You might want to know...
Posted on 2008-Jul-27 at 12:44 in A day in the life..
I spent four days via remote fixing my Dad's PC last week. He was bored so he decided to fill out some online "surveys."
Next thing he knew he was getting virus warnings popping up left and right. Internet Explorer had been hijacked (he uses Firefox thanks to me) and his clock on his task bar said the time in military time with the words VIRUS ALERT! Next to it. Everything I went into on his machine said it was owned by the same words.
I spent the first three days running scans with AVG 8 and Spybot Search and Destroy. They worked great- killed off 90% of the problems.
But one kept coming back and in doing so, it was launching a myriad of invaders. It is called the Vundo virus or Virtemondo.dll. It is a really nasty, tenacious trojan that is common in drive by downloads. In other words, all you have to do is visit a page that is not nice and it will download to your pc. Be careful of messenger messages from those you don't know also.
Anyway, on day four I did some research on this particular virus and found these links and some programs to kill them.
The one I used was Malwarebytes Anti-Malware. The link to it is here>
This is the page that has the link on it.
http://www.dslreports.com/forum/r206...umondedll-. I ran it once and let it do its thing. In four minutes it had found 66 trojans on this pc!! FOUR MINUTES!! It ran for only 15 minutes and found over 100 of them total.
I had to reboot the machine at which time I lose contact via my screen sharing.
The next day Poppa called me to tell me his machine was CLEAN!! The only thing left was his cookie to Bluemountain (he uses their calendar to remind him of things) was gone. I told him how to fix that and he was set. So he has learned his lesson.. now.. will you take heed?
Make sure your virusware- whatever it is, is updated regularly. I use AVG Pro but I put ALL of my clients on AVG free. I will still include Spybot when needed as it found many things on his PC. Most of those are tracking cookies which are not always a threat. It found the Vundo virus but neither one could fix it. It has grips all over your pc. There were well over 200 entries of files thrown here and there in registries, in Windoze folders, all over the place that Vundo had scattered. It was amazing!!
Here are the notes I compiled with links to other programs that can help if Malwarebytes doesn't cut it. It cut it good with one pass on my Dad's pc. I hope yours and MINE never need it. Here is what I found:
(I got malwarebytes from the third link on this list I believe:
http://www.besttechie.net/tools/mbam...-setup.exe
http://malwarebytes.gt500.org/mbam-s...-setup.exe
http://www.majorgeeks.com/Malwarebyt...d5756.html )
Download VundoFix to your desktop
* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:vundofix.txt and a new HiJackThis log in a reply to this thread.
http://www.atribune.org/ccount/click...k.php?id=4
------------------------------
rootkit revealer
http://technet.microsoft.com/en-us/s...97445.aspx
----hosts file-----------------------------
http://www.mvps.org/winhelp2002/host.../hosts.zip
------------------------------
VirtumundoBegone.
-------------------------------
http://download.bleepingcomputer.com...mboFix.exe
--------------------------------------
http://www.kaspersky.com/virusscanne...russcanner
----------------------------------------------
SmitfraudFix
------------------------
Malwarebytes Anti-Malware
--------------------------------------
http://www.dslreports.com/forum/r206...ll-Entries
* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
* On the Scanner tab:
o Make sure the "Perform Quick Acan" option is selected.
o Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Second:
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: »www.bleepingcomputer.com/combofi•••combofix
view plainprint?
1. http://download.bleepingcomputer.com...mboFix.exe
2. http://www.forospyware.com/sUBs/Comb...mboFix.exe
3. http://subs.geekstogo.com/ComboFix.e...mboFix.exe
http://download.bleepingcomputer.com...mboFix.exe http://www.forospyware.com/sUBs/Comb...mboFix.exe http://subs.geekstogo.com/ComboFix.e...mboFix.exe
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you. •Please post the "C:ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
So that was my four days of pc repair via screen sharing with my Dad. Granted most of you are pretty computer savvy and he is too, for an 85 yr old man! But I found out the day after it was clean that my daughter (who knows better) was filling out surveys for money!! OMG!!! She has a laptop- which is just harder to deal with. Plus she has way too much music and images on her laptop- which illicites much loud screaming when I mention the word "format." She doesn't back up like I tell her too and so that will happen one day. It already did. The laptop was her grad present in 07 and 6 months later the hard drive died. So she bought (on her own!) a bigger one and had a friend install it. Now she is good to go but... still has the music and stuff on it.
Well I have tried... but she is stubborn.. where did she get that?
I hope this has been an informative post for you and that my hours of research will make yours unnecessary. I hope you never NEED this information. If you do and EFX2 is down- just e-mail me. Most of you have it or know someone else that does.
Take care all and have a nice Sunday!
Sunday, July 27, 2008
Wednesday, July 23, 2008
Trip to Oregon-2008
Well it feels good to be back in my own blob again. That is what Olive Riley called her blog. She was the world's oldest blobber with the help of her friend Mike Rubbo, who filmed a documentary on her. She passed away on July 13, at the age of 108. She was lucid until she fell ill with a chest infection and slipped away in her sleep. You can read all about Olive on her blog here:http://www.allaboutolive.com.au
I drove to Oregon for the second time, only this was a lot farther. I was going to go alone then my son asked if he could go at the last minute. This proved to be both a blessing and a curse.
We left at 6 am on Monday, July 7th (Happy BD Ringo!) and drove straight up to my Aunt's house in Talent Oregon. Talent is about 3 miles from the famous Ashland and only 8 miles from the border of California.
That is downtown Ashland. It is the home of the Shakespearian Fesitval that is held from March until October I believe.
My pictures were more of the park and the creek.
nice eh?
little waterfall
This is a really cool old fountain on the street corner. It didn't work.
I feel terrible because I actually didn't take any pictures of my Mom's house, or my Dad or my Aunt and Uncle. None, nada, zip. What a dork I am. I really only took about 15 pictures entirely and they were all of senery. I didn't even get one of Paula IN her own yard.
Geesh.
I did take pics of my aunt's yard however....
I wanted this for dinner but it was still in the yard when we arrived a week later..
Sue bee making lavender honey
gorgeous yellow rose of my aunt's and a salmon colored one-my favorite kind.
Some alien plant my Aunt is growing.. don't know what it is..
the first roses on my rose bush-of course when I got back they were dead. I left the day I took this.
I drove out to my freind Paula's house which is a few blocks from where my Mom's old house is.
She has the most incredible yard and garden I have ever seen. The inside of her house is amazing too but I dont' take pics of people private houses and post them online.
Her house gives me a feeling of never wanting to leave it. It's just that peaceful and cozy yet it's open and warm.
Here are a few shots of her garden. We usually pick BUCKETS of blueberries but I was there too early this year.
Lavender and plants.
Fruit trees
Towards the 25 or so blueberry bushes
peaceful and cool
Side of the house
Same side closer
Foxgloves
As I drove out of her place back to the hiway, I took some pics of the surrounding hills that are still covered with trees. Central Oregon is full of fields, hills and trees, but they are patchworked all over the place. These are the hills outside of Dallas, which is a small town you drive through and around to get to Paula's and Fall City.
Fields and trees
More hills
On the way home, we went up and over the pass. I have never been that way home because last November, Jemma and I drove up to Grant's Pass and down 199 to Humboldt and Arcata.
So here is what we saw when we headed up over the pass:
Sun breaking through the clouds. The clouds gave us a welcome respite from the 95+ weather. But we were heading back to very smokey California. Yuk.
Typical California landscape in the Valley
More pass pictures.
On the way into Shasta. There is NO snow on Shasta. That is unheard of-ever. It is scary and sad.
Because I was driving and we had a deadline, I couldn't stop to take pics of Shasta itself, so this is the best one I got out of my window on a drive by...
Here is my co-pilot that didn't do much. He slept- I guess that is doing something. Plus he caused a world of grief for me and my family in the short week we were there. I won't get into it but it involved him disappearing overnight and his so-called ex that had thrown him out right before we left. You guessed it, he was secretly calling and lying to her and on my relatives phone lines without permission!!! Grrrrrrrr
He is a scrounge here and looked this way most of the trip. Can you say.. ah.. never mind.
So that was my recent trip to Oregon. I got all of my Mom's photo albums and video tapes that she made over the years. I am going to make DVD's of them all and pass them out to family that wants them.
That's about it for now. I will be posting this at Vox and blogspot too, what a pain in the arse.
It's still good to be back. I sure wish I had my old turquoise css page still. I might have it somewhere on my pc.. so I will look for it. It's a good change for summer.
Ta for now all!
Friday, July 18, 2008
I don't like the fonts in here and it won't let me use my century gothic as a default. Vox is no better. Blogging is getting frustrating but the writer in me is crying out for some release or maybe it's the.. well what exactly is the reason we blog? I know most of us think of it as a personal 'online journal,' but given that at times we write about some pretty sensitive stuff wouldn't we just write in a word processing program and keep it hidden? I think there is something in us that wants others to know, to approve, to keep tabs, to keep us in line and to let us know that if they don't like it or do like it.
I think we need some kind of community even if we have one at our fingertips at our homes, work or in the town we live in. What do you think? If that wasn't true then why would we get so upset over the loss of EFX2 again? Not just because we lost our blogs that we put countless hours into, (which are all still there by the way, we just cannot access the main pages), but we also lost the sense of ease and community that we had-like a block party kind of feeling.
For those of you that have never been to a block party, it's where someone on your block has a big BBQ usually and party and everyone on the street or that block is invited. It's a good way to get to know your neighbors and to have some fun. Watch the noise however,,ahem...
So yes, we have all lost that sense, that communication, that cohesiveness. The very fact that we are keeping tabs on each others blogs here at blogspot and at vox and the other random places people have landed shows how much this community means. Most of us here came all the way from Modblog. And now EFX2 has sunken into the blogging ocean as someone put it, and there ya go. Another leader disappears and so does our blogs. I even wrote a (nice) hello to Keith and never even got a reply. I just don't understand people like that.
Well it's not my job to figure them out either. I have enough on my plate. I am grateful for what I do have. I am grateful that every morning I wake up to a beautiful day, the chance to do my yoga in my own grassy yard surrounded by trees, birds and my cats. I am grateful I have a roof over my head, albeit old and falling apart. I am grateful that I can turn on my computer every morning and it works.
If you want to really learn the meaning of gratitude, watch The Pursuit of Happyness with Will Smith and his real son, Jaden. It will really help you to find some gratitude for what you have in your life, be it materially or spiritually.
Like the old song says, All you need is Love....
love and I will add gratitude. Even for a new place to blog..
I think we need some kind of community even if we have one at our fingertips at our homes, work or in the town we live in. What do you think? If that wasn't true then why would we get so upset over the loss of EFX2 again? Not just because we lost our blogs that we put countless hours into, (which are all still there by the way, we just cannot access the main pages), but we also lost the sense of ease and community that we had-like a block party kind of feeling.
For those of you that have never been to a block party, it's where someone on your block has a big BBQ usually and party and everyone on the street or that block is invited. It's a good way to get to know your neighbors and to have some fun. Watch the noise however,,ahem...
So yes, we have all lost that sense, that communication, that cohesiveness. The very fact that we are keeping tabs on each others blogs here at blogspot and at vox and the other random places people have landed shows how much this community means. Most of us here came all the way from Modblog. And now EFX2 has sunken into the blogging ocean as someone put it, and there ya go. Another leader disappears and so does our blogs. I even wrote a (nice) hello to Keith and never even got a reply. I just don't understand people like that.
Well it's not my job to figure them out either. I have enough on my plate. I am grateful for what I do have. I am grateful that every morning I wake up to a beautiful day, the chance to do my yoga in my own grassy yard surrounded by trees, birds and my cats. I am grateful I have a roof over my head, albeit old and falling apart. I am grateful that I can turn on my computer every morning and it works.
If you want to really learn the meaning of gratitude, watch The Pursuit of Happyness with Will Smith and his real son, Jaden. It will really help you to find some gratitude for what you have in your life, be it materially or spiritually.
Like the old song says, All you need is Love....
love and I will add gratitude. Even for a new place to blog..
Tuesday, July 15, 2008
New shell, new digs.
Off to another start on a new blog. I am starting to feel like the hermit crab that loses one shell and then finds another, crawls in to make it her own and off she goes.
I bet most of the other efxers feel the same way.
It's late and I drove over 600 miles today so I am off to bed but I will be back here posting since EFX2 seems to have gone the way of MB.... really a shame. I loved that whole blogging community and I can't understand why Keith just gave up on it and us. He said he wouldn't then he did. Well such is life.
Off to bed for me now...next post will have pics of trip.
I bet most of the other efxers feel the same way.
It's late and I drove over 600 miles today so I am off to bed but I will be back here posting since EFX2 seems to have gone the way of MB.... really a shame. I loved that whole blogging community and I can't understand why Keith just gave up on it and us. He said he wouldn't then he did. Well such is life.
Off to bed for me now...next post will have pics of trip.
Subscribe to:
Posts (Atom)