| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 50781 | 2004-11-01 08:42:00 | Font folder - 1.19GB - bitmap files problem | Nath (1108) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 286707 | 2004-11-01 12:02:00 | > > I hope these pics haven't gone > > elsewhere?? > > Ouch - that sounds like a real possibility! > I wondered if it might be one of those nasties, that store offensive material on slave machines, and distribute it on command. Were any of the images encoded? D. |
drb1 (4492) | ||
| 286708 | 2004-11-01 20:10:00 | > I viewed the bmp images and basically they are random snapshots of my computer - ie, playing games, screensaver pics - I hope these pics haven't gone elsewhere?? They probably have. I hope none of the snapshots were of any of your passwords, particularly for banking sites. :-( Do you have a third-party firewall? If so, you should have been alerted to any funny business going on with something trying to access the internet. That is often the only way you know that a trojan or keylogger is at work, as happened to me the other day. |
Susan B (19) | ||
| 286709 | 2004-11-01 22:49:00 | Gidday, I viewed all the images and the only one with a password was for my paradise internet dial-up - which shows my username and the **** for the password. I deleted all the images and the folder they were in, but weren't able to keep in trash as it was 1GB of data. The images didn't seem encoded - how would I know?? I tried unselecting/disabling wintask.exe in startup but it doesn't work - stays selected when restarting the computer. I think there are 2 wintask.exe selected now? I did a search for wintask.exe in regedit and there was nothing there. Spybot came up with nothing as well (still need to try adware). Is reformatting the hard drive the best way to get rid of the worm?? No I don't have a a firewall - what do you recommend?? thanks again cheers Nath |
Nath (1108) | ||
| 286710 | 2004-11-01 23:02:00 | Hi, I saw on the internet norman anit-virus site has a remnav.com you can download to clean the registry - can I use this if I am not using norman anti-virus software. I wonder why AVG didn't detect anything?? cheers |
Nath (1108) | ||
| 286711 | 2004-11-01 23:12:00 | Yup you can try that remnav file. See what happens. Or go here vil.nai.com ad get stinger. See if that picks anything up. Or try here http://housecall.trendmicro.com/ and do an online scan. See what it picks up. |
Spacemannz (808) | ||
| 286712 | 2004-11-02 02:08:00 | > I tried unselecting/disabling wintask . exe in startup but it doesn't work - stays selected when restarting the computer . I think there are 2 wintask . exe selected now? > I did a search for wintask . exe in regedit and there was nothing there . Try giving HijackThis a run . You can find the link in the forum's Spyware FAQ as well as a link to a tutorial if you need it . You are strongly advised to read the instructions before using . Basically, if you find wintask . exe in HijackThis put a tick next to it and get HJT to fix it . There may be other dodgy things in there as well but you will need to research everything with Google to see whether they are legitimate if you are not sure . Another thing you can try is running a trojan cleaner which may turn up something . > Is reformatting the hard drive the best way to get rid of the worm?? Only as a very last resort - you should be able to beat it with a little determination . > No I don't have a a firewall - what do you recommend?? I currently use Outpost but Sygate and Kerio (the older version, 2 . 1 . 5) are other good ones, as is ZoneAlarm . |
Susan B (19) | ||
| 286713 | 2004-11-02 02:19:00 | I would also try this out, Trojan remover . Its only for 30 days, (if u dont register it), BUT al least it SHOULD remove whatever is making these files . As it scans files and also scans the registry for known worms/trojans/ some spyware/adware . . simplysup . com/tremover/" target="_blank">www . simplysup . com I would download the exe install file, then make sure its up to date then scan your registry . This is what fixed the previous PC that I fixed, that had over 1000 pics on the hdd . |
Spacemannz (808) | ||
| 286714 | 2004-11-02 07:20:00 | Gidday, I think I have found what has infected my computer. I did an online scan with McAffee and Panda Activescan and both turned up a backdoor - E.E,common name Mosucker.L virus - I got Panda to remove it. It was located in C:\windows\fonts\_ Server.exe. I have checked my syst config utility under startup since removing the virus and the 2 wintask options are now deselected/not active - interesting!! Since I had this backdoor trojan which allows remote access is my computer more susceptible to being hijacked from now on. I must get that firewall going. I did try the tremover trojan remover but it didn't detect the mosucker and also AVG didn't detect this virus as well. cheers and thanks for all the advice Nath |
Nath (1108) | ||
| 286715 | 2004-11-02 07:53:00 | Good something found the prob Nath! Cant say Ive heard of that virus . BUT according to a google search, its a keylogger and a trojan . A trojan is different from a hijacker as in a browser hijacker . When a trojan gets installed and whatever program makes use of it / it'll access the files on your system / your system, They'll do it while you're online . Without you knowing it . And like any other trojan they can do whatever they want log in and most probably delete files as well . Hmm Trojan remover has Mosucker, 1 . 1, 1 . 2, 2 . 1, 2 . 2 2 . 3 and 3 in its database . Duno why it didnt pick it up . Wonder if it'll only remove things unless it registered?? Oh well its gone thats the main thing! |
Spacemannz (808) | ||
| 286716 | 2004-11-02 08:00:00 | Now change your passwords - especially the bank. | wotz (335) | ||
| 1 2 | |||||