From: "RJK" <notatospam@hotmail.com>

| I'm still "itching" to get in front of Adrian's PC, (the one with the
| pop-out that wants him to download Spyaxe),
|
| I spoke to him on the 'phone this morning and he's got the flu, and I don't
| want to go over there and catch it !
| ...and particularly don't want to catch it and take bring it home to my
| household.
|
| I can't just drive past and throw a cd at him, he's not PC proficient enough
| to do a lot of "abnormal" PC tweaking, and I get very frsutrated and rude
| doing PC support over the phone !!!. Oh how I wish I'd remote/desk-topped
| him ages ago.
|
| ...and besides, the first thing I would do is boot from Norton Ghost cd and
| image his drive onto his 2nd hd before starting any tweaking, so that I
| could, if necessary, drop back to his infected platform.
|
| ...anyway, I will post a report on this thread in a couple of days, I want
| to be sure he's clear of his cold or flu, or whatever he's got.
|
| I pondered on asking him to place his system box in my porch, and leaving it
| out there in the cold for an hour or two but, it's winter here, ...I sort
| of siad on the 'phone that I would call in there tommorrow but, I think I've
| changed my mind because of his flu.
|
| ...I do go on a bit don't ! !!!!
|
| ...theremust be some irony in there somewhere, what with his PC infected and
| him infected with a cold or flu as well !!
|
| regards, Richard


Richard:

I'll be around. If you need to you can send me email.
Just remove ~nospam~ from; DLipman~nospam~@Verizon.Net

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%233BBXMZDGHA.2704@TK2MSFTNGP15.phx.gbl...
| From: "PCR" <pcrrcp@netzero.net>
|
|
| |>
| |> Dammit!
| |> I can sit in front of my computers not even thinking of a cigarette for
| |> hours and now I'm smoking one because you brought it up.
| |>
| | I THINK thinking happy thoughts not only makes you fly but prevents cancer as well! Lipman
| | I'm sure is good for that other virus.
|
| Safe Hex is good for the other virus.

Huh? Oh, oh, yea. Yea.

|
| Remember...
|
| There is the soft-2-wear Trojan

Huh!

| and...
| There is the software Trojan.

Right. Yea.

|
| The former you use

I BEG your pardon?

| and the latter you prevent :-)

Oh, oh, yea. That's right. Yea!

|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|

....you're gonna snicker !! :-) ....
I've now got his PC on my bench !!!
....'phoned him this morning - he's still sounding very bronchial ...and
nasal for that matter - so I suggested that he put a litre of warm water in
a jug along with a capful of Dettol and, after unplugging it, wipe over his
system box with a damp cloth, (wrung out in that solution), and place it
outside his back door with a towel over it, (it's lightly raining), and I'll
drive over to P******, (the village where he lives), which I did !!!!!!!
When I got there I put on a dust mask, (that looks like a surgical mask- for
fun), and tapped on the front door, ...wearing the mask to emphasize that
I don't want to contract their cold or flu virus, as I pick up the infected
system box. :-)
....anyway, I've just spent an hour vacuuming and blowing it out, (preventing
fans spinning to prevent back voltages ...I though I'd mention that so that
people don't think I'm an idiot !), and it's now running a Ghost boot a/v
sweep, which I suspect probably won't be worth anything because I suspect
the ActiveX control he allowed on his PC was signaturised by Symantec in May
or June '05 , but, I thought I'd run it anyway. Files scanned is up to
77,000 + and I'm going downstairs for my lunch. :-)

regards, Richard


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:u%23q3ANZDGHA.1676@TK2MSFTNGP09.phx.gbl...
> From: "RJK" <notatospam@hotmail.com>
>
> | I'm still "itching" to get in front of Adrian's PC, (the one with the
> | pop-out that wants him to download Spyaxe),
> |
> | I spoke to him on the 'phone this morning and he's got the flu, and I
> don't
> | want to go over there and catch it !
> | ...and particularly don't want to catch it and take bring it home to my
> | household.
> |
> | I can't just drive past and throw a cd at him, he's not PC proficient
> enough
> | to do a lot of "abnormal" PC tweaking, and I get very frsutrated and
> rude
> | doing PC support over the phone !!!. Oh how I wish I'd
> remote/desk-topped
> | him ages ago.
> |
> | ...and besides, the first thing I would do is boot from Norton Ghost cd
> and
> | image his drive onto his 2nd hd before starting any tweaking, so that I
> | could, if necessary, drop back to his infected platform.
> |
> | ...anyway, I will post a report on this thread in a couple of days, I
> want
> | to be sure he's clear of his cold or flu, or whatever he's got.
> |
> | I pondered on asking him to place his system box in my porch, and
> leaving it
> | out there in the cold for an hour or two but, it's winter here, ...I
> sort
> | of siad on the 'phone that I would call in there tommorrow but, I think
> I've
> | changed my mind because of his flu.
> |
> | ...I do go on a bit don't ! !!!!
> |
> | ...theremust be some irony in there somewhere, what with his PC infected
> and
> | him infected with a cold or flu as well !!
> |
> | regards, Richard
>
>
> Richard:
>
> I'll be around. If you need to you can send me email.
> Just remove ~nospam~ from; DLipman~nospam~@Verizon.Net
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

oooh! this is exciting ! ...no virus found on the standard Norton Ghost a/v
sweep but, thought I'd run the Norton "Run Update Locator" on my PC, six new
virus signatures were found, so burnt those to a cd, and slapped that cd-r
into his 2nd cd drive and ran the a/v sweep again, and "Number of files
infected" is showing "4"

....wonder if Norton'll be able to fix'em ? !

regards, Richard


"RJK" <notatospam@hotmail.com> wrote in message
news:%238zKEagDGHA.2320@TK2MSFTNGP12.phx.gbl...
> ...you're gonna snicker !! :-) ....
> I've now got his PC on my bench !!!
> ...'phoned him this morning - he's still sounding very bronchial ...and
> nasal for that matter - so I suggested that he put a litre of warm water
> in a jug along with a capful of Dettol and, after unplugging it, wipe over
> his system box with a damp cloth, (wrung out in that solution), and place
> it outside his back door with a towel over it, (it's lightly raining), and
> I'll drive over to P******, (the village where he lives), which I did
> !!!!!!!
> When I got there I put on a dust mask, (that looks like a surgical mask-
> for fun), and tapped on the front door, ...wearing the mask to emphasize
> that I don't want to contract their cold or flu virus, as I pick up the
> infected system box. :-)
> ...anyway, I've just spent an hour vacuuming and blowing it out,
> (preventing fans spinning to prevent back voltages ...I though I'd mention
> that so that people don't think I'm an idiot !), and it's now running a
> Ghost boot a/v sweep, which I suspect probably won't be worth anything
> because I suspect the ActiveX control he allowed on his PC was
> signaturised by Symantec in May or June '05 , but, I thought I'd run it
> anyway. Files scanned is up to 77,000 + and I'm going downstairs for my
> lunch. :-)
>
> regards, Richard
>
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:u%23q3ANZDGHA.1676@TK2MSFTNGP09.phx.gbl...
>> From: "RJK" <notatospam@hotmail.com>
>>
>> | I'm still "itching" to get in front of Adrian's PC, (the one with the
>> | pop-out that wants him to download Spyaxe),
>> |
>> | I spoke to him on the 'phone this morning and he's got the flu, and I
>> don't
>> | want to go over there and catch it !
>> | ...and particularly don't want to catch it and take bring it home to my
>> | household.
>> |
>> | I can't just drive past and throw a cd at him, he's not PC proficient
>> enough
>> | to do a lot of "abnormal" PC tweaking, and I get very frsutrated and
>> rude
>> | doing PC support over the phone !!!. Oh how I wish I'd
>> remote/desk-topped
>> | him ages ago.
>> |
>> | ...and besides, the first thing I would do is boot from Norton Ghost cd
>> and
>> | image his drive onto his 2nd hd before starting any tweaking, so that I
>> | could, if necessary, drop back to his infected platform.
>> |
>> | ...anyway, I will post a report on this thread in a couple of days, I
>> want
>> | to be sure he's clear of his cold or flu, or whatever he's got.
>> |
>> | I pondered on asking him to place his system box in my porch, and
>> leaving it
>> | out there in the cold for an hour or two but, it's winter here, ...I
>> sort
>> | of siad on the 'phone that I would call in there tommorrow but, I think
>> I've
>> | changed my mind because of his flu.
>> |
>> | ...I do go on a bit don't ! !!!!
>> |
>> | ...theremust be some irony in there somewhere, what with his PC
>> infected and
>> | him infected with a cold or flu as well !!
>> |
>> | regards, Richard
>>
>>
>> Richard:
>>
>> I'll be around. If you need to you can send me email.
>> Just remove ~nospam~ from; DLipman~nospam~@Verizon.Net
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm
>>
>>
>
>

....and YES!!!!!! ...it is the Trojan.Zlob virus

Norton is reporting that:-
Number of files scanned: 89064
Number of infections found : 4
Number of files repaired: 0
Number of files deleted: 4
Number of files left infected: 0

Details:
c:\windows\system32\nvctrl.exe was infected with Trojan.Zlob.
(DELETED)
c:\windows\system32 \ldE309.tmp was infected with Trojan.Zlob. (DELETED)
c:\windows\system32\hpE58A.tmp was infected with Trojan.Zlob. (DELETED)
c:\windows\system32\mssearchnet.exe was infected with Trojan.Zlob.D
(DELETED)

....which now leaves me wondering if I should let his PC boot to Windows XP
Home "normal" mode, I think I'll have a re-read of your post,
....and boot to Safe mode and uninstall his older Java first ?
....and should I then run the SmitRem.exe that you mention, or could Norton
have done the job ??

regards, Richard


"RJK" <notatospam@hotmail.com> wrote in message
news:OEeUGygDGHA.3752@TK2MSFTNGP10.phx.gbl...
> oooh! this is exciting ! ...no virus found on the standard Norton Ghost
> a/v sweep but, thought I'd run the Norton "Run Update Locator" on my PC,
> six new virus signatures were found, so burnt those to a cd, and slapped
> that cd-r into his 2nd cd drive and ran the a/v sweep again, and "Number
> of files infected" is showing "4"
>
> ...wonder if Norton'll be able to fix'em ? !
>
> regards, Richard
>
>
> "RJK" <notatospam@hotmail.com> wrote in message
> news:%238zKEagDGHA.2320@TK2MSFTNGP12.phx.gbl...
>> ...you're gonna snicker !! :-) ....
>> I've now got his PC on my bench !!!
>> ...'phoned him this morning - he's still sounding very bronchial ...and
>> nasal for that matter - so I suggested that he put a litre of warm water
>> in a jug along with a capful of Dettol and, after unplugging it, wipe
>> over his system box with a damp cloth, (wrung out in that solution), and
>> place it outside his back door with a towel over it, (it's lightly
>> raining), and I'll drive over to P******, (the village where he lives),
>> which I did !!!!!!!
>> When I got there I put on a dust mask, (that looks like a surgical mask-
>> for fun), and tapped on the front door, ...wearing the mask to emphasize
>> that I don't want to contract their cold or flu virus, as I pick up the
>> infected system box. :-)
>> ...anyway, I've just spent an hour vacuuming and blowing it out,
>> (preventing fans spinning to prevent back voltages ...I though I'd
>> mention that so that people don't think I'm an idiot !), and it's now
>> running a Ghost boot a/v sweep, which I suspect probably won't be worth
>> anything because I suspect the ActiveX control he allowed on his PC was
>> signaturised by Symantec in May or June '05 , but, I thought I'd run it
>> anyway. Files scanned is up to 77,000 + and I'm going downstairs for my
>> lunch. :-)
>>
>> regards, Richard
>>
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news:u%23q3ANZDGHA.1676@TK2MSFTNGP09.phx.gbl...
>>> From: "RJK" <notatospam@hotmail.com>
>>>
>>> | I'm still "itching" to get in front of Adrian's PC, (the one with the
>>> | pop-out that wants him to download Spyaxe),
>>> |
>>> | I spoke to him on the 'phone this morning and he's got the flu, and I
>>> don't
>>> | want to go over there and catch it !
>>> | ...and particularly don't want to catch it and take bring it home to
>>> my
>>> | household.
>>> |
>>> | I can't just drive past and throw a cd at him, he's not PC proficient
>>> enough
>>> | to do a lot of "abnormal" PC tweaking, and I get very frsutrated and
>>> rude
>>> | doing PC support over the phone !!!. Oh how I wish I'd
>>> remote/desk-topped
>>> | him ages ago.
>>> |
>>> | ...and besides, the first thing I would do is boot from Norton Ghost
>>> cd and
>>> | image his drive onto his 2nd hd before starting any tweaking, so that
>>> I
>>> | could, if necessary, drop back to his infected platform.
>>> |
>>> | ...anyway, I will post a report on this thread in a couple of days, I
>>> want
>>> | to be sure he's clear of his cold or flu, or whatever he's got.
>>> |
>>> | I pondered on asking him to place his system box in my porch, and
>>> leaving it
>>> | out there in the cold for an hour or two but, it's winter here, ...I
>>> sort
>>> | of siad on the 'phone that I would call in there tommorrow but, I
>>> think I've
>>> | changed my mind because of his flu.
>>> |
>>> | ...I do go on a bit don't ! !!!!
>>> |
>>> | ...theremust be some irony in there somewhere, what with his PC
>>> infected and
>>> | him infected with a cold or flu as well !!
>>> |
>>> | regards, Richard
>>>
>>>
>>> Richard:
>>>
>>> I'll be around. If you need to you can send me email.
>>> Just remove ~nospam~ from; DLipman~nospam~@Verizon.Net
>>>
>>> --
>>> Dave
>>> http://www.claymania.com/removal-trojan-adware.html
>>> http://www.ik-cs.com/got-a-virus.htm
>>>
>>>
>>
>>
>
>

mmm... just been having a rummmage around his PC in Safe Mode and "Spyaxe
3.0" is listed in Control Panel Add/Remove Programs.

....now beginning to implement your post !

regards, Richard

From: "RJK" <notatospam@hotmail.com>

| ...and YES!!!!!! ...it is the Trojan.Zlob virus
|
| Norton is reporting that:-
| Number of files scanned: 89064
| Number of infections found : 4
| Number of files repaired: 0
| Number of files deleted: 4
| Number of files left infected: 0
|
| Details:
| c:\windows\system32\nvctrl.exe was infected with Trojan.Zlob.
| (DELETED)
| c:\windows\system32 \ldE309.tmp was infected with Trojan.Zlob. (DELETED)
| c:\windows\system32\hpE58A.tmp was infected with Trojan.Zlob. (DELETED)
| c:\windows\system32\mssearchnet.exe was infected with Trojan.Zlob.D
| (DELETED)
|
| ...which now leaves me wondering if I should let his PC boot to Windows XP
| Home "normal" mode, I think I'll have a re-read of your post,
| ...and boot to Safe mode and uninstall his older Java first ?
| ...and should I then run the SmitRem.exe that you mention, or could Norton
| have done the job ??
|
| regards, Richard


The Trojan ZLob is responsible for many malware outbreaks as of late.

The tools I suggested early into this thread are designed to remove many ogf the threats
associated together with the ZLob Trojan.

My particular solution...

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Adds the McAfee Command Line Scanner so not aonly will the associated malware be removed but
other possible infectors will also be detected via signature and heuristic detection.

NOTE: The above tool was updated last night. Make sure you use the latest version.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Thanx yet again :-)

After running running that Norton sweep that found 4 infected files, I had
a rummage in Safe Mode and noticed that SpyAxe 3.0 was listed in Control
Panel "add/Remove" programs. I restarted, and missed my F8 opportunity, (to
go fo Safe mode again), and the damned thing started in Normal Mode and up
popped all the SpyAxe crap, so I'm running Ghost /av sweep again, (1
infected file found so far)

....oh what fun !

regards, Richard


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:O%23ImvJhDGHA.2292@tk2msftngp13.phx.gbl...
> From: "RJK" <notatospam@hotmail.com>
>
> | ...and YES!!!!!! ...it is the Trojan.Zlob virus
> |
> | Norton is reporting that:-
> | Number of files scanned: 89064
> | Number of infections found : 4
> | Number of files repaired: 0
> | Number of files deleted: 4
> | Number of files left infected: 0
> |
> | Details:
> | c:\windows\system32\nvctrl.exe was infected with Trojan.Zlob.
> | (DELETED)
> | c:\windows\system32 \ldE309.tmp was infected with Trojan.Zlob.
> (DELETED)
> | c:\windows\system32\hpE58A.tmp was infected with Trojan.Zlob. (DELETED)
> | c:\windows\system32\mssearchnet.exe was infected with Trojan.Zlob.D
> | (DELETED)
> |
> | ...which now leaves me wondering if I should let his PC boot to Windows
> XP
> | Home "normal" mode, I think I'll have a re-read of your post,
> | ...and boot to Safe mode and uninstall his older Java first ?
> | ...and should I then run the SmitRem.exe that you mention, or could
> Norton
> | have done the job ??
> |
> | regards, Richard
>
>
> The Trojan ZLob is responsible for many malware outbreaks as of late.
>
> The tools I suggested early into this thread are designed to remove many
> ogf the threats
> associated together with the ZLob Trojan.
>
> My particular solution...
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Adds the McAfee Command Line Scanner so not aonly will the associated
> malware be removed but
> other possible infectors will also be detected via signature and heuristic
> detection.
>
> NOTE: The above tool was updated last night. Make sure you use the
> latest version.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

RJK wrote:
> Thanx yet again :-)
>
> After running running that Norton sweep that found 4 infected files, I had
> a rummage in Safe Mode and noticed that SpyAxe 3.0 was listed in Control
> Panel "add/Remove" programs. I restarted, and missed my F8 opportunity, (to
> go fo Safe mode again), and the damned thing started in Normal Mode and up
> popped all the SpyAxe crap, so I'm running Ghost /av sweep again, (1
> infected file found so far)
>
> ...oh what fun !
>
> regards, Richard
>
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:O%23ImvJhDGHA.2292@tk2msftngp13.phx.gbl...
>
>>From: "RJK" <notatospam@hotmail.com>
>>
>>| ...and YES!!!!!! ...it is the Trojan.Zlob virus
>>|
>>| Norton is reporting that:-
>>| Number of files scanned: 89064
>>| Number of infections found : 4
>>| Number of files repaired: 0
>>| Number of files deleted: 4
>>| Number of files left infected: 0
>>|
>>| Details:
>>| c:\windows\system32\nvctrl.exe was infected with Trojan.Zlob.
>>| (DELETED)
>>| c:\windows\system32 \ldE309.tmp was infected with Trojan.Zlob.
>>(DELETED)
>>| c:\windows\system32\hpE58A.tmp was infected with Trojan.Zlob. (DELETED)
>>| c:\windows\system32\mssearchnet.exe was infected with Trojan.Zlob.D
>>| (DELETED)
>>|
>>| ...which now leaves me wondering if I should let his PC boot to Windows
>>XP
>>| Home "normal" mode, I think I'll have a re-read of your post,
>>| ...and boot to Safe mode and uninstall his older Java first ?
>>| ...and should I then run the SmitRem.exe that you mention, or could
>>Norton
>>| have done the job ??
>>|
>>| regards, Richard
>>
>>
>>The Trojan ZLob is responsible for many malware outbreaks as of late.
>>
>>The tools I suggested early into this thread are designed to remove many
>>ogf the threats
>>associated together with the ZLob Trojan.
>>
>>My particular solution...
>>
>>Download SmitFraud.exe from the URL --
>>http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>>
>>Adds the McAfee Command Line Scanner so not aonly will the associated
>>malware be removed but
>>other possible infectors will also be detected via signature and heuristic
>>detection.
>>
>>NOTE: The above tool was updated last night. Make sure you use the
>>latest version.
>>
>>--
>>Dave
>>http://www.claymania.com/removal-trojan-adware.html
>>http://www.ik-cs.com/got-a-virus.htm
>>
>>
>
>
>

What I do in these cases is to enable the boot menu, by
starting msconfig, and opening advanced properties. look for
enable boot time menu. That will force system to pause and
toss up boot menu. Takes the guesswork out of the t shoot
process.

From: "Lester Stiefel" <les7954@verizon.net>


| What I do in these cases is to enable the boot menu, by
| starting msconfig, and opening advanced properties. look for
| enable boot time menu. That will force system to pause and
| toss up boot menu. Takes the guesswork out of the t shoot
| process.


You can also use the free Boot Safe utility from SuperAdBlocker
http://www.superadblocker.com/bootsafe.html

http://www.superadblocker.com/downloads/BootSafe.exe

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm