Post by: Bob Marti on June 28, 2004, 10:42:31 AM
I really appreciate all of you help. This thing is pretyy annoying and know that there are people more intelligent than these stupid programs like yourselves, is a relief.
My problem is that every couple times I open/have open Internet Explorer, I get a pop-up saying that "Windows has detected spyware modules on your PC. You must install Spyware Scanner and Remover." It gives me the option of "Install" or "Close." I keep clicking on the close option. Along with this pop-up, my IE will open with my regular homepage in one browser and the Casino Palazzo in another browser. Lastly, it keeps putting a shortcut on my desk top called "Best Online Casino." The shortcut executes IE to the following URL: http://www.casinopalazzo.com/index.php?sourceid=102174 (http://\"http://www.casinopalazzo.com/index.php?sourceid=102174\").
I have run Bazooka Spyware Scanner, Adaware 6.0, and Spybot to no avail. I have the Symantec AntiVirus Corporate Edition and I ran it last night, but it detected nothing.
Here is the log from HijackThis v1.97.7:
Logfile of HijackThis v1.97.7
Scan saved at 11:52:10 AM, on 06/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ReggolYek\skl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Data\AIM\aim.exe
C:\Notes\nminder.exe
C:\Notes\naldaemn.EXE
C:\WINDOWS\System32\taskngr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Marti_Bob\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecampus.bentley.edu/ (http://\"http://ecampus.bentley.edu/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://ecampus.bentley.edu"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 141.133.112.5 Pan
O1 - Hosts: 141.133.112.3 Atlas
O1 - Hosts: 141.133.112.75 Artemis
O1 - Hosts: 141.133.112.75 Electra
O1 - Hosts: 141.133.64.36 Admin1
O1 - Hosts: 141.133.64.36 Ares
O1 - Hosts: 141.133.64.35 Admin2
O1 - Hosts: 141.133.64.35 Trivia
O1 - Hosts: 141.133.60.12 Facstaff
O1 - Hosts: 141.133.60.13 Student1
O1 - Hosts: 141.133.60.14 Student2
O1 - Hosts: 141.133.60.15 Appserv1
O1 - Hosts: 172.16.1.116 CCURE_HOST
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msmk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Spy-Keylogger] "C:\Program Files\ReggolYek\skl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Data\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab\")
O16 - DPF: {056BDD7A-F777-42AF-AADF-288C4C055618} (SoftwareUpdates.PatchDetect) - https://deploy.bentley.edu/controls/BentleyUpdate.CAB (http://\"https://deploy.bentley.edu/controls/BentleyUpdate.CAB\")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab (http://\"http://www.ipix.com/viewers/ipixx.cab\")
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\")
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://student1.bentley.edu/iNotes.cab (http://\"http://student1.bentley.edu/iNotes.cab\")
O16 - DPF: {31BAF1D4-A6F1-4BBA-A836-9D611DE3E2DF} - https://deploy.bentley.edu/fall2003/patches...404/install.cab (http://\"https://deploy.bentley.edu/fall2003/patches/200404/install.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPD...DC_1_0_0_41.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab\")
O16 - DPF: {4BFC73A6-F8AE-42B3-AAEC-792C3CF0B418} (VCGSU Control) - http://commonsvcg.oar.net/VCGSU.CAB (http://\"http://commonsvcg.oar.net/VCGSU.CAB\")
O16 - DPF: {58EFF30B-73CE-4841-945A-7730FC869C30} (PatchDetection.PatchDetect) - https://deploy.bentley.edu/controls/PatchDetection.CAB (http://\"https://deploy.bentley.edu/controls/PatchDetection.CAB\")
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab (http://\"http://fdl.msn.com/public/investor/v5/ticker.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
and here is the log from Bazooka:
****************************************
Bazooka Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/ (http://\"http://www.kephyr.com/spywarescanner/\")
http://www.kephyr.com/spywarescanner/library/ (http://\"http://www.kephyr.com/spywarescanner/library/\")
[email protected]
Log created 11:52:26.
OS: Windows NT 5.1
Database version: 2.100000
Database format version: 1.020000
Database date: 20040623
Current date: 2004-06-28 11:52
****************************************
Result when scanning:
No threats found.
****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Documents and Settings\Marti_Bob\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Marti_Bob\Start Menu\Programs\Startup\desktop.ini
Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php (http://\"http://www.kephyr.com/filedb/index.php\")
****************************************
Run entries:
ATIModeChange Ati2mdxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIModeChange
TP4EX tp4ex.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TP4EX
AGRSMMSG AGRSMMSG.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AGRSMMSG
AtiPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AtiPTA
vptray C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\vptray
TPKMAPMN C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TPKMAPMN
TrackPointSrv tp4serv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TrackPointSrv
TPHOTKEY C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TPHOTKEY
Spy-Keylogger "C:\Program Files\ReggolYek\skl.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Spy-Keylogger
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
Steam "c:\progra~1\steam\steam.exe" -silent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Steam
AIM C:\Data\AIM\aim.exe -cnetwait.odl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php (http://\"http://www.kephyr.com/filedb/index.php\")
****************************************
Browser helper objects:
{53707962-6F74-2D53-2644-206D7942484F} not set C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
{98DBBF16-CA43-4c33-BE80-99E6694468A4} not set C:\WINDOWS\System32\msmk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98DBBF16-CA43-4c33-BE80-99E6694468A4}
****************************************
Toolbars:
{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
ibmpmsvc.exe
ati2evxx.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
DefWatch.exe
mdm.exe
Rtvscan.exe
ati2evxx.exe
explorer.exe
AGRSMMSG.exe
atiptaxx.exe
VPTray.exe
TpKmapMn.exe
TPHKMGR.exe
TPONSCR.exe
skl.exe
TpScrex.exe
ctfmon.exe
MSOFFICE.EXE
aim.exe
nminder.exe
naldaemn.exe
taskngr.exe
IEXPLORE.EXE
notepad.exe
spywarescanner.exe
Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php (http://\"http://www.kephyr.com/filedb/index.php\")
****************************************
Internet Explorer Settings:
Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Start Page http://www.msn.com/ (http://\"http://www.msn.com/\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
provider gogl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Start Page http://ecampus.bentley.edu/ (http://\"http://ecampus.bentley.edu/\")
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst
****************************************
I would really appreciate if you could look over all of this and give me your expert opinion.
Thanks a lot,
Bob
Post by: John Lester on June 30, 2004, 11:16:43 PM
Post by: olincoln on July 01, 2004, 10:20:02 PM
http://www.cybertechhelp.com/forums/showth...ead.php?t=40159 (http://\"http://www.cybertechhelp.com/forums/showthread.php?t=40159\")
>>>>
casino palazzo = wmplayer.exe
Nasty people huh?
Yes, casino palazzo over writes the real wmplayer.exe so you no longer have WMP that's why it doesn't work.
You want to get over to Panda scan
http://www.pandasoftware.com/active...n_principal.htm (http://\"http://www.pandasoftware.com/active...n_principal.htm\")
click on Scan my PC and keep going through the buttons saying Yes to any
Security Warnings that popup so the Panda Java applets can download. At the end of
the button clicks select Hard drives and scan that. Get a sandwich, it takes awhile.
It's going to nuke wmplayer.exe and any other junk you've got on there. Post the Panda log
so we can see the junk, techies like to see dead worms and spyware
Go to M$ to get your WMP back (version 9)
http://www.microsoft.com/windows/wi...ies/player.aspx (http://\"http://www.microsoft.com/windows/wi...ies/player.aspx\")
Post by: Roger Aulabaugh on July 18, 2004, 12:38:46 PM
Had to download Microsoft Media player again, as you stated, but everything is up and running. Thanks again.
Post by: techarni on July 19, 2004, 03:54:44 PM
Post by: SpartyJohn on July 23, 2004, 10:11:41 AM
Just a couple questions . . . . .
I am curious as to which "landmine" caused me to have the Casino Palazzo problem? Is it porn?
Does it mean that it came from something I actually viewed on wmp?
Does that mean it may have infected Real Player as well?
Thanks again
Post by: Guest on July 26, 2004, 05:25:15 PM
I remove wmplayer and the problem continue
Post by: Walter on July 27, 2004, 03:35:20 AM
Tried spybot, spyhunter, norton antivirus 2004, sophos nt sweep, cwshredder, spysweeper, adaware6, bazooka, stinger and about four others. Its annoying.
Removed wmplayer just to be rid of some risque.
Zonealarm keeps asking acces to inet for wmplayer and others.
Sophos keeps detecting but unable to delete the files in recycled and system32.
Who knows the source and or remedy?
Ands whos to sue for this.....
/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> Greetings Walter
Post by: Guest on July 29, 2004, 05:24:09 PM
john_hosieEmail Removed
Post by: Ken in Texas on July 31, 2004, 02:10:22 PM
Again, who do we sue?
(non-techie)
Ken
Post by: Zach on August 06, 2004, 11:08:00 AM
Post by: ttg on August 10, 2004, 10:53:37 AM
Post by: User on August 15, 2004, 04:41:16 AM
The Panda software mentioned above does not seem to work at all with this particular malware....
Maybe someone form Panda is doing a little marketing operation in this forum.........
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> /huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> /huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> No comments
Post by: Guest_Dan on August 26, 2004, 04:31:25 PM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> I hat these virus writers, i've been trying to remove this casino popup all day long, finally i got rid of it using Registry Mechanic, hope it works for you guys too, you have to buy it for it to work though. /tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Post by: Guest on August 27, 2004, 07:43:16 PM
Post by: Guest on August 28, 2004, 03:55:21 PM
Post by: Alistair Wiseman on September 03, 2004, 06:48:27 PM
Cassino Palazzo... Yup, i'm getting that too.
Panda... good stuff but not that good, www.trendmicro.com on the other hand reaches the parts other PAndas cannot reach.. lol
But.. theres a problem. It will detect the problems, such as bloodhound.w32 which seems to be the end product of the Palazzo'r'us popup, but it wont kill it. And, theres another. I'm getting an error when i run NOD32 anti virus telling me that a file c:\pagefile.sys access denied [4] n its being used by another user / operating system. bizarre. even in safe mode with the restore turned off, nothing doing. Adaware, Spybot, Spyblaster, still wont remove it.
Anyone throw any light on this? I'm asking on other forums too, and will share info as and when i get it. lol. alternatively add me on msn as aliwisemanEmail Removed and gimme a yell, or email same place.
Toodle Pip.
Alistair Wiseman
Post by: jc on September 05, 2004, 12:31:12 PM
[email protected] - he's in denmark if someone wants to get him - I can't swim that far....
Post by: Guest on September 05, 2004, 12:49:51 PM
read this
http://securityresponse.symantec.com/avcen...d.inflated.html (http://\"http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.inflated.html\")
Post by: R.Willem on September 22, 2004, 09:28:55 AM
I got here looking for a solution to my ESRS.EXE problem.
It's a virusfile I can't remove. Nor can Norton, AdAware and Stinger.
It souds quite similar to what is dicussed above. Are we talking about the same?
Even taking the Harddisc out and removing the file using an other machine, didn't prevent the file from coming back.
It's got nothing to do with Palazzo (as far as I know) on my machine. How did I get it and how do I get rid of it? Please help.
/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' /> /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />