zlob.downloader; IE Hompage change; Malware virus notification - Page 2 - Safer-Networking Forums

JamesF · 2006-05-29, 00:29

WexTech AnswerWorks 1.00.000 ({EA2BEBD6-87B9-41E5-95AC-7E4C165A9475})
version: 16777216
install location: C:\Program Files\WexTech \WexTech AnswerWorks
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate

SymNet 6.0.2.211 ({ED48DEAA-4813-4358-94A5-6428532C4618})
version: 100663298
version (major): 6
estimated size: 2726
install date: 20060310
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt77\
publisher: Symantec Corporation

2570Trb 50.0.214.000 ({EE55FD52-0D47-4c5a-96EC-48F70FF30520})
version: 838861014
version (major): 50
estimated size: 161
install date: 20060319
install source: F:\Setup\AiOHelp\
publisher: Hewlett-Packard

NAVShortcut 11.5.0 ({F325CF11-27CE-4872-8022-6E9EB27DF24F})
version: 184877056
version (major): 11
version (minor): 5
estimated size: 9
install date: 20060223
install source: E:\NAV\
uninstall cmd: MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
publisher: Symantec Corporation

Status 53.0.13.000 ({F4C2E5F5-2970-45f4-ABD3-C180C4D961C4})
version: 889192461
version (major): 53
estimated size: 1169
install date: 20060319
install source: F:\setup\Status\
publisher: Hewlett-Packard

Norton WMI Update 2005.1.2.20 ({F64306A5-4C32-41bb-B153-53986527FAB4})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20060223
install source: E:\Support\SymSC\
uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
publisher: Symantec Corporation

HighMAT Extension to Microsoft Windows XP CD Writing Wizard 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F})
version: 16844657
version (major): 1
version (minor): 1
estimated size: 2182
install date: 20051226
install location: C:\Program Files\HighMAT CD Writing Wizard\
install source: C:\WINDOWS\Downloaded Installations\{EC5BEA43-2BED-4CB4-8242-9834128BEC0E}\
uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
publisher: Microsoft Corporation
readme: C:\Program Files\HighMAT CD Writing Wizard\1033\\HighMAT_readme.htm

**shelf life** · 2006-05-29, 02:14

hi JamesF,

yes, you look good. if its all ok i leave you with this:

Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?. Read the EULA agreement, you know, that paragraph of stuff you "agree to" before the software installs? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE? Check this database:Spyware Guide A Few afew file sharing tips.

Make sure you keep your Windows OS current by visiting Windows update
occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Internet Explorer Privacy & Security Settings
Working with Internet Explorer 6 Security
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer.
Like Firefox,

Install a Firewall:A firewall will control what comes in from the internet and what leaves your computer to the internet. A firewall will also alert you when a application trys to connect to the internet from your computer, this is a good way to catch crapware or trojans, trying to connect out bound from your computer- whats that and why does it need a internet connection? You can deny it access it until more investigation is done. Zone Alarm is a free and easy to use firewall, that will provide in and outbound protection. Microsoft XP firewall only provides inbound protection. SP2 adds in and out bound protection which is better than nothing, but is not as robust as third party firewalls, Be sure to run only >one< firewall.If you use another, be sure to disable XP's built in firewall. If you use Zone Alarm learn what needs/uses your internet connection. If something unusal or out of the ordinary "asks" deny it access until more investigation is done.
Zone Alarm
OutPost Lite

Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it. Windows SP1/SP2 updates have made some improvments to Outlook. Another reason to stay updated.
look here
and here
Or try Pegasus Mail, safer by default,no tweaking needed.

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download
AVG free version 7.0
AntiVir Personal Edition
clam Win

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy Free trial version
Spybot Search and destroy
Ad-Aware SE Personal edition
Microsoft Windows Defender
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" programs that "claim to remove" spyware.Check here first.

Dont be tempted to click on popup ads offering free scans or free downloads for malware removers. Read the above line again.

AntiTrojan software to fill in the gap:
a2 free
Ewido Anti-Malware
Trojan Hunter (30 day trial version)
Tauscan trial version

Other programs to consider:
Process Guard stop events/processes with user intervention
SpywareBlaster add security to IE
IE-SPYAD adds adware peddlers sites/domains to IE restricted zone
CleanUp cleans out temp files,history, autoforms etc
ATF cleaner (W2K,XP only) cleans out temp files, history etc

Learn More:
Browser Checkup
Parasite Free
Safe Hex
Shelf Lifes page
Home Computer Security

**tashi** · 2006-06-04, 06:53

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.

Thank you shelf life

2006-05-29, 00:29	#11
JamesF Junior Member Join Date: May 2006 Posts: 10	Success!!!!!!!!!!!!! WexTech AnswerWorks 1.00.000 ({EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) version: 16777216 install location: C:\Program Files\WexTech \WexTech AnswerWorks uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate SymNet 6.0.2.211 ({ED48DEAA-4813-4358-94A5-6428532C4618}) version: 100663298 version (major): 6 estimated size: 2726 install date: 20060310 install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt77\ publisher: Symantec Corporation 2570Trb 50.0.214.000 ({EE55FD52-0D47-4c5a-96EC-48F70FF30520}) version: 838861014 version (major): 50 estimated size: 161 install date: 20060319 install source: F:\Setup\AiOHelp\ publisher: Hewlett-Packard NAVShortcut 11.5.0 ({F325CF11-27CE-4872-8022-6E9EB27DF24F}) version: 184877056 version (major): 11 version (minor): 5 estimated size: 9 install date: 20060223 install source: E:\NAV\ uninstall cmd: MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F} publisher: Symantec Corporation Status 53.0.13.000 ({F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}) version: 889192461 version (major): 53 estimated size: 1169 install date: 20060319 install source: F:\setup\Status\ publisher: Hewlett-Packard Norton WMI Update 2005.1.2.20 ({F64306A5-4C32-41bb-B153-53986527FAB4}) version (major): 2005 version (minor): 1 estimated size: 613 install date: 20060223 install source: E:\Support\SymSC\ uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} publisher: Symantec Corporation HighMAT Extension to Microsoft Windows XP CD Writing Wizard 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) version: 16844657 version (major): 1 version (minor): 1 estimated size: 2182 install date: 20051226 install location: C:\Program Files\HighMAT CD Writing Wizard\ install source: C:\WINDOWS\Downloaded Installations\{EC5BEA43-2BED-4CB4-8242-9834128BEC0E}\ uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} publisher: Microsoft Corporation readme: C:\Program Files\HighMAT CD Writing Wizard\1033\\HighMAT_readme.htm

2006-05-29, 02:14	#12
shelf life Security Expert Join Date: Nov 2005 Location: @localhost Posts: 4,541 Rated LASSHes: 1	hi JamesF, yes, you look good. if its all ok i leave you with this: Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?. Read the EULA agreement, you know, that paragraph of stuff you "agree to" before the software installs? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE? Check this database:Spyware Guide A Few afew file sharing tips. Make sure you keep your Windows OS current by visiting Windows update occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open. Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more: Internet Explorer Privacy & Security Settings Working with Internet Explorer 6 Security Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer. Like Firefox, Install a Firewall:A firewall will control what comes in from the internet and what leaves your computer to the internet. A firewall will also alert you when a application trys to connect to the internet from your computer, this is a good way to catch crapware or trojans, trying to connect out bound from your computer- whats that and why does it need a internet connection? You can deny it access it until more investigation is done. Zone Alarm is a free and easy to use firewall, that will provide in and outbound protection. Microsoft XP firewall only provides inbound protection. SP2 adds in and out bound protection which is better than nothing, but is not as robust as third party firewalls, Be sure to run only >one< firewall.If you use another, be sure to disable XP's built in firewall. If you use Zone Alarm learn what needs/uses your internet connection. If something unusal or out of the ordinary "asks" deny it access until more investigation is done. Zone Alarm OutPost Lite Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it. Windows SP1/SP2 updates have made some improvments to Outlook. Another reason to stay updated. look here and here Or try Pegasus Mail, safer by default,no tweaking needed. Make sure you have and keep updated Antivirus software Free for home users: avast! 4 Home Edition Download AVG free version 7.0 AntiVir Personal Edition clam Win Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits) CounterSpy Free trial version Spybot Search and destroy Ad-Aware SE Personal edition Microsoft Windows Defender Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" programs that "claim to remove" spyware.Check here first. Dont be tempted to click on popup ads offering free scans or free downloads for malware removers. Read the above line again. AntiTrojan software to fill in the gap: a2 free Ewido Anti-Malware Trojan Hunter (30 day trial version) Tauscan trial version Other programs to consider: Process Guard stop events/processes with user intervention SpywareBlaster add security to IE IE-SPYAD adds adware peddlers sites/domains to IE restricted zone CleanUp cleans out temp files,history, autoforms etc ATF cleaner (W2K,XP only) cleans out temp files, history etc Learn More: Browser Checkup Parasite Free Safe Hex Shelf Lifes page Home Computer Security __________________ Malware: Prevention and Avoidance Is it real or is it ScareWare?

2006-06-04, 06:53	#13
tashi Member of Team Spybot Join Date: Oct 2005 Location: USA Posts: 23,455 Rated LASSHes: 16	As the problem appears to be resolved this topic will be archived. If you need it re-opened please send me a pm and provide a link to the thread. Thank you shelf life __________________ UNITE-ASAP Microsoft MVP. Consumer Security 2006-2010 Please help us improve Spybot, download our distributed testing client

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode