XJUPITER?

Discussion in 'privacy problems' started by Digiti, Dec 4, 2002.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,467
    Location:
    Netherlands
    If he's unable to do an online scan I would advise you to try and see if you can get the latest update for his NAV installed. You can find those here: http://www.symantec.com/avcenter/download/pages/US-N95.html
    When you scroll down a little there's an option to download three parts which can be put on floppy.

    Regards,

    Pieter
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    If I were you, I'd follow every single piece of advice given by my learned colleagues.

    Launcher.exe (KFH) probably belongs to a game, but why not disable it, as Pieter proposed.

    The others are all malware for sure: Webinstall is from Downloadware/Network Essentials, and ought to be removed by SpyBot.

    The following should go as well:

    Renovate = C:\WINDOWS\SYSTEM\Renovate.exe
    msdos423 = c:\windows\msdos423.exe
    No Credit Card = c:\windows\dialer.exe /m
    WebInstall2 = C:\WINDOWS\TEMP\INS5300.TMP /R /A
    XupiterToolbarUninstaller = A:\XupiterToolbarUninstaller.exe

    and of course:

    5-11-1-22 = c:\windows\5-11-1-22.exe -m
    5-1-25-449 = c:\windows\5-1-25-449.exe -m
    5-1-25-40 = c:\windows\5-1-25-40.exe -m
    5-1-25-221 = c:\windows\5-1-25-221.exe -m
    5-1-48-5 = c:\windows\5-1-48-5.exe -m
    5-1-6-43 = c:\windows\5-1-6-43.exe -m


    As a matter of fact, after unchecking those in Msconfig/startup, reboot, and empty the entire contents of your Windows\Temp folder.

    Also find and delete the following:

    C:\WINDOWS\SYSTEM\Renovate.exe
    c:\windows\msdos423.exe
    c:\windows\dialer.exe
    c:\windows\5-11-1-22.exe -m
    c:\windows\5-1-25-449.exe -m
    c:\windows\5-1-25-40.exe -m
    c:\windows\5-1-25-221.exe -m
    c:\windows\5-1-48-5.exe -m
    c:\windows\5-1-6-43.exe -m


    And there are a huge amount of "bad" ActiveX objects in your Downloaded Program Files folder.

    Go to Internet Options > Temp. Internet Files > Settings > Show Objects, and examine all objects you see there.

    Rightclick each one in turn, chose 'properties', and check the Version tab.

    If the company is anyone else but Macromedia, Apple, or Microsoft, rightclick the file, and choose 'remove'.

    Reboot when you're done.
     
  3. Digiti

    Digiti Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    39
    What do you guys think re: reinstall I.E. 5.0[see my post above]?
    I have SPYBOT S&D set to update automatically,unfortunately no references to Xupiter showed up there in the scan? The reason Adaware did not find it at first was because someone in his family deleted it. When I reinstalled I did not have the ref file up to date. The fact that there is no firewall is really stupid to say the least.
    I will have him try trendmicro's site for an online virus scan through his AOL broadband browser.Like I said this is a really bad malware infestation on his computer . Thanks.
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    Reinstalling Internet Explorer will not do away with any of the malware detected.

    You need to follow ALL steps exactly like we detailed, or you won't get rid of this stuff.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,467
    Location:
    Netherlands
    Thanx for filling in some of my question marks there Tony.
    Do you see any other reason why NAV might not have picked up W95.SoFunny.Worm@m aka Worm_Menace.A ?
    I think I jumped to conclusions by presuming NAV wasn´t updated, since this one was discovered in July,2001

    Regards,

    Pieter
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    No idea. It ought to have caught this one without any prob whatsoever, I should think.

    But maybe this antivirus hasn't ever been updated...

    It happens... :rolleyes:
     
  7. Digiti

    Digiti Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    39
    No it is not up to date. I don't know if it is OEM[90days] or is update-able for one year. I removed all references to Xupiter with Adaware, and deleted dialers on drive C: but not some of the other files suggested yet. I will see how he makes out with AOL's browser for now. I can not see him until another day. Thanks.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.