Spyquakeware is back!!!

  • Thread starter Thread starter news.rcn.com
  • Start date Start date
N

news.rcn.com

Sorry to repost, guys but the removal method worked really well and the
system was fine for about three days

Today Spyquakeware is back again in all its glory with all its multiple
popups and annoying critical system errors.

I know how to remove it from my earlier posting but I am reposting to see if
anyone knows what let it through? How do I stop it and do I need to move
away from AVG? Or do I just need to update my hosts file or spybot's
immunisation database? Is it combating any new Spybot immunisation database
yet?

And WHAT is the phone number of the government agency to whom to report this
virus? (Simply because of its effects and the time it take to remove and the
paroxysms one has to go through to do this, I don't accept the assertion
that this isn't a virus, it's merely spyware or adware. In its Critical
System Error IT CALLS ITSELF A VIRUS!)
 
Today Spyquakeware is back again in all its glory with all its multiple
popups and annoying critical system errors.
Click to expand...

What version(s) of Java do you have installed? If it's less than
jre-1_5_0_07, uninstall all current versions (ensure the java
directory under "Program Files" is empty, and then install the
lastest version from http://www.java.com.

Regards, Dave Hodgins
 
On that special day said:
if
anyone knows what let it through? How do I stop it and do I need to move
away from AVG?
Click to expand...

Don't use internet Explorer, switch to a mozilla flavour (Firefox,
Seamonkey), or Opera. The IE loopholes are very well known among
malware programmers, and their target of choice.

See the latest Microsoft Windows Update details for more information.


Gabriele Neukam

(e-mail address removed)
 
Thanks guys but I had already done all of that last time and don't use IE
any more. As far as I can see, this virus seems to propagate itself by IE
being installed rather than being in use. (I DO use a highly updated
Firefox).

I suppose it might be coming in through a vulnerability in Outlook's browser
capability but MS doesn't seem to know much about how Outlook does and/or
doesn't work. I currently have a thread out there asking them why it
constantly thinks it wasn't closed properly last time and despite lots of
people having chimed in with reports of the same problem, no one seems to
know the answer.

Again, I wonder if this has anything to do with the constant spywarequake
infestations?
 
David W. Hodgins replied to "news.rnc.com":
What version(s) of Java do you have installed? If it's less than
jre-1_5_0_07, uninstall all current versions (ensure the java
directory under "Program Files" is empty, and then install the
lastest version from http://www.java.com.
Click to expand...

I'm not having problems with malware right now, but:
Using W2K (SP4, German version, current updates) I've checked my Java
Runtime version in the control panel. It says "Version 1.5.0 (Build
1.5.0_06-b05)". When I click on the "Update now" button it says
something like "On this system the current Java platform is already
installed".

A look at the German version of the java.com website confirms what you
wrote. There is a newer version, which I've downloaded right now. Why
didn't the update-option find the new version? Any idea?

Gabriela
 
C:\Program Files\Common Files\Y1123OA.exe\Y1123OA.exe ... Found potentially
unwanted program Adware-ClickSpring.
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\winayt32.dll ... Found the BackDoor-CVT trojan !!!
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\967189b5.exe ... Found the Generic Downloader.ab trojan
!!!
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\rmzdzx.dll ... Found the FakeAlert-B trojan !!!
The file or process has been deleted.
C:\Documents and Settings\Valued Sony Customer\Local Settings\Application
Data\967189b5.exe ... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0057498.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0057503.exe
.... Found the Puper trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0057538.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058585.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058545.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058550.exe
.... Found the Puper trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058568.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP344\A0058611.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP344\A0058625.exe
.... Found the Puper trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP344\A0058717.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP345\A0060718.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0060741.exe
.... Found potentially unwanted program PrcViewer.
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0060866.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061072.exe\A0061072.exe
.... Found potentially unwanted program Adware-ClickSpring.
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061073.dll
.... Found the BackDoor-CVT trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061074.exe
.... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061075.dll
.... Found the FakeAlert-B trojan !!!
The file or process has been deleted.
 
news.rcn.com said:
C:\Program Files\Common Files\Y1123OA.exe\Y1123OA.exe ... Found
potentially unwanted program Adware-ClickSpring.
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\winayt32.dll ... Found the BackDoor-CVT trojan !!!
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\967189b5.exe ... Found the Generic Downloader.ab
trojan !!!
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\rmzdzx.dll ... Found the FakeAlert-B trojan !!!
The file or process has been deleted.
C:\Documents and Settings\Valued Sony Customer\Local Settings\Application
Data\967189b5.exe ... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0057498.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0057503.exe
... Found the Puper trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0057538.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058585.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058545.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058550.exe
... Found the Puper trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP343\A0058568.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP344\A0058611.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP344\A0058625.exe
... Found the Puper trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP344\A0058717.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP345\A0060718.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0060741.exe
... Found potentially unwanted program PrcViewer.
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0060866.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061072.exe\A0061072.exe
... Found potentially unwanted program Adware-ClickSpring.
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061073.dll
... Found the BackDoor-CVT trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061074.exe
... Found the Generic Downloader.ab trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{0F20BA62-02EA-4B67-BE33-AE5D6F74EF90}\RP346\A0061075.dll
... Found the FakeAlert-B trojan !!!
The file or process has been deleted.
Click to expand...
 
From: "news.rcn.com" <news.rnc.com>

| Thanks guys but I had already done all of that last time and don't use IE
| any more. As far as I can see, this virus seems to propagate itself by IE
| being installed rather than being in use. (I DO use a highly updated
| Firefox).
|
| I suppose it might be coming in through a vulnerability in Outlook's browser
| capability but MS doesn't seem to know much about how Outlook does and/or
| doesn't work. I currently have a thread out there asking them why it
| constantly thinks it wasn't closed properly last time and despite lots of
| people having chimed in with reports of the same problem, no one seems to
| know the answer.
|
| Again, I wonder if this has anything to do with the constant spywarequake
| infestations?

You or someone is NOT practicing safe Hex on the computer and you are getting re-infected
with ZLob/Puper/FakeAlert Trojans and causing the SpywareQuake malware to be installed.

You need to amke sure *all( software is up-to-date with patches/hotfixes and you must secure
the platform !
 
From: "news.rcn.com" <news.rnc.com>

| C:\Program Files\Common Files\Y1123OA.exe\Y1123OA.exe ... Found potentially
| unwanted program Adware-ClickSpring.
| The file or process has been deleted.
| C:\WINDOWS\SYSTEM32\winayt32.dll ... Found the BackDoor-CVT trojan !!!
| The file or process has been deleted.
| C:\WINDOWS\SYSTEM32\967189b5.exe ... Found the Generic Downloader.ab trojan
| !!!
| The file or process has been deleted.
| C:\WINDOWS\SYSTEM32\rmzdzx.dll ... Found the FakeAlert-B trojan !!!
| The file or process has been deleted.

< snip >

Oh, there 'ya go a FakeAlert Trojan and Donloader Trojans !
 
You need to amke sure *all( software is up-to-date with patches/hotfixes
and you must secure
the platform !
Click to expand...
Not sure what else i can do: Symantec and GRC checks seem to be telling me
that i am pretty well protected already. If this wont do (which it seems it
wont), what else can I try?
 
news.rcn.com said:
Thanks guys but I had already done all of that last time and don't use IE
any more. As far as I can see, this virus seems to propagate itself by IE
being installed rather than being in use. (I DO use a highly updated
Firefox).

I suppose it might be coming in through a vulnerability in Outlook's browser
capability but MS doesn't seem to know much about how Outlook does and/or
doesn't work.
Click to expand...

well, here's a little tidbit... outlook uses IE to render your emails...
so if you're still using outlook (and you haven't turned off html
rendering entirely - if that's even possible) then you are in fact still
using IE...
 
[QUOTE=""news.rcn.com said:
You need to amke sure *all( software is up-to-date with patches/hotfixes
and you must secure
the platform !
Click to expand...
Not sure what else i can do: Symantec and GRC checks seem to be telling me
that i am pretty well protected already. If this wont do (which it seems it
wont), what else can I try?[/QUOTE]

You got your firewall on? With no stupid exceptions?
You got passwords on ALL usernames on the machine, including Administrator which is
only visible (to you) in Safe Mode?
Disabled remote login?
Disabled Remote Assistance Requests?
 
kurt wismer said:
well, here's a little tidbit... outlook uses IE to render your emails...
so if you're still using outlook (and you haven't turned off html
rendering entirely - if that's even possible) then you are in fact still
using IE...
Click to expand...
I suspected that was the case: then there is a serious deficiency in AVG if
it doesn't take account of this? I was wondering why NIS always told me
that it had detected a virus coming in while downloading email and was
deleting it whereas AVG SEEMS to work independently of Outlook and tells me
it has found this virus in some temp folder. Or is it constantly scanning
and hopefully finding these things before they do any damage? Isn't the
point of a virus that the person writing it will find a way of hiding it
from AV software if it is already installed somewhere on the system? Or does
AVG detect them before that stage and put them in those folders? (seems
unlikely if those folders are temporary internet folders?)

MEANWHILE Dateline Fri 16th June 8.45 am: AVG suddenly decided to update
itself and run a full scan and HEY PRESTO they must be reading these posts:
it has suddenly started to detect the zlob trojan downloader!! 8 of them
including two .exe files. I suppose it is an open question now whether it
would have been aware of the BackDoor-CVT trojan, the FakeAlert-B trojan,
the Generic Downloader.ab trojan, or the Puper trojan? But am I being
churlish in wondering why it let them in in the first place for McAfee to
find? They all sound pretty dangerous to me?

And does it still feel the need to ignore the potentially unwanted program
Adware-ClickSpring, and the potentially unwanted program PrcViewer which
in slowing down my system were certainly acting like viruses?
 
A look at the German version of the java.com website confirms what you
wrote. There is a newer version, which I've downloaded right now. Why
didn't the update-option find the new version? Any idea?
Click to expand...

Don't know why it didn't update, but the English version of xp behaves
exactly like you describe with the German version of win2k. I updated
it manually too and this version also reckons it's the latest version.


Jim.
 
James Egan said:
Don't know why it didn't update, but the English version of xp behaves
exactly like you describe with the German version of win2k. I updated
it manually too and this version also reckons it's the latest version.


Jim.
Click to expand...

Same thing here with Win98SE...

Chas.
 
MEANWHILE Dateline Fri 16th June 8.45 am: AVG suddenly decided to update
itself and run a full scan and HEY PRESTO they must be reading these
posts: it has suddenly started to detect the zlob trojan downloader!! 8 of
them including two .exe files. I suppose it is an open question now
whether it would have been aware of the BackDoor-CVT trojan, the
FakeAlert-B trojan, the Generic Downloader.ab trojan, or the Puper trojan?
But am I being churlish in wondering why it let them in in the first place
for McAfee to find? They all sound pretty dangerous to me?

And does it still feel the need to ignore the potentially unwanted program
Adware-ClickSpring, and the potentially unwanted program PrcViewer
which in slowing down my system were certainly acting like viruses?
Click to expand...


AVG up-daters for the past week have included at least 4 variants of the
Zlob - together with any number of other nasties.
These variants are being churned out by an automatic engine, and the AV
companies are playing catch-up. Unless YOU moderate YOUR surfing/email
habits, you WILL get infected again - guaranteed! - even with the world's
best kit and software.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
From: "news.rcn.com" <news.rnc.com>

|| Not sure what else i can do: Symantec and GRC checks seem to be telling me
| that i am pretty well protected already. If this wont do (which it seems it
| wont), what else can I try?
|

Change the motive operandi of the way you or your family use the computer.
 
From: "Noel Paton" <[email protected]>


| AVG up-daters for the past week have included at least 4 variants of the
| Zlob - together with any number of other nasties.
| These variants are being churned out by an automatic engine, and the AV
| companies are playing catch-up. Unless YOU moderate YOUR surfing/email
| habits, you WILL get infected again - guaranteed! - even with the world's
| best kit and software.
|

The organization(s) that are generating ZLob installer packages (well known to be fake Codec
installers with Internet Domins with "codec" in the name) are auto-generating numerous
variants. They are being generated faster than the AV companies are able to create
signature files for. It took six weeks to get McAfee to recognize these installers using
Heuristics as "New Malware N" and more specififically as "ZLob.dr". This is a tough battle
that the AV companies are "just" starting to cope with.
 
news.rcn.com said:
(Yes, I suspected it was nothing whatsoever to do with the slightly
offensively posted suggestion of moderating surfing habits)
Click to expand...


No what I said was perfectly valid.
It's YOUR surfing habits that get you to sites where these trojans are being
distributed - and until you realise that, then your system is never going to
be 'safe'.

You put your finger in the fire, it got burned.....you then went back and
put the same finger in the same fire?? and you're surprised you got burned
again???

What I said was not intended to be offensive - but if the cap fits, wear
it - it was intended to remind you that your safety on the Internet is YOUR
responsibility, and you can't just install a piece of software and then run
crying to mummy because the nasty software didn't stop you putting your
finger in the fire again.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
news.rcn.com said:
And WHAT is the phone number of the government agency to whom to report this
virus? (Simply because of its effects and the time it take to remove and the
paroxysms one has to go through to do this, I don't accept the assertion
that this isn't a virus, it's merely spyware or adware. In its Critical
System Error IT CALLS ITSELF A VIRUS!)
Click to expand...


Are you developmentally challenged?
 
Back
Top