RE: Attack on my compuer Part Deux

From: Brian [MSFT] (bschafer_at_online.microsoft.com)
Date: 12/05/03 

Date: Fri, 05 Dec 2003 10:06:29 GMT

Hi Craig,

I would highly suspect that there is a process (EXE.. but more than likely
.BAT) started on your machine during boot.

Check the startup items via Start > Run > "msconfig" (without the
quotes)... On the Startup Tab, look at the command column. Scrutinize any
entries that end with .BAT. If you find a .BAT entry, locate the file and
open it with a Text Viewer. More than likely this will be your culprit.

Brian Schafer, MCSE, MCSA, CISSP, Security+
bschafer@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
> Content-Class: urn:content-classes:message
> From: "Craig Sinon" <czakk@aol.com>
> Sender: "Craig Sinon" <czakk@aol.com>
> Subject: Attack on my compuer Part Deux
> Date: Thu, 4 Dec 2003 13:10:22 -0800
> Lines: 14
> Message-ID: <d2d001c3baab$074fcc70$a601280a@phx.gbl>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> thread-index: AcO6qwdPhaVpSpjtSmeYthYXQFc8Qg==
> Newsgroups: microsoft.public.windowsxp.security_admin
> Path: cpmsftngxa07.phx.gbl
> Xref: cpmsftngxa07.phx.gbl
microsoft.public.windowsxp.security_admin:100637
> NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
> X-Tomcat-NG: microsoft.public.windowsxp.security_admin
>
> Thanks for the response. I checked out that website, and
> my browser was hijacked. I found the files and wasted
> them. Ok, so that's fixed.
>
> Same problem still exists with some embedded file putting
> porn links directly into my "c" drive, and adding some
> icons to my desktop (specifically, "diet pills" and "play
> online") I have downloaded spybot S&D, and it found a
> lot of crap on my pc. But these bogus porn links keep
> coming back after each reboot, regardless if I have my
> wireless modem in or not?
>
> Thanks again!!
> Craig
>

Relevant Pages

  • Process opens program window when outside Visual Studio
    ... When I run my program inside Visual Studio the bat and exe ... redirected to my stream reader. ... Why does this work when I'm inside Visual Studio but not outside?! ...
    (microsoft.public.dotnet.languages.csharp)
  • Unknown Publisher from network drive
    ... Anytime I click on a *.bat or *.exe or ever *.hlp on a Novell network drive. ... I have another box identical to the WinXP SP2, Novell Client 4.91 SP2, ...
    (microsoft.public.windowsxp.general)
  • RE: Idgsearch.com styleclickinc.com browser hijack.
    ... there is a batch file or exe which is kicked off by one ... methods to enforce/reapply the obnoxious settings. ... is the System Configuration Utility which can be accessed via Start> Run> ... a .bat in an entry, locate the file and open it with a text viewer. ...
    (microsoft.public.windowsxp.security_admin)
  • Running a .bat file via AppActivate
    ... I'm trying to run a .bat file from a macro. ... AppActivate" code). ... I can even call a .exe renamed as ... shows a return value from the shell function of -610925 ...
    (microsoft.public.excel.programming)
  • Mission statement: Ruby application for Windows
    ... Obtain Windows executable file from my Ruby script. ... Why not .bat? ... As far as I undrestand, .exe files created by RubyScript2Exe, are ... libraries from exe resources can be require'd. ...
    (comp.lang.ruby)