Loading ...
Sorry, an error occurred while loading the content.
 

Re: [mach1mach2cnc] OT: Worm/Trojan Horse?

Expand Messages
  • th.carel
    hi I could recently delete the isrvs (c: windows isrvs) folder which was undeletable running msconfig and set the safe boot option. - list of the deleted
    Message 1 of 13 , May 31, 2005
      hi
      I could recently delete the isrvs (c:\windows\isrvs) folder which was "undeletable"
      running msconfig and set the safe boot option.
      - list of the deleted programs included in the folder
      Isearch.exe
      ffisearch.exe
      Edmond.exe
      and two linked files
      The next stage is to reboot and restore through msconfig , the old boot option.
      At this time , Isearch and ffisearch are still requested in the boot but with no actions..
      I'm looking to clean definitively these two items ?

      thierry

      ----- Original Message -----
      From: Andy Wander
      To: 'mach1mach2cnc@yahoogroups.com'
      Sent: Wednesday, June 01, 2005 4:27 AM
      Subject: RE: [mach1mach2cnc] OT: Worm/Trojan Horse?


      Jeff:

      On 5/17. there was a post that might help:

      For Spyware, I use "SpywareNuker", It's the only one that got totally rid of
      "Searchassistant". Its part of the "Coolwebsearch" family of trojans.
      Nortons, Spybot S&D, Ad-aware, AboutBuster, Hijackthis and CWshredder do not
      even detect it, let alone get rid of it. It came right in past Norton2004
      anti-virus and firewall like it wasn't even there and will disable them both
      once it gets in along with system restore. It is very tenacious as every
      time it is deleted it renames itself. Most of these threats need to be dealt
      with in SafeMode and System restore turned off. The servers that spew these
      programs collect IP addresses and keep firing at them. If you are on a Cable
      connection you keep the same IP address, so, if you are having problems you
      can call your ISP and have them change it. However, if you are on dial up,
      you get a new IP address everytime you connect. So,if you get an IP address
      that is targeted and have a weak or no firewall, infection is almost
      certain. Often we assume
      it was an Email attachment or a download from the web that caused the
      problems and this is sometimes not the case. Mozilla offers free Windows
      Email and Browser programs that are both very well protected and changing
      over to them is very easy. Microsoft Outlook and Internet explorer are both
      under continual attack by hackers.

      Ron

      Rudy B <gatlin63@...> wrote:
      Been using Micro Trend for almost a year now and it has saved my computer
      many times.Money well spent.
      Rudy

      Arthur Prescott <adrive@...> wrote:

      Hi All,

      Try MICRO TREND to rid your Trojans. It5 worked fast and perfect for me. Be
      sure to go into safe mode as the instructions ask when removeing bugs.
      Arthur P. P.S. Oh and Art, I will be sending you a check for to more
      systems today or tomorrow. The saw is starting to excite people with real
      money, not just talk.


      Andy Wander
      Verrex Corporation

      -----Original Message-----
      From: washcomp [mailto:jeff@...]
      Sent: Tuesday, May 31, 2005 9:20 PM
      To: mach1mach2cnc@yahoogroups.com
      Subject: [mach1mach2cnc] OT: Worm/Trojan Horse?

      I'm embarased to ask, but I seem to have picked up a worm that I can't
      get rid of (went on jury duty and the lady checking my emails must have
      checked EVERYTHING :-(

      I ghosted my drive to a new drive and can get one boot-up. It says
      that it's loading to accomodate something new in my system and then on
      the next re-boot, I get the blue screen of death. I've swept it (with
      Norton 2005, F-Protect-DOS version and CA E-Trust) as a second drive on
      another system and can't find anything. I figure it's in the registry,
      but can't edit it with Regedit without booting the system. Does anyone
      know of a utility to off-line edit the registry? Anyone have a clue
      what may be the culprit?

      Jeff







      Yahoo! Groups Links







      ------------------------------------------------------------------------------
      Yahoo! Groups Links

      a.. To visit your group on the web, go to:
      http://groups.yahoo.com/group/mach1mach2cnc/

      b.. To unsubscribe from this group, send an email to:
      mach1mach2cnc-unsubscribe@yahoogroups.com

      c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.




      [Non-text portions of this message have been removed]
    • GJR
      ... Sorry to be the bearer of bad news, but according to Symantec, SpywareNuker is Adware:
      Message 2 of 13 , Jun 1, 2005
        > For Spyware, I use "SpywareNuker"

        Sorry to be the bearer of bad news, but according to Symantec, SpywareNuker
        is Adware:

        http://securityresponse.symantec.com/avcenter/venc/data/adware.spywarenuker.html

        FWIW, here's Symantec's list of Adware:

        http://securityresponse.symantec.com/avcenter/expanded_threats/adware/

        Geoff
      • washcomp
        Actually, my problems began in the timeframe of the loading of this package. Still trying to bring up system. Thanks to all for the advice (I try any and all
        Message 3 of 13 , Jun 1, 2005
          Actually, my problems began in the timeframe of the loading of this
          package. Still trying to bring up system.

          Thanks to all for the advice (I try any and all of it at this stage :-)

          Jeff

          --- In mach1mach2cnc@yahoogroups.com, "GJR" <roehmguitars@m...> wrote:
          > > For Spyware, I use "SpywareNuker"
          >
          > Sorry to be the bearer of bad news, but according to Symantec,
          SpywareNuker
          > is Adware:
          >
          >
          http://securityresponse.symantec.com/avcenter/venc/data/adware.spywaren
          uker.html
          >
          > FWIW, here's Symantec's list of Adware:
          >
          >
          http://securityresponse.symantec.com/avcenter/expanded_threats/adware/
          >
          > Geoff
        • R Rogers
          Thats weird. It was a year or so back when my old PC became infected with hijackers etc. I could barely use it. Slow internet etc. I tried everything and had
          Message 4 of 13 , Jun 1, 2005
            Thats weird. It was a year or so back when my old PC became infected with hijackers etc. I could barely use it. Slow internet etc. I tried everything and had up to date Nortons 2004 that scanned every night. It wouldn't detect anything. Neither would Ad-aware or any of the free spyware detecters. I bought SpywareNuker for $40 and it found tons of registry entries and internet cookies and most importantly the worm that was causing all the problems. Norton's found none of it. I even contacted Trek Blues support and they gave assistance on getting rid of the worm. After that my PC ran flawlessly, no hi-jacks, no pop-ups, no anything. It is possible that there is another software with the same name that is actually adware. If the one I was using was, it certainly worked well. Nothing malicious at all. I think Symantec is all wet on this one. I had SpywareNuker and Nortons running on the same machine and Nortons never mentioned it. I wonder why, especially since they know it is a
            malicious program?

            I have a new PC now and run Mcafee's and it seems to work better than Norton. I'm staying with it.

            Maybe Symantec is just jealous??

            Or maybe I paid $40 for an elaborate internet scam.....good possibility :-)

            Ron

            GJR <roehmguitars@...> wrote:
            > For Spyware, I use "SpywareNuker"

            Sorry to be the bearer of bad news, but according to Symantec, SpywareNuker
            is Adware:

            http://securityresponse.symantec.com/avcenter/venc/data/adware.spywarenuker.html

            FWIW, here's Symantec's list of Adware:

            http://securityresponse.symantec.com/avcenter/expanded_threats/adware/

            Geoff




            ---------------------------------
            Yahoo! Groups Links

            To visit your group on the web, go to:
            http://groups.yahoo.com/group/mach1mach2cnc/

            To unsubscribe from this group, send an email to:
            mach1mach2cnc-unsubscribe@yahoogroups.com

            Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



            [Non-text portions of this message have been removed]
          • R Rogers
            Follow-up: I Googled SpywareNuker adware? Mcafee states Symantec s claims are false. SpywareNuker is suing Symantec. Ron R Rogers
            Message 5 of 13 , Jun 1, 2005
              Follow-up: I Googled "SpywareNuker adware?" Mcafee states Symantec's claims are false. SpywareNuker is suing Symantec.

              Ron

              R Rogers <rogersmach@...> wrote:
              Thats weird. It was a year or so back when my old PC became infected with hijackers etc. I could barely use it. Slow internet etc. I tried everything and had up to date Nortons 2004 that scanned every night. It wouldn't detect anything. Neither would Ad-aware or any of the free spyware detecters. I bought SpywareNuker for $40 and it found tons of registry entries and internet cookies and most importantly the worm that was causing all the problems. Norton's found none of it. I even contacted Trek Blues support and they gave assistance on getting rid of the worm. After that my PC ran flawlessly, no hi-jacks, no pop-ups, no anything. It is possible that there is another software with the same name that is actually adware. If the one I was using was, it certainly worked well. Nothing malicious at all. I think Symantec is all wet on this one. I had SpywareNuker and Nortons running on the same machine and Nortons never mentioned it. I wonder why, especially since they know it is a
              malicious program?

              I have a new PC now and run Mcafee's and it seems to work better than Norton. I'm staying with it.

              Maybe Symantec is just jealous??

              Or maybe I paid $40 for an elaborate internet scam.....good possibility :-)

              Ron

              GJR <roehmguitars@...> wrote:
              > For Spyware, I use "SpywareNuker"

              Sorry to be the bearer of bad news, but according to Symantec, SpywareNuker
              is Adware:

              http://securityresponse.symantec.com/avcenter/venc/data/adware.spywarenuker.html

              FWIW, here's Symantec's list of Adware:

              http://securityresponse.symantec.com/avcenter/expanded_threats/adware/

              Geoff




              ---------------------------------
              Yahoo! Groups Links

              To visit your group on the web, go to:
              http://groups.yahoo.com/group/mach1mach2cnc/

              To unsubscribe from this group, send an email to:
              mach1mach2cnc-unsubscribe@yahoogroups.com

              Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



              [Non-text portions of this message have been removed]



              ---------------------------------
              Yahoo! Groups Links

              To visit your group on the web, go to:
              http://groups.yahoo.com/group/mach1mach2cnc/

              To unsubscribe from this group, send an email to:
              mach1mach2cnc-unsubscribe@yahoogroups.com

              Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



              [Non-text portions of this message have been removed]
            • ed
              Theirry, in your message below, you mention Edmond.exe, my name is Edmund, and just last week I had a W32-hllp.spreda.b.spy virus, (it came from Nigeria), it
              Message 6 of 13 , Jun 1, 2005
                Theirry, in your message below, you mention Edmond.exe, my name is
                Edmund, and just last week I had a W32-hllp.spreda.b.spy virus, (it
                came from Nigeria), it tried to enter my computer, it is apparently
                a worm or trojan, I have norton 2005, and Microsoft Beta-1 spyware,
                afterwards I had trouble with my computer, I am wondering if I have
                sent contamminated email, (this email is from another computer by
                the way and is clean), what do the group members think?,

                Could that Edmond.exe have come from me?,
                The infected computer seems to be ok now after deleting a bunch of
                spyware?, I am thinking I will erase my hard drive and restore, does
                anyone have comments about that,

                ..............Edmund...........




                --- In mach1mach2cnc@yahoogroups.com, "th.carel" <th.carel@w...>
                wrote:
                > hi
                > I could recently delete the isrvs (c:\windows\isrvs) folder which
                was "undeletable"
                > running msconfig and set the safe boot option.
                > - list of the deleted programs included in the folder
                > Isearch.exe
                > ffisearch.exe
                > Edmond.exe
                > and two linked files
                > The next stage is to reboot and restore through msconfig , the old
                boot option.
                > At this time , Isearch and ffisearch are still requested in the
                boot but with no actions..
                > I'm looking to clean definitively these two items ?
                >
                > thierry
                >
                > ----- Original Message -----
                > From: Andy Wander
                > To: 'mach1mach2cnc@yahoogroups.com'
                > Sent: Wednesday, June 01, 2005 4:27 AM
                > Subject: RE: [mach1mach2cnc] OT: Worm/Trojan Horse?
                >
                >
                > Jeff:
                >
                > On 5/17. there was a post that might help:
                >
                > For Spyware, I use "SpywareNuker", It's the only one that got
                totally rid of
                > "Searchassistant". Its part of the "Coolwebsearch" family of
                trojans.
                > Nortons, Spybot S&D, Ad-aware, AboutBuster, Hijackthis and
                CWshredder do not
                > even detect it, let alone get rid of it. It came right in past
                Norton2004
                > anti-virus and firewall like it wasn't even there and will
                disable them both
                > once it gets in along with system restore. It is very tenacious
                as every
                > time it is deleted it renames itself. Most of these threats need
                to be dealt
                > with in SafeMode and System restore turned off. The servers that
                spew these
                > programs collect IP addresses and keep firing at them. If you
                are on a Cable
                > connection you keep the same IP address, so, if you are having
                problems you
                > can call your ISP and have them change it. However, if you are
                on dial up,
                > you get a new IP address everytime you connect. So,if you get an
                IP address
                > that is targeted and have a weak or no firewall, infection is
                almost
                > certain. Often we assume
                > it was an Email attachment or a download from the web that
                caused the
                > problems and this is sometimes not the case. Mozilla offers free
                Windows
                > Email and Browser programs that are both very well protected and
                changing
                > over to them is very easy. Microsoft Outlook and Internet
                explorer are both
                > under continual attack by hackers.
                >
                > Ron
                >
                > Rudy B <gatlin63@y...> wrote:
                > Been using Micro Trend for almost a year now and it has saved my
                computer
                > many times.Money well spent.
                > Rudy
                >
                > Arthur Prescott <adrive@e...> wrote:
                >
                > Hi All,
                >
                > Try MICRO TREND to rid your Trojans. It5 worked fast and perfect
                for me. Be
                > sure to go into safe mode as the instructions ask when removeing
                bugs.
                > Arthur P. P.S. Oh and Art, I will be sending you a check for
                to more
                > systems today or tomorrow. The saw is starting to excite people
                with real
                > money, not just talk.
                >
                >
                > Andy Wander
                > Verrex Corporation
                >
                > -----Original Message-----
                > From: washcomp [mailto:jeff@w...]
                > Sent: Tuesday, May 31, 2005 9:20 PM
                > To: mach1mach2cnc@yahoogroups.com
                > Subject: [mach1mach2cnc] OT: Worm/Trojan Horse?
                >
                > I'm embarased to ask, but I seem to have picked up a worm that I
                can't
                > get rid of (went on jury duty and the lady checking my emails
                must have
                > checked EVERYTHING :-(
                >
                > I ghosted my drive to a new drive and can get one boot-up. It
                says
                > that it's loading to accomodate something new in my system and
                then on
                > the next re-boot, I get the blue screen of death. I've swept it
                (with
                > Norton 2005, F-Protect-DOS version and CA E-Trust) as a second
                drive on
                > another system and can't find anything. I figure it's in the
                registry,
                > but can't edit it with Regedit without booting the system. Does
                anyone
                > know of a utility to off-line edit the registry? Anyone have a
                clue
                > what may be the culprit?
                >
                > Jeff
                >
                >
                >
                >
                >
                >
                >
                > Yahoo! Groups Links
                >
                >
                >
                >
                >
                >
                >
                > -------------------------------------------------------------------
                -----------
                > Yahoo! Groups Links
                >
                > a.. To visit your group on the web, go to:
                > http://groups.yahoo.com/group/mach1mach2cnc/
                >
                > b.. To unsubscribe from this group, send an email to:
                > mach1mach2cnc-unsubscribe@yahoogroups.com
                >
                > c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms
                of Service.
                >
                >
                >
                >
                > [Non-text portions of this message have been removed]
              • th.carel
                Edmund No No , Edmond.exe is a wellknown trojan virus ,every body at this time is asking if he is not the source of problems ,spraying all around it s secret
                Message 7 of 13 , Jun 1, 2005
                  Edmund
                  No No , Edmond.exe is a wellknown trojan virus ,every body
                  at this time is asking if he is not the source of problems ,spraying all around
                  it's secret life , the code of his mastercard ,etc,
                  Strange and very bad feeling !
                  You can sleep quiet !
                  Thierry

                  ----- Original Message -----
                  From: ed
                  To: mach1mach2cnc@yahoogroups.com
                  Sent: Wednesday, June 01, 2005 7:45 PM
                  Subject: [mach1mach2cnc] Re: OT: Worm/Trojan Horse?


                  Theirry, in your message below, you mention Edmond.exe, my name is
                  Edmund, and just last week I had a W32-hllp.spreda.b.spy virus, (it
                  came from Nigeria), it tried to enter my computer, it is apparently
                  a worm or trojan, I have norton 2005, and Microsoft Beta-1 spyware,
                  afterwards I had trouble with my computer, I am wondering if I have
                  sent contamminated email, (this email is from another computer by
                  the way and is clean), what do the group members think?,

                  Could that Edmond.exe have come from me?,
                  The infected computer seems to be ok now after deleting a bunch of
                  spyware?, I am thinking I will erase my hard drive and restore, does
                  anyone have comments about that,

                  ..............Edmund...........




                  --- In mach1mach2cnc@yahoogroups.com, "th.carel" <th.carel@w...>
                  wrote:
                  > hi
                  > I could recently delete the isrvs (c:\windows\isrvs) folder which
                  was "undeletable"
                  > running msconfig and set the safe boot option.
                  > - list of the deleted programs included in the folder
                  > Isearch.exe
                  > ffisearch.exe
                  > Edmond.exe
                  > and two linked files
                  > The next stage is to reboot and restore through msconfig , the old
                  boot option.
                  > At this time , Isearch and ffisearch are still requested in the
                  boot but with no actions..
                  > I'm looking to clean definitively these two items ?
                  >
                  > thierry
                  >
                  > ----- Original Message -----
                  > From: Andy Wander
                  > To: 'mach1mach2cnc@yahoogroups.com'
                  > Sent: Wednesday, June 01, 2005 4:27 AM
                  > Subject: RE: [mach1mach2cnc] OT: Worm/Trojan Horse?
                  >
                  >
                  > Jeff:
                  >
                  > On 5/17. there was a post that might help:
                  >
                  > For Spyware, I use "SpywareNuker", It's the only one that got
                  totally rid of
                  > "Searchassistant". Its part of the "Coolwebsearch" family of
                  trojans.
                  > Nortons, Spybot S&D, Ad-aware, AboutBuster, Hijackthis and
                  CWshredder do not
                  > even detect it, let alone get rid of it. It came right in past
                  Norton2004
                  > anti-virus and firewall like it wasn't even there and will
                  disable them both
                  > once it gets in along with system restore. It is very tenacious
                  as every
                  > time it is deleted it renames itself. Most of these threats need
                  to be dealt
                  > with in SafeMode and System restore turned off. The servers that
                  spew these
                  > programs collect IP addresses and keep firing at them. If you
                  are on a Cable
                  > connection you keep the same IP address, so, if you are having
                  problems you
                  > can call your ISP and have them change it. However, if you are
                  on dial up,
                  > you get a new IP address everytime you connect. So,if you get an
                  IP address
                  > that is targeted and have a weak or no firewall, infection is
                  almost
                  > certain. Often we assume
                  > it was an Email attachment or a download from the web that
                  caused the
                  > problems and this is sometimes not the case. Mozilla offers free
                  Windows
                  > Email and Browser programs that are both very well protected and
                  changing
                  > over to them is very easy. Microsoft Outlook and Internet
                  explorer are both
                  > under continual attack by hackers.
                  >
                  > Ron
                  >
                  > Rudy B <gatlin63@y...> wrote:
                  > Been using Micro Trend for almost a year now and it has saved my
                  computer
                  > many times.Money well spent.
                  > Rudy
                  >
                  > Arthur Prescott <adrive@e...> wrote:
                  >
                  > Hi All,
                  >
                  > Try MICRO TREND to rid your Trojans. It5 worked fast and perfect
                  for me. Be
                  > sure to go into safe mode as the instructions ask when removeing
                  bugs.
                  > Arthur P. P.S. Oh and Art, I will be sending you a check for
                  to more
                  > systems today or tomorrow. The saw is starting to excite people
                  with real
                  > money, not just talk.
                  >
                  >
                  > Andy Wander
                  > Verrex Corporation
                  >
                  > -----Original Message-----
                  > From: washcomp [mailto:jeff@w...]
                  > Sent: Tuesday, May 31, 2005 9:20 PM
                  > To: mach1mach2cnc@yahoogroups.com
                  > Subject: [mach1mach2cnc] OT: Worm/Trojan Horse?
                  >
                  > I'm embarased to ask, but I seem to have picked up a worm that I
                  can't
                  > get rid of (went on jury duty and the lady checking my emails
                  must have
                  > checked EVERYTHING :-(
                  >
                  > I ghosted my drive to a new drive and can get one boot-up. It
                  says
                  > that it's loading to accomodate something new in my system and
                  then on
                  > the next re-boot, I get the blue screen of death. I've swept it
                  (with
                  > Norton 2005, F-Protect-DOS version and CA E-Trust) as a second
                  drive on
                  > another system and can't find anything. I figure it's in the
                  registry,
                  > but can't edit it with Regedit without booting the system. Does
                  anyone
                  > know of a utility to off-line edit the registry? Anyone have a
                  clue
                  > what may be the culprit?
                  >
                  > Jeff
                  >
                  >
                  >
                  >
                  >
                  >
                  >
                  > Yahoo! Groups Links
                  >
                  >
                  >
                  >
                  >
                  >
                  >
                  > -------------------------------------------------------------------
                  -----------
                  > Yahoo! Groups Links
                  >
                  > a.. To visit your group on the web, go to:
                  > http://groups.yahoo.com/group/mach1mach2cnc/
                  >
                  > b.. To unsubscribe from this group, send an email to:
                  > mach1mach2cnc-unsubscribe@yahoogroups.com
                  >
                  > c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms
                  of Service.
                  >
                  >
                  >
                  >
                  > [Non-text portions of this message have been removed]





                  ------------------------------------------------------------------------------
                  Yahoo! Groups Links

                  a.. To visit your group on the web, go to:
                  http://groups.yahoo.com/group/mach1mach2cnc/

                  b.. To unsubscribe from this group, send an email to:
                  mach1mach2cnc-unsubscribe@yahoogroups.com

                  c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.




                  [Non-text portions of this message have been removed]
                • Jeff Goldberg
                  Well, it took three days of useless labor by two of my best desk repair technicians. We reghosted the original drive numerous times, ran Norton 2005, Spyware
                  Message 8 of 13 , Jun 1, 2005
                    Well, it took three days of useless labor by two of my best desk repair
                    technicians. We reghosted the original drive numerous times, ran Norton
                    2005, Spyware Nuker, Spybot, Microsoft Anti-Spyware, Adaware, F-Protect (DOS
                    version), Computer Associates e-Trust, rebuilt the registry, removed
                    software packages, loaded a second Win 2000 and made a repair disk, tried to
                    use backup/old files etc., etc. The worm would still reload at initial
                    boot-up and make the drive subsequently unbootable (blue screen of death).

                    Finally, I decided to upgrade to Windows XP. After finishing, it told me
                    that one of the services that it didn't support was the boot re-direct.
                    HOORAY. Problem gone!

                    This was probably the worst we've ever seen of this type. It had to get
                    through two commercial firewalls, three anti-spyware packages and my
                    anti-virus package to infect me. Be REAL careful out there and don't become
                    complacent. We are now burning DVD's of all of our boot drives to prevent
                    something like this from affecting our servers.

                    Thanks for all the suggestions,

                    Jeff




                    : mach1mach2cnc@yahoogroups.com [mailto:mach1mach2cnc@yahoogroups.com] On
                    Behalf Of ed
                    Sent: Wednesday, June 01, 2005 1:46 PM
                    To: mach1mach2cnc@yahoogroups.com
                    Subject: [mach1mach2cnc] Re: OT: Worm/Trojan Horse?



                    Theirry, in your message below, you mention Edmond.exe, my name is
                    Edmund, and just last week I had a W32-hllp.spreda.b.spy virus, (it
                    came from Nigeria), it tried to enter my computer, it is apparently
                    a worm or trojan, I have norton 2005, and Microsoft Beta-1 spyware,
                    afterwards I had trouble with my computer, I am wondering if I have
                    sent contamminated email, (this email is from another computer by
                    the way and is clean), what do the group members think?,

                    Could that Edmond.exe have come from me?,
                    The infected computer seems to be ok now after deleting a bunch of
                    spyware?, I am thinking I will erase my hard drive and restore, does
                    anyone have comments about that,

                    ..............Edmund...........




                    --- In mach1mach2cnc@yahoogroups.com, "th.carel" <th.carel@w...>
                    wrote:
                    > hi
                    > I could recently delete the isrvs (c:\windows\isrvs) folder which
                    was "undeletable"
                    > running msconfig and set the safe boot option.
                    > - list of the deleted programs included in the folder
                    > Isearch.exe
                    > ffisearch.exe
                    > Edmond.exe
                    > and two linked files
                    > The next stage is to reboot and restore through msconfig , the old
                    boot option.
                    > At this time , Isearch and ffisearch are still requested in the
                    boot but with no actions..
                    > I'm looking to clean definitively these two items ?
                    >
                    > thierry
                    >
                    > ----- Original Message -----
                    > From: Andy Wander
                    > To: 'mach1mach2cnc@yahoogroups.com'
                    > Sent: Wednesday, June 01, 2005 4:27 AM
                    > Subject: RE: [mach1mach2cnc] OT: Worm/Trojan Horse?
                    >
                    >
                    > Jeff:
                    >
                    > On 5/17. there was a post that might help:
                    >
                    > For Spyware, I use "SpywareNuker", It's the only one that got
                    totally rid of
                    > "Searchassistant". Its part of the "Coolwebsearch" family of
                    trojans.
                    > Nortons, Spybot S&D, Ad-aware, AboutBuster, Hijackthis and
                    CWshredder do not
                    > even detect it, let alone get rid of it. It came right in past
                    Norton2004
                    > anti-virus and firewall like it wasn't even there and will
                    disable them both
                    > once it gets in along with system restore. It is very tenacious
                    as every
                    > time it is deleted it renames itself. Most of these threats need
                    to be dealt
                    > with in SafeMode and System restore turned off. The servers that
                    spew these
                    > programs collect IP addresses and keep firing at them. If you
                    are on a Cable
                    > connection you keep the same IP address, so, if you are having
                    problems you
                    > can call your ISP and have them change it. However, if you are
                    on dial up,
                    > you get a new IP address everytime you connect. So,if you get an
                    IP address
                    > that is targeted and have a weak or no firewall, infection is
                    almost
                    > certain. Often we assume
                    > it was an Email attachment or a download from the web that
                    caused the
                    > problems and this is sometimes not the case. Mozilla offers free
                    Windows
                    > Email and Browser programs that are both very well protected and
                    changing
                    > over to them is very easy. Microsoft Outlook and Internet
                    explorer are both
                    > under continual attack by hackers.
                    >
                    > Ron
                    >
                    > Rudy B <gatlin63@y...> wrote:
                    > Been using Micro Trend for almost a year now and it has saved my
                    computer
                    > many times.Money well spent.
                    > Rudy
                    >
                    > Arthur Prescott <adrive@e...> wrote:
                    >
                    > Hi All,
                    >
                    > Try MICRO TREND to rid your Trojans. It5 worked fast and perfect
                    for me. Be
                    > sure to go into safe mode as the instructions ask when removeing
                    bugs.
                    > Arthur P. P.S. Oh and Art, I will be sending you a check for
                    to more
                    > systems today or tomorrow. The saw is starting to excite people
                    with real
                    > money, not just talk.
                    >
                    >
                    > Andy Wander
                    > Verrex Corporation
                    >
                    > -----Original Message-----
                    > From: washcomp [mailto:jeff@w...]
                    > Sent: Tuesday, May 31, 2005 9:20 PM
                    > To: mach1mach2cnc@yahoogroups.com
                    > Subject: [mach1mach2cnc] OT: Worm/Trojan Horse?
                    >
                    > I'm embarased to ask, but I seem to have picked up a worm that I
                    can't
                    > get rid of (went on jury duty and the lady checking my emails
                    must have
                    > checked EVERYTHING :-(
                    >
                    > I ghosted my drive to a new drive and can get one boot-up. It
                    says
                    > that it's loading to accomodate something new in my system and
                    then on
                    > the next re-boot, I get the blue screen of death. I've swept it
                    (with
                    > Norton 2005, F-Protect-DOS version and CA E-Trust) as a second
                    drive on
                    > another system and can't find anything. I figure it's in the
                    registry,
                    > but can't edit it with Regedit without booting the system. Does
                    anyone
                    > know of a utility to off-line edit the registry? Anyone have a
                    clue
                    > what may be the culprit?
                    >
                    > Jeff
                    >
                    >
                    >
                    >
                    >
                    >
                    >
                    > Yahoo! Groups Links
                    >
                    >
                    >
                    >
                    >
                    >
                    >
                    > -------------------------------------------------------------------
                    -----------
                    > Yahoo! Groups Links
                    >
                    > a.. To visit your group on the web, go to:
                    > http://groups.yahoo.com/group/mach1mach2cnc/
                    >
                    > b.. To unsubscribe from this group, send an email to:
                    > mach1mach2cnc-unsubscribe@yahoogroups.com
                    >
                    > c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms
                    of Service.
                    >
                    >
                    >
                    >
                    > [Non-text portions of this message have been removed]





                    _____

                    Yahoo! Groups Links


                    * To visit your group on the web, go to:
                    http://groups.yahoo.com/group/mach1mach2cnc/


                    * To unsubscribe from this group, send an email to:
                    mach1mach2cnc-unsubscribe@yahoogroups.com
                    <mailto:mach1mach2cnc-unsubscribe@yahoogroups.com?subject=Unsubscribe>


                    * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
                    <http://docs.yahoo.com/info/terms/> .




                    [Non-text portions of this message have been removed]
                  • Hhelton
                    Ed; If you are going to the trouble of erasing and re-formatting your hard drive, go the extra mile and use a program like nukem or wipe file to completely
                    Message 9 of 13 , Jun 2, 2005
                      Ed;
                      If you are going to the trouble of erasing and re-formatting your hard
                      drive, go the extra mile and use a program like "nukem" or "wipe file" to
                      completely destroy the files on your hard drive. Just erasing files leaves
                      remnants of the file on the disk and could cause future problems.

                      H. Helton
                    • ed
                      Thank you H?, I will take your advise, I presume the nukem takes place before erasing the hard drive?, ... hard ... file to ... leaves
                      Message 10 of 13 , Jun 2, 2005
                        Thank you H?, I will take your advise, I presume the nukem takes place
                        before erasing the hard drive?,

                        ..............Edmund...........




                        --- In mach1mach2cnc@yahoogroups.com, "Hhelton" <hhelton@i...> wrote:
                        > Ed;
                        > If you are going to the trouble of erasing and re-formatting your
                        hard
                        > drive, go the extra mile and use a program like "nukem" or "wipe
                        file" to
                        > completely destroy the files on your hard drive. Just erasing files
                        leaves
                        > remnants of the file on the disk and could cause future problems.
                        >
                        > H. Helton
                      Your message has been successfully submitted and would be delivered to recipients shortly.