses (obviously)??? what else is there....?
yet again, thank you both for your assistance ^^
"Jim Carlock" wrote:
> FWIW there is software out there that is NOT considered virus but
> is used to open a PC up for "folks" to access it anytime "they" want.
>
> There is some FTP server software. Virus scanners will never catch it,
> but a good firewall should catch it and present a message that something
> is trying to open up a certain port (Serv-U ?).
>
> So if something opened up the system, "the attackers" commonly put a
> non-viral backdoor in place that will never be detected by virus scanners.
>
> --
> Jim Carlock
> Please post replies to newsgroup.
>
> "PA Bear" <PABearMVP@gmail.com> wrote:
> Lord Loki wrote:
> > I delted it... however... i dont think its that... >.< even though it does
> > sound right (i read the symantic thing before i deleted...) because when
> > ever i turn on the comp it still tries to "install" something... otherwise
> > everythings fine... i think...
>
> Not surprising.
>
> > by manually updating... you mean going to the site and manually
> > downloading,
> > or going into norton using live update, but dont just let live update wait
> > for a few weeks to do it itself? (NAV users?)
>
> Yes, manually seek and install updated definitions. See Intelligent Updater
> section here: http://securityresponse.symantec.com/avcenter/download.html
> (posted earlier, too).
>
> > also... this morning, we found a virus on the home computer, this was a
> > bloodhound... do you think my virus would cause that to get through the
> > network into the home comp, or that its unrelated?
>
> There are literally /hundreds/ of Bloodhound variants and, yes, most likely
> "your" Bloodhound was "dropped" by the Trojan.
>
> > lastly... how do you run a system scan in safe mode? i tried... and i
> > couldnt even open norton >.<
> > every time i tried it froze.... >.< and went to "send error report?"
> > would a virus cause that (or hacker), or would that just be me, somehow
> > screwing things up?
>
> Again, see instructions on this page for booting to Safe Mode:
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
>
> It would be highly unusual for NAV not to work in Safe Mode but [stuff]
> happens.
>
> > Thanks for your help
>
> YW. Let us know how you make out. Note that it might take several updates
> and scans over several days in the coming week or so for NAV to be able to
> find and remove everything.
>
> You might follow the QuickFix protocol here http://aumha.org/a/quickfix.htm,
> then scan your system with HijackThis (don't let the name scare you) and
> post your log to an appropriate forum. Do not post your log here, please.
> --
> ~PA Bear
>
> > "PA Bear" wrote:
> >> Well, yes, that could be /your/ Trojan...
> >>
> >> Symantec Security Response - W32.Allim.A:
> >> http://securityresponse.symantec.com/avcenter/venc/data/w32.allim.a.html
> >>
> >> This one displays a message "hey check out _this_!" where "this!" is a
> >> link
> >> to the URL: http:/ /adw[domain removed]eo.com/gallery/pictures.php. A
> >> recipient must click on the link, download a file, and then execute the
> >> file which then installs a W32.Spybot.Worm
> >> variant(http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html).
> >>
> >> But Allim.A dates from a few weeks ago (Discovered on: April 26, 2005).
> >>
> >> From another post in this thread:
> >>
> >> Symantec Security Response - W32.Opanki (Discovered on: May 18, 2005)
> >> http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.html
> >>
> >> Here, the message is "check this out, is that you?", where "this" is a
> >> configured link that will download a copy of the worm if a user clicks on
> >> it.
> >>
> >> To be safe, I'd manually install virus definition updates via Intelligent
> >> Updater (http://securityresponse.symantec.com/avcenter/download.html) and
> >> then run a full system scan in Safe Mode
> >> (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406).
> >>
> >> Note that NAV users who rely on LiveUpdate won't get definitions which
> >> include W32.Opanki until 25 May, according to the page!!!
> >>
> >> Let us know how you make out.
> >> --
> >> Lord Loki wrote:
> >>> well.... I came back from dinner today and norton had a large message
> >>> for
> >>> me
> >>> saying (memorized it)
> >>> VIRUS FOUND:
> >>> object: C:\im.exe
> >>> virus: W32.Allim
> >>>
> >>> i went to the C drive, scanned the im file to be sure, it said it was an
> >>> unreparable virus, i quarenteened, then deleted.... its gone forever now
> >>> right? and...... you think that is THE virus that was causeing the
> >>> strange
> >>> happenings? O.o ^^
>
>
>
- Previous message: Imhotep: "Re: Losing Control of my Computer"
- In reply to: Jim Carlock: "Re: AIM Send out random messages"
- Next in thread: Jim Carlock: "Re: AIM Send out random messages"
- Reply: Jim Carlock: "Re: AIM Send out random messages"
- Reply: PA Bear: "Re: AIM Send out random messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
