Author: Anonymous Posted: Thu Jun 22, 2006 2:49 pm (GMT -5) Alsos eemign I lost the altest update link could some one please post it? Thanks

Author: Anonymous Posted: Thu Jun 22, 2006 2:46 pm (GMT -5) Ok thanks for that. If it's nothign to big then im not to worried also when i tried to downlaod the latest zoen alarm update today the downlaod link gave me thsi emssage: The requested URL /bin/free/1023_zl/zlsSetup_65_722_000_en.exe was not found on this server. Confused to what it means

Author: faith_michele Subject: [PIRT#35435]Nationwide, Wachovia phish on 195.58.170.19Posted: Thu Jun 22, 2006 2:45 pm (GMT -5) Phish Alert  Full Report: http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=35435&in=1   ayin.at has address 195.58.170.19IP Converted: 195.58.170.19 dword = 3275401747 hex1 = 0xc33aaa13 hex2 = 0xc3.0x3a.0xaa.0x13 oct = 0303.072.0252.023 View CIDR AS8514 Report: http://www.cidr-report.org/cgi-bin/as-report?as=8514 "8514 | AT | ripencc | 1997-10-20 | INODE inode Telekommunikationsdienstleistungs GmbH" Extended information for AS8514: State/Province: Country: at Responsible Domain: inode.at Abuse Email: abuse@inode.at Phish URLs: http://www.ayin.at/avatar/db/wachoviabank/index.htm http://www.ayin.at/avatar/db/wachoviabank/ http://www.ayin.at/linux/archive_in/cb1_gg/Auto_/index.html http://www.ayin.at/linux/archive_in/cb1_gg/Auto_/ Browser access directs to an Austrian server hosting an imitation Nationwide and Wachovia site. The site was active at the time of the investigation. Page fetch suceeded. Quote: http://www.ayin.at/avatar/db/wachoviabank/index.htm

Author: Mister2 Subject: Re: 4 Freeware ComparisonPosted: Thu Jun 22, 2006 2:45 pm (GMT -5) Elendil wrote: Wow... sorry for my LLLAAATEEE response and you'll probably never read this topic again I did! It would have been good to see the finished project - and it was also a good topic to choose. I would guess you learned a lot preparing it and had some fun along the way What was the reaction from the others at the fair?_________________Never stop learning ---------------------- Suffered from malware? http://malwarecomplaints.info/

Author: nondaj Posted: Thu Jun 22, 2006 2:38 pm (GMT -5) Thank you for the four incredibly useful sites of information about disappearing icons. They have given me many ideas with which to confront my problem. Hopefully one solution will remedy the situation and thanks again.

Author: Mister2 Posted: Thu Jun 22, 2006 2:36 pm (GMT -5) You're welcome!_________________Never stop learning ---------------------- Suffered from malware? http://malwarecomplaints.info/

Author: pxicu Posted: Thu Jun 22, 2006 2:36 pm (GMT -5) Your not getting it... I was just doing a checkup to see if everythnig was fine... Thnks for your help m8 apreciate it

Author: faith_michele Subject: [PIRT#35432]Wachovia phish on INTERGENIA-ASN, 85.25.8.84Posted: Thu Jun 22, 2006 2:33 pm (GMT -5) Phish Alert  Full Report: http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=35432&in=1   homepageprogramme.net has address 85.25.8.84IP Converted: 85.25.8.84 dword = 1427703892 hex1 = 0x55190854 hex2 = 0x55.0x19.0x8.0x54 oct = 0125.031.010.0124 View CIDR AS8972 Report: http://www.cidr-report.org/cgi-bin/as-report?as=8972 "8972 | DE | ripencc | 2001-10-12 | INTERGENIA-ASN intergenia autonomous system" Extended information for AS8972: State/Province: Country: de Responsible Domain: plusserver.de Abuse Email: abuse@plusserver.de Browser access directs to a German server hosting an imitation Wachovia site. The site was active at the time of the investigation. Page fetch suceeded. Quote: http://homepageprogramme.net/forum/images/Wachovia/AuthService.htm

Author: daveai Subject: [PIRT#35984] PayPal phish @ AS4134:, AS5400:Posted: Thu Jun 22, 2006 2:24 pm (GMT -5) Phish Alert  Full Report: http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=35984&in=1   This is a two-part phish...both sites must be taken down to stop it. URL #1 is a phish redirector site that refreshes to URL #2. URL #1 and URL #2 are still active at time of investigation, and both must be terminated. NOTE: The fetched source pages from URL #1 show that the URL #2 'target' site has been changed at least once. This phish cannot be terminated until BOTH sites are terminated. Phish URL #1: http://59.36.98.108/%20/index.html Fetching page source: Suceeded. The phishing site was active at the time of investigation. URL #1 Refreshes to URL #2: http://62.134.26.103/site/typo3/gfx/%20/.us/index.php?bWFpIHByb3N0=aWxvciBtYWkgc3VnZXRpIHB1bGEgZnV0dXZhIG1hbWVsZSBpbiBndXRhIGRlIGxhYmFyaSBjZSBzdW50ZXRpIHNpIGRvYm90b2NpIHBpc2VtYX Browser access directs to an imitation PayPal phishing site. Fetching page source: Suceeded. The phishing site was active at the time of investigation.IP Converted: 59.36.98.108 dword = 992240236 hex1 = 0x3b24626c hex2 = 0x3b.0x24.0x62.0x6c oct = 073.044.0142.0154 View CIDR AS4134 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4134 "4134 | CN | apnic | 2002-08-01 | CHINANET-BACKBONE No.31,Jin-rong Street" Extended information for AS4134: State/Province: Country: cn Responsible Domain: chinanet.cn.net Abuse Email: cncert@cert.org.cn IP Converted: 62.134.26.103 dword = 1048975975 hex1 = 0x3e861a67 hex2 = 0x3e.0x86.0x1a.0x67 oct = 076.0206.032.0147 View CIDR AS5400 Report: http://www.cidr-report.org/cgi-bin/as-report?as=5400 "5400 | EU | ripencc | 1995-08-15 | BT BT European Backbone" Extended information for AS5400: State/Province: Country: Responsible Domain: eu.bt.net Abuse Email: abuse@eu.bt.net Quote: http://59.36.98.108/%20/index.html

Author: OldRebel Posted: Thu Jun 22, 2006 2:14 pm (GMT -5) No, I haven't tried SAS yet, but I'm trying to follow its progress. Right now, I'm struggling with over use of resources with the 3 RTP's that I have. Last night, I downgraded Ewido and WinPatrol to the old versions, and deactivated the ewidoguard. Yesterday, with the newer versions, WinPatrol report stated over 80% memory in use. Even deactivating Spysweeper did not help that much. Today, after the downgrade, WinPatrol is reporting only 48% memory in use. I am doing the same tasks today that I was doing yesterday, so that is a significant change. I'd be interested in your opinion. I believe SAS would add another shell hook and I want to avoid that for the present. It does look interesting though._________________OldRebel Webroot Spysweeper Ewido-AntiMalware WinPatrol Plus Say hello to my Rottweilers!

Author: NathanDough Subject: Please Help Hijack This LogPosted: Thu Jun 22, 2006 2:13 pm (GMT -5) Can someone help please, I have an Elonex Exentia PC. Two nights ago the monitor had all lines and crosses on it. Even on startup before the windows logo i'm getting coloured blocks and letters on screen. Can still access the PC through Remote Desktop on my laptop but can't read anything on the main PC. Logfile of HijackThis v1.99.1 Scan saved at 19:07:28, on 22/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5296.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\SHVRTF.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Nathan Evans\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache3-lang.server.ntli.net:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Protect] SHVRTF.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - blank O8 - Extra context menu item: &Translate English Word - blank O8 - Extra context menu item: Backward Links - blank O8 - Extra context menu item: Cached Snapshot of Page - blank O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - blank O8 - Extra context menu item: Translate Page into English - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Public/WXStageInstall/2.8/TVTStage1.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125312929812 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127051447234 O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Author: PCBruiser Posted: Thu Jun 22, 2006 2:06 pm (GMT -5) If you have never made any adjustments to your bios settings, you will lose nothing. And, whatever bios settings you may have changed are gone already if that battery is shot. So, after you replace the battery, go into the bios and set the time and date, exit the bios saving the settings, and you should be able to boot. You will not lose anything stored on your hard drive at all. It is not anything at all like reformatting, changing the battery does not do anything to your hard drive at all. You should seriously consider getting a second hard drive to backup all your important "stuff" anyway, since you will lose it all if you have a hard drive failure. They are not uncommon. And, if you get a nice large hard drive, they are not expensive these days, you can do frequent full system backups using something like Acronis TrueImage so that if your system drive does fail for some reason, you can just restore everything onto a new replacement drive for that._________________Don't read? Can't learn!

Author: eptaylor Subject: Ad-Aware and AlexaPosted: Thu Jun 22, 2006 2:05 pm (GMT -5) Hi Tib : Thought you may be interested in Alexa "detection" by Ad-Aware : The Alexa Object is the "Whats related links" feature on your Internet Explorer toolbar. It's not a big deal, if you use it don't delete it. You can add it to the Ignore list if you want to keep it. Alexa technology does use a 'web crawler' (bot) that records the information found on webpages accessed when the 'Whats related feature' is being used in Internet Explorer. When the 'Whats related feature' in IE is not being used, no information is sent to Alexa. I should add that if you Reinstall IE or Repair it will come back. You can remove it at the next scan or add Alexa to your Ignore list ._________________For the BEST in what counts in Life : www.tacf.org

Author: faith_michele Subject: [PIRT#35430]Wachovia phish on BIZLAND-SD, 65.254.254.34Posted: Thu Jun 22, 2006 2:02 pm (GMT -5) Phish Alert  Full Report: http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=35430&in=1   brithupdate.com has address 65.254.254.34IP Converted: 65.254.254.34 dword = 1107230242 hex1 = 0x41fefe22 hex2 = 0x41.0xfe.0xfe.0x22 oct = 0101.0376.0376.042 View CIDR AS29873 Report: http://www.cidr-report.org/cgi-bin/as-report?as=29873 "29873 | US | arin | 2003-05-23 | BIZLAND-SD - Endurance International Group, Inc." Extended information for AS29873: State/Province: ma Country: us Responsible Domain: bizland-inc.com Abuse Email: abuse@bizland-inc.com Phish URLs: http://brithupdate.com/possese/index.htm http://brithupdate.com/possese/ Browser access directs to a US server hosting an imitation Wachovia site. The site was active at the time of the investigation. Page fetch suceeded. Quote: http://brithupdate.com/possese/index.htm

Author: JerryM Posted: Thu Jun 22, 2006 2:01 pm (GMT -5) I agree that would be worse. I'll just live with the current situation. BTW have you tried SuperAntiSpyware? Jerry

Author: Wasted_Savior Posted: Thu Jun 22, 2006 1:58 pm (GMT -5) what will i lose by doing this? its not like reformatting, after i do this ill have all my files/folders/music/pictures and what not? right? or will i lose more then just my time and date?

Author: s0tet Subject: [PIRT#35965] PayPal Phish on 61.56.221.37 / NCICNET-TWPosted: Thu Jun 22, 2006 1:57 pm (GMT -5) Phish Alert  Full Report: http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=35965&in=1   IP Converted: 61.56.221.37 dword = 1027136805 hex1 = 0x3d38dd25 hex2 = 0x3d.0x38.0xdd.0x25 oct = 075.070.0335.045 View CIDR AS9919 Report: http://www.cidr-report.org/cgi-bin/as-report?as=9919 "9919 | TW | apnic | 2000-03-28 | NCIC-TW New Century InfoComm Tech Co., Ltd." Extended information for AS9919: State/Province: Country: tw Responsible Domain: ncic.com.tw Abuse Email: abuse@sparqnet.net PayPal Phishing site URL http://paypal-update-cgi-bin.doliting.com/.paypal-update-info/index.html Quote: http://paypal-update-cgi-bin.doliting.com/.paypal-update-info/index.html

Author: OldRebel Posted: Thu Jun 22, 2006 1:56 pm (GMT -5) The only way around it is to disable the start up shields in Spysweeper and WinPatrol. But can you imagine how many programs would end up running at startup if you did that? It seems like every program I download thinks it needs to run at startup. That's WAY more irritating than telling Spysweeper Yes or No. LOL_________________OldRebel Webroot Spysweeper Ewido-AntiMalware WinPatrol Plus Say hello to my Rottweilers!

Author: Elendil Subject: 4 Freeware ComparisonPosted: Thu Jun 22, 2006 1:53 pm (GMT -5) Wow... sorry for my LLLAAATEEE response and you'll probably never read this topic again, but heck it's worth a shot at answering. Like I said in my first post, this was a science fair project. By being one, my project has a nice PowerPoint and display board along with it. I just threw a few statistics out here about my project, but I tested MUCH MORE than just this. In regards to whether or not an anti-spyware program detected unique spyware, my board had a specific chart showing overlapping detection and removal and programs that found spyware which all the others did not. If my knowledge serves me right, Windows Defender DID NOT detect any unique spyware programs that all the others missed.

Author: PCBruiser Posted: Thu Jun 22, 2006 1:44 pm (GMT -5) Turn off your system and unplug it. Open the case, and you should see a quarter sized battery in a holder on your motherboard. It is usually a CR2032 battery, very common, available anywhere that sells batteries (Radio Shack, drug stores, hardware stores, etc.) for a couple of dollars. It is held in place by a small tab on one side of the holder, you may need a small screwdriver to move the retainer clip aside, then it should just pop up in the holder. Just snap the new one in place. You will get an error message when you boot, and you will need to reset your usual bios settings, including the time and date. Removing the battery resets the bios to default settings, and the bios logic will know that you need to redo your settings. After that, that boot error should disappear, but if it doesn't, it could mean that the CMOS containing the bios is going bad also. Here it is in pictures: http://www.liverepair.com/encyclopedia/articles/cmosreplace.asp_________________Don't read? Can't learn!