[Space Toker]

I am a former CW'er and also a member here for about the same length of time, and I have likely security issues [as those at CW knew, this is nothing new]. I have the purchased Trend-Micro Security Suite and had it off and on since mid-December. Soon after, either Dec23 or Dec26, the other user of the computer opened some e-mail supposedly from E-bay scaring him into thinking he may be the victim of fraud, and he is a member there so he opened the e-mail and followed the instructions. Come to find out from a Kaspersky Online Scan, we had an E-bay Fraud virus. Trend Micro continued to detect nothing, so we did a system recovery and installed the Kaspersky Security Suite free trial. Then some other problem happend and another system recovery later, we went back to the Trend Micro. Now Kaspersky online detected the same virus in the RECYCLER folder. When you click on that, it lists 2 supposedly empty folders, but when you right-click on properties, there are supposedly 2 files in each folder, including the folder that supposedly contains the virus. Well, without a system recovery, we uninstalled the Trend Micro and now I have Kaspersky running and scanned that specific folder and it found nothing! and yet when I try to delete that subfolder in the RECYCLER folder, it says "cannot delete, another user or program is using the folder", or something to that effect. When I scanned it with Panda online scanner, it found something in the same folder but called it spyware, and the specifics said it allows another person to log everything you do onto their computer. Now I am paranoid by nature anyway, especially after the CW fiasco, and now I am strongly considering that the cops could be using spyware to spy on my computer activities. It is either that or someone I confronted in a chat has it out for me. Either way, we keep getting spyware and viruses. So I need to know what to do to get rid of the existing stuff, and then what to do to keep it out permanently. Bringing it to a computer pro is not an option financially right now, so I need to know what measures I can do in the meantime to protect myself. THANKS!
PEACE

edit- it is the same virus now that was detected and we thought we were rid of like a month ago, and now it is back. the other user of the computer did recieve another e-mail supposedly from E-bay, but ignored and deleted it. We now have the freetrial of Kaspersky Security suite and several anti-spyware programs including Webroot.

[NiteTiger]

Try booting into safe mode, then eliminating the folders. 9 times out of 10, it will allow you to access folders that are otherwise 'in use'.

[Space Toker]

yeah tried that, that's the scary thing, it STILL says it is being used by someone else EVEN IN SAFE MODE!

Chances are the problem is in the registry. Those folders are going to show back up even if you can delete them. Most likely, the malware will need to be identified and removed. Turn off system restore. Locate the bad registries in hkey_user, machine, local.... etc. manually delete it. Or reformat the HD.

Google is your friend:

The use of the uncommon packer in the W32/Myfip virus could make it more difficult for antivirus software vendors to identify and protect against the malicious code within, signalling "the start of a worrying trend", MessageLabs warned today.

https://www.vnunet.com/vnunet/news/21...worrying-trend

One possible solution:
https://vil.nai.com/vil/content/v_127421.htm

if the lurks quick sluething is accurate. There are other variants so it is avisable to exhaust all searches.

Good luck.

[Verite]

Thats why I love the program hijackthis. Just the name alone keeps away most people. Hijackthis will scan every boot hook in your registry and display it all allowing you to check selections you want to remove. Most decently written spyware will run as a system needed service [ writes a dependency to a MS dll/ocx ] which will reload itself if removed, some of the best spyware I have encountered needed the author to provide the removal key or complete wipe of the system via format then reload.

Heres a little hijackthis snapshot.

[Space Toker]

Quote:

Originally Posted by lurkocious

Chances are the problem is in the registry. Those folders are going to show back up even if you can delete them. Most likely, the malware will need to be identified and removed. Turn off system restore. Locate the bad registries in hkey_user, machine, local.... etc. manually delete it. Or reformat the HD....

Good luck.

Thanks, but how do you know what belongs there and what doesn't, and how do you view the system registry? also someone taught me to use some "command", then "ipconfig/flushdns" under the Start menu, but since I did a system recovery a while back it gives me some message listing a file pathname [and "ignore" or "close" options or whatever. If you choose ignore it functions like normal]. Anyway, how do I learn what belongs in the Registry and what doesn't? I have used Hijack this before but had to consult others online about it since I didn't know what was bad and what wasn't. They never told me, just listed the bad stuff on one or two requests and then stopped responding to me. teach me how to fish so I can feed myself! THANKS

PEACE

[Space Toker]

maybe those links will shed some light on the subject, will check them out... PEACE

[Batman]

Hey there ST~
still struggling with that PC security huh.. Hahahahahahahahaha, some things never change.
good luck getting it all straightened out bro~

Quote:

Originally Posted by Space Toker

Thanks, but how do you know what belongs there and what doesn't, and how do you view the system registry? also someone taught me to use some "command", then "ipconfig/flushdns" under the Start menu, but since I did a system recovery a while back it gives me some message listing a file pathname [and "ignore" or "close" options or whatever. If you choose ignore it functions like normal]. Anyway, how do I learn what belongs in the Registry and what doesn't? I have used Hijack this before but had to consult others online about it since I didn't know what was bad and what wasn't. They never told me, just listed the bad stuff on one or two requests and then stopped responding to me. teach me how to fish so I can feed myself! THANKS

PEACE

The lurks can only give advice. The information above was found by typing "ebay fraud virus" in google and taking the first couple of links. That is how it is started. Not sure if that is exactly what will be necessary to solve your issue. The lurks is still learning. Teaches lurks self. There are several ways to access the registry. You may search that in google as well. One is by typing regedit at command prompt. Another is through the control panel. It depends on operating system and what not. But most windows os are similar. One might guess the others stop responding because it gets redundant. Not to insult, but you will need to use the information for yourself, search it out. It is out there. Don't just expect people to tell you the answer, because, they don't know off hand. They must search also and that is time and work. If you are able to specifically identify the particular malware infecting your system, the lurks may be able to assist further. But ultimately, you will need to learn to help yourself.

Make sure you understand the implications of changing the registry before you do so. It can have disasterous consequences if the wrong items are changed. So take note on what is changed in order to go back, make a backup before chaning things, research. Etc. It is a hassle. But it will make you smarter. Take necessary steps to avoid the situation in the future also. There is lots of advice on line about security as well. Mainly routers, configuration, policy, etc.

The lurks is still teaching itself how to fish so there is no exact answer here. Just best wishes.

[Verite]

And when fixing computers becomes as easy as fishing we'll all stand in line to teach you. Until then just reformat your hard drive and start over with a better set of anti-everything software.

If you still dont understand I suggest you call up Best Buy and see how much it costs one of the Geek Squad guys an hour to come fix your stuff. Dont be too surprised to find out that figure is anywhere from $100-$150 an hour including travel time.