Ports

ok i better put this up for ur firewall, before i go....

I notice u said u have ZA, i don't know which one but ne wayz. Wut u wana do is go to a firewall test site.... i use symantec's, here Symantec Security Scan Do the Symantec Security scan. Make sure ur scanning ur ip, to figure this out, go to run type "winipcfg" to find out ur ip addy, it should match up with the one they are scanning. When u get ur results from the scan, look threw the "show details" then click the link below for something...port status, and scroll down and view all the ports, do that for all the categories, and make sure ALL ur ports come out stealth(green). If all green ur firewall is work good. If not, ur ZA could have been compromised, wut u have to do is go to uninstall ZA option, do the "repair" setting, this will restore ur ZA. Run Symantec Security Scan one again... and ur results should be all stealth.

YODA

 

YODA out..... i'll be back tomorrow

 

Here's a couple more links for getting rid of cookies, pop-ups etc.

http://www.adshield.org/

This is a link to Becky's AdShield Forums: http://66.119.216.59/ubb/ultimatebb.php?ubb=get_topic;f=52;t=000046

Another freeware you might want to look at: http://www.webwasher.com/en/products/wwash/download_license.htm
It's free for at home use.

Hope this is of some assistance to you.

 

Lori

How to disable SuperCookies in Windows Media Player
Start up the Windows Media Player
Select the "Tools | Options..." menu command
Uncheck the box that says "Allow Internet sites to uniquely identify your player".
Push the "OK" button.
Exit the Windows Media Player.

----------------------------------------------------------------------------


Prince

hey buddy...great to see you jumped in to help....say which version of WINAMP were you referring to? Do you think SpyBot can be handled by a newbes....I only looked at it once awhile back..?

seeya later my friend....hope all is well

snowman
---------------------------------------------------------------------------

Yoda

very nice suggestions and links.....

 

RE: sdet trojan


I can't locate any information on this trojan that Lori refers to in another post.....anyone ever hear of it



Lori

the only thing I could find on sdet trojan was an alumni registry...........interestingly to a school that is not all that distant from my area......as for this trojan.....am I understanding correctly in the it highjacked your homepage...please clarify cleaning\correction may vary

 

Hi Lori,

Welcome to the forum !!!
I'm sorry me or other mods/admins didn't jump in earlier.
Snowman and Snap and Prince and Yod@ did a great job!!!!!

As others have said: take your time and do it step by step.
I guess first thing is indeed to make sure that you have no virus and no Trojan.
It was a good decision to install the trial-version of TDS-3.
Yod@ gave you the link to the thread where I posted the basic configuration of TDS-3. Compare that with your configuration. Please, if you have any question about it, go to that forum-section and ask all your questions about it. Tell us what the date is of your radius-definitions of TDS-3, so we can be sure that you have the latest. Once TDS-3 is set up properly, do indeed that Full System Scan. Tell us what the results are. Be aware that it might take some time before it is finished, it might take more than one hour.

You said you have ZA Free as your firewall. That's OK.
Which version of ZA Free have you?
I would like to ask you some questions about your settings of ZA:
Double click on the ZA icon in your systray, somewhere in the neighbourhood of your clock at the lower right corner of your screen.
Click on the Programs tab of ZA.
There you will see a list of programs.
Could you tell us which programs there are mentioned there?
And in particular: did you gave any programs server-rights?
If you did so, change that to no server-rights for every program listed there.
To give you an idea, I'll add a screenshot of the programs-tab as an example.

 

WinMX is still spyware free for your music and file-sharing needs: http://www.winmx.com/ .

Comonly-used Trojans port list: http://tds.diamondcs.com.au/portref.txt

Go here: http://www.spywareinfoforum.com/index.html to learn about spyware and on that site, go to this page to learn about browser hi-jackers: http://www.spywareinfoforum.com/hijacked.html

HTH Pete

 

Lori

you are now getting some super great help....please follow the instructions of FanJ and Spy 1.....


Now......I want to introduce you to K*I*S*S
(keep*it*simple*stupit) I don't know who coined that phrase but it speaks volumes.......

First: lets get the McAfee Emergency Boot Disk made.....I just made one in under 4 minutes....now if a snowman with water for brains can do this..SO CAN YOU!!
......its super easy......
1. open McAfee virus scan just as you would if you were to scan for viruses......once open..(2) in the upper right is "OPTIONS"" click on that...a MENU will open and there you will see "EMERGENCY BOOT DISK"......click on that...an a "WIZARD" will appear....place a clean floppy in drive A.....an press the apprepo botton on the WIZARD.....it will even format the floppy for you.......see nothing to this. LOL

now to use the ENERGENCY BOOT DISK.
1) shut down the computer
2) insert the EMERGENCY BOOT DISK into drive A
3) restart the computer

when the screen appears you will be offered a couple of options.......just click NEXT..(that mat be just tap n on your keyboard) then FINISH (that may be just tap F on your keyboard)

now....go get you a big 16 oz glass of granny's elderberry wine.....an just let the virus scan do its thing...about 30 minutes....

When the scan is complete....DON'T TOUCH THAT KEYBOARD>>>>REMOVE THE EMERGENCY DISK FIRST>>>THEN PRESS CTRL & ALT & DELETE an the computer will re-strart on its own
***NOTE**

all this is just going to be a waste of time unless you get rid of those bad program BEFORE you run any removal tools......otherwise the BUG will just be re-installed
----------------------------------------------------------------------------

Did you make a "Regular Emergency Boot Disk" for your computer.......for some reason I bet I can answer that LOL
well thats very easy also.....an yes you do need one...hopefully you wont ever have to use it.......but you may need to now.
as already mentioned winME is a strange beast...it suffers with sever PMS an is very moody..so you want that disk for those times.

1) locate the "My Computer Icon
2) right click on icon =open
3) locate Control Panel Icon
4) right click on that icon=open
5) locate ADD/REMOVE PROGRAMS ICON
6) right click on that icon=open
7) locate START-UP DISK tab
click on that tab=open
9) locate CREATE DISK

put a floppy in the A drive a press the CREATE DISK radio botton.....the rest just does it thing...

once your computer has been completely cleaned you may have use for this disk.....that later..

snowman

PRINT THIS IF NEED BE!!

 

Lori

as I was busy working it dawned on me that you are new to the computer community......so as there is no mis-understanding......the term K*I*S*S (keep it simple stupit) is often used...it means simply that when working on computers...keep it simple.......an does not apply to a person pre se......


snowman

 

Hi all, I'm back...

Ok, wow, lots of helpful people! This is awesome, I no longer feel alone over here!

Ok, I've completely updated TDS-3, version 321 appears in my program files.

No trojans found by TDS, symantec scan showed this:
Browser privacy scan. I guess my web browsing is being viewed by other sites... (something I already knew) but anyway... and this scan was with ZA on and McAfee off.

ZA firewall settings for internet are high and trusted zone security is high. The only thing in my trusted zone is my isp.

Kazaa has been unistalled, but Gnuattla(sp) is still setting off ZA. WMP settings have been changed. Real Player has been uninstalled. I'm not going to worry about any file share programs at the moment... so when this is all cleaned out I will come back to this thread and go through the links.

I'll try Ad-Aware to delete any other files for Kazaa, but when I opened IE 5.5, www.downloadalot.com And my icons next to my start button are black along with the window icons that are docked as well as in all my folders.
(this is soooooo annoying!)

I have a McAfee disk for emergency.

I have no floppy's to make any back up, but my pc came with 3 restoration cd's...

b4 I go into that, making sure all the annoyances(sp) are gone is what I should do first correct?

So, if TDS-3 isn't finding anything, could sygate just be giving a marketing ploy? And if nothing is on my pc, why is downloadalot still coming up and what is going on with my icons?

Ok, I'm almost calmed again... need more coffee.

I started posting at 11, but I'm on with McAfee, I'm trying to get them to send me the page about the Bubbel trojan from yesterday but this tech keeps sending me the wrong pages, it's now noon.

Ok, I'm posting, he's put me on hold again, if and when he sends the page, I'll post the link for ya.

~Lori

 

no offense taken snowy! none at all! i'm totaly comput'r stupie! LOL

ONE thing I did forget to mention and seeing the thread jarred my memory... I did have JS/NOCLOSE, supposedly it was deleted by TrendMicro, McAfee did not find it and at the time, I had both Norton and McAfee, both were up to date.

 

LORI

SUPER GREAT JOB!!! You can be very ..very proud...you have handled this extremely well.
my suggestion would be to let pcflank do a scan.....an Lori...please do yourself a favor...an stop turning off your firewall and virus scanners...not for any reason should you ever do this.....thats how you get hacked..trojans dropped...web viruses..more......
the broswer privacy is not unusual.....most likely its whats called the "referrer" which reveals the last website you came from.....you would not a special program to block that.....that will come later...
yes..you did it all correctly.....frankly I am impressed...alot of people would have felt defeated...you took control...thats great.
the broswer highjacking part I can't help you with....you could use another broswer perhaps....like netscape or opera........until someone advises how to re-claim internet explorer....it can be done.....
the other floppy....when you have the opportunity it would be a good idea to make it.....for now you may be exhusted...so just go slow......you are almost back in control........I previously stated I personally don't think you have a trojan if none showed in TDS........but please do take the pcflank test....
I can't understand why your ip is in the trusted zone!!! your ip should not be in any zone...none! Nor should you need to allow it out of zone alarm...it should not be in zone alarm either.........any of the other member here have any idea whats going on with this ip...sounds very odd...like they are routing traffic through Lori's computer...using it as a server.....comments anyone!!!

snowman

Lori there is a program in free tools regarding homepage highjacking..don't know if it re-claims the page or not...

 

Lori

I tryed to locate that free toll to regain control of your homepage but wasn't able to find it....must be removed.
.......will try to think of something

snowman

 

Hi, Snowman!

If she'll read Mike's page on browser hijackers that I linked to above, she'll be able to get it straightened out.

And, if you were referring to StartPage Guard, it can be found here: http://pjwalczak.com/spguard/index.php (it's up to version 2.0 now and does a little more). Pete

 

Spy 1

Pete...yup thats the one I was thinking of...thankya ..Lori must not have noticed that....LORI!!
......for a newbes she sure stuck with it......



Lori

well time for me to bow out.....leaving you in very capable hands....an wishing you the very best......I have tons of work.....in the mist of a of a business day....but will check back again.....good luck

 

Lord what a thread!! My eyes glazed over halfway through, so I'm not clear on what's still a problem, what's fixed, and what's new.

Concerning KaZaa, remove it via add/remove, then run either Ad-aware or Spybot (or both would be better).
Spyware-free alternatives are
WinMX http://www.winmx.com/
Gnucleus http://www.gnucleus.net/
Blubster (ads) http://www.blubster.com/
Xolox (ads) http://www.xolox.nl/

There are also cracked versions of KaZaa and Grokster, but I don't recommend those.

Did I overlook anything??

 

Hi Lori! Here is the link spy1 gave me awhile back when I was having trouble with page referrers and up-front system info while surfing. The first page says it's version 8.69 but the download is really version 8.70. It is freeware and can also block cookies, ads, pop-ups etc.

http://www.naviscope.com/

Note to snowman: Everything's going great here buddy! (All I need is a little sleep. Really!) The version of WinAmp to get is 2.79. All later versions are spyware. Oldversions.com, of course, lists all versions of WinAmp up to 2.79.

As for SpybotS&D, run the scan, then check the boxes beside any spywares found and delete them. If there aren't any it will say so. Leave the Registry Settings stuff alone for now (in the list). Wiser heads can guide you on the rest of it.

snowman, hope your day goes well! I understand that the market is bouncing around like a rubberball.

 

Mike

HUH!!! what in particular do you find wrong with the thread?
Mike you have seen me around for awhile...an never hear me making any claim to fame....don't wave no flags..or claim to be a computer wiz....no ego trips here buddy....just a plain person trying to help another person in need.....perhaps you know of better..faster ways of helping an thats great.....I just do the best I can....an make no apology to anyone for it.

snowman

 

Hi Snowman,

You're definitely doing a fantastic, great job in helping Lori, and others; there cannot be any doubt about that!!!
I surely would like to thank you for that!!!!!!

I asked Mike to have a look at the spyware-things that could be on Lori's machine (he knows lots more about it than I do). It is a big thread going on now (nothing wrong with that), and it could be some work to read through it all; so I guess that's all that Mike was saying.

Warm regards from your friend, Jan.

 

FanJ

Thank you Jan.....Lori being a newbe I think did an exceptional job of helping herself.....an is deserving of compliment.......this could have went on for days taking several forums...instead most of it was resolve in hours in just this thread.......one step at a time.....with suggestions from many.....
I've been awake at least 40 hours now...trying to do business.....help here when possible....an just enjoy life...but as I mentioned to you in another thread I am ready to call it quits with the internet.......I just don't need the hassle........

thanks friend Jan

snowman

 

LOL. I'm sorry. It was a lot to take in all at once is all I meant.

 

Mike

thank you....I appreciate your comment.....alls well..

snowman

LOL...is kinda long huh LOL

 

Mike

in all due fairness I think I should offer my apology...I mis-took your comment......perhaps my exhustion ..but no excuses....my apology Mike


snowman

 

Prince

sorry...almost forgot to answer your post...going to be just alittle off-topic.....ouch.........the market is doing just whats its suppose to be doing..was very perdictable....loaded up on bonds...shorted stocks....going to be a nice christmas for alot of kids this year

 

Hi Snowman and Mike,

Thanks to both of you, I'm very happy the both of you sorted it out so quick and nice.
Thanks again

Hey Snowman,
Please take some rest and sleep.
40 Hours without sleep is too much for you now, please think also at your health !!!
Hey, you know, you're a very much appreciated member of our forum-family !!!

Take care of yourself,
Jan.