....long 'phone call, ...I haven't got in front of the following PC yet .....

A friend, (Adrian R*), has been hijacked, something has implanted itself
into his system tray and is presenting a pop out speech bubble as shown
here,
http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this site
DO NOT download anything it, I haven't looked into it's "reputation." !!
....i.e. it could yet one more of the thousands of ant-spyware programs that
is itself riddled with spyware!

Adrian's IE6 Homepage has become www.systemwarning.com and the malware is
advising him to download more malware under the name of "SpyAxe,"
anti-spyware software.

I've had an initial Google around the web and suspect that he has the
Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got, and
very hard locating a manual work through to remove it.

Can ayone point me to a more appropriate remedy other than
http://securityresponse.symantec.com...an.zlob.e.html
....or am I on the right track, ....in case I'm barking up the wrong tree.

....Left him running an a/v sweep in Safe Mode, will visit on site tommorrow.

....am continuing to research this on the web, will post details if I find my
own solution for him, in case it can help others.

regards, Richard

From: "RJK" <notatospam@hotmail.com>

| ...long 'phone call, ...I haven't got in front of the following PC yet .....
|
| A friend, (Adrian R*), has been hijacked, something has implanted itself
| into his system tray and is presenting a pop out speech bubble as shown
| here,
| http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this site
| DO NOT download anything it, I haven't looked into it's "reputation." !!
| ...i.e. it could yet one more of the thousands of ant-spyware programs that
| is itself riddled with spyware!
|
| Adrian's IE6 Homepage has become www.systemwarning.com and the malware is
| advising him to download more malware under the name of "SpyAxe,"
| anti-spyware software.
|
| I've had an initial Google around the web and suspect that he has the
| Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got, and
| very hard locating a manual work through to remove it.
|
| Can ayone point me to a more appropriate remedy other than
| http://securityresponse.symantec.com...an.zlob.e.html
| ...or am I on the right track, ....in case I'm barking up the wrong tree.
|
| ...Left him running an a/v sweep in Safe Mode, will visit on site tommorrow.
|
| ...am continuing to research this on the web, will post details if I find my
| own solution for him, in case it can help others.
|
| regards, Richard
|



Two part reply..

Perform Part 1 then perform Part 2.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0, then
you are are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp




Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server

Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.

Alternate:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072



Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

RJK wrote:

> ...long 'phone call, ...I haven't got in front of the following PC yet
> .....
>
> A friend, (Adrian R*), has been hijacked, something has implanted
> itself into his system tray and is presenting a pop out speech bubble
> as shown here,
> http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
> site DO NOT download anything it, I haven't looked into it's
> "reputation." !! ...i.e. it could yet one more of the thousands of
> ant-spyware programs that is itself riddled with spyware!
>
> Adrian's IE6 Homepage has become www.systemwarning.com and the malware
> is advising him to download more malware under the name of "SpyAxe,"
> anti-spyware software.
>
> I've had an initial Google around the web and suspect that he has the
> Trojan.zlob.e trojan but, it's hard to pin down exactly what he's
> got, and very hard locating a manual work through to remove it.
>
> Can ayone point me to a more appropriate remedy other than
>
http://securityresponse.symantec.com...an.zlob.e.html
> ...or am I on the right track, ....in case I'm barking up the wrong
> tree.

Try noahdfear's SmitFraud and SpyAxe removal tool -
http://noahdfear.geekstogo.com/click...click.php?id=8
References - http://www.bleepingcomputer.com/forums/topic36868.html
http://malwareremoval.com/plog/index...Id=48&blogId=3

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

HUUUUGE thanx, will be working throught your post after a coffee and,
(ashamed to say it - a cigarrette), and collecting up the necessaries for
tommorrow.

regards, Richard


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eCnZ2tMDGHA.1028@TK2MSFTNGP11.phx.gbl...
> From: "RJK" <notatospam@hotmail.com>
>
> | ...long 'phone call, ...I haven't got in front of the following PC yet
> .....
> |
> | A friend, (Adrian R*), has been hijacked, something has implanted itself
> | into his system tray and is presenting a pop out speech bubble as shown
> | here,
> | http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
> site
> | DO NOT download anything it, I haven't looked into it's "reputation." !!
> | ...i.e. it could yet one more of the thousands of ant-spyware programs
> that
> | is itself riddled with spyware!
> |
> | Adrian's IE6 Homepage has become www.systemwarning.com and the malware
> is
> | advising him to download more malware under the name of "SpyAxe,"
> | anti-spyware software.
> |
> | I've had an initial Google around the web and suspect that he has the
> | Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got,
> and
> | very hard locating a manual work through to remove it.
> |
> | Can ayone point me to a more appropriate remedy other than
> |
> http://securityresponse.symantec.com...an.zlob.e.html
> | ...or am I on the right track, ....in case I'm barking up the wrong
> tree.
> |
> | ...Left him running an a/v sweep in Safe Mode, will visit on site
> tommorrow.
> |
> | ...am continuing to research this on the web, will post details if I
> find my
> | own solution for him, in case it can help others.
> |
> | regards, Richard
> |
>
>
>
> Two part reply..
>
> Perform Part 1 then perform Part 2.
>
> It is suggested that you execute each tool in Normal Mode then in Safe
> Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version 5.0,
> then
> you are are strongly urged to remove any/all versions that are prior to
> JRE
> Version 5.0. There are vulnerabilities in them and they are actively
> being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions of
> Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0
> Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
>
> Use the alternate if the first two parts are ineffective...
> Note: Alternate only for Win2K, WinXP and Win2003 Server
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click...click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of
> C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or
> Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before
> performing another scan.
>
> Alternate:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
>
> Please Copy and Paste the contents of the HTML Log file;
> C:\mcafee\ScanReport.HTML in your
> reply.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Oh My Oh My ! ...I trundled along to
http://www.java.com/en/download/manual.jsp
and clicked on "Windows Offline installation "download"" and my IE wants to
save/download a file called "CAMWLOL.exe", (I wonder if the LOL part of the
filename stands for "lots of laughs." !! :-) This filename differs from
the
http://www.java.com/en/download/help...0.xml#download download
instructions, specifically:-

....just checked my "Java downloads" directory and
jre-1_5_0_01-windows-i586-p.exe is the last version I installed on my own
PC - 26th January 2005

"Download and Install

Go to java.com
Click Manual Download under Get Java Software.
Click Download next to Windows (Offline Installation).
The File Download dialog box appears.
Choose the folder location. (Save the file to a known location on your
computer, for example, to your desktop).
Click Save.
The Save As dialog box appears.
If you have previously downloaded this version of JRE, you may be prompted:
File jre-1_5_0_02-windows-i586-p.exe already exists. Do you want to replace
it?
Click Yes to replace.
Verify that the:
Name of the file is jre-1_5_0_02-windows-i586-p.exe
Size is approximately 15.2 MB
Close all applications including the browser.
Double-click on the saved file icon to start the installation process."

....Has Sun been hacked I wonder ?

regards, Richard

....I'm getting ever so suspicious of the web these days !!!!!


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eCnZ2tMDGHA.1028@TK2MSFTNGP11.phx.gbl...
> From: "RJK" <notatospam@hotmail.com>
>
> | ...long 'phone call, ...I haven't got in front of the following PC yet
> .....
> |
> | A friend, (Adrian R*), has been hijacked, something has implanted itself
> | into his system tray and is presenting a pop out speech bubble as shown
> | here,
> | http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
> site
> | DO NOT download anything it, I haven't looked into it's "reputation." !!
> | ...i.e. it could yet one more of the thousands of ant-spyware programs
> that
> | is itself riddled with spyware!
> |
> | Adrian's IE6 Homepage has become www.systemwarning.com and the malware
> is
> | advising him to download more malware under the name of "SpyAxe,"
> | anti-spyware software.
> |
> | I've had an initial Google around the web and suspect that he has the
> | Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got,
> and
> | very hard locating a manual work through to remove it.
> |
> | Can ayone point me to a more appropriate remedy other than
> |
> http://securityresponse.symantec.com...an.zlob.e.html
> | ...or am I on the right track, ....in case I'm barking up the wrong
> tree.
> |
> | ...Left him running an a/v sweep in Safe Mode, will visit on site
> tommorrow.
> |
> | ...am continuing to research this on the web, will post details if I
> find my
> | own solution for him, in case it can help others.
> |
> | regards, Richard
> |
>
>
>
> Two part reply..
>
> Perform Part 1 then perform Part 2.
>
> It is suggested that you execute each tool in Normal Mode then in Safe
> Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version 5.0,
> then
> you are are strongly urged to remove any/all versions that are prior to
> JRE
> Version 5.0. There are vulnerabilities in them and they are actively
> being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions of
> Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0
> Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
>
> Use the alternate if the first two parts are ineffective...
> Note: Alternate only for Win2K, WinXP and Win2003 Server
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click...click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of
> C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or
> Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before
> performing another scan.
>
> Alternate:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
>
> Please Copy and Paste the contents of the HTML Log file;
> C:\mcafee\ScanReport.HTML in your
> reply.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

"RJK" <notatospam@hotmail.com> wrote in message
news:emBsp2MDGHA.1032@TK2MSFTNGP11.phx.gbl
> HUUUUGE thanx, will be working throught your post after a coffee and,
> (ashamed to say it - a cigarrette), and collecting up the necessaries
> for tommorrow.
>
> regards, Richard

Dammit!
I can sit in front of my computers not even thinking of a cigarette for
hours and now I'm smoking one because you brought it up.

--
Frank Saunders, MS-MVP OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

ooops! missed out the filename. ***

Oh My Oh My ! ...I trundled along to
http://www.java.com/en/download/manual.jsp
and clicked on "Windows Offline installation "download"" and my IE wants to
save/download a file called "CAMWLOL.exe", (I wonder if the LOL part of the
filename stands for "lots of laughs." !! :-) This filename differs from
the
http://www.java.com/en/download/help...0.xml#download download
instructions, specifically:-
*** jre-1_5_0_01-windows-i586-p.exe

....just checked my "Java downloads" directory and
jre-1_5_0_01-windows-i586-p.exe is the last version I installed on my own
PC - 26th January 2005

"Download and Install

Go to java.com
Click Manual Download under Get Java Software.
Click Download next to Windows (Offline Installation).
The File Download dialog box appears.
Choose the folder location. (Save the file to a known location on your
computer, for example, to your desktop).
Click Save.
The Save As dialog box appears.
If you have previously downloaded this version of JRE, you may be prompted:
File jre-1_5_0_02-windows-i586-p.exe already exists. Do you want to replace
it?
Click Yes to replace.
Verify that the:
Name of the file is jre-1_5_0_02-windows-i586-p.exe
Size is approximately 15.2 MB
Close all applications including the browser.
Double-click on the saved file icon to start the installation process."

....Has Sun been hacked I wonder ?

regards, Richard

"RJK" <notatospam@hotmail.com> wrote in message
news:uIGl7VNDGHA.1032@TK2MSFTNGP11.phx.gbl...
> Oh My Oh My ! ...I trundled along to
> http://www.java.com/en/download/manual.jsp
> and clicked on "Windows Offline installation "download"" and my IE wants
> to save/download a file called "CAMWLOL.exe", (I wonder if the LOL part of
> the filename stands for "lots of laughs." !! :-) This filename differs
> from the
> http://www.java.com/en/download/help...0.xml#download download
> instructions, specifically:-
>
> ...just checked my "Java downloads" directory and
> jre-1_5_0_01-windows-i586-p.exe is the last version I installed on my own
> PC - 26th January 2005
>
> "Download and Install
>
> Go to java.com
> Click Manual Download under Get Java Software.
> Click Download next to Windows (Offline Installation).
> The File Download dialog box appears.
> Choose the folder location. (Save the file to a known location on your
> computer, for example, to your desktop).
> Click Save.
> The Save As dialog box appears.
> If you have previously downloaded this version of JRE, you may be
> prompted:
> File jre-1_5_0_02-windows-i586-p.exe already exists. Do you want to
> replace it?
> Click Yes to replace.
> Verify that the:
> Name of the file is jre-1_5_0_02-windows-i586-p.exe
> Size is approximately 15.2 MB
> Close all applications including the browser.
> Double-click on the saved file icon to start the installation process."
>
> ...Has Sun been hacked I wonder ?
>
> regards, Richard
>
> ...I'm getting ever so suspicious of the web these days !!!!!
>
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:eCnZ2tMDGHA.1028@TK2MSFTNGP11.phx.gbl...
>> From: "RJK" <notatospam@hotmail.com>
>>
>> | ...long 'phone call, ...I haven't got in front of the following PC yet
>> .....
>> |
>> | A friend, (Adrian R*), has been hijacked, something has implanted
>> itself
>> | into his system tray and is presenting a pop out speech bubble as shown
>> | here,
>> | http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
>> site
>> | DO NOT download anything it, I haven't looked into it's "reputation."
>> !!
>> | ...i.e. it could yet one more of the thousands of ant-spyware programs
>> that
>> | is itself riddled with spyware!
>> |
>> | Adrian's IE6 Homepage has become www.systemwarning.com and the malware
>> is
>> | advising him to download more malware under the name of "SpyAxe,"
>> | anti-spyware software.
>> |
>> | I've had an initial Google around the web and suspect that he has the
>> | Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got,
>> and
>> | very hard locating a manual work through to remove it.
>> |
>> | Can ayone point me to a more appropriate remedy other than
>> |
>> http://securityresponse.symantec.com...an.zlob.e.html
>> | ...or am I on the right track, ....in case I'm barking up the wrong
>> tree.
>> |
>> | ...Left him running an a/v sweep in Safe Mode, will visit on site
>> tommorrow.
>> |
>> | ...am continuing to research this on the web, will post details if I
>> find my
>> | own solution for him, in case it can help others.
>> |
>> | regards, Richard
>> |
>>
>>
>>
>> Two part reply..
>>
>> Perform Part 1 then perform Part 2.
>>
>> It is suggested that you execute each tool in Normal Mode then in Safe
>> Mode.
>>
>> If you are using any version of Sun Java that is prior to JRE Version
>> 5.0, then
>> you are are strongly urged to remove any/all versions that are prior to
>> JRE
>> Version 5.0. There are vulnerabilities in them and they are actively
>> being exploited.
>> It is possible that is how you got infected with malware.
>>
>> Therefore, it is highly suggested that if there are any prior versions of
>> Sun Java
>> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0
>> Update 6
>> be installed ASAP.
>>
>> http://www.java.com/en/download/manual.jsp
>>
>>
>>
>>
>> Use the alternate if the first two parts are ineffective...
>> Note: Alternate only for Win2K, WinXP and Win2003 Server
>>
>> Part 1
>> -----------
>>
>> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
>> http://noahdfear.geekstogo.com/click...click.php?id=1
>>
>> http://www.bleepingcomputer.com/forums/topic36868.html
>>
>>
>> Part 2
>> -----------
>>
>> Download SmitFraud.exe from the URL --
>> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>>
>> Execute; SmitFraud.exe { Note: You must accept the default of
>> C:\McAfee }
>> Choose; Unzip
>> Choose; Close
>>
>> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
>> go through your
>> FireWall to enable WGET.EXE to download the needed McAfee related files.
>>
>> Execute; c:\mcafee\clean.bat
>> { or Double-click on 'Clean Link' in c:\mcafee }
>>
>> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
>> generated. At the
>> end of the scan, it will be displayed in your browser (Opera, FireFox or
>> Internet Explorer).
>> It is suggested that you move the report out of c:\mcafee before
>> performing another scan.
>>
>> Alternate:
>>
>> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>>
>> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>>
>> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>>
>>
>>
>> Please Copy and Paste the contents of the HTML Log file;
>> C:\mcafee\ScanReport.HTML in your
>> reply.
>>
>> * * * Please report back your results * * *
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm
>>
>>
>
>

LOL ! :-)

regards, Richard


"Frank Saunders, MS-MVP OE" <franksaunders@mvps.org> wrote in message
news:uaPx9WNDGHA.1180@TK2MSFTNGP09.phx.gbl...
> "RJK" <notatospam@hotmail.com> wrote in message
> news:emBsp2MDGHA.1032@TK2MSFTNGP11.phx.gbl
>> HUUUUGE thanx, will be working throught your post after a coffee and,
>> (ashamed to say it - a cigarrette), and collecting up the necessaries
>> for tommorrow.
>>
>> regards, Richard
>
> Dammit!
> I can sit in front of my computers not even thinking of a cigarette for
> hours and now I'm smoking one because you brought it up.
>
> --
> Frank Saunders, MS-MVP OE
> Please respond in Newsgroup. Do not send email
> http://www.fjsmjs.com
> Protect your PC
> http://www.microsoft.com/security/protect/
>
>
>

oh ! I seem to get a different download filename every time I click on the
link, so perhaps it's because I haven't preset high enough security
permissions for the Sun web-site. ...CA5WC3DL.exe seems to be arriving from
"sdlc-esd.sun.com." !
I think I may go outside for another cigarrette !!

regards, Richard


"RJK" <notatospam@hotmail.com> wrote in message
news:eujQ4YNDGHA.1312@TK2MSFTNGP09.phx.gbl...
> ooops! missed out the filename. ***
>
> Oh My Oh My ! ...I trundled along to
> http://www.java.com/en/download/manual.jsp
> and clicked on "Windows Offline installation "download"" and my IE wants
> to
> save/download a file called "CAMWLOL.exe", (I wonder if the LOL part of
> the
> filename stands for "lots of laughs." !! :-) This filename differs from
> the
> http://www.java.com/en/download/help...0.xml#download download
> instructions, specifically:-
> *** jre-1_5_0_01-windows-i586-p.exe
>
> ...just checked my "Java downloads" directory and
> jre-1_5_0_01-windows-i586-p.exe is the last version I installed on my own
> PC - 26th January 2005
>
> "Download and Install
>
> Go to java.com
> Click Manual Download under Get Java Software.
> Click Download next to Windows (Offline Installation).
> The File Download dialog box appears.
> Choose the folder location. (Save the file to a known location on your
> computer, for example, to your desktop).
> Click Save.
> The Save As dialog box appears.
> If you have previously downloaded this version of JRE, you may be
> prompted:
> File jre-1_5_0_02-windows-i586-p.exe already exists. Do you want to
> replace
> it?
> Click Yes to replace.
> Verify that the:
> Name of the file is jre-1_5_0_02-windows-i586-p.exe
> Size is approximately 15.2 MB
> Close all applications including the browser.
> Double-click on the saved file icon to start the installation process."
>
> ...Has Sun been hacked I wonder ?
>
> regards, Richard
>
> "RJK" <notatospam@hotmail.com> wrote in message
> news:uIGl7VNDGHA.1032@TK2MSFTNGP11.phx.gbl...
>> Oh My Oh My ! ...I trundled along to
>> http://www.java.com/en/download/manual.jsp
>> and clicked on "Windows Offline installation "download"" and my IE wants
>> to save/download a file called "CAMWLOL.exe", (I wonder if the LOL part
>> of the filename stands for "lots of laughs." !! :-) This filename
>> differs from the
>> http://www.java.com/en/download/help...0.xml#download download
>> instructions, specifically:-
>>
>> ...just checked my "Java downloads" directory and
>> jre-1_5_0_01-windows-i586-p.exe is the last version I installed on my own
>> PC - 26th January 2005
>>
>> "Download and Install
>>
>> Go to java.com
>> Click Manual Download under Get Java Software.
>> Click Download next to Windows (Offline Installation).
>> The File Download dialog box appears.
>> Choose the folder location. (Save the file to a known location on your
>> computer, for example, to your desktop).
>> Click Save.
>> The Save As dialog box appears.
>> If you have previously downloaded this version of JRE, you may be
>> prompted:
>> File jre-1_5_0_02-windows-i586-p.exe already exists. Do you want to
>> replace it?
>> Click Yes to replace.
>> Verify that the:
>> Name of the file is jre-1_5_0_02-windows-i586-p.exe
>> Size is approximately 15.2 MB
>> Close all applications including the browser.
>> Double-click on the saved file icon to start the installation process."
>>
>> ...Has Sun been hacked I wonder ?
>>
>> regards, Richard
>>
>> ...I'm getting ever so suspicious of the web these days !!!!!
>>
>>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news:eCnZ2tMDGHA.1028@TK2MSFTNGP11.phx.gbl...
>>> From: "RJK" <notatospam@hotmail.com>
>>>
>>> | ...long 'phone call, ...I haven't got in front of the following PC yet
>>> .....
>>> |
>>> | A friend, (Adrian R*), has been hijacked, something has implanted
>>> itself
>>> | into his system tray and is presenting a pop out speech bubble as
>>> shown
>>> | here,
>>> | http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
>>> site
>>> | DO NOT download anything it, I haven't looked into it's "reputation."
>>> !!
>>> | ...i.e. it could yet one more of the thousands of ant-spyware programs
>>> that
>>> | is itself riddled with spyware!
>>> |
>>> | Adrian's IE6 Homepage has become www.systemwarning.com and the malware
>>> is
>>> | advising him to download more malware under the name of "SpyAxe,"
>>> | anti-spyware software.
>>> |
>>> | I've had an initial Google around the web and suspect that he has the
>>> | Trojan.zlob.e trojan but, it's hard to pin down exactly what he's
>>> got, and
>>> | very hard locating a manual work through to remove it.
>>> |
>>> | Can ayone point me to a more appropriate remedy other than
>>> |
>>> http://securityresponse.symantec.com...an.zlob.e.html
>>> | ...or am I on the right track, ....in case I'm barking up the wrong
>>> tree.
>>> |
>>> | ...Left him running an a/v sweep in Safe Mode, will visit on site
>>> tommorrow.
>>> |
>>> | ...am continuing to research this on the web, will post details if I
>>> find my
>>> | own solution for him, in case it can help others.
>>> |
>>> | regards, Richard
>>> |
>>>
>>>
>>>
>>> Two part reply..
>>>
>>> Perform Part 1 then perform Part 2.
>>>
>>> It is suggested that you execute each tool in Normal Mode then in Safe
>>> Mode.
>>>
>>> If you are using any version of Sun Java that is prior to JRE Version
>>> 5.0, then
>>> you are are strongly urged to remove any/all versions that are prior to
>>> JRE
>>> Version 5.0. There are vulnerabilities in them and they are actively
>>> being exploited.
>>> It is possible that is how you got infected with malware.
>>>
>>> Therefore, it is highly suggested that if there are any prior versions
>>> of Sun Java
>>> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0
>>> Update 6
>>> be installed ASAP.
>>>
>>> http://www.java.com/en/download/manual.jsp
>>>
>>>
>>>
>>>
>>> Use the alternate if the first two parts are ineffective...
>>> Note: Alternate only for Win2K, WinXP and Win2003 Server
>>>
>>> Part 1
>>> -----------
>>>
>>> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
>>> http://noahdfear.geekstogo.com/click...click.php?id=1
>>>
>>> http://www.bleepingcomputer.com/forums/topic36868.html
>>>
>>>
>>> Part 2
>>> -----------
>>>
>>> Download SmitFraud.exe from the URL --
>>> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>>>
>>> Execute; SmitFraud.exe { Note: You must accept the default of
>>> C:\McAfee }
>>> Choose; Unzip
>>> Choose; Close
>>>
>>> NOTE: You may have to disable your software FireWall or allow WGET.EXE
>>> to go through your
>>> FireWall to enable WGET.EXE to download the needed McAfee related files.
>>>
>>> Execute; c:\mcafee\clean.bat
>>> { or Double-click on 'Clean Link' in c:\mcafee }
>>>
>>> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
>>> generated. At the
>>> end of the scan, it will be displayed in your browser (Opera, FireFox or
>>> Internet Explorer).
>>> It is suggested that you move the report out of c:\mcafee before
>>> performing another scan.
>>>
>>> Alternate:
>>>
>>> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>>>
>>> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>>>
>>> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>>>
>>>
>>>
>>> Please Copy and Paste the contents of the HTML Log file;
>>> C:\mcafee\ScanReport.HTML in your
>>> reply.
>>>
>>> * * * Please report back your results * * *
>>>
>>>
>>> --
>>> Dave
>>> http://www.claymania.com/removal-trojan-adware.html
>>> http://www.ik-cs.com/got-a-virus.htm
>>>
>>>
>>
>>
>
>

....and finally, they seem to be legitimate downloads, Phew !

regards, Richard