j0r.biz

[Guest]

When I use my dial up once connected IE6 automatically starts up and directs
to this site. Then I get a large amount of data beiung passed both ways via
the connection. Have downloaded latest virus defs but has not identified any
virus. Can anyone help ?

 

[Frank Saunders, MS-MVP IE/OE]

When I use my dial up once connected IE6 automatically starts up and
directs to this site. Then I get a large amount of data beiung passed
both ways via the connection. Have downloaded latest virus defs but
has not identified any virus. Can anyone help ?

First eliminate any spyware.
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

CAUTION!!!!! Removing some spyware can damage the Winsock stact. Before
you try to remove spyware using any of these programs , download a copy of
LSP-Fix - a free program to repair damaged Winsock 2 stacks (all Windows
versions)
http://www.cexx.org/lspfix.htm
Winsockfix for W95, W98, ME, NT, 2000, XP
http://www.tacktech.com/pub/winsockfix/WinsockFix.zip
Directions here: http://www.tacktech.com/display.cfm?ttid=257
WinXP:
Get WinSockxpFix
http://www.spychecker.com/program/winsockxpfix.html
How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/kb/299357
In WinXP SP2: You can fix Winsock by going to Start | Run and typing
CMD
In the command window type
netsh winsock reset

See
Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated with the program's update function
before every use, even when just downloaded. There's also a lot more to do
than just those two programs. CWShredder is also available here:
http://www.intermute.com/products/cwshredder
**Post your HijackThis log to
http://www.spywareinfo.com/forums/
http://forums.tomcoyote.org/
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/ or the Spyware forum at
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.

See this link for information about malware:
http://arstechnica.com/articles/paedia/malware.ars

If nothing there helps, please post back to this thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/

 

[computerdoc53]

When I use my dial up once connected IE6 automatically starts up and directs
to this site. Then I get a large amount of data beiung passed both ways via
the connection. Have downloaded latest virus defs but has not identified any
virus. Can anyone help ?

 

[computerdoc53]

When I use my dial up once connected IE6 automatically starts up and directs
to this site. Then I get a large amount of data beiung passed both ways via
the connection. Have downloaded latest virus defs but has not identified any
virus. Can anyone help ?

I'm having same exact problem. Have searched google and only find info
in German. Translated it but still no help. This must be very new
problem. I have used spybot and adaware to no avail....Help

 

[jim]

and


I'm having same exact problem. Have searched google and only find info
in German. Translated it but still no help. This must be very new
problem. I have used spybot and adaware to no avail....Help

Don't know if this will help, but we recently started seeing this after
patching computers for one of the recent w32.spybot varients (don't
know which one). We see a yahoo page which is current, but spoofed
(there's another page "underneath" it). There's very little info on the
spybot virus and nothing on this...I hate beta testing viruses....

 

[thagland]

Don't know if this will help, but we recently started seeing this after
patching computers for one of the recent w32.spybot varients (don't
know which one). We see a yahoo page which is current, but spoofed
(there's another page "underneath" it). There's very little info on the
spybot virus and nothing on this...I hate beta testing viruses....

Saw this on my fiances work computer, it's a POS with a dialup to ATT
worldnet, XP home editions sp1. Ad-Aware, spybot, norton all come up
empty. Posted a spoof report to yahoo, but the problem still remains.

 

[Marritt]

I had this problem - it connected to j0r.biz and appeared to send lots
of data - hung up the machine etc.

After several failed attempts with other tools I installed

ad-aware from
<a href="http://www.lavasoftusa.com/"</a> - this appeared to remove
it, although it didn't identify anything but a handfull of changed
registry settings

I also installed a freeware firewall - fromOutpost
<a href="http://www.agnitum.com/download/outpostfree.html"</a>

 

[phillip_goldsmith]

I have been researching this little annoying gem J0r.BIZ for a week
now. I think I have found the offending article.

Back up your registry, then restart computer in safe mode. search your
registry for a file NEOMONAP23.exe or N3MONAP23.exe. It normally hides
in

HKLM-software-microsoft-windows-run commands and same place in HKCU.

Delete all the entries you find, I found three entries in my registry.
Restart the PC and hey presto!! You are rid of it.

Good luck.