comp keeps timing out.

square/circle wrote:
MEB wrote:
square/circle wrote:
Hello,

Have encountered a problem that has been happening for the last month. \
(Win98SE, Dun,)
Problem is my connection seems to time-out after about 10 minutes of
non-use. It is okay if it is being used.

Spent the last week trouble-shooting, including an absolute confirmation
from my Isp that the problem is not at their end.

In 'modem' via control-panel, there was/is a box that allows for a
nominated time before a computer disconnects if not being used, and as
long as I can remember it has always been greyed-out.
My Isp and I decided it might be a good idea to activate the box and
enter 300 minutes. (of which is the 5 hour block I get from my Isp)

Is there any other setting I may have missed? Is there any reason at all
why this has suddenly started doing this?

Thank you for replies.

S/C.

It would help if you provide more information if you wish group help.

1. What ISP/service are you using?

2. What other settings have you modified?

3. What is the update status, and is this a "officially" updated system?

4. What is the type of modem or connection being used?


Hello,,
I will try to answer some questions, and also tell of another factor
that I forgot.
First, the one I forgot:: The connection itself seems to not actually
be disconnecting as the icon remains near the clock(task bar). If I go
to use my house phone during these periods, I still don't get a dial
tone, of which is par for the course when I am connected to the net.
Also, I have been using the same Isp with the same settings (untouched)
for over 5 years, and said, this problem only popped up a month ago,
hence me asking Isp if anything had changed on their end.
-------

1)Am using a simple dial-up service.
2)I havent modified any settings at all, never had a need to.
3)If you mean are all windows updates for 98SE up to date, no they are
not, there are probably a few missing.(but again, no problems in 5yrs.)
4)The modem is an 'external box'. 56k v90. I get data transfer at 44,000
bps.
5)Have never had a firewall, and still dont. I do have Kerio stashed in
a folder, but from what I have read(lurking and otherwise) a software
firewall useless, and only a router can give adequate protection.(no, I
dont have one of those either... never had a need.)

Hope this is enough.

S/C

Well, the days of no firewall ended several years ago... if it was ever
viable... my guess is you have the usual China, Taiwan, Philippine,
Russian, and Brazilian IPs hanging around your connection...

Might want to Check for virus and spyware, and run HighJackThis and
check for potential malware and BHO issues. If your using Flash at all,
you've probably been hacked..

The firewall adds another benefit, it allows you to monitor what IPs
are connected *to* you, and what protocols and ports are being used..
and no, a software firewall is not useless, it happens to be your ONLY
real protection available when on dial-up Phone line service. And to
disable a firewall externally [or internally for that matter], generally
kills the access and pops-up a warning from the firewall [had it happen
more than once].
Used in conjunction with a good HOSTS file, something like Spyware
Blaster, and anti-virus software you at least stand a small chance of
being able to run 9X in the wild of the Internet. Otherwise you tend to
be added to the pools of thousands of Zombied computers or bot farms, or
end up passing around bad stuff to others... or end up with some of the
newer hacks for 9X like the recent hard drive destroyers..

You might want to remove and re-install your modem driver,, what is it
a 3Com/USR? [e.g., what manufacturer?]

Is it comm port or USB?

How about a short description of what you worked through with your ISP.

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

Well, the days of no firewall ended several years ago... if it was ever
viable... my guess is you have the usual China, Taiwan, Philippine,
Russian, and Brazilian IPs hanging around your connection...

Might want to Check for virus and spyware, and run HighJackThis and
check for potential malware and BHO issues. If your using Flash at all,
you've probably been hacked..

The firewall adds another benefit, it allows you to monitor what IPs
are connected *to* you, and what protocols and ports are being used..
and no, a software firewall is not useless, it happens to be your ONLY
real protection available when on dial-up Phone line service. And to
disable a firewall externally [or internally for that matter], generally
kills the access and pops-up a warning from the firewall [had it happen
more than once].
Used in conjunction with a good HOSTS file, something like Spyware
Blaster, and anti-virus software you at least stand a small chance of
being able to run 9X in the wild of the Internet. Otherwise you tend to
be added to the pools of thousands of Zombied computers or bot farms, or
end up passing around bad stuff to others... or end up with some of the
newer hacks for 9X like the recent hard drive destroyers..

You might want to remove and re-install your modem driver,, what is it
a 3Com/USR? [e.g., what manufacturer?]

Is it comm port or USB?

How about a short description of what you worked through with your ISP.

Hello,
It seems I have a bit of work to do then. I was considering getting a
router as soon as I can get some money together, but perhaps for now I
will instal Kerio.
I constantly use, update, and run "Spybot, Spyware Blaster, and Avast".
Am not sure I understand Hosts-File, will google for it.
The conversation with Isp merely boiled down to them saying the problem
was not at their end and they had done nothing to change anything. The
only thing we did agree on was for me to set the time-out setting to
5hours, which is my allocated time anyway.
The modem is a 'Rockwell V90' and has never caused a problem. It is on
com port 2.

Now,, here comes a doozy, and I sure hope you can assist me with it.
I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago.
The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task
bar and went off to google for it, turns out it is not nice. After that
I went back to Spybot and told it to Fix it... then I rebooted and ran
Spybot again and it was not found.
But, and just for the hell of it, I went into the registry just now and
did a search for Fraudloader, and it found an entry. (I took a screen
shot of the registry in jpg format if you would like to look at it,
except I know jpg's arent allowed in this group.)
The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C

Well, the days of no firewall ended several years ago... if it was ever
viable... my guess is you have the usual China, Taiwan, Philippine,
Russian, and Brazilian IPs hanging around your connection...

Might want to Check for virus and spyware, and run HighJackThis and
check for potential malware and BHO issues. If your using Flash at all,
you've probably been hacked..

The firewall adds another benefit, it allows you to monitor what IPs
are connected *to* you, and what protocols and ports are being used..
and no, a software firewall is not useless, it happens to be your ONLY
real protection available when on dial-up Phone line service. And to
disable a firewall externally [or internally for that matter], generally
kills the access and pops-up a warning from the firewall [had it happen
more than once].
Used in conjunction with a good HOSTS file, something like Spyware
Blaster, and anti-virus software you at least stand a small chance of
being able to run 9X in the wild of the Internet. Otherwise you tend to
be added to the pools of thousands of Zombied computers or bot farms, or
end up passing around bad stuff to others... or end up with some of the
newer hacks for 9X like the recent hard drive destroyers..

You might want to remove and re-install your modem driver,, what is it
a 3Com/USR? [e.g., what manufacturer?]

Is it comm port or USB?

How about a short description of what you worked through with your ISP.

Hello,
It seems I have a bit of work to do then. I was considering getting a
router as soon as I can get some money together, but perhaps for now I
will instal Kerio.
I constantly use, update, and run "Spybot, Spyware Blaster, and Avast".
Am not sure I understand Hosts-File, will google for it.
The conversation with Isp merely boiled down to them saying the problem
was not at their end and they had done nothing to change anything. The
only thing we did agree on was for me to set the time-out setting to
5hours, which is my allocated time anyway.
The modem is a 'Rockwell V90' and has never caused a problem. It is on
com port 2.

Now,, here comes a doozy, and I sure hope you can assist me with it.
I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago.
The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task
bar and went off to google for it, turns out it is not nice. After that
I went back to Spybot and told it to Fix it... then I rebooted and ran
Spybot again and it was not found.
But, and just for the hell of it, I went into the registry just now and
did a search for Fraudloader, and it found an entry. (I took a screen
shot of the registry in jpg format if you would like to look at it,
except I know jpg's arent allowed in this group.)
The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C

In message , square/circle
writes:
[]
It seems I have a bit of work to do then. I was considering getting a
router as soon as I can get some money together, but perhaps for now I
will instal Kerio.

Yes, KPF is a fairly simple, low-demand one - and it _is_ interesting to
find what of the software you have is "calling home", even if you don't
mind.

I constantly use, update, and run "Spybot, Spyware Blaster, and Avast".

Must be quite demanding via dialup these days - AV data files are
getting quite big. (I suspect McAfee wouldn't be viable via dialup!)

Am not sure I understand Hosts-File, will google for it.

It's a local form of DNS - the "directory enquiries" function which
translates www.xyz.com into 12.34.56.78 so your computer knows where to
look for any web page (and other things) you specify by name. Normally
you use a DNS server (usually two) at your ISP, but the hosts file keeps
a list on your machine, and it is a not uncommon practice to include
some "bad" sites in it with the wrong address (such as redirected back
to your own machine), so that should you ever be directed to one of them
- by a picture link in a web page, for example - your computer doesn't
actually go there.
[]
But, and just for the hell of it, I went into the registry just now and
did a search for Fraudloader, and it found an entry. (I took a screen
shot of the registry in jpg format if you would like to look at it,
except I know jpg's arent allowed in this group.)

URLs are, though - I'm assuming you have webspace, many dialup accounts
do. Though for a registry extract, you can usually export the bit you're
looking at, which makes a .reg file; don't double-click on a .reg file,
but it only contains text (so rename it to .txt). I can't remember
exactly how - I think it's something obvious like File | Export. (Make
sure you're highlighting only the bit you're interested in though, or it
makes a big file!)

The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C


I'm pretty sure MRU is most recently used: I think all that the registry
is recording, in this case, is that you recently did a "find" for it.
MRU lists in the registry (and possibly elsewhere) are just how the
system keeps a list of what you recently used, in this case in the
"find" function, in order to present them as a drop-down list to save
you typing should you want to use the same strings again subsequently.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

Real programmers don't document. If it was hard to write, it should be hard to
understand.

square/circle wrote:

Well, the days of no firewall ended several years ago... if it was ever
viable... my guess is you have the usual China, Taiwan, Philippine,
Russian, and Brazilian IPs hanging around your connection...

Might want to Check for virus and spyware, and run HighJackThis and
check for potential malware and BHO issues. If your using Flash at all,
you've probably been hacked..

The firewall adds another benefit, it allows you to monitor what IPs
are connected *to* you, and what protocols and ports are being used..
and no, a software firewall is not useless, it happens to be your ONLY
real protection available when on dial-up Phone line service. And to
disable a firewall externally [or internally for that matter], generally
kills the access and pops-up a warning from the firewall [had it happen
more than once].
Used in conjunction with a good HOSTS file, something like Spyware
Blaster, and anti-virus software you at least stand a small chance of
being able to run 9X in the wild of the Internet. Otherwise you tend to
be added to the pools of thousands of Zombied computers or bot farms, or
end up passing around bad stuff to others... or end up with some of the
newer hacks for 9X like the recent hard drive destroyers..

You might want to remove and re-install your modem driver,, what is it
a 3Com/USR? [e.g., what manufacturer?]

Is it comm port or USB?

How about a short description of what you worked through with your ISP.

Hello,
It seems I have a bit of work to do then. I was considering getting a
router as soon as I can get some money together, but perhaps for now I
will instal Kerio.
I constantly use, update, and run "Spybot, Spyware Blaster, and Avast".
Am not sure I understand Hosts-File, will google for it.
The conversation with Isp merely boiled down to them saying the problem
was not at their end and they had done nothing to change anything. The
only thing we did agree on was for me to set the time-out setting to
5hours, which is my allocated time anyway.
The modem is a 'Rockwell V90' and has never caused a problem. It is on
com port 2.

Now,, here comes a doozy, and I sure hope you can assist me with it.
I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago.
The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task
bar and went off to google for it, turns out it is not nice. After that
I went back to Spybot and told it to Fix it... then I rebooted and ran
Spybot again and it was not found.
But, and just for the hell of it, I went into the registry just now and
did a search for Fraudloader, and it found an entry. (I took a screen
shot of the registry in jpg format if you would like to look at it,
except I know jpg's arent allowed in this group.)
The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C



A couple of files found to include it:

33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E -
142,848 bytes

612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes

One delivery method and hacker availability appears to be within add-on
font packages [still letting IE or another browser download the fonts it
needs? you're susceptible to the hack].
Another via a pop-up which claims you are infected and offers to clean
it for you, installing the hack [are you actually *LOOKING carefully* at
that pop-up or did you think it came from your installed
Anti-Spyware/malware/virus program, guess what, some are designed to
*mimic* the programs' pop-ups found on your computer].
And yet another which claims you need to install a codex for some
reason [or passed in codex packages including it]...
And another which uses email such as "someone wants to be your friend"
or "you have to confirm" whatever, just click this link, or auto-loaded
with HTML and JAVA, etc...
Whereas when included in a Flash object you are rarely asked as you
have already authorized the activity...
The key is, this is an adaptable hack [as most malware/virus are] which
can be used or offered via ever changing methods.

Don't feel bad, virus/malware have even infected computers on the Space
Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just
about every computer anywhere on this planet, and *don't over-look* that
they have infected them. This is a war which is constantly being waged,
and at present the common user is reliant upon what other protections
CAN provide and they may be [are - particularly in 9X as the base of
security knowledgeable users is severely diminished] inadequate, having
to rely upon parties to first discover the hack *signature* AND whatever
variant it now comes in *AND the delivery method*.

Your
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
is you attempting to find the hack, note however that it can appear as
several different files and registry entries, or called via other
entries/applications, so what you attempted is inadequate to locate the
hack. You attempted to find the assigned data base *general
name/classification* which is *NOT* the hack.

Since you are still experiencing issues, you need to run some
additional malware searching/discovery programs as it is likely that
isn't the only one you have/had on your computer. Try highjackthis and
post what it finds in one of the *REPUTABLE* forums that will diagnose
it for you.
Perhaps *PA BEAR* or another will post those links again...

Please pick a good forum and make sure to follow EXACTLY what they ask
TO THE LETTER without arguing about WHY they want you to do whatever
[the good ones generally explain it anyway to help others that might
read the postings] or ignoring their suggestion/recommendation...

As for HOSTS: you will find information on the HOSTS file on the links
previously provided. Get one [MDGx has a good one, the MVPs offer one as
well] and use it for extra protection. Moreover, use a firewall,,, it is
impossible to get by without that additional layer of protection anymore...

Once you ensure your computer is clean we can help with any residuals
or other issues you may have.

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

square/circle wrote:

Well, the days of no firewall ended several years ago... if it was ever
viable... my guess is you have the usual China, Taiwan, Philippine,
Russian, and Brazilian IPs hanging around your connection...

Might want to Check for virus and spyware, and run HighJackThis and
check for potential malware and BHO issues. If your using Flash at all,
you've probably been hacked..

The firewall adds another benefit, it allows you to monitor what IPs
are connected *to* you, and what protocols and ports are being used..
and no, a software firewall is not useless, it happens to be your ONLY
real protection available when on dial-up Phone line service. And to
disable a firewall externally [or internally for that matter], generally
kills the access and pops-up a warning from the firewall [had it happen
more than once].
Used in conjunction with a good HOSTS file, something like Spyware
Blaster, and anti-virus software you at least stand a small chance of
being able to run 9X in the wild of the Internet. Otherwise you tend to
be added to the pools of thousands of Zombied computers or bot farms, or
end up passing around bad stuff to others... or end up with some of the
newer hacks for 9X like the recent hard drive destroyers..

You might want to remove and re-install your modem driver,, what is it
a 3Com/USR? [e.g., what manufacturer?]

Is it comm port or USB?

How about a short description of what you worked through with your ISP.

Hello,
It seems I have a bit of work to do then. I was considering getting a
router as soon as I can get some money together, but perhaps for now I
will instal Kerio.
I constantly use, update, and run "Spybot, Spyware Blaster, and Avast".
Am not sure I understand Hosts-File, will google for it.
The conversation with Isp merely boiled down to them saying the problem
was not at their end and they had done nothing to change anything. The
only thing we did agree on was for me to set the time-out setting to
5hours, which is my allocated time anyway.
The modem is a 'Rockwell V90' and has never caused a problem. It is on
com port 2.

Now,, here comes a doozy, and I sure hope you can assist me with it.
I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago.
The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task
bar and went off to google for it, turns out it is not nice. After that
I went back to Spybot and told it to Fix it... then I rebooted and ran
Spybot again and it was not found.
But, and just for the hell of it, I went into the registry just now and
did a search for Fraudloader, and it found an entry. (I took a screen
shot of the registry in jpg format if you would like to look at it,
except I know jpg's arent allowed in this group.)
The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C



A couple of files found to include it:

33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E -
142,848 bytes

612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes

One delivery method and hacker availability appears to be within add-on
font packages [still letting IE or another browser download the fonts it
needs? you're susceptible to the hack].
Another via a pop-up which claims you are infected and offers to clean
it for you, installing the hack [are you actually *LOOKING carefully* at
that pop-up or did you think it came from your installed
Anti-Spyware/malware/virus program, guess what, some are designed to
*mimic* the programs' pop-ups found on your computer].
And yet another which claims you need to install a codex for some
reason [or passed in codex packages including it]...
And another which uses email such as "someone wants to be your friend"
or "you have to confirm" whatever, just click this link, or auto-loaded
with HTML and JAVA, etc...
Whereas when included in a Flash object you are rarely asked as you
have already authorized the activity...
The key is, this is an adaptable hack [as most malware/virus are] which
can be used or offered via ever changing methods.

Don't feel bad, virus/malware have even infected computers on the Space
Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just
about every computer anywhere on this planet, and *don't over-look* that
they have infected them. This is a war which is constantly being waged,
and at present the common user is reliant upon what other protections
CAN provide and they may be [are - particularly in 9X as the base of
security knowledgeable users is severely diminished] inadequate, having
to rely upon parties to first discover the hack *signature* AND whatever
variant it now comes in *AND the delivery method*.

Your
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
is you attempting to find the hack, note however that it can appear as
several different files and registry entries, or called via other
entries/applications, so what you attempted is inadequate to locate the
hack. You attempted to find the assigned data base *general
name/classification* which is *NOT* the hack.

Since you are still experiencing issues, you need to run some
additional malware searching/discovery programs as it is likely that
isn't the only one you have/had on your computer. Try highjackthis and
post what it finds in one of the *REPUTABLE* forums that will diagnose
it for you.
Perhaps *PA BEAR* or another will post those links again...

Please pick a good forum and make sure to follow EXACTLY what they ask
TO THE LETTER without arguing about WHY they want you to do whatever
[the good ones generally explain it anyway to help others that might
read the postings] or ignoring their suggestion/recommendation...

As for HOSTS: you will find information on the HOSTS file on the links
previously provided. Get one [MDGx has a good one, the MVPs offer one as
well] and use it for extra protection. Moreover, use a firewall,,, it is
impossible to get by without that additional layer of protection anymore...

Once you ensure your computer is clean we can help with any residuals
or other issues you may have.

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C



A couple of files found to include it:

33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E -
142,848 bytes

612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes
----------------------------

I have no idea what the above means; is it registry related?

-------------------------------

One delivery method and hacker availability appears to be within add-on
font packages [still letting IE or another browser download the fonts it
needs? you're susceptible to the hack].
----------------------

Ah, now this I understand. As recent as the last week,(maybe a few days
more), I have loaded on Mozilla T/Bird as my newsreader. I have been
asking many questions in the Mozilla n/g regarding the reader as many
features I'm used to arent standard with T/Bird. One for instance, is
the ability to simply r/click and delete spam; when I tried to r/click
delete, it opened the friggin' thing, I was Not happy about this at all.
So, the people in the Mozilla group sent me off to d/load buttons upon
buttons upon buttons.... it really started to annoy me. 3 of the
buttons were not directly from the Mozilla site, but rather from 3rd
party sites. I am starting to get fed up with T/Bird already. Even in
O/E I could right click an un-opened mail, then properties, then
Details, then Msg source, followed by me being able to see what was in
the mail without even opening it. Afterward I would simply cancel my way
out and delete it if it was garbage.
I am also using F/Fox, and have been as long as I can remember, dont
even have a short cut on my d/top to Explorer,,, I loathe it.

-----------------
Another via a pop-up which claims you are infected and offers to clean
it for you, installing the hack [are you actually *LOOKING carefully* at
that pop-up or did you think it came from your installed
Anti-Spyware/malware/virus program, guess what, some are designed to
*mimic* the programs' pop-ups found on your computer].
And yet another which claims you need to install a codex for some
reason [or passed in codex packages including it]...
And another which uses email such as "someone wants to be your friend"
or "you have to confirm" whatever, just click this link, or auto-loaded
with HTML and JAVA, etc...
Whereas when included in a Flash object you are rarely asked as you
have already authorized the activity...
The key is, this is an adaptable hack [as most malware/virus are] which
can be used or offered via ever changing methods.
-------------------------

Nope, never get pop-ups and I am at least smart enough to avoid any
if ever I see one. Seriously, I do constant good computer housekeeping,
and am always on the lookout for crap and garbage.

---------------------

Don't feel bad, virus/malware have even infected computers on the Space
Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just
about every computer anywhere on this planet, and *don't over-look* that
they have infected them. This is a war which is constantly being waged,
and at present the common user is reliant upon what other protections
CAN provide and they may be [are - particularly in 9X as the base of
security knowledgeable users is severely diminished] inadequate, having
to rely upon parties to first discover the hack *signature* AND whatever
variant it now comes in *AND the delivery method*.
--------------

I understand. Its a coincidence that recently and during the same
week, we had two documentaries on telly relating to exactly the kind of
things you mention. They were as simple as showing how the poor ol' home
user is susceptable to virus's right up to DOD and including the most
likely countries the virii come from etc. One Russian mob threatened to
shut down the race-track unless they were paid lots of money, but the
race track refused on advice from the AFP and from Telstra... sure
enough, they shut down the races... place has gone broke now. Even
Telstra chimed in and said to tell them to F-off and that they would
deal with them, buuuuut, when the Russians hit again, they virtually
shut down Telstra too, so the wimps at Telstra said they wanted nothing
more to do with it. The feds eventually caught them though.

-------------

Your
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
is you attempting to find the hack, note however that it can appear as
several different files and registry entries, or called via other
entries/applications, so what you attempted is inadequate to locate the
hack. You attempted to find the assigned data base *general
name/classification* which is *NOT* the hack.

Since you are still experiencing issues, you need to run some
additional malware searching/discovery programs as it is likely that
isn't the only one you have/had on your computer. Try highjackthis and
post what it finds in one of the *REPUTABLE* forums that will diagnose
it for you.
Perhaps *PA BEAR* or another will post those links again...

Please pick a good forum and make sure to follow EXACTLY what they ask
TO THE LETTER without arguing about WHY they want you to do whatever
[the good ones generally explain it anyway to help others that might
read the postings] or ignoring their suggestion/recommendation...
-------------------

Yes, I do have Hijack This, (forgot to mention I have C/Cleaner
too.) but If I google for a forum, how will I know I've got a good one?

------------------

As for HOSTS: you will find information on the HOSTS file on the links
previously provided. Get one [MDGx has a good one, the MVPs offer one as
well] and use it for extra protection. Moreover, use a firewall,,, it is
impossible to get by without that additional layer of protection anymore...

Okay, will go to MDGx's site, I have it book-marked along with about
150 other sites relating to Win98.. I read a lot!

Once you ensure your computer is clean we can help with any residuals
or other issues you may have.

This may all take a day or two, so dont go away.

thank you.

S/C

The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C



A couple of files found to include it:

33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E -
142,848 bytes

612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes
----------------------------

I have no idea what the above means; is it registry related?

-------------------------------

One delivery method and hacker availability appears to be within add-on
font packages [still letting IE or another browser download the fonts it
needs? you're susceptible to the hack].
----------------------

Ah, now this I understand. As recent as the last week,(maybe a few days
more), I have loaded on Mozilla T/Bird as my newsreader. I have been
asking many questions in the Mozilla n/g regarding the reader as many
features I'm used to arent standard with T/Bird. One for instance, is
the ability to simply r/click and delete spam; when I tried to r/click
delete, it opened the friggin' thing, I was Not happy about this at all.
So, the people in the Mozilla group sent me off to d/load buttons upon
buttons upon buttons.... it really started to annoy me. 3 of the
buttons were not directly from the Mozilla site, but rather from 3rd
party sites. I am starting to get fed up with T/Bird already. Even in
O/E I could right click an un-opened mail, then properties, then
Details, then Msg source, followed by me being able to see what was in
the mail without even opening it. Afterward I would simply cancel my way
out and delete it if it was garbage.
I am also using F/Fox, and have been as long as I can remember, dont
even have a short cut on my d/top to Explorer,,, I loathe it.

-----------------
Another via a pop-up which claims you are infected and offers to clean
it for you, installing the hack [are you actually *LOOKING carefully* at
that pop-up or did you think it came from your installed
Anti-Spyware/malware/virus program, guess what, some are designed to
*mimic* the programs' pop-ups found on your computer].
And yet another which claims you need to install a codex for some
reason [or passed in codex packages including it]...
And another which uses email such as "someone wants to be your friend"
or "you have to confirm" whatever, just click this link, or auto-loaded
with HTML and JAVA, etc...
Whereas when included in a Flash object you are rarely asked as you
have already authorized the activity...
The key is, this is an adaptable hack [as most malware/virus are] which
can be used or offered via ever changing methods.
-------------------------

Nope, never get pop-ups and I am at least smart enough to avoid any
if ever I see one. Seriously, I do constant good computer housekeeping,
and am always on the lookout for crap and garbage.

---------------------

Don't feel bad, virus/malware have even infected computers on the Space
Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just
about every computer anywhere on this planet, and *don't over-look* that
they have infected them. This is a war which is constantly being waged,
and at present the common user is reliant upon what other protections
CAN provide and they may be [are - particularly in 9X as the base of
security knowledgeable users is severely diminished] inadequate, having
to rely upon parties to first discover the hack *signature* AND whatever
variant it now comes in *AND the delivery method*.
--------------

I understand. Its a coincidence that recently and during the same
week, we had two documentaries on telly relating to exactly the kind of
things you mention. They were as simple as showing how the poor ol' home
user is susceptable to virus's right up to DOD and including the most
likely countries the virii come from etc. One Russian mob threatened to
shut down the race-track unless they were paid lots of money, but the
race track refused on advice from the AFP and from Telstra... sure
enough, they shut down the races... place has gone broke now. Even
Telstra chimed in and said to tell them to F-off and that they would
deal with them, buuuuut, when the Russians hit again, they virtually
shut down Telstra too, so the wimps at Telstra said they wanted nothing
more to do with it. The feds eventually caught them though.

-------------

Your
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
is you attempting to find the hack, note however that it can appear as
several different files and registry entries, or called via other
entries/applications, so what you attempted is inadequate to locate the
hack. You attempted to find the assigned data base *general
name/classification* which is *NOT* the hack.

Since you are still experiencing issues, you need to run some
additional malware searching/discovery programs as it is likely that
isn't the only one you have/had on your computer. Try highjackthis and
post what it finds in one of the *REPUTABLE* forums that will diagnose
it for you.
Perhaps *PA BEAR* or another will post those links again...

Please pick a good forum and make sure to follow EXACTLY what they ask
TO THE LETTER without arguing about WHY they want you to do whatever
[the good ones generally explain it anyway to help others that might
read the postings] or ignoring their suggestion/recommendation...
-------------------

Yes, I do have Hijack This, (forgot to mention I have C/Cleaner
too.) but If I google for a forum, how will I know I've got a good one?

------------------

As for HOSTS: you will find information on the HOSTS file on the links
previously provided. Get one [MDGx has a good one, the MVPs offer one as
well] and use it for extra protection. Moreover, use a firewall,,, it is
impossible to get by without that additional layer of protection anymore...

Okay, will go to MDGx's site, I have it book-marked along with about
150 other sites relating to Win98.. I read a lot!

Once you ensure your computer is clean we can help with any residuals
or other issues you may have.

This may all take a day or two, so dont go away.

thank you.

S/C

square/circle wrote:

The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C



A couple of files found to include it:

33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E -
142,848 bytes

612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688
bytes
----------------------------

I have no idea what the above means; is it registry related?

No. Just two of the files that were discovered to contain that
fraudloader aspect... note the file differentials/sizes... and the first
would be normally shown as 33.tmp rather than as an exe...


-------------------------------

One delivery method and hacker availability appears to be within add-on
font packages [still letting IE or another browser download the fonts it
needs? you're susceptible to the hack].
----------------------

Ah, now this I understand. As recent as the last week,(maybe a few days
more), I have loaded on Mozilla T/Bird as my newsreader. I have been
asking many questions in the Mozilla n/g regarding the reader as many
features I'm used to arent standard with T/Bird. One for instance, is
the ability to simply r/click and delete spam; when I tried to r/click
delete, it opened the friggin' thing, I was Not happy about this at all.
So, the people in the Mozilla group sent me off to d/load buttons upon
buttons upon buttons.... it really started to annoy me. 3 of the
buttons were not directly from the Mozilla site, but rather from 3rd
party sites. I am starting to get fed up with T/Bird already. Even in
O/E I could right click an un-opened mail, then properties, then
Details, then Msg source, followed by me being able to see what was in
the mail without even opening it. Afterward I would simply cancel my way
out and delete it if it was garbage.
I am also using F/Fox, and have been as long as I can remember, dont
even have a short cut on my d/top to Explorer,,, I loathe it.


Well the T-bird thing is a gripe of mine as well, even the newest
version 3 beta isn't just what I think it should be..

You do know of the issues related to FF in 9X don't you,,, right after
end of support they DISCOVERED a major flaw in the base coding,,,
everyone BUT 9X user got the fix... and the fixes to the 2version were
extensive,, even the version 3 has lots of holes...

Had to remove FF and move back to Opera, at least its still supporting
9X and receiving further updates... now if it just had something like No
Script that didn't rely on cookies... [disabling JAVA works for that
aspect but not for the other stuff encountered out here].
Where the heck did the REAL coded browsers go to,, seems all the newer
ones use JAVA as their base coding...

-----------------
Another via a pop-up which claims you are infected and offers to clean
it for you, installing the hack [are you actually *LOOKING carefully* at
that pop-up or did you think it came from your installed
Anti-Spyware/malware/virus program, guess what, some are designed to
*mimic* the programs' pop-ups found on your computer].
And yet another which claims you need to install a codex for some
reason [or passed in codex packages including it]...
And another which uses email such as "someone wants to be your friend"
or "you have to confirm" whatever, just click this link, or auto-loaded
with HTML and JAVA, etc...
Whereas when included in a Flash object you are rarely asked as you
have already authorized the activity...
The key is, this is an adaptable hack [as most malware/virus are] which
can be used or offered via ever changing methods.
-------------------------

Nope, never get pop-ups and I am at least smart enough to avoid any if
ever I see one. Seriously, I do constant good computer housekeeping,
and am always on the lookout for crap and garbage.


Good, but even the best may get something at sometime... it happens...

---------------------

Don't feel bad, virus/malware have even infected computers on the Space
Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just
about every computer anywhere on this planet, and *don't over-look* that
they have infected them. This is a war which is constantly being waged,
and at present the common user is reliant upon what other protections
CAN provide and they may be [are - particularly in 9X as the base of
security knowledgeable users is severely diminished] inadequate, having
to rely upon parties to first discover the hack *signature* AND whatever
variant it now comes in *AND the delivery method*.
--------------

I understand. Its a coincidence that recently and during the same
week, we had two documentaries on telly relating to exactly the kind of
things you mention. They were as simple as showing how the poor ol' home
user is susceptable to virus's right up to DOD and including the most
likely countries the virii come from etc. One Russian mob threatened to
shut down the race-track unless they were paid lots of money, but the
race track refused on advice from the AFP and from Telstra... sure
enough, they shut down the races... place has gone broke now. Even
Telstra chimed in and said to tell them to F-off and that they would
deal with them, buuuuut, when the Russians hit again, they virtually
shut down Telstra too, so the wimps at Telstra said they wanted nothing
more to do with it. The feds eventually caught them though.


Well, that just a small segment of what goes on... most never makes the
news or is exposed...

-------------

Your
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
is you attempting to find the hack, note however that it can appear as
several different files and registry entries, or called via other
entries/applications, so what you attempted is inadequate to locate the
hack. You attempted to find the assigned data base *general
name/classification* which is *NOT* the hack.

Since you are still experiencing issues, you need to run some
additional malware searching/discovery programs as it is likely that
isn't the only one you have/had on your computer. Try highjackthis and
post what it finds in one of the *REPUTABLE* forums that will diagnose
it for you.
Perhaps *PA BEAR* or another will post those links again...

Please pick a good forum and make sure to follow EXACTLY what they ask
TO THE LETTER without arguing about WHY they want you to do whatever
[the good ones generally explain it anyway to help others that might
read the postings] or ignoring their suggestion/recommendation...
-------------------

Yes, I do have Hijack This, (forgot to mention I have C/Cleaner too.)
but If I google for a forum, how will I know I've got a good one?



07/18/2009 - this group- Internet Explorer Loading Problems

There is a very good chance that you are seeing the effects of a
hijackware infection!

NB: If you had no anti-virus application installed or the subscription
had expired *when the machine first got infected* and/or your
subscription has since expired and/or the machine's not been kept
fully-patched at Windows Update, don't waste your time with any of the
below: Format & reinstall Windows. A Repair Install will NOT help!

Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/...moving_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachi...php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.**

If these procedures look too complex - and there is no shame in
admitting this isn't your cup of tea - take the machine to a local,
reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop.

PS: If you think your Registry needs to be "cleaned" or "repaired," read
http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

-----

Sorry Pa ya didn't post the info... a little heavy on the MVPS sites but
what the heck, got some good materials there grin


------------------

As for HOSTS: you will find information on the HOSTS file on the links
previously provided. Get one [MDGx has a good one, the MVPs offer one as
well] and use it for extra protection. Moreover, use a firewall,,, it is
impossible to get by without that additional layer of protection
anymore...

Okay, will go to MDGx's site, I have it book-marked along with about
150 other sites relating to Win98.. I read a lot!

Good. Lots of info out here, sometimes a little difficult to choose the
good from the bad buuuuttt.... and remarkably some creeps in here
sometimes too XQ.


Once you ensure your computer is clean we can help with any residuals
or other issues you may have.

This may all take a day or two, so dont go away.

thank you.

S/C


We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

square/circle wrote:

The entry in the registry goes like this:
"
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
I have no clue whatsoever of how to remove it as the registry is out of
bounds to me due to not understanding it.
Can you help me with this too?

S/C



A couple of files found to include it:

33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E -
142,848 bytes

612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688
bytes
----------------------------

I have no idea what the above means; is it registry related?

No. Just two of the files that were discovered to contain that
fraudloader aspect... note the file differentials/sizes... and the first
would be normally shown as 33.tmp rather than as an exe...


-------------------------------

One delivery method and hacker availability appears to be within add-on
font packages [still letting IE or another browser download the fonts it
needs? you're susceptible to the hack].
----------------------

Ah, now this I understand. As recent as the last week,(maybe a few days
more), I have loaded on Mozilla T/Bird as my newsreader. I have been
asking many questions in the Mozilla n/g regarding the reader as many
features I'm used to arent standard with T/Bird. One for instance, is
the ability to simply r/click and delete spam; when I tried to r/click
delete, it opened the friggin' thing, I was Not happy about this at all.
So, the people in the Mozilla group sent me off to d/load buttons upon
buttons upon buttons.... it really started to annoy me. 3 of the
buttons were not directly from the Mozilla site, but rather from 3rd
party sites. I am starting to get fed up with T/Bird already. Even in
O/E I could right click an un-opened mail, then properties, then
Details, then Msg source, followed by me being able to see what was in
the mail without even opening it. Afterward I would simply cancel my way
out and delete it if it was garbage.
I am also using F/Fox, and have been as long as I can remember, dont
even have a short cut on my d/top to Explorer,,, I loathe it.


Well the T-bird thing is a gripe of mine as well, even the newest
version 3 beta isn't just what I think it should be..

You do know of the issues related to FF in 9X don't you,,, right after
end of support they DISCOVERED a major flaw in the base coding,,,
everyone BUT 9X user got the fix... and the fixes to the 2version were
extensive,, even the version 3 has lots of holes...

Had to remove FF and move back to Opera, at least its still supporting
9X and receiving further updates... now if it just had something like No
Script that didn't rely on cookies... [disabling JAVA works for that
aspect but not for the other stuff encountered out here].
Where the heck did the REAL coded browsers go to,, seems all the newer
ones use JAVA as their base coding...

-----------------
Another via a pop-up which claims you are infected and offers to clean
it for you, installing the hack [are you actually *LOOKING carefully* at
that pop-up or did you think it came from your installed
Anti-Spyware/malware/virus program, guess what, some are designed to
*mimic* the programs' pop-ups found on your computer].
And yet another which claims you need to install a codex for some
reason [or passed in codex packages including it]...
And another which uses email such as "someone wants to be your friend"
or "you have to confirm" whatever, just click this link, or auto-loaded
with HTML and JAVA, etc...
Whereas when included in a Flash object you are rarely asked as you
have already authorized the activity...
The key is, this is an adaptable hack [as most malware/virus are] which
can be used or offered via ever changing methods.
-------------------------

Nope, never get pop-ups and I am at least smart enough to avoid any if
ever I see one. Seriously, I do constant good computer housekeeping,
and am always on the lookout for crap and garbage.


Good, but even the best may get something at sometime... it happens...

---------------------

Don't feel bad, virus/malware have even infected computers on the Space
Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just
about every computer anywhere on this planet, and *don't over-look* that
they have infected them. This is a war which is constantly being waged,
and at present the common user is reliant upon what other protections
CAN provide and they may be [are - particularly in 9X as the base of
security knowledgeable users is severely diminished] inadequate, having
to rely upon parties to first discover the hack *signature* AND whatever
variant it now comes in *AND the delivery method*.
--------------

I understand. Its a coincidence that recently and during the same
week, we had two documentaries on telly relating to exactly the kind of
things you mention. They were as simple as showing how the poor ol' home
user is susceptable to virus's right up to DOD and including the most
likely countries the virii come from etc. One Russian mob threatened to
shut down the race-track unless they were paid lots of money, but the
race track refused on advice from the AFP and from Telstra... sure
enough, they shut down the races... place has gone broke now. Even
Telstra chimed in and said to tell them to F-off and that they would
deal with them, buuuuut, when the Russians hit again, they virtually
shut down Telstra too, so the wimps at Telstra said they wanted nothing
more to do with it. The feds eventually caught them though.


Well, that just a small segment of what goes on... most never makes the
news or is exposed...

-------------

Your
hkey_current_user/software/microsoft/windows/currentversion/explorer/doc
find spec MRU"
is you attempting to find the hack, note however that it can appear as
several different files and registry entries, or called via other
entries/applications, so what you attempted is inadequate to locate the
hack. You attempted to find the assigned data base *general
name/classification* which is *NOT* the hack.

Since you are still experiencing issues, you need to run some
additional malware searching/discovery programs as it is likely that
isn't the only one you have/had on your computer. Try highjackthis and
post what it finds in one of the *REPUTABLE* forums that will diagnose
it for you.
Perhaps *PA BEAR* or another will post those links again...

Please pick a good forum and make sure to follow EXACTLY what they ask
TO THE LETTER without arguing about WHY they want you to do whatever
[the good ones generally explain it anyway to help others that might
read the postings] or ignoring their suggestion/recommendation...
-------------------

Yes, I do have Hijack This, (forgot to mention I have C/Cleaner too.)
but If I google for a forum, how will I know I've got a good one?



07/18/2009 - this group- Internet Explorer Loading Problems

There is a very good chance that you are seeing the effects of a
hijackware infection!

NB: If you had no anti-virus application installed or the subscription
had expired *when the machine first got infected* and/or your
subscription has since expired and/or the machine's not been kept
fully-patched at Windows Update, don't waste your time with any of the
below: Format & reinstall Windows. A Repair Install will NOT help!

Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/...moving_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachi...php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.**

If these procedures look too complex - and there is no shame in
admitting this isn't your cup of tea - take the machine to a local,
reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop.

PS: If you think your Registry needs to be "cleaned" or "repaired," read
http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

-----

Sorry Pa ya didn't post the info... a little heavy on the MVPS sites but
what the heck, got some good materials there grin


------------------

As for HOSTS: you will find information on the HOSTS file on the links
previously provided. Get one [MDGx has a good one, the MVPs offer one as
well] and use it for extra protection. Moreover, use a firewall,,, it is
impossible to get by without that additional layer of protection
anymore...

Okay, will go to MDGx's site, I have it book-marked along with about
150 other sites relating to Win98.. I read a lot!

Good. Lots of info out here, sometimes a little difficult to choose the
good from the bad buuuuttt.... and remarkably some creeps in here
sometimes too XQ.


Once you ensure your computer is clean we can help with any residuals
or other issues you may have.

This may all take a day or two, so dont go away.

thank you.

S/C


We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------