Tech Support Forums - TechIMO.com - Security and Privacy Issues

Dept. of HS: NSA 'Helped' Develop Vista and Windows Seven

Dude111 — Fri, 20 Nov 2009 04:56:55 GMT

http://news.softpedia.com/news/Windo...y-127426.shtml

Quote:

Following the release of Windows XP, Microsoft implemented the Security Development Lifecycle in the building of Windows Vista, touting a tangibly superior operating system in terms of security. [more]

Windows 7 probably has all kinds of spyware communicating with Microsoft. ITS THE WORST OS FOR PRIVACY!! (Even if doing nothing wrong,PRIVACY SHOULD BE YOURS ON YOUR COMPUTER!)

IE is considered MORE secure than Firefox

Dude111 — Thu, 19 Nov 2009 09:24:16 GMT

http://gcn.com/articles/2009/11/16/o...-security.aspx

Firefox was the most vulnerable browser, logging 44 percent of the total vulnerabilities found, according to the report. Safari, at 35 percent, ranked next to Firefox at the bottom. IE had 15 percent of the vulnerabilities, and Opera only 6 percent.

Interesting indeed......

Interesting issue with Winpea.exe

RicheemxX — Thu, 19 Nov 2009 00:50:18 GMT

I was sitting here browsing the web when suddenly I noticed some strange slow down on my pc. Oddly enough I checked the task manager and see some strange entries for a service (winpea.exe) as well as a few other odd acting services.

I've been running scans with MSE and hadn't been doing any high risk activity so I wasn't sure what was going on. Well here's what I found via malwarebytes

Quote:

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\raidhost (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Cursors\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Cursors\supdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\raidhost.exe (Trojan.Agent) -> Delete on reboot.

update two more hits that showed on a second scan

C:\Users\Rich\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\73RJU374\xrupdate[1].exe (Spyware.Passwords) -> No action taken.
C:\Windows\update.exe (Spyware.Passwords) -> No action taken.
C:\Windows\updatekl.exe (Spyware.Passwords) -> No action taken.

Not sure were the heck they came from but the only reason I caught it was the Winpea.exe entry, which oddly enough doesn't show as being infected or being malicious. I'm running a few more scans to be sure but thought I'd share some findings.

edit: Alright well since I can't find much info - here's what it affected- Winpea.exe was installed to c:>windows>Syswow64, along with a few other files as listed above. I first noticed two instances running in the task manager. One would activate then run for a second then a second instance would activate just before the first shut down. Making it nearly impossible to kill via the TM. I noticed several cmd and console task running all with high CPU usage. Not sure what it was doing but Malwarebytes seems to have caught it, MSE however did not.

Virus advise

Minger — Wed, 18 Nov 2009 13:46:15 GMT

Could anyone please tell me which section of the forum should i post for advise on a virus i have picked up?

Thanks for any replies.

C:\RECYCLER\S-1-5-21-515967899-162531612-839522115-1003\Dc11.exe

Mercenary Dragon — Fri, 13 Nov 2009 23:07:05 GMT

Found this on my system with AdAware and now I can't seem to get it to go away. Help!!

Here is the AdAware scan log

Logfile created: 11/8/2009 7:56:46
Lavasoft Ad-Aware version: 8.0.8
Extended engine version: 8.1
User performing scan: Mike

*********************** Definitions database information ***********************
Lavasoft definition file: 149.88
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 243058
Objects detected: 3

Type Detected
==========================
Processes.......: 0
Registry entries: 1
Hostfile entries: 0
Files...........: 2
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0

Skipped items:
Description: HKLM:HKEY_CLASSES_ROOT\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}: Family Name: unknown Clean status: Success Item ID: 1 Family ID: 0

Quarantined items:
Description: C:\System Volume Information\_restore{29738EDF-543B-4F0F-9399-E166B53629A1}\RP13\A0008022.exe Family Name: Win32.Adware.MeMedia Clean status: Success Item ID: 1327738 Family ID: 2094
Description: C:\RECYCLER\S-1-5-21-515967899-162531612-839522115-1003\Dc11.exe Family Name: Win32.Monitor.SpyBuddy Clean status: Success Item ID: 937664 Family ID: 3212

Scan and cleaning complete: Finished correctly after 8969 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Fri Jul 24 17:35:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Jul 24 17:35:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: DRAGONMA-GQNUHE
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Processor identifier: x86 Family 15 Model 107 Stepping 2
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 27394, number of processors 2
Physical memory available: 1263267840 bytes
Physical memory total: 2145824768 bytes
Virtual memory available: 1980641280 bytes
Virtual memory total: 2147352576 bytes
Memory load: 41%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 692 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 756 name: \??\D:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: \??\D:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 824 name: D:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 836 name: D:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1012 name: D:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1044 name: D:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1116 name: D:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1212 name: D:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: D:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1412 name: D:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1456 name: D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1612 name: D:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2032 name: D:\WINDOWS\Explorer.EXE owner: Mike domain: DRAGONMA-GQNUHE
PID: 492 name: D:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler. exe owner: SYSTEM domain: NT AUTHORITY
PID: 620 name: D:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 440 name: D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 676 name: D:\WINDOWS\system32\hphmon04.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 744 name: D:\WINDOWS\RTHDCPL.EXE owner: Mike domain: DRAGONMA-GQNUHE
PID: 736 name: D:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 972 name: D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 840 name: D:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 1640 name: D:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 208 name: D:\Program Files\BOINC\boinctray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3100 name: D:\Program Files\Java\jre6\bin\jusched.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3800 name: D:\Program Files\uTorrent\uTorrent.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2944 name: D:\Program Files\DAEMON Tools Lite\daemon.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3012 name: D:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1236 name: D:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3096 name: D:\WINDOWS\system32\ctfmon.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3168 name: D:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3312 name: D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3364 name: D:\Program Files\PeerGuardian2\pg2.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3368 name: D:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3644 name: D:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3664 name: D:\Program Files\WallpaperToy\Wallpapertoy.Exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 1072 name: D:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1184 name: D:\WINDOWS\system32\HPHipm11.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1796 name: D:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2452 name: D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2692 name: D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1488 name: D:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2976 name: D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3956 name: D:\Program Files\BOINC\boinc.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2296 name: D:\WINDOWS\system32\wuauclt.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2492 name: D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2676 name: D:\Program Files\Mozilla Firefox\firefox.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 1576 name: D:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 532 name: D:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Mike domain: DRAGONMA-GQNUHE

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: UPnPMonitor
imagepath: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: AVG8_TRAY
imagepath: D:\PROGRA~1\AVG\AVG8\avgtray.exe
Name: HPDJ Taskbar Utility
imagepath: D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
Name: HPHmon04
imagepath: D:\WINDOWS\system32\hphmon04.exe
Name: HPHUPD04
imagepath: "D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: Acrobat Assistant 8.0
imagepath: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
Name: Adobe_ID0EYTHM
imagepath: D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
Name: boincmgr
imagepath: "D:\Program Files\BOINC\boincmgr.exe" /a /s
Name: boinctray
imagepath: "D:\Program Files\BOINC\boinctray.exe"
Name: NvCplDaemon
imagepath: RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name:
Name: NeroFilterCheck
imagepath: D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Name: SunJavaUpdateSched
imagepath: "D:\Program Files\Java\jre6\bin\jusched.exe"
Name:
imagepath: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: avg8emc
displayname: AVG Free8 E-mail Scanner
Name: avg8wd
displayname: AVG Free8 WatchDog
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: FLEXnet Licensing Service
displayname: FLEXnet Licensing Service
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NMIndexingService
displayname: NMIndexingService
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPH11
displayname: Pml Driver HPH11
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration

mail returned emails when no emails sent

glendalf81 — Wed, 11 Nov 2009 10:58:58 GMT

hi i keepgetting emails in my aol email account telling me that mails has been returned when i have not even sent any emails,
are these related to a virus or some other security issue, i have not read any of them as a precaution and would like to stop them but dont know how, could anybody tell me what they are about
i have attached a picture of my mailbox

Attached Thumbnails

Trojan.Ramvicrype

Andrew Diaz — Tue, 10 Nov 2009 23:05:19 GMT

Hi Everyone:

Symantec recently became aware of a new Trojan Horse called Trojan.Ramvicrype.

The Trojan encrypts files on infected computers, making them completely unusable. Any file with a �.vicrypt� extension means that your system has been compromised.

Trojan.Ramvicrype is different from most other ransomware programs we�ve previously identified. Usually, these kinds of threats display a message prompting users to visit a specific web page or email a specific address. Users end up paying online criminals in exchange for keys that can be used to unlock the computer or decrypt the encrypted files.

Trojan.Ramvicrype doesn�t directly demand money in return for keys. However, we found that entering the term �vicrypt� into a search engine includes a company offering a fix in the search results, which of course is a charged service.

Regardless of which security software you run, use the free removal tool below if you are infected with the Trojan:

Trojan.Ramvicrype Removal Tool

Regards,
Andrew

Andrew Diaz
Norton Outreach
Symantec Corporation
nortonoutreach.com

Windows Firewall and Service Pack 2

railfrog — Mon, 09 Nov 2009 18:58:45 GMT

Got hold of my daughters laptop the other day to "clean it out."

Gave it a complete scan, checkdisk, malware and spybot.

A couple of problems though.
First is that the firewall will not stay on. (windows Firewall).
This was happening before i did the clean.

Second is when i try to install service pack 2 for Vista home premium, there is an error message which says..

Error: ERROR_NOT_FOUND(0x80070490)

Acer Aspire 5920
Vista Home Premium

Any more information then please ask.

thefeedwater.com VIRUS

BoomShaker — Sun, 08 Nov 2009 20:34:17 GMT

Has anyon heard of this? My pc picked up this bug yesterday. I was on the phone with Mcafee virus support till 3AM!!!!!! They did what they can do, and then it was a blame the other person game! Mcafee to Comcast, back to Mcafee to Comcast. All night long.

When I contacted Comcast (internet provider) They said it's definitly a virus. It redirects me to a bunch of BS websites. When ever I try to click on something, at the bottom of the page over top of my start button it says "thefeedwater.com" is now taking over and redirecting me. GGGRRRRRRRRR!

Any clue how I can get rid of this folks? Thank you for your help.

(took me a while just to get to this page)

Rootrepeal

jagnorm — Fri, 30 Oct 2009 00:19:15 GMT

Anybody familiar with this program?

Antivirus system pro But with no Safe Mode

joker_927 — Mon, 26 Oct 2009 20:30:15 GMT

A friend of mine got infected with the NASTY antivirus system pro virus. Every site I visit with info on how to remove it says to run an antivirus/anti spyware software but that is impossible. I cant even ctrl-alt-delte because this virus stops every process from running. (Can't even run the command prompt, it terminates it as soon as it starts).

Well of course the next option is to run safe mode but when I do that the computer reboots. I don't know if this is directly because of the virus or not.

Anyway, does anyone have advice for removing this virus without safe mode?

I was thinking of getting Avast's Bart CD and running that since it runs in it's own OS.
I ran Kaspersky from and old Hiren's boot CD but it found nothing. Probably too old.

Vista home edition and Trend Micro Interent Security and Share USB printer

zillah — Sun, 25 Oct 2009 11:21:56 GMT

file/printer sharing ports... Trend Micro Firewall issue - [H]ard|Forum

I have got one of my client has got a simple office network with three PCs (2 desktops A and B and one laptop C,,,,,all of them have got Vista Home edition).

Those desktop are connected through a modem router.

He bought a computer B recently and it has a Trend Micro Internet Security installed on it,,,,,,,a USB printer is connected to this B PC to be shared with A and C.

The other two PCs have not got Trend Micro Internet Security (I am aware of security implication , this is not the issue of our thread)

the printer is shared but A and C can not ping and can not print.

I am sure that the problem lies with the Firewall setting for Trend Micro Internet Security, because when I shut down it from A and C I can ping the B and I can print ,,,,while when Trend Micro Internet Security is running I can not ping B and I can not print.

I tried to search how to configure firewall to enable printer sharing I could not find that
XP, Vista, Printer Sharing and One BIG Mess - Vista Forums

Quote:

If using Norton, McAfee, Trend Micro I.S., make sure file and printer sharing is enabled in THEIR firewall (or LAN allowed, depending on how their Exceptions are worded in their Firewall)

I tired google without any success.

Micro Trend internet security enable printer sharing how - Google Search

http://www.microsoft.com/windowsmobi...endmicros.mspx

Any idea how to configure the firewall to enable a printer sharing ?

Thanks