Anything Forums

okay got your attention now.

heres the situation.

i got a trojan in this computer some how last week.

it messed up the system by removing dll files and not letting me re install them
with the cdrom.

it took out the dun and tapi files,

lucky i had backup ones in an archive i could just replace the missing ones with
i got the dial up back and working, and the wireless connect back up.

so i thought all was fine.

i just tried to get in to the registry and found it is missing a file.

so it told me to use the cdrom to replace the missing one. but once again it wont use the cdrom it says its the wrong cdrom, ? i got the box it came in and i know its the one i used to unstall xp pro with. so why is the computer not letting me replace it with the cdrom or letting me replace it from the same back up archive i did the dun files from.?

does anyone know.

Archived topic from Iceteks, old topic ID:5069, old post ID:38930

okay found the trojan just removed files on c drive and the hotkey link to the last sp installed back up. file on the other drive .
so i was able to copy the file from the sp back up and get the program working.

but what can be done to fix the hotkey link to the sp back up so windows can find the other files it needs if it is still missing any?


Archived topic from Iceteks, old topic ID:5069, old post ID:38931

ok check it..

the "Virus" of today has 2 goals.

First, crash your system.
Second, Pick your pocket.

When trojans are installed, specific dll's are overwritten. They are the orginal windows dlls, BUT they have been edited to create a headache for gurus who might be working on this infected system.

Thus, you kill/remove the threat program, then windows hacksup a hairball about some missing dll or application.

This is because the system files used by the malware are infact windows systemfiles.

SO.. if you remove the threat you compltely crash the windows system.

Now, go get a cup of coffee and sitdown, this is the part that gets good.

ALL of the VIRUS companies are hiding a critcal piece of information.
There is NO virus protection that works anymore. Sure they work on old threats but 99% of those threats dont exist anymore, we've taken care of all that.

Here is a really sudo version of what happens now.

You load a webpage (myspace is a great example), either by way of ajax or java the website pulls your system active process list, finds virus software and puts it to sleep, it also finds the windows system app called shell32. One of the things shell does is protects system files, running or not. Once these 2 programs are asleep the script over writes a few dll's. Next the script wakess shell32 and those new dll's are restarted by shell. The dll's now download and install trojans, keymappers, and usually a malware virus removal tool, that just so happens to know exactly where these new threats are, and costs 39.95/year. The dll's also wakeup your virus protection application which realises that is was asleep so it hurriedly starts a massive system scan (this is when the computer system crawls or seems to lockup), and finally the virus protection software pipes in and says you have ##threats found, and at this point a new malware app popsup and says the same thing. You can't remove the torjans or this new software you didnt install, because its installed and maintained by these dll's. And if you do manage to remove one or more of these dll's the above mentioned problem precipitates.

Furthermore, there will never be a software solution to this problem because the blackhats got smart, they are now using the federal system as their stalemate. These new "antispyware" tools are copywritten, thus making it illegal for any complany to target these files. We can thank spybot for this trend setter.

As of yet, i have yet to find no remedy to this issue outside of the following.

reload the system,
force the user to use the "user" account and not the "root" acount.
add the following to WINDOWS/system32/drivers/etc/->host
127.0.0.1 www.myspace.com
127.0.0.1 myspace.com

this wont stop the problem but will definately slow it down. You can add as many blacklisted sites* as you want to the host file. Just point "locallhost" to the primary domain, and then do it again to the subdomain. This insures you block both the primary domain and more importantly the subdomain.

**note
I had a running list of blacklisted pages on myspace and a few other sites like it in my private db. The number of blisted pages on myspace grew by an order of 10-15 new pages/day, thus this was creating a rather lengthy blist. so, I just blisted the whole domain.

**personal note
I would be willing to bet that myspace will be removed from the net with in the next 2 years and be foreced to remove the "freelance" privs given to its users.
I can go on and on about this topic for quite a while, as I have ALOT of experiance with dealing with it. If needed I will write an article on this problem and its various solutions/prevenstions.


Archived topic from Iceteks, old topic ID:5069, old post ID:38936

oh wow thats very strange to have that site with all that trouble on it when its to be used by school kids. on second thought its more likely script kiddies putting the stuff on that site as a way to get back at other kids.?



Archived topic from Iceteks, old topic ID:5069, old post ID:38957