Total Security Trojan

timOleary wrote:

i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again

Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.


Remember - the devil is in the details.

--
1PW

timOleary wrote:

i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again

Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.


Remember - the devil is in the details.

--
1PW

On Aug 21, 2:32*am, 1PW wrote:
timOleary wrote:
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again

Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. *Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.

Remember - the devil is in the details.

--
1PW

It is a work computer. the sys admin was not reachable and the
workstation was essentially disabled and a critical team memeber. They
asked me to please help

I saw the norton icon and it said antivirus full version 10.0.0....
last virus profile update was the day earlier.
I did not know the license number, and Norton could not figure out who
we were based on the info I had.
the sys admin keeps lots of company details to himself.
he is the owner of the business.

but they (Semantec) were accommodating, even if it took better part of
an hour to finally get a tech.
but i had no choice, other than to start downloading unknowns,
purchasing another unknown product, say I couldn't help, wait until i
had some time to research, or call Semantec.

we have about 8 workstations, only one got hit, but my fear was this
was a harbinger, or the server was next.

i kept saying to Semantec why are we paying for protection if this
malware got in?
I'm pushy, but not unpleasant. it was obvious we were paying
customers.

i'm looking for product to install on all pcs to prevent a recurrance,
or at least a measure which is a reasonable effort towards prevention.
on my home office pc we subscribe to verizon security suite which is
available from our DSL supplier.
never got hit with anything like total security 'yet'
once i get some protection going, it would be interesting to
deliberately inject total security and see if the immunization works.
maybe create a sandbox, which I've never done, but would be worth
learning.
thanks

On Aug 21, 2:32*am, 1PW wrote:
timOleary wrote:
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again

Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. *Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.

Remember - the devil is in the details.

--
1PW

It is a work computer. the sys admin was not reachable and the
workstation was essentially disabled and a critical team memeber. They
asked me to please help

I saw the norton icon and it said antivirus full version 10.0.0....
last virus profile update was the day earlier.
I did not know the license number, and Norton could not figure out who
we were based on the info I had.
the sys admin keeps lots of company details to himself.
he is the owner of the business.

but they (Semantec) were accommodating, even if it took better part of
an hour to finally get a tech.
but i had no choice, other than to start downloading unknowns,
purchasing another unknown product, say I couldn't help, wait until i
had some time to research, or call Semantec.

we have about 8 workstations, only one got hit, but my fear was this
was a harbinger, or the server was next.

i kept saying to Semantec why are we paying for protection if this
malware got in?
I'm pushy, but not unpleasant. it was obvious we were paying
customers.

i'm looking for product to install on all pcs to prevent a recurrance,
or at least a measure which is a reasonable effort towards prevention.
on my home office pc we subscribe to verizon security suite which is
available from our DSL supplier.
never got hit with anything like total security 'yet'
once i get some protection going, it would be interesting to
deliberately inject total security and see if the immunization works.
maybe create a sandbox, which I've never done, but would be worth
learning.
thanks

On Thu, 20 Aug 2009 21:43:27 -0700 (PDT), timOleary
wrote:

On Aug 21, 12:38*am, timOleary wrote:
On Aug 21, 12:01*am, ??ç?l wrote:



Hello Tim,

I recommend downloading and installing MalwareBytes' Antimalware (MBAM) and
SUPERAntiSpywa?e (SAS).

Do a full scan with Malwa?eBytes' and SUPERAntiSpywa?e.

http://www.superantispyware.com/

Reboot
-=-

http://www.malwarebytes.org/mbam.php

Reboot
-=-
The programs are free. (There is a paid version but you don't need to buy it
to remove malware.)
-=-

Good luck

??ç?l
*???
*-=-

"timOleary" wrote:
Any info on origins and how to get rid of this beast?

Thankyou all for for replying

this program somehow got into one of the workstations at my place of
business. It placed a message which took over the desktop, produced a
pop up which looked like a process occurring, and lots of balloons
saving security monitor detected this or that. also occassional
bluescreens and shutdowns. I was unable to open task manager, a local
virus scan did not detect it, add-remove programs would not open,
what a mess. never saw anything like it b4. this is a company trying
to sell something?

I googled total security an saw several sites. One site described a
manual cleaning process and listed a number of files and a reg entry
which needed to be removed, along with an app download option; but was
wary of downloading anything unknown
so
I called Norton and complained.
They gave me a case #.
I handed the issue off to the user of the workstation at that point.
The fix involved remote log on by them. But they soon got frustrated
by the frequent interruptions caused by the malware.
the user says they logged onto the system in safe mode, and removed
files, and now it will be necessary to re-register certain apps.
now i got to figure out who is who.
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again

one more thing: real truth MVP emailed me privately with essentially
the same info as in the above posted reply. I replied to it and my
email went undeliverable with an unusual error report message and a
phone number to call. i didn't call it

Hi Tim , can you post here the email contents ?

On Thu, 20 Aug 2009 21:43:27 -0700 (PDT), timOleary
wrote:

On Aug 21, 12:38*am, timOleary wrote:
On Aug 21, 12:01*am, ??ç?l wrote:



Hello Tim,

I recommend downloading and installing MalwareBytes' Antimalware (MBAM) and
SUPERAntiSpywa?e (SAS).

Do a full scan with Malwa?eBytes' and SUPERAntiSpywa?e.

http://www.superantispyware.com/

Reboot
-=-

http://www.malwarebytes.org/mbam.php

Reboot
-=-
The programs are free. (There is a paid version but you don't need to buy it
to remove malware.)
-=-

Good luck

??ç?l
*???
*-=-

"timOleary" wrote:
Any info on origins and how to get rid of this beast?

Thankyou all for for replying

this program somehow got into one of the workstations at my place of
business. It placed a message which took over the desktop, produced a
pop up which looked like a process occurring, and lots of balloons
saving security monitor detected this or that. also occassional
bluescreens and shutdowns. I was unable to open task manager, a local
virus scan did not detect it, add-remove programs would not open,
what a mess. never saw anything like it b4. this is a company trying
to sell something?

I googled total security an saw several sites. One site described a
manual cleaning process and listed a number of files and a reg entry
which needed to be removed, along with an app download option; but was
wary of downloading anything unknown
so
I called Norton and complained.
They gave me a case #.
I handed the issue off to the user of the workstation at that point.
The fix involved remote log on by them. But they soon got frustrated
by the frequent interruptions caused by the malware.
the user says they logged onto the system in safe mode, and removed
files, and now it will be necessary to re-register certain apps.
now i got to figure out who is who.
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again

one more thing: real truth MVP emailed me privately with essentially
the same info as in the above posted reply. I replied to it and my
email went undeliverable with an unusual error report message and a
phone number to call. i didn't call it

Hi Tim , can you post here the email contents ?

On Thu, 20 Aug 2009 19:18:24 -0700, "The Real Truth MVP"
wrote:

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/

This is not the MVP site despite its fake logos.

The correct MVP site is http://www.mvps.org/.

--
Remove del for email

On Thu, 20 Aug 2009 19:18:24 -0700, "The Real Truth MVP"
wrote:

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/

This is not the MVP site despite its fake logos.

The correct MVP site is http://www.mvps.org/.

--
Remove del for email

timOleary wrote:
On Aug 21, 2:32 am, 1PW wrote:
timOleary wrote:
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again
Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.

Remember - the devil is in the details.

--
1PW

It is a work computer. the sys admin was not reachable and the
workstation was essentially disabled and a critical team memeber. They
asked me to please help

I saw the norton icon and it said antivirus full version 10.0.0....
last virus profile update was the day earlier.
I did not know the license number, and Norton could not figure out who
we were based on the info I had.
the sys admin keeps lots of company details to himself.
he is the owner of the business.

but they (Semantec) were accommodating, even if it took better part of
an hour to finally get a tech.
but i had no choice, other than to start downloading unknowns,
purchasing another unknown product, say I couldn't help, wait until i
had some time to research, or call Semantec.

we have about 8 workstations, only one got hit, but my fear was this
was a harbinger, or the server was next.

i kept saying to Semantec why are we paying for protection if this
malware got in?
I'm pushy, but not unpleasant. it was obvious we were paying
customers.

i'm looking for product to install on all pcs to prevent a recurrance,
or at least a measure which is a reasonable effort towards prevention.
on my home office pc we subscribe to verizon security suite which is
available from our DSL supplier.
never got hit with anything like total security 'yet'
once i get some protection going, it would be interesting to
deliberately inject total security and see if the immunization works.
maybe create a sandbox, which I've never done, but would be worth
learning.
thanks

Without the previously requested information, all I can recommend is
the judicious application of MBAM (In normal mode) & SAS (in Safe Mode).

In the above remark you speak of immunization. Immunization does NOT
take place with either MBAM nor SAS. Deliberate infestation tests are
best left to experts on specially prepared disposable systems.

Sandboxing can be good. But it is only a small partial solution to an
overall huge undertaking. And yes - /antivirus/ protection alone is
only a bare bones beginning.

--
1PW

timOleary wrote:
On Aug 21, 2:32 am, 1PW wrote:
timOleary wrote:
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again
Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.

Remember - the devil is in the details.

--
1PW

It is a work computer. the sys admin was not reachable and the
workstation was essentially disabled and a critical team memeber. They
asked me to please help

I saw the norton icon and it said antivirus full version 10.0.0....
last virus profile update was the day earlier.
I did not know the license number, and Norton could not figure out who
we were based on the info I had.
the sys admin keeps lots of company details to himself.
he is the owner of the business.

but they (Semantec) were accommodating, even if it took better part of
an hour to finally get a tech.
but i had no choice, other than to start downloading unknowns,
purchasing another unknown product, say I couldn't help, wait until i
had some time to research, or call Semantec.

we have about 8 workstations, only one got hit, but my fear was this
was a harbinger, or the server was next.

i kept saying to Semantec why are we paying for protection if this
malware got in?
I'm pushy, but not unpleasant. it was obvious we were paying
customers.

i'm looking for product to install on all pcs to prevent a recurrance,
or at least a measure which is a reasonable effort towards prevention.
on my home office pc we subscribe to verizon security suite which is
available from our DSL supplier.
never got hit with anything like total security 'yet'
once i get some protection going, it would be interesting to
deliberately inject total security and see if the immunization works.
maybe create a sandbox, which I've never done, but would be worth
learning.
thanks

Without the previously requested information, all I can recommend is
the judicious application of MBAM (In normal mode) & SAS (in Safe Mode).

In the above remark you speak of immunization. Immunization does NOT
take place with either MBAM nor SAS. Deliberate infestation tests are
best left to experts on specially prepared disposable systems.

Sandboxing can be good. But it is only a small partial solution to an
overall huge undertaking. And yes - /antivirus/ protection alone is
only a bare bones beginning.

--
1PW

The Real Truth MVP wrote:
That email bounced because my mailbox is full. I use that email only for
newsgroups to capture spam messages which I then use to update my hosts
file and Remove-it definitions. If you need to email me then use the
email link at the bottom of my web page http://www.ms-mvp.org or use
this news group. Or wait a few weeks until I clean it out.


The phone number 480-624-2500 appears to be the technical contact number
for GoDaddy.com. Wonder why that number is in the bounced e-mail, Chris?

Your HOSTS file? The one that blocks the real ms-mvp web page:
127.0.0.1 www.mvps.org
127.0.0.1 mvps.org

--
JD..

The Real Truth MVP wrote:
That email bounced because my mailbox is full. I use that email only for
newsgroups to capture spam messages which I then use to update my hosts
file and Remove-it definitions. If you need to email me then use the
email link at the bottom of my web page http://www.ms-mvp.org or use
this news group. Or wait a few weeks until I clean it out.


The phone number 480-624-2500 appears to be the technical contact number
for GoDaddy.com. Wonder why that number is in the bounced e-mail, Chris?

Your HOSTS file? The one that blocks the real ms-mvp web page:
127.0.0.1 www.mvps.org
127.0.0.1 mvps.org

--
JD..

In article 959fd23d-d30b-49c6-99ce-f5a7fcfd6fe3
@n2g2000vba.googlegroups.com, says...
i kept saying to Semantec why are we paying for protection if this
malware got in?


No anti-malware product will protect you from all malware, it's just not
possible.

If you were properly protected at the internet and by having limited
user accounts, and other methods - filtered email, filtered http,
blocking of most all ports and only approved sites...

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

In article 959fd23d-d30b-49c6-99ce-f5a7fcfd6fe3
@n2g2000vba.googlegroups.com, says...
i kept saying to Semantec why are we paying for protection if this
malware got in?


No anti-malware product will protect you from all malware, it's just not
possible.

If you were properly protected at the internet and by having limited
user accounts, and other methods - filtered email, filtered http,
blocking of most all ports and only approved sites...

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

My sister is having the same problem. I have her pc here with me. She let it
get so bad this Total Security will not allow me to boot up in safe mode or
safe mode with networking. I cannot access the task manager, run the
antivirus or spyware, and I cannot get to the add/remove programs. Nothing on
the desktop is accessible and will "lock up". Anyone have any suggestions?
Thank you in advance for your help.

"timOleary" wrote:

Any info on origins and how to get rid of this beast?