Re: if you notice weird differences in your files and system folde
From: Dani (Dani_at_discussions.microsoft.com)
Date: 07/27/05
- Next message: LINDSAY: "RE: SPYWARE HAS STOPPED ME CONECTING TO AOL IT HAS TOOK OVER MODEM"
- Previous message: Dani: "RE: SPYWARE HAS STOPPED ME CONECTING TO AOL IT HAS TOOK OVER MODEM"
- In reply to: Fitz: "Re: if you notice weird differences in your files and system folders"
- Next in thread: Malke: "Re: if you notice weird differences in your files and system folde"
- Reply: Malke: "Re: if you notice weird differences in your files and system folde"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Jul 2005 23:08:01 -0700
Absolutely...i ran into a problem on a friends pc a few days back, checking
the system i noticed that things were wrong. Everything was downloading to
desktop, the windows files read something like: desk, my docs, C:/program
files/itunes/windows/etc
having worked with the explorer tree and windows setup for a while now, i
realized it was completely wrong. i simply started to rewrite the tree
myself thinnking she messed it up not keeping folders organized. My fix
totally whacked out her pc, resulting in her being very angry. When i came
home to mine i was in the middle of trying to find a driver for an isee pro
cam which came to me without one. see post for that one, cant remember
where but it will come up on a search for isee within these boards. anyway i
dl a program named transmac which is supposed to translate mac programs to a
format for windows xp, got the drivers from mac, ran them through, installed
cam. long story short, even with a 2 week old xp fully loaded with 5
differnt failsafes, i ended up with a virtually unusable O/S...the other post
wil have more detail. i went to tech support and we came to the conclusion
that i messed up a port setting on the translator and and hence the problems.
As we get further into this, we are determining that the new trojan
out(details on symantec) is the culprit. Problem is, it piggybacks in on
good programs and has mask capabilities. i swear that everything in the post
is accurate. We are trying to find the original file because unless we find
it it is in here permanently changing, rewriting registries, changing folder
settings, i may try to download a pic file to to my windows picture it
library, only to burn out my modem because i was actually trying to install
it in the gateway driver. right now i do have system files trying to act
like itunes files in profile 3. i can reset folder ops but in that part of
the drive, it will be something different in 15 minutes. seriously, the
faster your bus and the more you surf, change folders, download, whatever you
do (and seriously all messengers are pure evil if your pc contains this
virus)it will spread like wildfire with a dsl gateway, on any profile i have
built on this pc and let run, the system is down in under 2 hours, with the
only way to save the profile being system restore, if you can find the
program. before the system goes, all folders will be ran through the start
menu and the explorer tree will be a straight line folder to folder and none
accurately projecting contents. the only thing surviving so far is this
profile which runs the newest version of norton internet security. My start
procedures from off mode
ensure ethernet unplugged/power on/choose profile 1 in dos and enter/be
ready to right click task bar for manager/bring up manager/log off user
/choose administrator w/ password/enable nortons, choose internet security(it
will be disabled every start/close any applications which auto started, yes
even the ones which no longer exist according to windows/open and inspect
every compartment in nortons, stay until it shows green reset password. at
that point i can plug in internet and so far i have been online almost 12
hours so far and still kickin, all folders are where i put them. on prof 4
earlier i took security off for 5 minutes, and enough of my folders were
changed that i didnt recognize my system....good thing is, if you catch it
and are fortunate enough to have a good log file on nortons, it can be
corrected by re enabling norton security. norton will redesign file system
and guard system well, but at logoff the program WILL disable internet
security. That is what the post is about and thats where we stand now.
Symantec knows it is here but so far doesnt know where. neither do we. it
is predator, it masks, hides and places what it wants where it wants without
the security system i spoke of. we are trying to isolate it using different
hardware profiles to see how it acts and where. So far just about everything
i have read on this board is a symptom odf what this does. if ya get it and
try to work with it, you will see some crazy stuff. I recommend having a
good restore point from at least a month back and know how to find it from
anywhere in your system. if you do, it will be fun, if you dont, you will
want to scream. If anyone out there has any good input at all I recommend
this email address:
mailto:v-6rajpa@mssupport.microsoft.com
I know he would appreciate it, and so ould I, id really like a normal login
and I want this thing out of my pc(fun or no fun)
thanks for your question Fitz
"Fitz" wrote:
> Thank you for posting in this newsgroup. Since we don't have a clue what
> you're talking about, would you care to enlighten us?
>
>
> "Dani" <Dani@discussions.microsoft.com> wrote in message
> news:34164E55-0B03-4CA4-BA25-0982A5FFE7A9@microsoft.com...
> > Raj, the first of a few mails you will be getting. Since you have decided
> > to
> > extend my service on this issue, please don't feel these are urgent. They
> > will most likely become more so, as time progresses, but I have a few
> > tools
> > available to me to aid in keeping my system stable until we get to the
> > bottom
> > of this...these mails are more for MSN to be updated on situations and for
> > my
> > own personal knowledge. The attachment doc on here comes from a deep
> > intense
> > system scan of my entire system. All files in this attachment were found
> > after a pretty logistic scan on my system, followed by a full update of
> > nortons, a full windows update, and an internal file cleanup run on my
> > hardware. All of this was done immediately following a system restore,
> > and I
> > pulled my ethernet before restarting my system. I do realize that most of
> > these files are redundant and after the scan the folder read 0 bytes info.
> > The problem on this thing is that when I ran my update for nortons, the
> > last
> > thing I did btw, and restarted, camfrog pro insisted on popping up and
> > trying
> > to load anyway. There should have been no exe file in my system registry
> > at
> > that time, yet the first time I ran the scan, there were only 8 files
> > shown
> > with 3 uninstalls and everyone of them was taken out of cache and
> > supposedly
> > no traces found afterward. I would love to know if one of these files
> > DOES
> > contain an exe file, and also determine whether it is a camfrog app in
> > actuality. I realize that I could perform this myself but I am seriously
> > unhappy with the idea of opening one of these folders and turning this
> > thing
> > loose in my system yet again. I am tired of looking at my explorer bar,
> > and
> > I am tired of setting system restore, which Is ALWAYS the end result of
> > chasing this thing around my system. So far I have had my folders remain
> > the
> > way I set them and in the places that I put them for about 7 hours now,
> > which
> > is a darned miracle. Every time this thing gets loose, when I manage to
> > make
> > it back to my antivirus software, they say system status URGENT fix
> > immediately, and there is always at least one system active setting turned
> > off. Norton insists that it has no info on this rapidly spreading
> > outbreak
> > it is informing of, so maybe we can isolate this thing. At this point, I
> > am
> > monitoring 3 different programs tightly:
> > 1) Camfrog pro website
> >
> > 2)Yinst toolbar helper object--reason that I seem to maintain a reasonably
> > stable system as long as I leave YIM on exit.
> > (which would lead me to a fourth possibility of a bad bad man in my
> > contact
> > list there)
> >
> > 3) transmac program.
> >
> > please get back to me with any results as soon as you can get them, to
> > help
> > me to narrow down the possibilities and start checking others. Norton is
> > correct. This IS a rapidly spreading threat. From the first encounter in
> > any profile on my pc, eta until total system failure less than 2 hours,
> > and
> > you can literally watch this thing race through your files in explorer,
> > rewriting folder specs, changing opening programs and literally placing
> > folders in different places. BTW, I have full Norton scan logs at your
> > request, and I can also send a log of my system specs at restore point as
> > well. PS I am ccing this post to msn groups as well, if you have any
> > problems let me know and I will discontinue. Thanks, jeffosb.
>
>
>
- Next message: LINDSAY: "RE: SPYWARE HAS STOPPED ME CONECTING TO AOL IT HAS TOOK OVER MODEM"
- Previous message: Dani: "RE: SPYWARE HAS STOPPED ME CONECTING TO AOL IT HAS TOOK OVER MODEM"
- In reply to: Fitz: "Re: if you notice weird differences in your files and system folders"
- Next in thread: Malke: "Re: if you notice weird differences in your files and system folde"
- Reply: Malke: "Re: if you notice weird differences in your files and system folde"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
