View Thread

Atheists Today » Easy Reading » HELP!
 Print Thread
WTF another pop up saying I have a virus threat
Bob of QF
RayvenAlandria wrote:
an adblocker would be a good addition to your browser. I suspect what's happening is that you're seeing a certain google ad that is notorious for trying to trick people into buying a bogus virus scanner. It makes me angry because it's an obvious scam and yet google allows the creeps to use their sponsored advertising system to spread it.

[url]http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/print.html[/url]


[url]http://securitylabs.websense.com/content/Blogs/3264.aspx[/url]


[url]http://blog.eogn.com/eastmans_online_genealogy/2008/10/scam-an-online.html[/url]



NoScript is easier and more certain: you quickly learn what servers to block, to eliminate those pesky ads.

No more difficult to use than E-mail is, really.....
Quantum Junction: Use both lanes

Reality is that which is left, after you stop believing.
 
Sinny
I ordered AVG antivirus and downloaded it tonight. I finally have antivirus protection on this computer. I also ordered the disc just in case something should happen and I won't have to worry about looking for it again if I should loose it. What a relief so far. Also when I got another pop up before the new AVG antivirus downloaded I pressed cntrl + alt + delete and a shit load of programs were running. Man I mean the whole mother load. I finally got the download and did a scan and all of a sudden there weren't any virus secirity/prvacy threats listed. Just before I got the download that program claimed I had a shit load of them and then they never showed up on the scanner. Well it could be that I also downloaded a virus protection that windows XP won't find from microsoft for free. Who knows for sure with that though. I also upgraded my windows xp. My Brother told me windows isn't for antivirus protection...It's for other programs to make the computer work but not to protect my computer. He also said the people who used IE and got viruses didn't upgrade their antivirus and most likely thought the regular upgrades were forever. He said they don't know that the virus protection plans run form one year with an extra one year to upgrade. The upgrades are free but after the time limit is up then they have to renew the subscription. Most people don't think about that. upgrading will prevent them from loosing it altogether but not stop them from having to renew the contract time period agreed on when they purchased it. It's not forever. So to prevent from loosing all protection and risking a puter virus damaging your computer....upgrade!!! then don't forget to renew!! to renew you have to pay to upgrade you don't pay.

BTW what the hell is JAVA I keep getting a notice that Java is ready to download adn have no clue if it's something I have to have or pay for. I think it's so I can watch videow but I have windows media player for that.
 
Bob of QF
Sinny wrote:
BTW what the hell is JAVA I keep getting a notice that Java is ready to download adn have no clue if it's something I have to have or pay for. I think it's so I can watch videow but I have windows media player for that.


The layman's answer? JAVA is similar to FLASH. It's an enhancement to your browser. It makes various things in your browser do different things.

You can likely safely let the download run and upgrade your JAVA console.

Me? I always turn off the auto-update features of most things like JAVA. I find the constant traffic most annoying.

But then again, every month or so, I go out and update everything deliberately. Auto is likely a better setting for most folk.

I just like to maintain control of the bandwidth...

Aaaaaah HAHAHAHAHAHAHAHAHAHA! IT'S ALL ABOUT CONTROL, BABY!

Grin
Quantum Junction: Use both lanes

Reality is that which is left, after you stop believing.
 
catman
Java doesn't upgrade very often, and it's exceptionally quick and painless.
"If I owned both Hell and Texas, I'd live in Hell and rent out Texas." - General Sheridan
 
Bob of QF
catman wrote:
Java doesn't upgrade very often, and it's exceptionally quick and painless.


Grin

Did I ever mention how anal-retentive I am when it comes to *my* bandwidth?


Rofl
Quantum Junction: Use both lanes

Reality is that which is left, after you stop believing.
 
cheshiredragon
I still wonder why I bother with these posts anymore.
That's right, I said it...
 
catman
:confused: Was it something I said, or didn't say?
Edited by catman on 12/26/2008 00:56
"If I owned both Hell and Texas, I'd live in Hell and rent out Texas." - General Sheridan
 
Sinny
Um how come CD?

I decided not to get the JAVA I don't really need it right now and am just haveing some fun with my new Mozilla Firefox, Antivirus 2009 and AVG Antivirus. the regular Antivirus 2009 finds what windows doesn't find and I think it might still be part of windows, though don't really know. So far the amount of attacks on my puter is countless!! sheesh there's a lot of threats out there. no wonder my puter got a virus sheesh. there's another one that keeps coming up every like 15 minutes that keeps trying to get in. I know from the pop ups I telling me about it. It's it's called:

systemprotectiondownloads.com/zsa09/eindydyrmd.fll

when I see the "threat detected!" by Web Shield Alert it gives me that file name (above) and the threat name: Trojan horse FakeAlert EC. The only thing I can do is read it and choose close because it's already been detected and refused. one Process Name it goes under is: c\windows\sysmem32\edplorer32.exe. that is one of the names in the virus dictionary. It's a trojan that infects computers making people think it's ok to allow because of the false name of "windows" in it. Have to be real careful of the fake logo that goes with it too. Many times it looks like the real thing but if you look closely enough you will see the colors are a little off.
 
Sinny
EDIT: I posted this on the wrong post, oops. I wanted to say on this post:

Thanks CD you taught me how to do this. Cool Cool Grin


This is from the AVG antivirus I know from the little logo on the top left and that it says "web shield Alert" not antivirus 2009.


I get these pop ups very often and I think it's telling me that this is what it found and removed. Here's what I'm talking about:


[IMG]http://i126.photobucket.com/albums/p118/pics4funphotos/KewlCDsInstructionsworkedYAYIdid-2.jpg[/IMG]
Edited by Sinny on 12/27/2008 20:31
 
Bob of QF
Sinny wrote:It's worse that you thought, I think. one Process Name it goes under is: c\windows\sysmem32\edplorer32.exe.


I just checked my pc, and "sysmem32" is a FAKE directory! I is not one of the standard ones that Windoze creates.

The correct one is "system32". Notice the subtle, but different names, here.

Thus it is probabily safe to delete the entire directory "sysmem32"

If you find a file named "sysmem32.***" it's safe to delete, too, I think.

Okay, I checked, and my PC does not have *any* file with the term "sysmem32" in it.

So, you can likely delete it.

There's some info on Google about "sysmem32" as being a virus/trojan. In this case, it's "sysmem32.exe" but it could hide out as "sysmem32.dll" or "sysmem32.com" or several other extensions.

........................

That being said: ALWAYS run your anti-virus program repeatedly UNTIL IT COMES UP WITH ZERO.

This is because removing ONE virus/trojan sometimes reveals "under the rock" another, hidden one that shows up *only* after the first is gone.

How do I know? I've never had one personally, but I used to work for a tech support company.....removing viruses/trojans was part of my job description.

*bleah*
Quantum Junction: Use both lanes

Reality is that which is left, after you stop believing.
 
Sinny
Here's what I get when I click on the bottom left ? on the top pictured screen.

Web Shield alert

This dialog informs you that a virus or spyware infection has been detected by the Web Shield component while accessing or downloading a file online.

The dialog shows a name of the file and its full web address, and name of the detected threat (virus or spyware). After pressing the Show details button, you can also display name and system ID of the process (running application) during which the threat was detected.

As this dialog is informative only, it does not contain any function buttons allowing you to handle the detected file; you can only close the infobox by pressing the OK button. The threat has been already blocked, and has not been allowed to get into your computer at all.
Edited by Sinny on 12/27/2008 20:30
 
Sinny
Mine says systemprotection not sysmem.

I don't think I'm rejecting the real windows. I'm pretty sure the web shield alert would know the difference between the real windows xp and a fake one.

It's hard to see in the pics but it does say:
systemprotectiondownloads.com/zsa09/winsystems.dll

I sure do hope it's not rejecting / preventing the real windows from updating my puter. that would be a disaster as I cannot run my puter without it.
 
cheshiredragon
I am not going to make an absolute decision yet but, I think your computer might be part of the botnet. If I can have a few days I can possibly ID what one it is on.
That's right, I said it...
 
Sinny
Oh and CD I thank yo uvery very much for your offering to help do this for me but I have to learn how to do it myself. I need to go through the steps to make sure I never get out of the habit of doing for myself. You are so sweet to offer this and I do appreciate it. It's not the same for me when someone else does it I need the on hands experience of actually going through the process. Plus I feel so much better and more confident when I follow advice, instructions and learn do it right. Ok I have to learn in baby steps when it comes to the computer but I can and will learn as I go and listen to you and others here. I hope you don't mind that I need to experience it.
 
Sinny
What is a Botnet? I've heard that word before but have no idea what it means.
 
cheshiredragon
it is all good, sinny. I am actually more happy that you want to learn it on your own rather then cower before the all might computer hehe. The computer is nothing and it listens to you. Although, in my years of working on thousands of them, I have found that they all have their own personality and they are a LOT like people but, their personalities do not reflect the owner.
read up here on what a botnet basically is
[url]http://en.wikipedia.org/wiki/Botnet[/url]
Read Organization, Formation and Exploitation & Preventative Measures


We work with/against the botnet on a daily basis here. This was a message I recently sent out to the VzW NRB, IT, NOC and CDG groups.
This is ONLY part of the message as the rest is confidential.
:::
All,

Network Security has been monitoring IRC servers as sources of BotNet Command & Control operations. Persons attempting malicious Bot related activity can use IRC servers as the gateway to issue commands to infected machines.

Since Bot related activity can cause significant security risks to VZW equipment as well as customer equipment, Network Security has blocked known compromised IRC server IPs. Network Security believes the risks outweigh the potential customer benefits and will leave the IPs blocked until the server is deemed
Edited by cheshiredragon on 12/27/2008 22:30
That's right, I said it...
 
Sinny
Um what pic of me in a nice white dress?....PM it ok.
 
RayvenAlandria
Sinny, do a scan, let it clean anything it finds, THEN CUT OFF SYSTEM RESTORE, reboot and then cut system restore back on. You may not actually need to reboot but I do so anyway.

System restore can be found under start menu, programs, accessories, and then system tools.

Restore points can be infected even after a scanner has cleaned your system. It's best to delete all restore points and start over.
 
RayvenAlandria
You may also want to look in ZoneAlarm, it is a program which will block all programs on your computer from *talking* to the Internet. If you are a zombie bot, it will detect the communications and block them.

I no longer use ZoneAlarm because it was screwy with my LAN, it kept my computers from properly communicating with each other and annoyed me, so I uninstalled it. That was a couple of years ago though, they've probably improved it. It is a pain to set up at first, since it will pop up a warning for every single program trying to connect to the Internet, but it may be useful in a case like this where you want to find out if anything is secretly communicating. You can allow known programs and once they are given the green flag, you don't have to keep allowing them.

[url]http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall_b.jsp?dc=12bms&ctry=US=en[/url]

If it starts bugging out your computer it may be conflicting with the anti-virus, and make sure to cut OFF window's firewall. (It sucks like hell anyway). Sometimes firewalls and anti-virus programs don't want to play well together, but other times they work just fine together, so it may be worth a shot.
Edited by RayvenAlandria on 12/28/2008 00:02
 
cheshiredragon
Instead of disabling what little security she has left she can configure a firewall to work with an AV program. MS Firewall has exceptions and will pretty much ignore EVERYTHING that specified program does. ZoneAlarm has a setting that allows for a subnet to be added. This will enable all your computers to talk. I use the FREE version of ZA. I like it. It works well and uses minimal resources. I use Firestarter on my Linux boxes.
That's right, I said it...
 
Jump to Forum: