CastleCops Recent Posts

Malware Listserv :: MD5...: 0558d855b2c7842b831adc2a3bde0ff2

tetak

Author: tetak
Subject: MD5...: 0558d855b2c7842b831adc2a3bde0ff2
Posted: Mon May 12, 2008 2:48 am (GMT 0)

MediaTubeCodec_ver1.234.0.exe

AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.11 -
Authentium 4.93.8 2008.05.11 -
Avast 4.8.1169.0 2008.05.11 -
AVG 7.5.0.516 2008.05.11 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.05.11 -
DrWeb 4.44.0.09170 2008.05.10 -
eSafe 7.0.15.0 2008.05.09 Suspicious File
eTrust-Vet 31.4.5772 2008.05.09 -
Ewido 4.0 2008.05.11 -
F-Prot 4.4.2.54 2008.05.12 -
F-Secure 6.70.13260.0 2008.05.12 Trojan-Downloader.Win32.Zlob.myf
Fortinet 3.14.0.0 2008.05.11 -
Ikarus T3.1.1.26.0 2008.05.12 Trojan.Win32.Tibs.G
Kaspersky 7.0.0.125 2008.05.12 Trojan-Downloader.Win32.Zlob.myf
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.12 Trojan:Win32/Tibs.gen!G
NOD32v2 3091 2008.05.12 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.11 -
Prevx1 V2 2008.05.12 Malware Dropper
Rising 20.43.62.00 2008.05.11 -
Sophos 4.29.0 2008.05.11 Mal/EncPk-CG
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.12 -
TheHacker 6.2.92.307 2008.05.11 -
VBA32 3.12.6.5 2008.05.12 suspected of Downloader.Zlob.8
VirusBuster 4.3.26:9 2008.05.11 -
Webwasher-Gateway 6.6.2 2008.05.11 Win32.Malware.gen (suspicious)

Additional information
File size: 125952 bytes
MD5...: 0558d855b2c7842b831adc2a3bde0ff2

Unknown Files :: RE: poorly detected malware

tetak

Author: tetak
Posted: Mon May 12, 2008 2:47 am (GMT 0)

I've added the files to the malware listserv.
_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Malware Listserv :: MD5...: 9e9d72893711d4b00fb002f7a443c9b5 AtnvrsInstall.exe

tetak

Author: tetak
Subject: MD5...: 9e9d72893711d4b00fb002f7a443c9b5 AtnvrsInstall.exe
Posted: Mon May 12, 2008 2:47 am (GMT 0)

AtnvrsInstall.exe

AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.11 SPR/Dldr.FraudLoad.AR.1
Authentium 4.93.8 2008.05.11 -
Avast 4.8.1169.0 2008.05.11 -
AVG 7.5.0.516 2008.05.11 Downloader.Purityscan.BA
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 -
ClamAV 0.92.1 2008.05.11 -
DrWeb 4.44.0.09170 2008.05.10 -
eSafe 7.0.15.0 2008.05.09 suspicious Trojan/Worm
eTrust-Vet 31.4.5772 2008.05.09 -
Ewido 4.0 2008.05.11 -
F-Prot 4.4.2.54 2008.05.12 -
F-Secure 6.70.13260.0 2008.05.12 -
Fortinet 3.14.0.0 2008.05.11 -
Ikarus T3.1.1.26.0 2008.05.12 -
Kaspersky 7.0.0.125 2008.05.12 not-a-virus:Downloader.Win32.FraudLoad.ar
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.12 -
NOD32v2 3091 2008.05.12 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.11 -
Prevx1 V2 2008.05.12 Malicious Software
Rising 20.43.62.00 2008.05.11 -
Sophos 4.29.0 2008.05.11 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.12 -
TheHacker 6.2.92.307 2008.05.11 -
VBA32 3.12.6.5 2008.05.12 Downloader.Win32.FraudLoad.ar
VirusBuster 4.3.26:9 2008.05.11 -
Webwasher-Gateway 6.6.2 2008.05.11 Riskware.Dldr.FraudLoad.AR.1

Additional information
File size: 56080 bytes
MD5...: 9e9d72893711d4b00fb002f7a443c9b5

General Computer Problems :: RE: file backup

Arenlor

Author: Arenlor
Posted: Mon May 12, 2008 2:36 am (GMT 0)

Depends on the files you need backed up. My mom has a 4G flash thumb drive that I use to back up all her files.
_________________
Who is this General Fault and why is he trying to read my HDD?

General Computer Problems :: RE: Err, just got this today...

Arenlor

Author: Arenlor
Posted: Mon May 12, 2008 2:34 am (GMT 0)

That specific trojan is coming up a lot recently, seems to be false positives. I'm beginning to wonder if AVG hasn't gone rogue on us. Can you tell me if all the ports from zone alarm were on TCP Port 2869? Also could you look to see what ports they are coming in on to see if they are sequential? It seems someone may just be trying to hack any comcast users they can. This may be something from comcast though. Or if you have an open wireless network someone could be trying to use that to gain access. Or if it's an open network they may be using a P2P client and it's trying to find the right computer. Anyway I suggest using the MRP
_________________
Who is this General Fault and why is he trying to read my HDD?

Windows Vista and Longhorn :: RE: Hmm damn vista

Anonymous

Author: Anonymous
Posted: Mon May 12, 2008 2:24 am (GMT 0)

so from toshibas web site or windows??? what drivers?

General Computer Problems :: RE: C:\Windows\System32\drivers\core.cache.dsk

Arenlor

Author: Arenlor
Posted: Mon May 12, 2008 2:24 am (GMT 0)

Please follow the MRP.
_________________
Who is this General Fault and why is he trying to read my HDD?

General Computer Problems :: RE: C:\Windows\System32\drivers\core.cache.dsk

mrrockford

Author: mrrockford
Posted: Mon May 12, 2008 2:24 am (GMT 0)

Howdy,

Please click >>>Here<<< to download the latest version of HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save a logfile" When the log pops up in Notepad, copy and paste that file in a new thread in this forum. (Click on the Format menu, and uncheck Word Wrap, Ctrl+A to highlight everything in the log, Ctrl+C to copy it to your clipboard. In your new thread, position the cursor and press Ctrl+V to paste it.)

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
_________________
"Anyone who considers protocol unimportant has never dealt with a cat."

L. Long

General Computer Problems :: RE: what is this????

Arenlor

Author: Arenlor
Posted: Mon May 12, 2008 2:20 am (GMT 0)

I'm thinking these are either a bunch of FPs or you should all follow the MRP and get HijackTHis help.
_________________
Who is this General Fault and why is he trying to read my HDD?

General Computer Problems :: RE: what is this????

shadowmistress

Author: shadowmistress
Posted: Mon May 12, 2008 2:10 am (GMT 0)

My AVG 8 on XP also found something!
Yesterday it found it in a Flock Photobucket Uploader exe and today it's in my System Vol Folder, A0250523.exe, which I believe is the Adobe Reader exe I just updated (or an older version?)...

What is this thing? What should I do? Please help!

Trend Micro HijackThis Logs :: Hijacked!

taxxin

Author: taxxin
Subject: Hijacked!
Posted: Mon May 12, 2008 2:09 am (GMT 0)

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:39 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\b2new.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\SYSTEM32\RAMASST.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\system32\urqRJYqo.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-21-299502267-1993962763-725345543-1004\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'smcconnell1')
O4 - HKUS\S-1-5-21-299502267-1993962763-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'smcconnell1')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196915030609
O20 - Winlogon Notify: urqRJYqo - C:\WINDOWS\SYSTEM32\urqRJYqo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7069 bytes

Have made several attempts to get all the malicious items, but obviously I am missing a key component.

taxxin

General Computer Problems :: RE: Disable the safe mode/system recovery popup on xp?

Arenlor

Author: Arenlor
Posted: Mon May 12, 2008 2:08 am (GMT 0)

I know I do, but I just wondered if it's removable, it'd be nice to do on the systems I'm in charge of since I always just disable system restore and rarely use safe mode even.
_________________
Who is this General Fault and why is he trying to read my HDD?

Trend Micro HijackThis Logs :: RE: IE severe Slowdown and weird Bonjour folder

markamus

Author: markamus
Posted: Mon May 12, 2008 2:06 am (GMT 0)

That scan isn't showing me what I'm looking for. Let's try one more.

Please download Rootkit Revealer (link is at the very bottom of the page)

Unzip it to your desktop.
Open the rootkitrevealer folder and double-click rootkitrevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here.

** NOTE ** Before performing a scan it is recommended to do the following.

1. Physically unplug the cable from the PC to the internet connection.
2. Close down All Scheduling/Updating + Running Background tasks etc.
3. Launch and run the program.
4. While it is scanning DO NOT use your computer at ALL until the scan has been completed.
5. Save your Log File, and then Enable those things you closed down, or Reboot, and ONLY then Reconnect to the Internet.

This will ensure you have a simpler and clearer log file to analyze.

Post back with the results of the Rootkit Revealer scan along with a fresh HijackThis log and again, an update on how the PC is running.

Thanks,

markamus
_________________
UNITE and ASAP member

General Computer Problems :: RE: file backup

luke9511

Author: luke9511
Posted: Mon May 12, 2008 2:03 am (GMT 0)

pwillener wrote:

That depends on each user's situation. I personally use Acronis True Image to make an image copy of all my partitions to a second HD.

only problem is i dont have a hard drive big enough for that
_________________
my computer specs:
Compaq Presario SR1650NX
Processer:AMD Athlon 64 3500+ 2.2ghz
RAM:2gig's
Video:ATI Radeon X1600 Pro 512mb PCI-E Graphics
Hard Drive:250gig
Drives:DVD+RW and CD-ROM

SIRT Reports :: [SIRT#173201] Botnet, Canadian Pharmacy on gschildday.com

newangels

Author: newangels
Subject: [SIRT#173201] Botnet, Canadian Pharmacy on gschildday.com
Posted: Mon May 12, 2008 2:00 am (GMT 0)

Spam Alert

Full Report: http://www.castlecops.com/Botnet_Canadian_Pharmacy_spam173201.html

Changed status to confirmed spam.IP Converted: 123.111.50.177

dword = 2070885041
hex1 = 0x7b6f32b1
hex2 = 0x7b.0x6f.0x32.0xb1
oct = 0173.0157.062.0261
View CIDR AS9318 Report: http://www.cidr-report.org/cgi-bin/as-report?as=9318

"9318 | KR | apnic | 1998-06-03 | HANARO-AS Hanaro Telecom Inc."<br />
Extended information for AS9318:
State/Province:
Country: kr
Responsible Domain: hananet.net
Abuse Email: abuse@hananet.net
Criminal Evidence

** REDIRECTOR **

This site is using redirections to access a hidden criminal site
See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Registrations
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Registrations
See the McAfee Site Advisor information at http://siteadvisor.com/sites/gschildday.com

> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM
REGISTRATION OF THE WEB SITE: gschildday.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold

> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
Primary DNS: ns1.fopns.com 58.242.152.80
Secondary DNS: ns2.fopns.com 221.122.64.14

ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold

>This Is a Botnet Using 6 Illegally hijacked Machines.

** TARGET SITE **

See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Canadian_Pharmacy
See the McAfee Site Advisor information at http://siteadvisor.com/sites/prettydesert.com

> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM
REGISTRATION OF THE WEB SITE: prettydesert.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold

> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM

REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
Name Server.......... ns4.guprovider.com
Name Server.......... ns3.guprovider.com
Name Server.......... ns2.guprovider.com
Name Server.......... ns1.guprovider.com

ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold

> abuse@hananet.net
IP ADDRESS OF HOST: 123.111.50.177

The IP address of this criminal site is within your allocated address space.
ACTION: Black-hole the route to this address to prevent further criminal activity

Quote:

http://byt.gschildday.com

General Computer Problems :: RE: file backup

pwillener

Author: pwillener
Posted: Mon May 12, 2008 1:59 am (GMT 0)

That depends on each user's situation. I personally use Acronis True Image to make an image copy of all my partitions to a second HD.

General Computer Problems :: Err, just got this today...

ayim

Author: ayim
Subject: Err, just got this today...
Posted: Mon May 12, 2008 1:51 am (GMT 0)

Right, so I was just using the computer normally then out of the blue these Zone Alarm pop-up's started coming up ( i had like 44 before but I restarted my computer )
http://img186.imageshack.us/img186/3536/05112008214351kv3.png http://img186.imageshack.us/img186/402/05112008214356mq9.png

then shortly after my AVG Antivirus found a "Trojan Horse generic10.vpd" in an Uninstall.exe of C:\Program Files\YAMB\, I healed it and thought that was the problem but I keep getting the popups from zone alarm, is someone scanning my ports trying to hack me or what x.X

(Oh, and I also had YAMB on my computer for like 2 years... don't see how it turns into a virus now)

Security :: RE: Malware - Hundreds of thousands of SQL injections

AplusWebMaster

Author: AplusWebMaster
Posted: Mon May 12, 2008 1:42 am (GMT 0)

FYI...

Mass File Injection Attack
- http://isc.sans.org/diary.html?storyid=4405
Last Updated: 2008-05-11 21:48:56 UTC - "We received a report... this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob. If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in them now. The major portion of the sites seem to be running phpBB forum software.
If you have a proxy server that logs outbound web traffic at your site, you might want to look for connection attempts to these two sites. Internal clients that have connected may need some cleanup work. Another preventive step would be to blacklist these two URLs.

hxxp ://free .hostpinoy .info /f.js
hxxp ://xprmn4u.info /f .js "

_________________
AplusWebMaster
~ Are you up to date or vulnerable to Hackers? ...or both?
Be wise, like a fox.

Politics :: RE: Meet Ozymandias, All Ye Mighty

alanstancliff

Author: alanstancliff
Posted: Mon May 12, 2008 1:40 am (GMT 0)

JoAnnCQ wrote:

Hi Alan,

I hope Your Wife had a nice Mother's Day.

& I really like Bob Dylan's Words. Like this one, With God on Our Side:

http://www.bobdylan.com/moderntimes/songs/withgod.html

Somehow His Words are always relevant (& I dunno how He does that either?) To me they are anyway or how?

===========
And a happy and blessed mother's day to you, too, and all the women here. Even those who are not mothers, just your being half the human race means so much to me.

The women in my life have always brought earthiness and groundedness to me and have helped me be a better man.
_________________
Regards,

Alan
My Web Site, Blog, Music, Art

Anti-Virus Updates :: RE: F-Secure� Updates

roddy32

Author: roddy32
Posted: Mon May 12, 2008 1:34 am (GMT 0)

Latest Definition Updates:
May 11, 2008 / 23:00:11 (GMT+2)
F-Secure Anti-Virus detects Exploit:W32/AdobeReader.K with this update.
http://www.f-secure.com/download-purchase/updates.shtml
http://www.f-secure.com/v-descs/_new.shtml
_________________
Microsoft MVP - Windows Security

Anti-Virus Updates :: RE: NOD32 updates

roddy32

Author: roddy32
Posted: Mon May 12, 2008 1:29 am (GMT 0)

Update 3091 (20080512)
2008-05-12 03:03
BAT/KillWin.DG, INF/Autorun, Win32/Autoit.AG (2), Win32/Sality.NAK (2)
http://www.eset.eu/podpora/aktualizacia-3091?lng=en
http://www.eset.eu/support/update-xy1
_________________
Microsoft MVP - Windows Security

Trend Micro HijackThis Logs :: RE: Infected PC, scans aren't fixing it Please advise - Win ME

Trekkie

Author: Trekkie
Posted: Mon May 12, 2008 1:11 am (GMT 0)

-********
May 11, Sunday

Hello, AbuIbrahim � Here�s May 11 update.

Quote: Please reboot into safe mode, if you still see multiple windows opening up, then please do a hijackthis scan while in safe mode then copy and paste the results.

1) AbuIbrahim, I rebooted into safe mode and didn�t get the multiple windows, restarted in normal mode.

Quote: �If you still have a copy of the file flash9d.ocx, then move that file to the following folder:
C:\Windows\System\Macromed\Flash\

2) I moved a copy of the file flash9d.ocx from my desktop folder to C:\Windows\System\Macromed\Flash\ , so now that folder contains 3 different ocx files. See screen shot posted today of current Flash folder contents.

After moving flash9d.ocx file to Flash, I restarted IE and was able to use browser, but the sound hasn�t returned to my PC.
I also went through questions on Windows ME Sound Troubleshooter in Help & Support of my PC -- that didn't help.

What do you think I should try next � the adobe link http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19166&sliceId=1"]
then the microsft kb link http://support.microsoft.com/default.aspx?scid=kb;en-us;308366�?

Do you think I should run the �uninstall ActiveX.exe� that�s in the C:\Windows\System\Macromed\Flash folder?

Thank you for your time, AbuIbrahim.

Politics :: RE: Meet Ozymandias, All Ye Mighty

JoAnnCQ

Author: JoAnnCQ
Posted: Mon May 12, 2008 1:04 am (GMT 0)

The Little Black Boy

My mother bore me in the southern wild,
And I am black, but O! my soul is white;
White as an angel is the English child,
But I am black as if bereav'd of light.

My mother taught me underneath a tree
And sitting down before the heat of day,
She took me on her lap and kissed me,
And pointing in the east began to say:

Look on the rising sun: there God does live
And gives his light, and gives his heat away:
And flowers and trees and beasts and men receive
Comfort in the morning, joy in the noon day.

And we are put on earth a little space,
That we may learn to bear the beams of love:
And these black bodies and this sunburnt face
Is but a cloud, and like a shady grove:

For when our souls have learn'd the heat to bear
The cloud will vanish; we shall hear his voice,
Saying: Come out from the grove, my love & care,
And round my golden tent like lambs rejoice.

Thus did my mother say and kissed me:
And thus I say to little English boy;
When I from black and he from white cloud free,
And round the tent of God like lambs we joy,

I'll shade him from the heat, till he can bear
To lean in joy upon our father's knee:
And then I'll stand and stroke his silver hair,
And be like him and he will then love me.

-William Blake
Songs of Innocence & Experience

(I really like that one but it makes me sad too)

Security :: TrojanHunter by Mischel

sherrymyra

Author: sherrymyra
Subject: TrojanHunter by Mischel
Posted: Mon May 12, 2008 1:03 am (GMT 0)

Does anyone know anything about this program? Good or bad? I'm looking for a trojan hunter free or otherwise. I had used Trend Micro but for some reason I can't get it to work now.

Trend Micro HijackThis Logs :: RE: IE severe Slowdown and weird Bonjour folder

lobofonseca

Author: lobofonseca
Posted: Mon May 12, 2008 1:02 am (GMT 0)

Markamus, here's the log. Thanks!

Scanning Report
Sunday, May 11, 2008 21:18:03 - 21:59:09

Computer name: GABRIEL-82D84F0
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 3 malware found
Monitor.Win32.PKRPoker (spyware)
System
RiskTool.Win32.Reboot (spyware)
System
Tracking Cookie (spyware)
System
Statistics
Scanned:
Files: 45005
System: 4075
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-05-12
F-Secure AVP: 7.0.171, 2008-05-12
F-Secure Pegasus: 1.20.0, 2008-02-28
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics