Virus issue has been resolved! Here is the latest news! - Page 5

vtrain · #**101** 09-26-2006, 09:18 PM

Vicki,

Are you sure you get this in Firefox as well?
It's odd that you see this in some sites and you don't in others.

You could try the 30 days period of Kaspersky anti-virus. People here have been claiming good results. I'm afraid you will only get your computer clean with the instructions from Byrgius Tech and using hijackthis.

Vtrain

Kelmas · #**102** 09-27-2006, 03:08 AM

Quote:

Originally Posted by vtrain

You could try the 30 days period of Kaspersky anti-virus. People here have been claiming good results.

Sadly, Kaspersky is not compatible with ZoneAlarm Security Suite (even with anti-virus off). Therefore I choose ZA Security Suite + AVG Free + ewido.

Any other suggestions about anti-virus software that could work together with ZoneAlarm? NOD32 is compatible with it, but I think it is not good enough.

phatchopolis · #**103** 09-27-2006, 04:03 AM

Not sure about compatability with ZA but I've had good luck with Bitdefender for an AV solution.

vtrain · #**104** 09-27-2006, 09:24 AM

Quote:

Originally Posted by t3pt6k

Micorsoft Release for VML Patch

http://www.microsoft.com/technet/sec.../ms06-055.mspx

news about his:
http://news.bbc.co.uk/2/hi/technology/5384170.stm

#**105** 09-27-2006, 10:54 AM

Quote:

Originally Posted by Unregistered

Any ideas where I can find the Manage Add-Ons equivalent in Win2000, IE6

I had a tool - trying to find it - found some other great ones in the mix:

Windows Process Explorer - Linked List of all running processes, more depth than Task Manager:
http://www.sysinternals.com/Utilitie...sExplorer.html

I just tried running the above newest version - and it bombed - it used to work, you may have better luck - great tool.

PrcView - Advanced Process Viewer:
http://www.teamcti.com/pview/prcview.htm

RegMon - Real Time Registry Data
http://www.sysinternals.com/Utilities/Regmon.html

There is a program, maybe one of you tech heads can help me remeber what it is. It was a simple program that listed all the Internet Explorer plugins plus other registry items - and let you edit them.

#**106** 09-27-2006, 11:09 AM

I remembered the name, although the older version had better features - this is a good tool for managing the IE plugins - should work the same for older version.

http://windowsxp.mvps.org/toolbarcop.htm

Cheers

Serra · #**107** 09-27-2006, 05:01 PM

Quote:

Originally Posted by Kelmas

Sadly, Kaspersky is not compatible with ZoneAlarm Security Suite (even with anti-virus off). Therefore I choose ZA Security Suite + AVG Free + ewido.

Yea, I noticed the same thing. I don't use ZA any more, I found it too agressive and switched to a hardware firewall. If you aren't worried about outgoing communication, drop ZA and go hardware.

I've used AVG, it was ok, but its not Kaspersky.

TakeThat! · #**108** 09-27-2006, 10:21 PM

What is the status of the cpanel exploit ? I haven't heard much about it, or maybe I am missing something.

Also, I prefer sygate 5.5 over ZA. It doesnt bog the system down anywhere as much.

#**109** 09-27-2006, 11:25 PM

My sites had problems with the virus issue over the weekend. Now something else is happening.

Has anyone had a problem with an "index.php" file becoming corrupt and going blank?

In the past 24 hours, two of my word press blog sites have gone blank to a white page and the templates in Word Press disappeared. The files are still on the server, I can see them through my ftp program but the index page of the sites are blank. Support has not been able to fix it yet.

It happened when I changed permissions to work with Word Press. As soon as I changed the permissions I went back to word press to change a file (I did not change the file) and instantly the site’s template disappeared from word press' control panel and the index.php page went blank.

Also the permissions for the site automatically went back to 644 without me changing anything.

This all happened in seconds. It appears that if the permissions are opened, something instantly changes the files.

An index.html file does work, but any images in the wp-content folder do not.

Anyone tried to use Word Press since the virus "issue"?

McKoy · #**110** 09-28-2006, 10:51 AM

Has anyone tried NOD32 - and if so, what did you think of it?

Pitrow · #**111** 09-28-2006, 11:28 AM

Quote:

Originally Posted by McKoy

Has anyone tried NOD32 - and if so, what did you think of it?

It's the AVS of choice at my work and is installed on all of our computers. I've never had any problems with it, it just kinda runs in the background and stays outta my way. I can't really say more than that because I've never had virus problems on my work computer.

McKoy · #**112** 09-28-2006, 11:33 AM

Quote:

Originally Posted by Pitrow

...I can't really say more than that because I've never had virus problems on my work computer.

That says a bunch! Thanks for your input Pitrow

Kelmas · #**113** 09-28-2006, 11:47 AM

Quote:

Originally Posted by Serra

I don't use ZA any more, I found it too agressive

That is why I keep using it

phatchopolis · #**114** 09-28-2006, 01:23 PM

I used NOD32 on a work PC as well. Light on resources. Not too bad. Personally I've been with Outpost Firewall Pro for a few years now. Haven't been tempted by another option since the switch.

tvg · #**115** 09-30-2006, 09:07 AM

Does anyone know anything about a bo:heap virus? One of my clients got an email from a visitor saying he is getting a warning about a "bo:heap" virus when he visits her website. When I go there, I get no such error. This took place on 9/22. My client is asking me about it and I can't find much info on the internet about it, I'm not sure what to tell her. HG support gave me this forum link. Any help would be greatly appreciated.

_________________________________
Sharon
True Vision Graphics
www.truevisiongraphics.com

linuxfreak · #**116** 09-30-2006, 10:13 AM

well,

My website was never infected or anything but i run vbulletin & vbportal and as soon as you'd try to run a vbulletin script the page didn't worked and it showed a bunch of weird characters.I remember this happend a little while ago to.

anyway thanks to that HG serveradmin have a beer or two

Sergio · #**117** 10-01-2006, 09:20 PM

Hi,
I have been doing a lot of tests on what software will take care of the trojans that infected some computers with the exploit and found a very nice utility that I will like you to try it as well, even if you think that your computer is not infected.

It is called Trojan Guarder Gold and it is from www.your-soft.com, it helped me find trojans that I tought I didn´t have.

Regards.

#**118** 10-11-2006, 10:08 AM

Quote:

Originally Posted by GatorBrent

We could easily fix the problem but every time we did in minutes to an hour later it would come back......

We might have cleaned it up to fix the problem, but without knowing how they were exploiting our boxes they could easily do it again and again.

Thank you for understanding. This was devasating to us as well as anyone that had a website affected. We will do our best to help everyone recover from this.

To fix the exploit, you would run /scripts/upcp --force

But what was the process to clean up the hack itself?

#**119** 10-11-2006, 10:13 AM

Quote:

Originally Posted by Unregistered

To fix the exploit, you would run /scripts/upcp --force

But what was the process to clean up the hack itself?

I do not mean from the Windows box, but from the Linux server.

How do I clean out this exploit without reformatting the server?

#**120** 11-16-2006, 10:33 AM

Hi, I'm really desesperated.
A Trojan Horse Downloader.Generic2.TUJ entered in my computer.
I used my AVG 7.5 Pro, SpyBot, Ad-Aware and a registry cleaner to delete it but it didn't work.
So, if someone knows a way to get rid of this Trojan, please answer me!!
Thanks in advance.

Mapi

gwyneth · #**121** 11-16-2006, 12:49 PM

By any remote chance have you been using/visiting bit comet? Tsk, tsk, tsk...

The treatment is described here:

Downloader.Generic2.AHR - Tech Support Guy Forums

and here:
Computer Security & Viruses: BackDoor.Generic2.QBV

and here:
Geeks to Go! > trojan.backdoor.generic2 [RESOLVED]

and here:
Generic2.ETW - Safer Networking Forums

Sergio · #**122** 11-16-2006, 09:17 PM

Quote:

Originally Posted by Mapi

Hi, I'm really desesperated.
A Trojan Horse Downloader.Generic2.TUJ entered in my computer.
I used my AVG 7.5 Pro, SpyBot, Ad-Aware and a registry cleaner to delete it but it didn't work.
So, if someone knows a way to get rid of this Trojan, please answer me!!
Thanks in advance.

Mapi

You can try Trojan Guarder Gold and XoftSpy both are good utilities.

ntj9 · #**123** 11-25-2006, 05:22 PM

can somebody explain this to me.

there was a virus that was affecting cpanel - or being distributed by cpanel......

i am thinking that cpanel would not be hit by a virus cos it is linux, which almost nobody attacks.

so was it the case that somebody used cpanel to distribute a ms virus. i notice people talking about .exe and .dll so this has to be what happened.

anybody want to help me out here. it doesn't matter to me really as i wasn't affected, but i am interested.

slapshotw · #**124** 11-25-2006, 06:32 PM

Quote:

Originally Posted by ntj9

so was it the case that somebody used cpanel to distribute a ms virus. i notice people talking about .exe and .dll so this has to be what happened.

Yes, that is what happened. The virus affected windows machines, and was loaded through a cpanel exploit.

ntj9 · #**125** 11-25-2006, 06:34 PM

thanks. i just wanted to know