Identity Theft Follow-Up Question

[mutefan]

I've posted on this group several weeks ago regarding identity theft.
If anyone can identify whether the inability to delete the following
program (an interactive display-monitor "cat" downloaded for a young
relative over Christmas) could be malware, spyware, or benign, I'd be
particularly grateful. The laptop is going back to the manufacturer,
and I'm considering a hard drive wipe-out I'd really rather avoid.

http://www.siambalirags.com/

Thank you.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've posted on this group several weeks ago regarding identity theft.
If anyone can identify whether the inability to delete the following
program (an interactive display-monitor "cat" downloaded for a young
relative over Christmas) could be malware, spyware, or benign, I'd be
particularly grateful. The laptop is going back to the manufacturer,
and I'm considering a hard drive wipe-out I'd really rather avoid.

Well I gave it a look and couldn't find any evidence of that program doing
wrong but its vendor, http://www.adtoolsinc.com/ , does seem to produce
spyware programs. Try doing a web search for "adtoolsinc spyware".

http://www.fbmsoftware.com/spyware-...onResults~id~805~application~ScreenMates.html

"Description:
Screen Mates (http://www.adtoolsinc.com) are small executable programs
distributed through e-mail. They display a humorous presentation, followed
by one or more banner ads. These banners are embedded in the application
and when clicked, will take you to a pre-defined web page. Newer versions
of the software silently connect to the Internet and exchange information
with a remote server."

I saw no evidence of Felix trying to connect to the Internet although I
believe it is linked into some Windows DLLs that provide Internet
connection of some sort.

If you can't delete it this could be a result of it running - I haven't
read your original thread but have you tried starting the computer in Safe
Mode and deleting it?

HTH

Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDziKU7uRVdtPsXDkRAhuTAJ9OMWDRhwa/r2GghVO8HCSdYZU4tACfeL/e
yl/K47apJH3QQYRYesp7sjk=
=S9bi
-----END PGP SIGNATURE-----

 

[mutefan]

I saw no evidence of Felix trying to connect to the Internet although I
believe it is linked into some Windows DLLs that provide Internet
connection of some sort.

If you can't delete it this could be a result of it running - I haven't
read your original thread but have you tried starting the computer in Safe
Mode and deleting it?

Adam, thanks. If I had a nickel for the times I've tried to boot my
laptop in Safe Mode following age-old F8/F8/F8 instructions--and
FAILED--I'd-- Well, I'd have quite a few nickels. I'll have to see if
IBM has a special protocol for booting in Safe Mode.

Again, thank you.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam, thanks. If I had a nickel for the times I've tried to boot my
laptop in Safe Mode following age-old F8/F8/F8 instructions--and
FAILED--I'd-- Well, I'd have quite a few nickels. I'll have to see if
IBM has a special protocol for booting in Safe Mode.

If you can't get Safe Mode working (which would be worth learning how to
do!) try using the Task Manager or Ctrl-Alt-Del menu (depending on Windows
version) and ending "felix.exe". If there's no sign of it or you can't, try
using Sysinternals' AutoRuns[1] to locate and delete/turn off the program's
"start with Windows" entry.

[1] http://www.sysinternals.com/Utilities/Autoruns.html

Cheers,


Adam.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDzk4A7uRVdtPsXDkRAg2LAJ0dJ0ICur0yFcwwHuZ2PeWoQ86uNgCdFjIX
W13EVeh6tvnMVPY9AtfXozg=
=WqXy
-----END PGP SIGNATURE-----

 

[Hoosier Daddy]

Adam, thanks. If I had a nickel for the times I've tried to boot my
laptop in Safe Mode following age-old F8/F8/F8 instructions--and
FAILED--I'd-- Well, I'd have quite a few nickels. I'll have to see if
IBM has a special protocol for booting in Safe Mode.

The "Safe Mode" thing is an OS thing. IBM may have a special relationship
with the BIOS or other firmware, but the OS software would provide the
way into safe mode. Some OS software is kept from version to version to
provide backward compatibility, so I wonder if this legacy code from the
Win95 "Safe Mode" feature is retained in later (even NT?) versions. Try
holding down the shift key while the OS is booting.

It would be interesting to know what versions of Windows this still works
on.

 

[Patrick Keenan]

Adam, thanks. If I had a nickel for the times I've tried to boot my
laptop in Safe Mode following age-old F8/F8/F8 instructions--and
FAILED--I'd-- Well, I'd have quite a few nickels. I'll have to see if
IBM has a special protocol for booting in Safe Mode.

Again, thank you.

Actually, XP does. It's a checkbox in MSCONFIG.

Go to Start, Run, type MSCONFIG and press enter. Click on the BOOT.INI tab
and check "/SAFEBOOT". Click OK, and restart the system.

When done, simply rerun MSCONFIG and remove the checkbox.

HTH
-pk

 

[louise]

Actually, XP does. It's a checkbox in MSCONFIG.

Go to Start, Run, type MSCONFIG and press enter. Click on the BOOT.INI tab
and check "/SAFEBOOT". Click OK, and restart the system.

When done, simply rerun MSCONFIG and remove the checkbox.

HTH
-pk

I've used this and it works fine.

Louise

 

[mutefan]

Thanks, everyone. F8 finally worked. Felix the Cat is g-o-n-e, and
now I feel kind of guilty for getting rid of him. Equal time for
dogs--now I must get rid of the equally adorable Must Love Dogs film
screensaver.

Can one assume that *any* program downloaded from the Internet is
benign? I am so gun-shy now, re-registering all private financial,
personal, and medical information on pertinent sites. If anyone can
refer me to the best layperson-friendly site where I can get a full
explanation of "trojans" and how they operate, at least I would feel I
am not fighting my identity thiefs entirely blind.

What I do not understand is how a major technology company could tell
me my social security number has been co-opted by someone (whom they
won't identify), somewhere (which they won't specify), for merchandise
(whose nature I cannot learn), at some point in time (when is entirely
a mystery)...and then not have my credit destroyed with the major
credit bureaus. I have had my checking account misappropriated online
to pay a huge cell phone bill at Cingular; the checking account
information has nothing to do with my social security number. I cannot
discern how one identity thief could rape you with a social security
number misappropriation and another with account numbers that are not
connected to that federal item.

An FBI agent told me--I am not making this up--that identity thiefs, no
matter how large the scope or potentially germane the theft may be to
national security issues, may or MAY NOT be investigated. This young
woman said "Do you want me to tell you what you want to hear or do you
want to know the truth? The truth is that your case may not be
investigated at all." That would be fine with me if I could defend my
computer, but I don't know where the attack has come from.

I'm writing all this not because this is a Lonely Tech Hearts'
newsgroup but because I do not know where this assault on all my
personal information eminated from. I am terrified and overwhelmed by
the idea of going back to pre-Net days in regard to managing personal
finance and correspondence. .

 

[Larry Sabo]

Actually, XP does. It's a checkbox in MSCONFIG.

Go to Start, Run, type MSCONFIG and press enter. Click on the BOOT.INI tab
and check "/SAFEBOOT". Click OK, and restart the system.

When done, simply rerun MSCONFIG and remove the checkbox.

HTH

A more convenient way would be to use BootSafe:
http://www.softpedia.com/get/System/Boot-Manager-Disk/BootSafe.shtml

Larry

 

[cquirke (MVP Windows shell/user)]

An FBI agent told me--I am not making this up--that identity thiefs, no
matter how large the scope or potentially germane the theft may be to
national security issues, may or MAY NOT be investigated.

Not my government (or rather, not supposed to be) but AFAIK the FBI
investigate only when financial impact exceeds a particular value.

That's why it's so safe for perps to rob just under that threshold
from thousands of places; if no two victims are connected, the damage
never attracts FBI interest, and if no-one investigates, the chances
of two victims being linked to the same perp are small.

---------- ----- ---- --- -- - - - -

Don't pay malware vendors - boycott Sony

 

[mutefan]

Not my government (or rather, not supposed to be) but AFAIK the FBI
investigate only when financial impact exceeds a particular value.

That's why it's so safe for perps to rob just under that threshold
from thousands of places; if no two victims are connected, the damage
never attracts FBI interest, and if no-one investigates, the chances
of two victims being linked to the same perp are small.

Thanks for letting me know this. I just wish there was some Public
Service Announcement on t.v. that followed all those hardy-har-har
Citibank (et al) commercials about identity theft.

It's *real* comforting knowing that DELL refused me credit based on the
fact my social security number is actually a "business account" in
arrears over sixty days--multiple accounts--but refuse to identify who,
what, when, where, or how. Or report this to any of the credit
bureaus. For all I know, the technology "I" paid for--according to
them--may be in a cave somewhere in a "-stan" far far away.

I'm so glad we have a Department of Homeland Security.

 

[Max Wachtel]

AKA (e-mail address removed) on 1/18/2006 in

Adam, thanks. If I had a nickel for the times I've tried to boot my
laptop in Safe Mode following age-old F8/F8/F8 instructions--and
FAILED--I'd-- Well, I'd have quite a few nickels. I'll have to see
if IBM has a special protocol for booting in Safe Mode.

Again, thank you.

******************Reply Separator*************************

I have a program listed on my site that will make booting into
safe-mode easy for you. It is called BootSafe,written by Nick
Skrepetos. You can find a link to it here:
http://home.neo.rr.com/manna4u/
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Specific Fixes: http://home.neo.rr.com/manna4u/fixes.html
Forums for HiJackThis Logs:
http://home.neo.rr.com/manna4u/forums_for_hijackthis_logs.html
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236