Jack Humphrey
2006-10-07, 03:17
I was infected by this nasty critter about a week ago. It's a browser highjacker apparently triggered by a cookie (I'd been doing a LOT of searching via Google). It blew through Spybot, Norton Antivirus and the Wndows Security. NONE of these utilities detected it...
I was able to detect it (hence the name) by downloading a trail version of a Spybot competitive product, PC Tools' Spyware Doctor. Once my new spyware (running concurrent with Spybot) could detect the bug, I paid their registration fee to remove it and immunize my system. What a JOKE!
Shore 'nuf I got mumbo jumbo service telling me the critter had been erradicated, but when I went back onto the net to finish my Google searches guess what returned? If you said Trojan.Downloader.AEU, you're RIGHT!
Contacting tech support there bought me a confidence 'stall'...we're working on your problem, your situation has been esclated. Well, 48 hours later, there was no reply other than try this/that new update.
Soooo, I went to Symantec and entered their AV support chat link. They responded RIGHT NOW, telling me I'd contracted a SERIOUS and potentially harmful 'baddie'. They could pipe me to their on-line support center and clean my system via remote control for a fee ($69.95). When I asked why this wasn't covered by Norton AV, they told me this was a 'new' creature that hits the crack between spyware, virus and firewall responsibility centers.
OK, I fork over the money (heck, I've been running Spyware Dr. 5-6 times a day cleaning the recurring bug...how much is your time worth?). I'm transferred to a tech who's VERY polite and efficient. We spend about an hour and a half while he runs diagnostics manually deletes various files and prunes my registry. At the conclusion, I'm told I'm virus free and if there's ever another problem to recontact them.
Fine, run Spyware Dr. and no infections are reported. I go back on the net and pick up my Google search for 20 minutes, log off and run Spyware Dr. Guess who's BAAAAAACK?
Naw, you don't have to guess you know--Trojan.Downloader.AEU. I send the Symantec tech an email and get NO REPLY. That was five days ago. Various support agents at PC Tools effectively give me 'stalls'...we can't understand what you're saying, we're working on it, Etc. I ask three times, how to I get a refund since your code did NOT clean my system nor immunize me from the infection. To date, NO REPLY...
So, I take things in my own hands. As a comcast user, we get McAfee's AV and firewall free. I get the two utilities and install them, discarding Norton AV and the Windows firewall. No relief.
McAfee can't detect Trojan.Downloader.AEU. And, I continute to see my system infected within minutes of having just cleaned it with Spyware Dr. So, I start looking at the McAfee firewall reports. They show numerous actions by Win Messenger + an oddly named 'program' (letters & alphas) with a .TMP suffix being active on-line.
Hey! How can a Temp file be on-line? Plus, I thought I'd disabled Win Messenger. I quickly check (Control Panel, Administration, Services) and shore 'nuf Messenger is listed as being disabled. OK, so how can Messenger have been active if it's disabled?
I go to the McAfee firewall and permanently ban the .TMP file from having internet access as well Win Messenger. I run Spyware Dr. and clean my system for the umpteenth time and guess what?
It's been three days and Trojan.Downloader.AEU is gone! Undetected in 10 or more Spyware Dr. scans. LOVELY!
So, I uninstall Spyware Dr. (thanks for the way-cool support). And now we go a week or so to see it I've REALLY blocked this critter...
Hope you don't contract this bug (hijacks your browser and FORCES you to various web sites selling this/that product...probably a referral fee involved). But, if you do, maybe this diatribe can help!
I was able to detect it (hence the name) by downloading a trail version of a Spybot competitive product, PC Tools' Spyware Doctor. Once my new spyware (running concurrent with Spybot) could detect the bug, I paid their registration fee to remove it and immunize my system. What a JOKE!
Shore 'nuf I got mumbo jumbo service telling me the critter had been erradicated, but when I went back onto the net to finish my Google searches guess what returned? If you said Trojan.Downloader.AEU, you're RIGHT!
Contacting tech support there bought me a confidence 'stall'...we're working on your problem, your situation has been esclated. Well, 48 hours later, there was no reply other than try this/that new update.
Soooo, I went to Symantec and entered their AV support chat link. They responded RIGHT NOW, telling me I'd contracted a SERIOUS and potentially harmful 'baddie'. They could pipe me to their on-line support center and clean my system via remote control for a fee ($69.95). When I asked why this wasn't covered by Norton AV, they told me this was a 'new' creature that hits the crack between spyware, virus and firewall responsibility centers.
OK, I fork over the money (heck, I've been running Spyware Dr. 5-6 times a day cleaning the recurring bug...how much is your time worth?). I'm transferred to a tech who's VERY polite and efficient. We spend about an hour and a half while he runs diagnostics manually deletes various files and prunes my registry. At the conclusion, I'm told I'm virus free and if there's ever another problem to recontact them.
Fine, run Spyware Dr. and no infections are reported. I go back on the net and pick up my Google search for 20 minutes, log off and run Spyware Dr. Guess who's BAAAAAACK?
Naw, you don't have to guess you know--Trojan.Downloader.AEU. I send the Symantec tech an email and get NO REPLY. That was five days ago. Various support agents at PC Tools effectively give me 'stalls'...we can't understand what you're saying, we're working on it, Etc. I ask three times, how to I get a refund since your code did NOT clean my system nor immunize me from the infection. To date, NO REPLY...
So, I take things in my own hands. As a comcast user, we get McAfee's AV and firewall free. I get the two utilities and install them, discarding Norton AV and the Windows firewall. No relief.
McAfee can't detect Trojan.Downloader.AEU. And, I continute to see my system infected within minutes of having just cleaned it with Spyware Dr. So, I start looking at the McAfee firewall reports. They show numerous actions by Win Messenger + an oddly named 'program' (letters & alphas) with a .TMP suffix being active on-line.
Hey! How can a Temp file be on-line? Plus, I thought I'd disabled Win Messenger. I quickly check (Control Panel, Administration, Services) and shore 'nuf Messenger is listed as being disabled. OK, so how can Messenger have been active if it's disabled?
I go to the McAfee firewall and permanently ban the .TMP file from having internet access as well Win Messenger. I run Spyware Dr. and clean my system for the umpteenth time and guess what?
It's been three days and Trojan.Downloader.AEU is gone! Undetected in 10 or more Spyware Dr. scans. LOVELY!
So, I uninstall Spyware Dr. (thanks for the way-cool support). And now we go a week or so to see it I've REALLY blocked this critter...
Hope you don't contract this bug (hijacks your browser and FORCES you to various web sites selling this/that product...probably a referral fee involved). But, if you do, maybe this diatribe can help!