Old Men Online
Username:
Password:
Save Password


Register
Forgot Password?

 | Active Topics | Active Polls | Resources | Members | Online Users | Live Chat | Avatar Legend | Search | Statistics | 
[ Active Members: 0 | Anonymous Members: 0 | Guests: 19 ]  [ Total: 19 ]  [ Newest Member: Ancient ]
 All Forums
 Public
 Virus Alerts/e-Mail Scams
 Infected

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

 Posting Form
Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List Spell Checker Insert Flash
   
Callouts: Insert Speech Icon: duh! Insert Speech Icon: oops! Insert Speech Icon: sigh! Insert Speech Icon: ugh! Insert Speech Icon: wow! Insert Speech Icon: yeah! Insert Speech Icon: ok! Insert Speech Icon: yes! Insert Speech Icon: no!
Message Icon:              
             


Smilies
[:piggy] 2 Guns_firing [:2guns] Alien_125 [:-alien] Angel_125 [:-angel]
Angry [:(!] Apple_125 [:-apple] Approve [^] AR15 [:ar15]
Ashamed_125 [:-ashamed] Bah [:bah] banana dance [:nanna] Banghead_125 [:-banghead]
Baseball_125 [:-baseball] Basketball_125 [:-basketball] Batman_125 [:-batman] Beaver [:beaver]
Beer_Chug [:beer] Big Devil [}}:-|>>] Big Smile [:D] Bigeyes_125 [:-bigeyes]
Bigeyes2_125 [:-bigeyes2] Bigmouth_125 [:-bigmouth] Black Eye [B)] Blindfold_125 [:-blindfold]
Blush [:I] Boggled_125 [:-boggled] Boring_125 [:-boring] Bounce [:-bonc01]
Bouncy_125 [:-bouncy] bow down [:bowdown] Brokenheart_125 [:-brokenheart] Bulb_125 [:-bulb]
Bunny_125 [:-bunny] Calender [:-calndr] Captain_125 [:-captain] Censored_125 [:-censored]
Chef_125 [:-chef] chicken [:bawk] Clock_125 [:-clock] clover_125 [:-clover]
Clown [:o)] clown_125 [:-clown] Cold_125 [:-cold] Cool [8D]
Cowboy_125 [:-cowboy] Crazy_125 [:-crazy] Crazy_woman [-crzwom] Cry_125 [:-cry]
Cyclops_125 [:-cyclops] Dead [xx(] Devil_125 [:-devil] Disapprove [V]
Disguise_125 [:-disguise] Dog_125 [:-dog] Doggy_125 [:-doggy] Dopey_125 [:-dopey]
driver [:wheel] Drool_125 [:-drool] Drunk_125 [:-drunk] duckie [:duckie]
Dunce_125 [:-dunce] Eight Ball [8] Evil [}:)] Eyebrows_125 [:-eyebrows]
Fight_125 [:-fight] Fire_Devil [:firedvl] Football_125 [:-football] Ghost_125 [:-ghost]
Glasses_125 [:-glasses] Gnasher_125 [:-gnasher] Goldfish_125 [:-goldfish] Golf_125 [:-golf]
Graduate_125 [:-graduate] Grumpy_125 [:-grumpy] Happy_Spin [:-hspin] Headache_125 [:-headache]
Headphones_125 [:-headphones] Hearts_125 [:-hearts] Hockey_125 [:-hockey] Hot_125 [:-hot]
Hypnotized_125 [:-hypnotized] Idea_125 [:-idea] Indifferent_125 [:-indifferent] Irked_125 [:-irked]
Jester_125 [:-jester] Jump_125 [:-jump] Jump2_125 [:-jump2] King_125 [:-king]
Kisses [:X] Kitty_125 [:-kitty] Knockout_125 [:-knockout] Let_it_OUT [;Letout]
Love_125 [:-love] Magnify_125 [:-magnify] Masked_125 [:-masked] Mean_125 [:-mean]
Mischievous_125 [:-mischievous] Mohawk_125 [:-mohawk] Monkey dance [:monkey] Moptop_125 [:-moptop]
Mouse_125 [:-mouse] Mummy_125 [:-mummy] Need Help [:-?help] Nonono_125 [:-nonono]
Ouch_125 [:-ouch] Paperbag_125 [:-paperbag] Party_125 [:-party] Piggy_125 [:-piggy]
Pirate_125 [:-pirate] Pissed [:pissed] Propeller_125 [:-propeller] Psst_125 [:-psst]
Pumpkin_125 [:-pumpkin] Question [?] Sad [:(] Scared_125 [:-scared]
Shades_125 [:-shades] Shake_125 [:-shake] Shock [:O] Shy [8)]
Sick_125 [:-sick] Sing_125 [:-sing] Skull_125 [:-skull] Slaphappy_125 [:-slaphappy]
Sleep_125 [:-sleep] Sleepy [|)] Slug_125 [:-slug] Sly_125 [:-sly]
Smgreen_125 [:-smile_green] Smile [:)] Smirk_125 [:-smirk] Snooty_125 [:-snooty]
Snorkel_125 [:-snorkel] soccer_125 [:-soccer] Sonar_125 [:-sonar] Sour_125 [:-sour]
spank [:spank] Spin_125 [:-spin] Splat_125 [:-splat] star_125 [:-star]
tabedshut_125 [:-taped] The King [%|:-)] Thumbdn_125 [:-thumbd] Thumbup_125 [:-thumbu]
Tiger_125.gif [:-tiger] Timebomb_125 [:-timebm] Toast_125 [:-toast] Tongue [:P]
Tongue_125 [:-tong2] Tophat_125 [:-tophat] Turtle_125 [:-turtle] Twist [:twist]
Vampire_125 [:-vamp] Viking_125 [:-viking] Weeping_125 [:-weepn] Whack [:twak]
Williamtell_125 [:-wiltel] Wink [;)] Witch_125 [:-witch] Xmas_125 [;-xmas]
Yawn_125.gif [:-yawn] Yuck_125.gif [:-yuck]    

   -  HTML is OFF | Forum Code is ON
   Insert a File
 
  Check here to include your profile signature.
    

T O P I C    R E V I E W
Festus-OMO Posted - Apr 29 2004 : 07:50:42
I have been infected with some sort of ADWARE that i hae not been able to get rid of.

I have used Spybot, Adaware, and Spyware Blaster to no avail.

My Norton anti-virus finds the culprit, but I cannot delte or quarantine it. I get the following info;

mhsvcl.exe Adware.winpup


Anybody got any suggestions? I can't seem to track it down in my registry either.
14   L A T E S T    R E P L I E S    (Newest First)
henrya Posted - Aug 30 2004 : 12:07:38
this virus convinced me. i am moving to windows 3.x
Festus-OMO Posted - Apr 30 2004 : 14:00:36
Thats it..but I have not been able to find anything that resembles the lines in the registry.

Yeah, I know its random too, but nothing close.

Shutting down for reformatt and a new hardrive. Talk to yawl in a day or two.
Bifocal-OMO Posted - Apr 30 2004 : 04:13:25
cool thanks
Retread_OMO Posted - Apr 30 2004 : 00:55:53
Heres a direct link Festus....and Ill post it as well

http://securityresponse.symantec.com/avcenter/venc/data/adware.winpup.html





Type: Adware




Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

Removal: Low
Damage: Low




Intelligent Updater Definitions*
September 24, 2003


LiveUpdate™ Definitions **
September 24, 2003


*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**
LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.





This threat can be detected only by Symantec products that support expanded threats. For more information on expanded threats, please go here.



Behavior
Adware.Winpup is an adware component that generates large amounts of pop-up advertisements.

Symptoms
The files on the system are detected as Adware.Winpup.

Transmission
This adware component must be manually installed or installed as a component of another program that you install.






File names: Winpup.exe; Winpup32.exe

When Adware.Winpup is executed, it performs the following actions:


Copies itself as some or more of the following files:

%System%\%Random%.exe
%System%\Winpup.exe
%System%\Winpup32.exe


--------------------------------------------------------------------------------
Notes:
%System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%Random% is a variable, which is a randomly generated number.
--------------------------------------------------------------------------------


Adds the value:

%Random% = %System%\%Random%.ex

to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Generates large amounts of pop-up advertisements.


May also download an executable from the Web, possibly an update of itself.








--------------------------------------------------------------------------------
Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
--------------------------------------------------------------------------------

Update the virus definitions.
Run a full system scan and delete all the files detected as Adware.Winpup.
Delete the value from the registry.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

2. Scanning for and deleting the infected files
Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
Run a full system scan.
If any files are detected as infected with Adware.Winpup, click Delete.


3. Deleting the value from the registry

CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete any values pertaining to the filename that was detected as Adware.Winpup.


Exit the Registry Editor.
Bifocal-OMO Posted - Apr 29 2004 : 18:34:44
I hope i never get that mess dagnabit
Festus-OMO Posted - Apr 29 2004 : 17:08:56
Nope still here, but this thing is rasiing hell with my system.

Its blocking Norton, at times will not let me even go to the Symantec website, disables my browser and email, and brings popups after I close my browser.

Like I said earlier, I'm long over due for a reformat, but its inconvienient for the next 2 weeks to do so.

Now downloading a program, cwshredder, to see if it works. evidently its picks up one nasty peice of work that all the other progys I've tried doesn't.
PacemakerOMO Posted - Apr 29 2004 : 14:41:32
maybe it killed his comp.
PacemakerOMO Posted - Apr 29 2004 : 14:41:25
maybe it killed his comp.
HEARTBURN-OMO Posted - Apr 29 2004 : 14:00:22
guess it's a secret
Festus-OMO Posted - Apr 29 2004 : 12:34:46
Thanks Smelly.

I'm running it now and will see if it works.
Petrified-OMO Posted - Apr 29 2004 : 11:59:56
What smelly, re-install?
SmellyFart Posted - Apr 29 2004 : 11:26:24
I sent you a solution....

Smelly
FuddyDud-OMO Posted - Apr 29 2004 : 10:05:17
It's those damn dental warez sites.
Nosehair-OMO Posted - Apr 29 2004 : 08:58:21
stay away from "those" sites festy (you know what I'm talkin' 'bout)

Old Men Online © 2002 Old Men Online Go To Top Of Page
This page took 0.34 seconds to load Powered By: Snitz Forums 2000