Got the W32.Spybot.Worm virus

xcelbeyond · Aug 18, 2005

Well - I've been online for about 12 years and NEVER got a virus. I have Sygate Firewall, keep Norton Antivirus updated, and run spyware software. I never open suspicious e-mail and NEVER read/open attachments unless I'm either expecting or it's a known source (which most of the time I don't even open, even if I'm sure).

I don't have a friggin clue how I got this! I believe it's some sort of keylogger trojan program. Maybe GERM or some computer geek can explain what it does.

The only way I found it was 2 things happened - I notice one about a day ago. I couldn't log into my e-mail account. I have a backdoor way of getting into it via a web page. They are down all the time and don't think twice unless it goes more than a day. The other, which started to scare me was I noticed I lost the icon in my Win 2000 system tray for Norton Antivirus 2004. When I open it, Auto-Protect and Email Scanning were not enabled and I COULD NOT re-enable these functions. I could get into the Symantec web site and get info. I updated my virus definitions and Norton was suppose to detect and remove the virus, but it didn't find it!!!

I went in the Norton AV directory on my computer and read the AVVirus.log file and found out that my computer was infected with the W32.Spybot.Worm virus on 8/14/05. I googled "W32.Spybot.Worm virus" and found NoAdware trialware that was suppose to find and remove it, which it did. Of course, when I hit "Repair" I had to regisiter it - so I paid the $30.

I believe all my keyboard strokes were logged/sent. I'm in the process of changing ALL passwords to places where I've been the last couple of days. What a pain in the ass.

bigbaldbulldog · Aug 18, 2005

ouch.....

Trapasaurus · Aug 18, 2005

That sucks.......

I surf the internet care-free all the time. Who knows what virus's I have.

When you said that about sending out your key strokes and stuff, that's scary as shit.

If you do all that and still got a virus, then alot of people are fucked who don't take the time.

moj0 · Aug 18, 2005

Xcel...one more thing to consider. If you are running Windows Xp there is a feature called system restore that is designed to replace deleted system files. When you get hit with a worm like this it's advisable to disable system restore prior to removing it. If you don't take this step then many times windows will restore the file you just cleaned

Also since this worm is also a backdoor you may want to take precautions with any credit cards, etc. (if you do online transactions).

xcelbeyond · Aug 18, 2005

moj0 said:
Xcel...one more thing to consider. If you are running Windows Xp there is a feature called system restore that is designed to replace deleted system files. When you get hit with a worm like this it's advisable to disable system restore prior to removing it. If you don't take this step then many times windows will restore the file you just cleaned Also since this worm is also a backdoor you may want to take precautions with any credit cards, etc. (if you do online transactions).

Just another good reason I stuck with Windows 2000 Pro.

Can you elaborate on the backdoor with cc transactions - what does it do?

I do everything online (banking) and had to go in and change my username and password.

xcelbeyond · Aug 18, 2005

I also use Firefox browser and ALWAYS delete ALL History, Cookies and Cache when I'm done surfing, even if I leave the program open.

billbomb · Aug 18, 2005

xcelbeyond said:
I also use Firefox browser and ALWAYS delete ALL History, Cookies and Cache when I'm done surfing, even if I leave the program open.

Does anyone else use that computer? If so check the history log in
Internet Explorer. Also check Windows Update. Microsoft just released
a few patches and one patch fixed an exploit that would allow a hacker to
install spyware on a machine if a website had corrupted images. Also
be aware that since some of these patches fix holes in the system dll's
that Firefox uses you are not completely safe because you browse the
internet with it.

moj0 · Aug 18, 2005

The worm gives an attacker a back door or method of potentially gaining additional access to your system. With this access he can easily capture credit card numbers or other personal information that can be used to steal your identity and your money. For example the installation of keystroke logging software would send back to the attacker ALL of your keystrokes including those that you type when filling in the forms on an online store (credit card number, address, etc.). At a minimum I would monitor charges to my account very closely and if it were me I'd ask the bank to issue me a card with a new number and cancel the old one. This worm is like a multi purpose tool and if someone on the Internet was actively watching it they could do alot of damage with it. If you have all of the latest patches installed for Windows your exposure is minimized. If not....get them. I work with this stuff for a living so if you need help let me know.

Big A · Aug 19, 2005

OK, the last few days my computer has been playing up. Norton is not finding anything wrong.

This is my AVvirus.log file. And it just keeps going like this

àÎîÎ wß7 'L öI ode @ °Î¾Î @ Á Á ïÁA·“ ¹ Õ % 6 ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿsÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑº‡“š‹Ñ¾¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿóÿÿÿ¾‹“ž‘‹¶Ñš‡šÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ–ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß¾‹“ž‘‹¶Ñš‡šßˆ–‹—–‘ßª‘”‘ˆ‘ÏÏÏÏÏÏÏÏÑ›ž‹žß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑº‡“š‹Ñ¾¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿù6ÿÿÿùþÿÿÿùüÿÿÿõÿõÿùÿÿÿÿ°Î¾Î ) –Ûì5[\ ¹ Õ 8 ˆ ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼È»Ñ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼È»Ñ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿù‘äÿÿùþÿÿÿùüÿÿÿõÿõÿùÿÿÿÿ°Î¾Î Z Ã Ã 1³l~KÑh ¹ Õ 8 ’ ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿäÿÿÿ†Šsyntherol›œŠ’š‘‹syntherolžœš…ž‘‘šÑ…–ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ£ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß†Šsyntherol›œŠ’š‘‹syntherolžœš…ž‘‘šÑ…–ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùäÿÿùþÿÿÿùüÿÿÿõÿõÿùÿÿÿÿ°Î¾Î E ¹%&¸òüªC ¹ Õ
- n ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼ÇÎÑ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼ÇÎÑ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùâÿÿùþÿÿÿùûÿÿÿõÿõÿùÿÿÿÿ°Î¾Î v ¥ ¥ «uf¡ÆãQš ¹ Õ
- x ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿóÿÿÿ’šŒŒž˜šÑŒœÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ²ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß’šŒŒž˜šÑŒœß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùâÿÿùþÿÿÿùûÿÿÿõÿõÿùÿÿÿÿ°Î¾Î C
§ § Ûðp¯‚· ¹ Õ 9 â ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿòÿÿÿ›œŠ’š‘‹Ñ–™ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ±ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß›œŠ’š‘‹Ñ–™ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùXãÿÿùþÿÿÿùüÿÿÿõÿõÿùÿÿÿÿ°Î¾Î Äž™èp][? ¹ Õ : ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼ÆÆÑ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼ÆÆÑ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùYãÿÿùþÿÿÿùüÿÿÿõÿõÿùÿÿÿÿ°Î¾Î C QŒw^Ïµa ¹ Õ ) { ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼Æ¼Ñ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼Æ¼Ñ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùlâÿÿùþÿÿÿùûÿÿÿõÿõÿùÿÿÿÿ°Î¾Î t § § ®2±Cc-Ä ¹ Õ ) š ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿòÿÿÿ›œŠ’š‘‹Ñ–™ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ±ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß›œŠ’š‘‹Ñ–™ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏ&Â|pÖsÓ› ¹ Õ ; ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼¾ÇÑ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼¾ÇÑ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùpÞÿÿùþÿÿÿùúÿÿÿõÿõÿùÿÿÿÿ°Î¾Î t ¥ ¥ g¥Q6'Ùü ¹ Õ ; 3 ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿóÿÿÿ’šŒŒž˜šÑŒœÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ²ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß’šŒŒž˜šÑŒœß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùoÞÿÿùþÿÿÿùúÿÿÿõÿõÿùÿÿÿÿ°Î¾Î A Ib¨vgÐ ¹ Õ & + ì ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼½¹Ñ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼½¹Ñ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùçÑÿÿùþÿÿÿùùÿÿÿõÿõÿùÿÿÿÿ°Î¾Î r £ £ jú$%b¤+ ¹ Õ & +
ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿôÿÿÿžŠŒšŒÑ…–ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ³ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ßžŠŒšŒÑ…–ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùæÑÿÿùþÿÿÿùùÿÿÿõÿõÿùÿÿÿÿ°Î¾Î = à‰¸;cD¦K ¹ Õ * + Ó ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼¼ÌÑ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼¼ÌÑ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿù‘Ñÿÿùþÿÿÿùøÿÿÿõÿõÿùÿÿÿÿ°Î¾Î n £ £ ±iÀ+‘8
¹ Õ * + ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿôÿÿÿžŠŒšŒÑ…–ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ³ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ßžŠŒšŒÑ…–ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùÑÿÿùþÿÿÿùøÿÿÿõÿõÿùÿÿÿÿ°Î¾Î 9 ù1ÆTçZ—[ ¹ Õ : ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿnÿÿ™ÿÿÿÿÿÿÿëÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œÿ˜ÿÿÿþÿÿÿûÿÿÿøÿÿÿ—ÿÿÿÿÿÿÿ¿ÿÿÿ¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼¼ÆÑ‹’ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ†ÿÿÿ«—šß™–“šß¼Å£»œŠ’š‘‹Œßž‘›ß¬š‹‹–‘˜Œ£µß½ˆ‘£³œž“ß¬š‹‹–‘˜Œ£«š’£¼¼¼ÆÑ‹’ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’Þš‘œß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿùÐÿÿùþÿÿÿù÷ÿÿÿõÿõÿùÿÿÿÿ°Î¾Î j ¥ ¥ KÕ#@×à ¹ Õ : \ ñÿÿÿÿÿÿÿþÿÿÿûÿÿÿFôÿÿþÿÿÿÿÿÿÿöÿÿÿµß½ˆ‘ÿýÿÿÿÿÿÿÿïÿÿÿµ°Ò²¦©·É¦¬´®Ç¥°ÿšÿÿÿþÿÿÿûÿÿÿrÿÿ™ÿÿÿÿÿÿÿïÿÿÿ¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ÿ˜ÿÿÿþÿÿÿûÿÿÿöÿÿÿ—ÿÿÿÿÿÿÿóÿÿÿ’šŒŒž˜šÑ…–ÿ–ÿÿÿþÿÿÿûÿÿÿ4ôÿÿ•ÿÿÿþÿÿÿûÿÿÿÿÿÿÿ”ÿÿÿÿÿÿÿ²ÿÿÿ«—šßš’ž–“ßž‹‹žœ—’š‘‹ß’šŒŒž˜šÑ…–ß–Œß–‘™šœ‹š›ßˆ–‹—ß‹—šß¨ÌÍÑ±š‹Œ”†Ñ¯¿’’ß‰–ŠŒÑÿ“ÿÿÿÿÿÿÿòÿÿÿÍÏÏÊÏÈÍÏÏÏÎÈÿ’ÿÿÿÿÿÿÿüÿÿÿÏßÿ‘ÿÿÿÿÿÿÿõÿÿÿÎÎÑÏÑÎÎÑËÿÿÿÿþÿÿÿûÿÿÿÿÿÿÿùþÿÿÿù~Ðÿÿùþÿÿÿù÷ÿÿÿõÿõÿùÿÿÿÿ°Î¾Î 7" ¥ ¥ œàÔ

xcelbeyond · Aug 19, 2005

I've installed all the windows updates (up til now) except Microsoft.NET Framework update and just did that.

My wife is the only other person using this computer and she hasn't used it lately.

Big A: go to http://www.noadware.net/ and download the NoAdware program and run it. You only have to pay if it finds anything and you want to repair it.

Billbomb: Isn't there quite a difference between "spyware" and a "trojan?" I never heard that about Firefox - I'll have to check with the computer geeks at work.

billbomb · Aug 19, 2005

xcelbeyond said:
Billbomb: Isn't there quite a difference between "spyware" and a "trojan?" I never heard that about Firefox - I'll have to check with the computer geeks at work.

A "trojan" is the short name for a "Trojan Horse" program that is disguised
as some other program. A common trojan is a free game or screen saver.
Spyware can be delivered as a trojan but many of them are actually
installed without user intervention by expoiting a hole in Windows. Most
of the time it's some sort of "buffer overrun" exploit.

Firefox is a better browser IMO but it will not protect you if a hacker is
attacking your computer through a bug in a Windows system file. In that
case the browser you are using makes no difference.

xcelbeyond · Aug 19, 2005

billbomb said:
Firefox is a better browser IMO but it will not protect you if a hacker is attacking your computer through a bug in a Windows system file. In that case the browser you are using makes no difference.

Won't my firewall (Sygate Personal Firewall Pro) help block anything incoming?

billbomb · Aug 19, 2005

xcelbeyond said:
Won't my firewall (Sygate Personal Firewall Pro) help block anything incoming?

A firewall is good for blocking many types of attacks but it will not stop
a hacker from exploiting a bug that uses your http port. You should use a
firewall but it will not completely protect you.

xcelbeyond · Aug 19, 2005

Thanks for the info and help billbomb!

I hope members here are reading this post so they understand how susceptible they are to getting this sort of thing. I think it's a bigger problem if you cruise around porn or warez sites.

Here I am thinking I'm all protected (and haven't had any incidents for years) and now this happens. I'm at risk now to lose 10's of thousands of dollars at a drop

moj0 · Aug 19, 2005

The main problem is that just about every worm or trojan accesses a system via port 80 (http). If you want to have Internet connectivity you must leave this port open on your firewall.

Modern web programming makes heavy use of client side code execution (activex, javascript etc.) This means that someone can write code that can access your pc over port 80 through your web browser and do almost anything. If your pc has an unpatched security hole, a hacker can write a program (worm, trojan) that can exploit that hole via this route.

Worms and trojans (malware) are ususally delivered by an automated method such as mass email or a home made script that spams the entire Internet trying to infect any pc it can gain access to. Malicious websites can also be used. Once the worm or trojan is delivered to a system it opens communications (usually on IRC). Once this happens then a hacker/thief on the other end can begin to use whatever capabilities the malware may possess to get what he can from the system. He may just use your system a platform to attack others (making it look like you are the hacker) or he may steal personal information or passwords ....anything that may be of potential value.

Having a firewall that blocks outbound traffic to Internet (like ZoneAlarm) can help minimize the damage by blocking the malware's IRC access.There is no way that you can be 100% secure unless you totally restrict all access (network and physical) to the computer. Layers of security work best. Here is what I recommend.

1> turn on Microsoft automatic updates to make sure you get security patches as soon as they are available.

2>run a good commercial anti virus program (Mcafee, Norton, Trend) and make sure it is configured to get automatic updates of the virus pattern file.

3>it has been proven that no single adware/spyware application can cover you completely. I use a combination of adaware and spybot search and destroy. Keep them updated and scan your pc with them frequently.

4>install a good personal firewall blocking incomming as well as outgoing traffic is key as mentioned above.(ZoneAlarm is one of the best)

5>never open an email from an unknown source. I would rather risk deleting a good email than getting compromised.

6>If you use your pc for "sensitive" activities make sure you are protected in the event your system is seized. There is a company called Steganos that makes two must have softeware packages for this purpose. Internet Anonym Pro completey sanitizes any trace of Internet related evidence on your PC and has features that obscure your identity while you surf. If you merely delete cache files or any other file on your pc it's a breeze for forensic pc investigators to recover...trust me on this they WILL recover any file they want. The Steganos tool has a file shredder that makes deleted files COMPLETELY unrecoverable by any means. Steganos also makes a file encryption app called Safe. Any file you store with this encryption app is unrecoverable by ANYONE but the person with the passphrase. It uses the latest AES encryption algorythm and there is no backdoor method to reverse it (yet)

Just be careful, use common sense and never think that you are 100% safe.

Curiousity · Aug 19, 2005

Do you guys run an online scan every once in a while?

I run TrendMicro's free online scan about twice a month in a while and it has caught things that Norton (fully updated) has not. Here is the website (it is completely free):

HTML:

http://housecall.trendmicro.com/

They now also check for spyware too.

Just another tool to help.

moj0 · Aug 19, 2005

Big A, I've tried to find an explanation for that log file behavior but I'm coming up empty. I know that the log should contain standard ASCII text but for some reason you're getting unicode. ?? If you stop and resart Norton does it continue? Can you clear the logfile? If so does it continue with the same behavior? How is the computer acting?

Big A · Aug 20, 2005

moj0 said:
Big A, I've tried to find an explanation for that log file behavior but I'm coming up empty. I know that the log should contain standard ASCII text but for some reason you're getting unicode. ?? If you stop and resart Norton does it continue? Can you clear the logfile? If so does it continue with the same behavior? How is the computer acting?

I got the log working eventually.

A few days ago I updated to Norton 05 and the new PGP9 at the same time.

After I did that, everytime I turn the computer on, I get a windows installer message saying that norton can't install a certain function.

Also, I lost the ability to preview documents in My Documents - you know when you have pics tiled for example, and you can see the size of the file and a preview of the file. Well, I can't do that anymore.
Also, Windows picture viewer is not working as it says a file is missing. Before it did that, if I'd look at a pic, I couldn't press the left or right arrow keys to view other pics. I would have to close the viewer and turn it on again with a new pic.

Also, if I initiate a scan on Norton, it freezes the whole computer when it reaches C/WINDOWS/Downloaded Program Files/SymDlBrg.dll
However, if Norton scans automatically when it is scheduled to do so, it scans fine and there's no viruses found.