thanks, Todd
-----Original Message-----
From: Todd Anderson [mailto:tanderson@...]
Sent: Thursday, September 04, 2003 11:40 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] OT - New Trojan?
If anyone is interested ...
I just uploaded 2 of my favorite utilities to the files section of the list
...
ISFWL - 108K .... a very small utility that you can run that will purge IE -
cookies, history, web pages, etc ... I use this several times a day at work
and at home to clean out the accumulated muck from IE ...
SSFSETUP40 - 1,165K ... A anti-Spyware/Adware utility ... very nice ... same
basic concept as anti-virus software ... you install it and then download
the current spyware/adware definitions and it then scans your PC for any
references and then gives you the option to delete whatever it finds. I
ran this on a PC that belonged to one of our owners daughter's pc and found
50+ programs along these lines. Her PC had become almost unusable because
web adds and pages were popping up almost continuously.
At any rate ... they're out there
Todd Anderson
-----Original Message-----
From: Lydia Coffman [mailto:lcoffman@...]
Sent: Thursday, September 04, 2003 11:13 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] OT - New Trojan?
I have a similar situation on our Shipping/Receiving workstation -- and
NOTHING seems able to remove it. Not only that, but it seems to have
disabled the UPS worldship software.
By the way, Ad-aware is a legitimate piece of software that detects planted
cookies. I'm going to try reinstalling Internet Explorer on that computer
and see if it helps. Otherwise, I think it's a reload of the OS.
Lydia
IS Administrator
Canyon Engineering Products
661-294-0084 x115
-----Original Message-----
From: Todd Caughey [mailto:caugheyt@...]
Sent: Thursday, September 04, 2003 8:17 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] OT - New Trojan?
Can't swear it is the same thing but once I saw a similar activity and
noticed in the startup programs (in System Information - System Config)
there was an odd one listed. Something like "Adware". When I deleted it
and the .exe it pointed to the funny bahavior went away. Actually it was
more disturbing than you have described because it would spotaniously start
IE and start popping up numerous very graphic porn sites with no warning.
It was on the Executive Secretary's PC in full view just outside the
Owner/Chairman's office. We think it originated when she clicked on a link
in an email to go to a web site to buy the "Iraqi Most Wanted" cards (I tell
them and tell them and tell them...NO NO NO but....). I suspect it ran a
script that loaded the startup program. This same type of script could have
been accessed the usual way as well - by visiting a less than credible site.
-Todd C.
-----Original Message-----
From: Gary Polvinale [mailto:garyp@...]
Sent: Thursday, September 04, 2003 9:35 AM
To: vantage@yahoogroups.com
Subject: [Vantage] OT - New Trojan?
Anybody come across this behavior on any of their workstations yet? I saw
this for the first time this morning on one of my workstations, when a user
asked me about it. You click on a commonly accessed benign URL in Internet
Explorer (our own web site), and get a site you didn't want. Then the
Internet Explorer Address dropdown box shows a list of porn sites and ad
sites. The workstation was not accessed overnight as far as I can
determine, and was OK yesterday at 5:00pm. Can't figure how/when that got
in, but I guess it could have had a timer on it. All users know better than
to open strange emails and click on suspicious sites. But if this comes in
by piggybacking on a harmless URL, that's going to be hard to beat.
I ran Spybot on that workstation and scanned with latest McAfee - looks
clean now. Anybody know anything about this particular trojan? I would be
good to know how and when it might have got in. Any thoughts or theories
would be appreciated. Maybe I'm just not fully educated on every one of the
thousands of viruses and trojans out there, but I haven't heard of anything
like this before.
Gary Polvinale
Denton ATD
[Non-text portions of this message have been removed]
Yahoo! Groups Sponsor
ADVERTISEMENT
<
http://rd.yahoo.com/M=259538.3830715.5078802.1261774/D=egroupweb/S=17050071
<http://rd.yahoo.com/M=259538.3830715.5078802.1261774/D=egroupweb/S=17050071
>
83:HM/A=1712983/R=0/SIG=11u38u3s2/*
http://hits.411web.com/cgi-bin/hit?page=1
<http://hits.411web.com/cgi-bin/hit?page=1>
374-105951838331032> click here
<
http://us.adserver.yahoo.com/l?M=259538.3830715.5078802.1261774/D=egroupmai
<http://us.adserver.yahoo.com/l?M=259538.3830715.5078802.1261774/D=egroupmai
>
l/S=:HM/A=1712983/rand=813793532>
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
< http://docs.yahoo.com/info/terms/ <http://docs.yahoo.com/info/terms/> > .
[Non-text portions of this message have been removed]
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
<http://docs.yahoo.com/info/terms/>
Yahoo! Groups Sponsor
ADVERTISEMENT
<http://rd.yahoo.com/M=259538.3830715.5078802.1261774/D=egroupweb/S=17050071
83:HM/A=1712983/R=0/SIG=11u38u3s2/*http://hits.411web.com/cgi-bin/hit?page=1
374-105951838331032> click here
<http://us.adserver.yahoo.com/l?M=259538.3830715.5078802.1261774/D=egroupmai
l/S=:HM/A=1712983/rand=495850691>
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/.>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
<http://groups.yahoo.com/group/vantage/messages>
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
<http://groups.yahoo.com/group/vantage/links>
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .
[Non-text portions of this message have been removed]
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003