If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
comp keeps timing out. Don & Meb
square/circle wrote:
MEB wrote: square/circle wrote: Hello, Have encountered a problem that has been happening for the last month. \ (Win98SE, Dun,) Problem is my connection seems to time-out after about 10 minutes of non-use. It is okay if it is being used. Spent the last week trouble-shooting, including an absolute confirmation from my Isp that the problem is not at their end. In 'modem' via control-panel, there was/is a box that allows for a nominated time before a computer disconnects if not being used, and as long as I can remember it has always been greyed-out. My Isp and I decided it might be a good idea to activate the box and enter 300 minutes. (of which is the 5 hour block I get from my Isp) Is there any other setting I may have missed? Is there any reason at all why this has suddenly started doing this? Thank you for replies. S/C. It would help if you provide more information if you wish group help. 1. What ISP/service are you using? 2. What other settings have you modified? 3. What is the update status, and is this a "officially" updated system? 4. What is the type of modem or connection being used? Hello,, I will try to answer some questions, and also tell of another factor that I forgot. First, the one I forgot:: The connection itself seems to not actually be disconnecting as the icon remains near the clock(task bar). If I go to use my house phone during these periods, I still don't get a dial tone, of which is par for the course when I am connected to the net. Also, I have been using the same Isp with the same settings (untouched) for over 5 years, and said, this problem only popped up a month ago, hence me asking Isp if anything had changed on their end. ------- 1)Am using a simple dial-up service. 2)I havent modified any settings at all, never had a need to. 3)If you mean are all windows updates for 98SE up to date, no they are not, there are probably a few missing.(but again, no problems in 5yrs.) 4)The modem is an 'external box'. 56k v90. I get data transfer at 44,000 bps. 5)Have never had a firewall, and still dont. I do have Kerio stashed in a folder, but from what I have read(lurking and otherwise) a software firewall useless, and only a router can give adequate protection.(no, I dont have one of those either... never had a need.) Hope this is enough. S/C Well, the days of no firewall ended several years ago... if it was ever viable... my guess is you have the usual China, Taiwan, Philippine, Russian, and Brazilian IPs hanging around your connection... Might want to Check for virus and spyware, and run HighJackThis and check for potential malware and BHO issues. If your using Flash at all, you've probably been hacked.. The firewall adds another benefit, it allows you to monitor what IPs are connected *to* you, and what protocols and ports are being used.. and no, a software firewall is not useless, it happens to be your ONLY real protection available when on dial-up Phone line service. And to disable a firewall externally [or internally for that matter], generally kills the access and pops-up a warning from the firewall [had it happen more than once]. Used in conjunction with a good HOSTS file, something like Spyware Blaster, and anti-virus software you at least stand a small chance of being able to run 9X in the wild of the Internet. Otherwise you tend to be added to the pools of thousands of Zombied computers or bot farms, or end up passing around bad stuff to others... or end up with some of the newer hacks for 9X like the recent hard drive destroyers.. You might want to remove and re-install your modem driver,, what is it a 3Com/USR? [e.g., what manufacturer?] Is it comm port or USB? How about a short description of what you worked through with your ISP. -- MEB Windows Networking, Diagnostics, and other materials http://peoplescounsel.org/ref/windows-main.htm The "real world" of Law, Justice, and government http://peoplescounsel.org ------- |
#12
|
|||
|
|||
comp keeps timing out. Don & Meb
Well, the days of no firewall ended several years ago... if it was ever viable... my guess is you have the usual China, Taiwan, Philippine, Russian, and Brazilian IPs hanging around your connection... Might want to Check for virus and spyware, and run HighJackThis and check for potential malware and BHO issues. If your using Flash at all, you've probably been hacked.. The firewall adds another benefit, it allows you to monitor what IPs are connected *to* you, and what protocols and ports are being used.. and no, a software firewall is not useless, it happens to be your ONLY real protection available when on dial-up Phone line service. And to disable a firewall externally [or internally for that matter], generally kills the access and pops-up a warning from the firewall [had it happen more than once]. Used in conjunction with a good HOSTS file, something like Spyware Blaster, and anti-virus software you at least stand a small chance of being able to run 9X in the wild of the Internet. Otherwise you tend to be added to the pools of thousands of Zombied computers or bot farms, or end up passing around bad stuff to others... or end up with some of the newer hacks for 9X like the recent hard drive destroyers.. You might want to remove and re-install your modem driver,, what is it a 3Com/USR? [e.g., what manufacturer?] Is it comm port or USB? How about a short description of what you worked through with your ISP. Hello, It seems I have a bit of work to do then. I was considering getting a router as soon as I can get some money together, but perhaps for now I will instal Kerio. I constantly use, update, and run "Spybot, Spyware Blaster, and Avast". Am not sure I understand Hosts-File, will google for it. The conversation with Isp merely boiled down to them saying the problem was not at their end and they had done nothing to change anything. The only thing we did agree on was for me to set the time-out setting to 5hours, which is my allocated time anyway. The modem is a 'Rockwell V90' and has never caused a problem. It is on com port 2. Now,, here comes a doozy, and I sure hope you can assist me with it. I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago. The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task bar and went off to google for it, turns out it is not nice. After that I went back to Spybot and told it to Fix it... then I rebooted and ran Spybot again and it was not found. But, and just for the hell of it, I went into the registry just now and did a search for Fraudloader, and it found an entry. (I took a screen shot of the registry in jpg format if you would like to look at it, except I know jpg's arent allowed in this group.) The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C |
#13
|
|||
|
|||
comp keeps timing out. Don & Meb
Well, the days of no firewall ended several years ago... if it was ever viable... my guess is you have the usual China, Taiwan, Philippine, Russian, and Brazilian IPs hanging around your connection... Might want to Check for virus and spyware, and run HighJackThis and check for potential malware and BHO issues. If your using Flash at all, you've probably been hacked.. The firewall adds another benefit, it allows you to monitor what IPs are connected *to* you, and what protocols and ports are being used.. and no, a software firewall is not useless, it happens to be your ONLY real protection available when on dial-up Phone line service. And to disable a firewall externally [or internally for that matter], generally kills the access and pops-up a warning from the firewall [had it happen more than once]. Used in conjunction with a good HOSTS file, something like Spyware Blaster, and anti-virus software you at least stand a small chance of being able to run 9X in the wild of the Internet. Otherwise you tend to be added to the pools of thousands of Zombied computers or bot farms, or end up passing around bad stuff to others... or end up with some of the newer hacks for 9X like the recent hard drive destroyers.. You might want to remove and re-install your modem driver,, what is it a 3Com/USR? [e.g., what manufacturer?] Is it comm port or USB? How about a short description of what you worked through with your ISP. Hello, It seems I have a bit of work to do then. I was considering getting a router as soon as I can get some money together, but perhaps for now I will instal Kerio. I constantly use, update, and run "Spybot, Spyware Blaster, and Avast". Am not sure I understand Hosts-File, will google for it. The conversation with Isp merely boiled down to them saying the problem was not at their end and they had done nothing to change anything. The only thing we did agree on was for me to set the time-out setting to 5hours, which is my allocated time anyway. The modem is a 'Rockwell V90' and has never caused a problem. It is on com port 2. Now,, here comes a doozy, and I sure hope you can assist me with it. I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago. The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task bar and went off to google for it, turns out it is not nice. After that I went back to Spybot and told it to Fix it... then I rebooted and ran Spybot again and it was not found. But, and just for the hell of it, I went into the registry just now and did a search for Fraudloader, and it found an entry. (I took a screen shot of the registry in jpg format if you would like to look at it, except I know jpg's arent allowed in this group.) The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C |
#14
|
|||
|
|||
comp keeps timing out. Don & Meb
In message , square/circle
writes: [] It seems I have a bit of work to do then. I was considering getting a router as soon as I can get some money together, but perhaps for now I will instal Kerio. Yes, KPF is a fairly simple, low-demand one - and it _is_ interesting to find what of the software you have is "calling home", even if you don't mind. I constantly use, update, and run "Spybot, Spyware Blaster, and Avast". Must be quite demanding via dialup these days - AV data files are getting quite big. (I suspect McAfee wouldn't be viable via dialup!) Am not sure I understand Hosts-File, will google for it. It's a local form of DNS - the "directory enquiries" function which translates www.xyz.com into 12.34.56.78 so your computer knows where to look for any web page (and other things) you specify by name. Normally you use a DNS server (usually two) at your ISP, but the hosts file keeps a list on your machine, and it is a not uncommon practice to include some "bad" sites in it with the wrong address (such as redirected back to your own machine), so that should you ever be directed to one of them - by a picture link in a web page, for example - your computer doesn't actually go there. [] But, and just for the hell of it, I went into the registry just now and did a search for Fraudloader, and it found an entry. (I took a screen shot of the registry in jpg format if you would like to look at it, except I know jpg's arent allowed in this group.) URLs are, though - I'm assuming you have webspace, many dialup accounts do. Though for a registry extract, you can usually export the bit you're looking at, which makes a .reg file; don't double-click on a .reg file, but it only contains text (so rename it to .txt). I can't remember exactly how - I think it's something obvious like File | Export. (Make sure you're highlighting only the bit you're interested in though, or it makes a big file!) The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C I'm pretty sure MRU is most recently used: I think all that the registry is recording, in this case, is that you recently did a "find" for it. MRU lists in the registry (and possibly elsewhere) are just how the system keeps a list of what you recently used, in this case in the "find" function, in order to present them as a drop-down list to save you typing should you want to use the same strings again subsequently. -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf ** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously outdated thoughts on PCs. ** Real programmers don't document. If it was hard to write, it should be hard to understand. |
#15
|
|||
|
|||
comp keeps timing out. Don & Meb
square/circle wrote:
Well, the days of no firewall ended several years ago... if it was ever viable... my guess is you have the usual China, Taiwan, Philippine, Russian, and Brazilian IPs hanging around your connection... Might want to Check for virus and spyware, and run HighJackThis and check for potential malware and BHO issues. If your using Flash at all, you've probably been hacked.. The firewall adds another benefit, it allows you to monitor what IPs are connected *to* you, and what protocols and ports are being used.. and no, a software firewall is not useless, it happens to be your ONLY real protection available when on dial-up Phone line service. And to disable a firewall externally [or internally for that matter], generally kills the access and pops-up a warning from the firewall [had it happen more than once]. Used in conjunction with a good HOSTS file, something like Spyware Blaster, and anti-virus software you at least stand a small chance of being able to run 9X in the wild of the Internet. Otherwise you tend to be added to the pools of thousands of Zombied computers or bot farms, or end up passing around bad stuff to others... or end up with some of the newer hacks for 9X like the recent hard drive destroyers.. You might want to remove and re-install your modem driver,, what is it a 3Com/USR? [e.g., what manufacturer?] Is it comm port or USB? How about a short description of what you worked through with your ISP. Hello, It seems I have a bit of work to do then. I was considering getting a router as soon as I can get some money together, but perhaps for now I will instal Kerio. I constantly use, update, and run "Spybot, Spyware Blaster, and Avast". Am not sure I understand Hosts-File, will google for it. The conversation with Isp merely boiled down to them saying the problem was not at their end and they had done nothing to change anything. The only thing we did agree on was for me to set the time-out setting to 5hours, which is my allocated time anyway. The modem is a 'Rockwell V90' and has never caused a problem. It is on com port 2. Now,, here comes a doozy, and I sure hope you can assist me with it. I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago. The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task bar and went off to google for it, turns out it is not nice. After that I went back to Spybot and told it to Fix it... then I rebooted and ran Spybot again and it was not found. But, and just for the hell of it, I went into the registry just now and did a search for Fraudloader, and it found an entry. (I took a screen shot of the registry in jpg format if you would like to look at it, except I know jpg's arent allowed in this group.) The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C A couple of files found to include it: 33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E - 142,848 bytes 612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes One delivery method and hacker availability appears to be within add-on font packages [still letting IE or another browser download the fonts it needs? you're susceptible to the hack]. Another via a pop-up which claims you are infected and offers to clean it for you, installing the hack [are you actually *LOOKING carefully* at that pop-up or did you think it came from your installed Anti-Spyware/malware/virus program, guess what, some are designed to *mimic* the programs' pop-ups found on your computer]. And yet another which claims you need to install a codex for some reason [or passed in codex packages including it]... And another which uses email such as "someone wants to be your friend" or "you have to confirm" whatever, just click this link, or auto-loaded with HTML and JAVA, etc... Whereas when included in a Flash object you are rarely asked as you have already authorized the activity... The key is, this is an adaptable hack [as most malware/virus are] which can be used or offered via ever changing methods. Don't feel bad, virus/malware have even infected computers on the Space Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just about every computer anywhere on this planet, and *don't over-look* that they have infected them. This is a war which is constantly being waged, and at present the common user is reliant upon what other protections CAN provide and they may be [are - particularly in 9X as the base of security knowledgeable users is severely diminished] inadequate, having to rely upon parties to first discover the hack *signature* AND whatever variant it now comes in *AND the delivery method*. Your hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" is you attempting to find the hack, note however that it can appear as several different files and registry entries, or called via other entries/applications, so what you attempted is inadequate to locate the hack. You attempted to find the assigned data base *general name/classification* which is *NOT* the hack. Since you are still experiencing issues, you need to run some additional malware searching/discovery programs as it is likely that isn't the only one you have/had on your computer. Try highjackthis and post what it finds in one of the *REPUTABLE* forums that will diagnose it for you. Perhaps *PA BEAR* or another will post those links again... Please pick a good forum and make sure to follow EXACTLY what they ask TO THE LETTER without arguing about WHY they want you to do whatever [the good ones generally explain it anyway to help others that might read the postings] or ignoring their suggestion/recommendation... As for HOSTS: you will find information on the HOSTS file on the links previously provided. Get one [MDGx has a good one, the MVPs offer one as well] and use it for extra protection. Moreover, use a firewall,,, it is impossible to get by without that additional layer of protection anymore... Once you ensure your computer is clean we can help with any residuals or other issues you may have. -- MEB Windows Networking, Diagnostics, and other materials http://peoplescounsel.org/ref/windows-main.htm The "real world" of Law, Justice, and government http://peoplescounsel.org ------- |
#16
|
|||
|
|||
comp keeps timing out. Don & Meb
square/circle wrote:
Well, the days of no firewall ended several years ago... if it was ever viable... my guess is you have the usual China, Taiwan, Philippine, Russian, and Brazilian IPs hanging around your connection... Might want to Check for virus and spyware, and run HighJackThis and check for potential malware and BHO issues. If your using Flash at all, you've probably been hacked.. The firewall adds another benefit, it allows you to monitor what IPs are connected *to* you, and what protocols and ports are being used.. and no, a software firewall is not useless, it happens to be your ONLY real protection available when on dial-up Phone line service. And to disable a firewall externally [or internally for that matter], generally kills the access and pops-up a warning from the firewall [had it happen more than once]. Used in conjunction with a good HOSTS file, something like Spyware Blaster, and anti-virus software you at least stand a small chance of being able to run 9X in the wild of the Internet. Otherwise you tend to be added to the pools of thousands of Zombied computers or bot farms, or end up passing around bad stuff to others... or end up with some of the newer hacks for 9X like the recent hard drive destroyers.. You might want to remove and re-install your modem driver,, what is it a 3Com/USR? [e.g., what manufacturer?] Is it comm port or USB? How about a short description of what you worked through with your ISP. Hello, It seems I have a bit of work to do then. I was considering getting a router as soon as I can get some money together, but perhaps for now I will instal Kerio. I constantly use, update, and run "Spybot, Spyware Blaster, and Avast". Am not sure I understand Hosts-File, will google for it. The conversation with Isp merely boiled down to them saying the problem was not at their end and they had done nothing to change anything. The only thing we did agree on was for me to set the time-out setting to 5hours, which is my allocated time anyway. The modem is a 'Rockwell V90' and has never caused a problem. It is on com port 2. Now,, here comes a doozy, and I sure hope you can assist me with it. I did actually find a 'nasty' when I updated and ran SpyBot 2 days ago. The nasty is called "Win32 FraudLoader.exe". I put Spybot on the task bar and went off to google for it, turns out it is not nice. After that I went back to Spybot and told it to Fix it... then I rebooted and ran Spybot again and it was not found. But, and just for the hell of it, I went into the registry just now and did a search for Fraudloader, and it found an entry. (I took a screen shot of the registry in jpg format if you would like to look at it, except I know jpg's arent allowed in this group.) The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C A couple of files found to include it: 33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E - 142,848 bytes 612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes One delivery method and hacker availability appears to be within add-on font packages [still letting IE or another browser download the fonts it needs? you're susceptible to the hack]. Another via a pop-up which claims you are infected and offers to clean it for you, installing the hack [are you actually *LOOKING carefully* at that pop-up or did you think it came from your installed Anti-Spyware/malware/virus program, guess what, some are designed to *mimic* the programs' pop-ups found on your computer]. And yet another which claims you need to install a codex for some reason [or passed in codex packages including it]... And another which uses email such as "someone wants to be your friend" or "you have to confirm" whatever, just click this link, or auto-loaded with HTML and JAVA, etc... Whereas when included in a Flash object you are rarely asked as you have already authorized the activity... The key is, this is an adaptable hack [as most malware/virus are] which can be used or offered via ever changing methods. Don't feel bad, virus/malware have even infected computers on the Space Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just about every computer anywhere on this planet, and *don't over-look* that they have infected them. This is a war which is constantly being waged, and at present the common user is reliant upon what other protections CAN provide and they may be [are - particularly in 9X as the base of security knowledgeable users is severely diminished] inadequate, having to rely upon parties to first discover the hack *signature* AND whatever variant it now comes in *AND the delivery method*. Your hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" is you attempting to find the hack, note however that it can appear as several different files and registry entries, or called via other entries/applications, so what you attempted is inadequate to locate the hack. You attempted to find the assigned data base *general name/classification* which is *NOT* the hack. Since you are still experiencing issues, you need to run some additional malware searching/discovery programs as it is likely that isn't the only one you have/had on your computer. Try highjackthis and post what it finds in one of the *REPUTABLE* forums that will diagnose it for you. Perhaps *PA BEAR* or another will post those links again... Please pick a good forum and make sure to follow EXACTLY what they ask TO THE LETTER without arguing about WHY they want you to do whatever [the good ones generally explain it anyway to help others that might read the postings] or ignoring their suggestion/recommendation... As for HOSTS: you will find information on the HOSTS file on the links previously provided. Get one [MDGx has a good one, the MVPs offer one as well] and use it for extra protection. Moreover, use a firewall,,, it is impossible to get by without that additional layer of protection anymore... Once you ensure your computer is clean we can help with any residuals or other issues you may have. -- MEB Windows Networking, Diagnostics, and other materials http://peoplescounsel.org/ref/windows-main.htm The "real world" of Law, Justice, and government http://peoplescounsel.org ------- |
#17
|
|||
|
|||
comp keeps timing out. Don & Meb
The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C A couple of files found to include it: 33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E - 142,848 bytes 612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes ---------------------------- I have no idea what the above means; is it registry related? ------------------------------- One delivery method and hacker availability appears to be within add-on font packages [still letting IE or another browser download the fonts it needs? you're susceptible to the hack]. ---------------------- Ah, now this I understand. As recent as the last week,(maybe a few days more), I have loaded on Mozilla T/Bird as my newsreader. I have been asking many questions in the Mozilla n/g regarding the reader as many features I'm used to arent standard with T/Bird. One for instance, is the ability to simply r/click and delete spam; when I tried to r/click delete, it opened the friggin' thing, I was Not happy about this at all. So, the people in the Mozilla group sent me off to d/load buttons upon buttons upon buttons.... it really started to annoy me. 3 of the buttons were not directly from the Mozilla site, but rather from 3rd party sites. I am starting to get fed up with T/Bird already. Even in O/E I could right click an un-opened mail, then properties, then Details, then Msg source, followed by me being able to see what was in the mail without even opening it. Afterward I would simply cancel my way out and delete it if it was garbage. I am also using F/Fox, and have been as long as I can remember, dont even have a short cut on my d/top to Explorer,,, I loathe it. ----------------- Another via a pop-up which claims you are infected and offers to clean it for you, installing the hack [are you actually *LOOKING carefully* at that pop-up or did you think it came from your installed Anti-Spyware/malware/virus program, guess what, some are designed to *mimic* the programs' pop-ups found on your computer]. And yet another which claims you need to install a codex for some reason [or passed in codex packages including it]... And another which uses email such as "someone wants to be your friend" or "you have to confirm" whatever, just click this link, or auto-loaded with HTML and JAVA, etc... Whereas when included in a Flash object you are rarely asked as you have already authorized the activity... The key is, this is an adaptable hack [as most malware/virus are] which can be used or offered via ever changing methods. ------------------------- Nope, never get pop-ups and I am at least smart enough to avoid any if ever I see one. Seriously, I do constant good computer housekeeping, and am always on the lookout for crap and garbage. --------------------- Don't feel bad, virus/malware have even infected computers on the Space Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just about every computer anywhere on this planet, and *don't over-look* that they have infected them. This is a war which is constantly being waged, and at present the common user is reliant upon what other protections CAN provide and they may be [are - particularly in 9X as the base of security knowledgeable users is severely diminished] inadequate, having to rely upon parties to first discover the hack *signature* AND whatever variant it now comes in *AND the delivery method*. -------------- I understand. Its a coincidence that recently and during the same week, we had two documentaries on telly relating to exactly the kind of things you mention. They were as simple as showing how the poor ol' home user is susceptable to virus's right up to DOD and including the most likely countries the virii come from etc. One Russian mob threatened to shut down the race-track unless they were paid lots of money, but the race track refused on advice from the AFP and from Telstra... sure enough, they shut down the races... place has gone broke now. Even Telstra chimed in and said to tell them to F-off and that they would deal with them, buuuuut, when the Russians hit again, they virtually shut down Telstra too, so the wimps at Telstra said they wanted nothing more to do with it. The feds eventually caught them though. ------------- Your hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" is you attempting to find the hack, note however that it can appear as several different files and registry entries, or called via other entries/applications, so what you attempted is inadequate to locate the hack. You attempted to find the assigned data base *general name/classification* which is *NOT* the hack. Since you are still experiencing issues, you need to run some additional malware searching/discovery programs as it is likely that isn't the only one you have/had on your computer. Try highjackthis and post what it finds in one of the *REPUTABLE* forums that will diagnose it for you. Perhaps *PA BEAR* or another will post those links again... Please pick a good forum and make sure to follow EXACTLY what they ask TO THE LETTER without arguing about WHY they want you to do whatever [the good ones generally explain it anyway to help others that might read the postings] or ignoring their suggestion/recommendation... ------------------- Yes, I do have Hijack This, (forgot to mention I have C/Cleaner too.) but If I google for a forum, how will I know I've got a good one? ------------------ As for HOSTS: you will find information on the HOSTS file on the links previously provided. Get one [MDGx has a good one, the MVPs offer one as well] and use it for extra protection. Moreover, use a firewall,,, it is impossible to get by without that additional layer of protection anymore... Okay, will go to MDGx's site, I have it book-marked along with about 150 other sites relating to Win98.. I read a lot! Once you ensure your computer is clean we can help with any residuals or other issues you may have. This may all take a day or two, so dont go away. thank you. S/C |
#18
|
|||
|
|||
comp keeps timing out. Don & Meb
The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C A couple of files found to include it: 33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E - 142,848 bytes 612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes ---------------------------- I have no idea what the above means; is it registry related? ------------------------------- One delivery method and hacker availability appears to be within add-on font packages [still letting IE or another browser download the fonts it needs? you're susceptible to the hack]. ---------------------- Ah, now this I understand. As recent as the last week,(maybe a few days more), I have loaded on Mozilla T/Bird as my newsreader. I have been asking many questions in the Mozilla n/g regarding the reader as many features I'm used to arent standard with T/Bird. One for instance, is the ability to simply r/click and delete spam; when I tried to r/click delete, it opened the friggin' thing, I was Not happy about this at all. So, the people in the Mozilla group sent me off to d/load buttons upon buttons upon buttons.... it really started to annoy me. 3 of the buttons were not directly from the Mozilla site, but rather from 3rd party sites. I am starting to get fed up with T/Bird already. Even in O/E I could right click an un-opened mail, then properties, then Details, then Msg source, followed by me being able to see what was in the mail without even opening it. Afterward I would simply cancel my way out and delete it if it was garbage. I am also using F/Fox, and have been as long as I can remember, dont even have a short cut on my d/top to Explorer,,, I loathe it. ----------------- Another via a pop-up which claims you are infected and offers to clean it for you, installing the hack [are you actually *LOOKING carefully* at that pop-up or did you think it came from your installed Anti-Spyware/malware/virus program, guess what, some are designed to *mimic* the programs' pop-ups found on your computer]. And yet another which claims you need to install a codex for some reason [or passed in codex packages including it]... And another which uses email such as "someone wants to be your friend" or "you have to confirm" whatever, just click this link, or auto-loaded with HTML and JAVA, etc... Whereas when included in a Flash object you are rarely asked as you have already authorized the activity... The key is, this is an adaptable hack [as most malware/virus are] which can be used or offered via ever changing methods. ------------------------- Nope, never get pop-ups and I am at least smart enough to avoid any if ever I see one. Seriously, I do constant good computer housekeeping, and am always on the lookout for crap and garbage. --------------------- Don't feel bad, virus/malware have even infected computers on the Space Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just about every computer anywhere on this planet, and *don't over-look* that they have infected them. This is a war which is constantly being waged, and at present the common user is reliant upon what other protections CAN provide and they may be [are - particularly in 9X as the base of security knowledgeable users is severely diminished] inadequate, having to rely upon parties to first discover the hack *signature* AND whatever variant it now comes in *AND the delivery method*. -------------- I understand. Its a coincidence that recently and during the same week, we had two documentaries on telly relating to exactly the kind of things you mention. They were as simple as showing how the poor ol' home user is susceptable to virus's right up to DOD and including the most likely countries the virii come from etc. One Russian mob threatened to shut down the race-track unless they were paid lots of money, but the race track refused on advice from the AFP and from Telstra... sure enough, they shut down the races... place has gone broke now. Even Telstra chimed in and said to tell them to F-off and that they would deal with them, buuuuut, when the Russians hit again, they virtually shut down Telstra too, so the wimps at Telstra said they wanted nothing more to do with it. The feds eventually caught them though. ------------- Your hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" is you attempting to find the hack, note however that it can appear as several different files and registry entries, or called via other entries/applications, so what you attempted is inadequate to locate the hack. You attempted to find the assigned data base *general name/classification* which is *NOT* the hack. Since you are still experiencing issues, you need to run some additional malware searching/discovery programs as it is likely that isn't the only one you have/had on your computer. Try highjackthis and post what it finds in one of the *REPUTABLE* forums that will diagnose it for you. Perhaps *PA BEAR* or another will post those links again... Please pick a good forum and make sure to follow EXACTLY what they ask TO THE LETTER without arguing about WHY they want you to do whatever [the good ones generally explain it anyway to help others that might read the postings] or ignoring their suggestion/recommendation... ------------------- Yes, I do have Hijack This, (forgot to mention I have C/Cleaner too.) but If I google for a forum, how will I know I've got a good one? ------------------ As for HOSTS: you will find information on the HOSTS file on the links previously provided. Get one [MDGx has a good one, the MVPs offer one as well] and use it for extra protection. Moreover, use a firewall,,, it is impossible to get by without that additional layer of protection anymore... Okay, will go to MDGx's site, I have it book-marked along with about 150 other sites relating to Win98.. I read a lot! Once you ensure your computer is clean we can help with any residuals or other issues you may have. This may all take a day or two, so dont go away. thank you. S/C |
#19
|
|||
|
|||
comp keeps timing out. Don & Meb
square/circle wrote:
The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C A couple of files found to include it: 33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E - 142,848 bytes 612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes ---------------------------- I have no idea what the above means; is it registry related? No. Just two of the files that were discovered to contain that fraudloader aspect... note the file differentials/sizes... and the first would be normally shown as 33.tmp rather than as an exe... ------------------------------- One delivery method and hacker availability appears to be within add-on font packages [still letting IE or another browser download the fonts it needs? you're susceptible to the hack]. ---------------------- Ah, now this I understand. As recent as the last week,(maybe a few days more), I have loaded on Mozilla T/Bird as my newsreader. I have been asking many questions in the Mozilla n/g regarding the reader as many features I'm used to arent standard with T/Bird. One for instance, is the ability to simply r/click and delete spam; when I tried to r/click delete, it opened the friggin' thing, I was Not happy about this at all. So, the people in the Mozilla group sent me off to d/load buttons upon buttons upon buttons.... it really started to annoy me. 3 of the buttons were not directly from the Mozilla site, but rather from 3rd party sites. I am starting to get fed up with T/Bird already. Even in O/E I could right click an un-opened mail, then properties, then Details, then Msg source, followed by me being able to see what was in the mail without even opening it. Afterward I would simply cancel my way out and delete it if it was garbage. I am also using F/Fox, and have been as long as I can remember, dont even have a short cut on my d/top to Explorer,,, I loathe it. Well the T-bird thing is a gripe of mine as well, even the newest version 3 beta isn't just what I think it should be.. You do know of the issues related to FF in 9X don't you,,, right after end of support they DISCOVERED a major flaw in the base coding,,, everyone BUT 9X user got the fix... and the fixes to the 2version were extensive,, even the version 3 has lots of holes... Had to remove FF and move back to Opera, at least its still supporting 9X and receiving further updates... now if it just had something like No Script that didn't rely on cookies... [disabling JAVA works for that aspect but not for the other stuff encountered out here]. Where the heck did the REAL coded browsers go to,, seems all the newer ones use JAVA as their base coding... ----------------- Another via a pop-up which claims you are infected and offers to clean it for you, installing the hack [are you actually *LOOKING carefully* at that pop-up or did you think it came from your installed Anti-Spyware/malware/virus program, guess what, some are designed to *mimic* the programs' pop-ups found on your computer]. And yet another which claims you need to install a codex for some reason [or passed in codex packages including it]... And another which uses email such as "someone wants to be your friend" or "you have to confirm" whatever, just click this link, or auto-loaded with HTML and JAVA, etc... Whereas when included in a Flash object you are rarely asked as you have already authorized the activity... The key is, this is an adaptable hack [as most malware/virus are] which can be used or offered via ever changing methods. ------------------------- Nope, never get pop-ups and I am at least smart enough to avoid any if ever I see one. Seriously, I do constant good computer housekeeping, and am always on the lookout for crap and garbage. Good, but even the best may get something at sometime... it happens... --------------------- Don't feel bad, virus/malware have even infected computers on the Space Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just about every computer anywhere on this planet, and *don't over-look* that they have infected them. This is a war which is constantly being waged, and at present the common user is reliant upon what other protections CAN provide and they may be [are - particularly in 9X as the base of security knowledgeable users is severely diminished] inadequate, having to rely upon parties to first discover the hack *signature* AND whatever variant it now comes in *AND the delivery method*. -------------- I understand. Its a coincidence that recently and during the same week, we had two documentaries on telly relating to exactly the kind of things you mention. They were as simple as showing how the poor ol' home user is susceptable to virus's right up to DOD and including the most likely countries the virii come from etc. One Russian mob threatened to shut down the race-track unless they were paid lots of money, but the race track refused on advice from the AFP and from Telstra... sure enough, they shut down the races... place has gone broke now. Even Telstra chimed in and said to tell them to F-off and that they would deal with them, buuuuut, when the Russians hit again, they virtually shut down Telstra too, so the wimps at Telstra said they wanted nothing more to do with it. The feds eventually caught them though. Well, that just a small segment of what goes on... most never makes the news or is exposed... ------------- Your hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" is you attempting to find the hack, note however that it can appear as several different files and registry entries, or called via other entries/applications, so what you attempted is inadequate to locate the hack. You attempted to find the assigned data base *general name/classification* which is *NOT* the hack. Since you are still experiencing issues, you need to run some additional malware searching/discovery programs as it is likely that isn't the only one you have/had on your computer. Try highjackthis and post what it finds in one of the *REPUTABLE* forums that will diagnose it for you. Perhaps *PA BEAR* or another will post those links again... Please pick a good forum and make sure to follow EXACTLY what they ask TO THE LETTER without arguing about WHY they want you to do whatever [the good ones generally explain it anyway to help others that might read the postings] or ignoring their suggestion/recommendation... ------------------- Yes, I do have Hijack This, (forgot to mention I have C/Cleaner too.) but If I google for a forum, how will I know I've got a good one? 07/18/2009 - this group- Internet Explorer Loading Problems There is a very good chance that you are seeing the effects of a hijackware infection! NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! Run a /thorough/ check for hijackware, including posting the requested logs in an appropriate forum, not here. Checking for/Help with Hijackware http://aumha.net/viewtopic.php?f=30&t=4075 http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://www.elephantboycomputers.com/...moving_Malware **Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachi...php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.** If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. PS: If you think your Registry needs to be "cleaned" or "repaired," read http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 ----- Sorry Pa ya didn't post the info... a little heavy on the MVPS sites but what the heck, got some good materials there grin ------------------ As for HOSTS: you will find information on the HOSTS file on the links previously provided. Get one [MDGx has a good one, the MVPs offer one as well] and use it for extra protection. Moreover, use a firewall,,, it is impossible to get by without that additional layer of protection anymore... Okay, will go to MDGx's site, I have it book-marked along with about 150 other sites relating to Win98.. I read a lot! Good. Lots of info out here, sometimes a little difficult to choose the good from the bad buuuuttt.... and remarkably some creeps in here sometimes too XQ. Once you ensure your computer is clean we can help with any residuals or other issues you may have. This may all take a day or two, so dont go away. thank you. S/C We'll be here when you get back, or as long as possible anyway Try to use this same discussion, or you may end up running through some things again... -- MEB Windows Networking, Diagnostics, and other materials http://peoplescounsel.org/ref/windows-main.htm The "real world" of Law, Justice, and government http://peoplescounsel.org ------- |
#20
|
|||
|
|||
comp keeps timing out. Don & Meb
square/circle wrote:
The entry in the registry goes like this: " hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" I have no clue whatsoever of how to remove it as the registry is out of bounds to me due to not understanding it. Can you help me with this too? S/C A couple of files found to include it: 33.TMP.EXE has an MD5 Hash of : 7211A104016B0D2576BF0120A832218E - 142,848 bytes 612.EXE has an MD5 Hash of : 8514f81b28b5710e44c55dbef8ef6ba4 - 50,688 bytes ---------------------------- I have no idea what the above means; is it registry related? No. Just two of the files that were discovered to contain that fraudloader aspect... note the file differentials/sizes... and the first would be normally shown as 33.tmp rather than as an exe... ------------------------------- One delivery method and hacker availability appears to be within add-on font packages [still letting IE or another browser download the fonts it needs? you're susceptible to the hack]. ---------------------- Ah, now this I understand. As recent as the last week,(maybe a few days more), I have loaded on Mozilla T/Bird as my newsreader. I have been asking many questions in the Mozilla n/g regarding the reader as many features I'm used to arent standard with T/Bird. One for instance, is the ability to simply r/click and delete spam; when I tried to r/click delete, it opened the friggin' thing, I was Not happy about this at all. So, the people in the Mozilla group sent me off to d/load buttons upon buttons upon buttons.... it really started to annoy me. 3 of the buttons were not directly from the Mozilla site, but rather from 3rd party sites. I am starting to get fed up with T/Bird already. Even in O/E I could right click an un-opened mail, then properties, then Details, then Msg source, followed by me being able to see what was in the mail without even opening it. Afterward I would simply cancel my way out and delete it if it was garbage. I am also using F/Fox, and have been as long as I can remember, dont even have a short cut on my d/top to Explorer,,, I loathe it. Well the T-bird thing is a gripe of mine as well, even the newest version 3 beta isn't just what I think it should be.. You do know of the issues related to FF in 9X don't you,,, right after end of support they DISCOVERED a major flaw in the base coding,,, everyone BUT 9X user got the fix... and the fixes to the 2version were extensive,, even the version 3 has lots of holes... Had to remove FF and move back to Opera, at least its still supporting 9X and receiving further updates... now if it just had something like No Script that didn't rely on cookies... [disabling JAVA works for that aspect but not for the other stuff encountered out here]. Where the heck did the REAL coded browsers go to,, seems all the newer ones use JAVA as their base coding... ----------------- Another via a pop-up which claims you are infected and offers to clean it for you, installing the hack [are you actually *LOOKING carefully* at that pop-up or did you think it came from your installed Anti-Spyware/malware/virus program, guess what, some are designed to *mimic* the programs' pop-ups found on your computer]. And yet another which claims you need to install a codex for some reason [or passed in codex packages including it]... And another which uses email such as "someone wants to be your friend" or "you have to confirm" whatever, just click this link, or auto-loaded with HTML and JAVA, etc... Whereas when included in a Flash object you are rarely asked as you have already authorized the activity... The key is, this is an adaptable hack [as most malware/virus are] which can be used or offered via ever changing methods. ------------------------- Nope, never get pop-ups and I am at least smart enough to avoid any if ever I see one. Seriously, I do constant good computer housekeeping, and am always on the lookout for crap and garbage. Good, but even the best may get something at sometime... it happens... --------------------- Don't feel bad, virus/malware have even infected computers on the Space Station, the DOD, DOJ, DHS, NIS, Kaspersky, McAfee, Norton, and just about every computer anywhere on this planet, and *don't over-look* that they have infected them. This is a war which is constantly being waged, and at present the common user is reliant upon what other protections CAN provide and they may be [are - particularly in 9X as the base of security knowledgeable users is severely diminished] inadequate, having to rely upon parties to first discover the hack *signature* AND whatever variant it now comes in *AND the delivery method*. -------------- I understand. Its a coincidence that recently and during the same week, we had two documentaries on telly relating to exactly the kind of things you mention. They were as simple as showing how the poor ol' home user is susceptable to virus's right up to DOD and including the most likely countries the virii come from etc. One Russian mob threatened to shut down the race-track unless they were paid lots of money, but the race track refused on advice from the AFP and from Telstra... sure enough, they shut down the races... place has gone broke now. Even Telstra chimed in and said to tell them to F-off and that they would deal with them, buuuuut, when the Russians hit again, they virtually shut down Telstra too, so the wimps at Telstra said they wanted nothing more to do with it. The feds eventually caught them though. Well, that just a small segment of what goes on... most never makes the news or is exposed... ------------- Your hkey_current_user/software/microsoft/windows/currentversion/explorer/doc find spec MRU" is you attempting to find the hack, note however that it can appear as several different files and registry entries, or called via other entries/applications, so what you attempted is inadequate to locate the hack. You attempted to find the assigned data base *general name/classification* which is *NOT* the hack. Since you are still experiencing issues, you need to run some additional malware searching/discovery programs as it is likely that isn't the only one you have/had on your computer. Try highjackthis and post what it finds in one of the *REPUTABLE* forums that will diagnose it for you. Perhaps *PA BEAR* or another will post those links again... Please pick a good forum and make sure to follow EXACTLY what they ask TO THE LETTER without arguing about WHY they want you to do whatever [the good ones generally explain it anyway to help others that might read the postings] or ignoring their suggestion/recommendation... ------------------- Yes, I do have Hijack This, (forgot to mention I have C/Cleaner too.) but If I google for a forum, how will I know I've got a good one? 07/18/2009 - this group- Internet Explorer Loading Problems There is a very good chance that you are seeing the effects of a hijackware infection! NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! Run a /thorough/ check for hijackware, including posting the requested logs in an appropriate forum, not here. Checking for/Help with Hijackware http://aumha.net/viewtopic.php?f=30&t=4075 http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://www.elephantboycomputers.com/...moving_Malware **Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachi...php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.** If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. PS: If you think your Registry needs to be "cleaned" or "repaired," read http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 ----- Sorry Pa ya didn't post the info... a little heavy on the MVPS sites but what the heck, got some good materials there grin ------------------ As for HOSTS: you will find information on the HOSTS file on the links previously provided. Get one [MDGx has a good one, the MVPs offer one as well] and use it for extra protection. Moreover, use a firewall,,, it is impossible to get by without that additional layer of protection anymore... Okay, will go to MDGx's site, I have it book-marked along with about 150 other sites relating to Win98.. I read a lot! Good. Lots of info out here, sometimes a little difficult to choose the good from the bad buuuuttt.... and remarkably some creeps in here sometimes too XQ. Once you ensure your computer is clean we can help with any residuals or other issues you may have. This may all take a day or two, so dont go away. thank you. S/C We'll be here when you get back, or as long as possible anyway Try to use this same discussion, or you may end up running through some things again... -- MEB Windows Networking, Diagnostics, and other materials http://peoplescounsel.org/ref/windows-main.htm The "real world" of Law, Justice, and government http://peoplescounsel.org ------- |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WIn98se ICS odd timing/connect loss issues cropping up, still there after reinstall... advice ? | Mike | Networking | 34 | March 12th 07 05:59 PM |
About my comp | cbz via WindowsKB.com | General | 0 | January 18th 06 02:57 PM |
Windows ME and Yahoo Messenger Timing Out | Chuck | Networking | 0 | December 4th 04 07:02 AM |
timing different users | ntrying.exe | General | 1 | October 26th 04 09:11 PM |
PLEASE HELP!! Cant restart comp!! | Carrie | Setup & Installation | 1 | September 26th 04 11:49 AM |