pcr, hugh, ron, 98guy, richard, ...

and oh so many others I could name;;;; all people whose advice I read
daily in this n/g.

I'm bustin' my breachces at the moment due to having a broadband modem
delivered here yesterday;; the account is already set up and will be
active
the instant I instal the modem etc...... I CANT WAIT..
But, I seem to have picked up a 'bug' (vcodec.emedia--more detail in other
post) and I dont want to instal anything at all while I have a trojan
active/
resident/ALIVE.........grrrr.
If any can put themselves in my place and would like to help me get the
trojan off, then I would be very grateful.... If only you knew
how
excited (& frustrated) I am at the moment. I have just put up with two
months of a dial-up that boots me off at least ten times a day. Not to
mention the lack of ability to see posts or replies to posts in this group.
And now, I am so close to having broadband, yet a 'spanner' has been
thrown into the works.

What I am asking, is, could you guys take a look at my post titled, "Two
Bugs within days". I really really really do want to hook up the whole
broadband thing, and its frustratin' knowing whether or whether not to do
it while a gremlin resides within, and what mr. gremlins purpose is.!

Many thanks to all who help...
(damn its hard, the new modem is sitting in a box right behind me.)
Gekko

DAMN, my last post musta sounded lame.
I just want to know if it would be a SMART thing to do if I use
add/rem knowing full well I am 'removing' a trojan? (seems to easy)
Most trojans I've heard of, like to have this process done as it executes
the virus itself....... erring on the side of caution.
cant type anymore,,,,,,
to whichever country that has trade-winds or whatever, stop sending the
flu here every damn winter.
Ge _ACHOO_kko



"Gekko" wrote in message
...
and oh so many others I could name;;;; all people whose advice I read
daily in this n/g.

I'm bustin' my breachces at the moment due to having a broadband modem
delivered here yesterday;; the account is already set up and will be
active
the instant I instal the modem etc...... I CANT WAIT..
But, I seem to have picked up a 'bug' (vcodec.emedia--more detail in other
post) and I dont want to instal anything at all while I have a trojan
active/
resident/ALIVE.........grrrr.
If any can put themselves in my place and would like to help me get the
trojan off, then I would be very grateful.... If only you
knew
how
excited (& frustrated) I am at the moment. I have just put up with
two
months of a dial-up that boots me off at least ten times a day. Not to
mention the lack of ability to see posts or replies to posts in this
group.
And now, I am so close to having broadband, yet a 'spanner' has been
thrown into the works.

What I am asking, is, could you guys take a look at my post titled, "Two
Bugs within days". I really really really do want to hook up the whole
broadband thing, and its frustratin' knowing whether or whether not to do
it while a gremlin resides within, and what mr. gremlins purpose is.!

Many thanks to all who help...
(damn its hard, the new modem is sitting in a box right behind me.)
Gekko

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**

Protect Your PC
http://www.microsoft.com/athome/security/protect/
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

Gekko wrote:
and oh so many others I could name;;;; all people whose advice I read
daily in this n/g.

I'm bustin' my breachces at the moment due to having a broadband modem
delivered here yesterday;; the account is already set up and will be
active
the instant I instal the modem etc...... I CANT WAIT..
But, I seem to have picked up a 'bug' (vcodec.emedia--more detail in other
post) and I dont want to instal anything at all while I have a trojan
active/
resident/ALIVE.........grrrr.
If any can put themselves in my place and would like to help me get the
trojan off, then I would be very grateful.... If only you
knew how
excited (& frustrated) I am at the moment. I have just put up with
two months of a dial-up that boots me off at least ten times a day. Not to
mention the lack of ability to see posts or replies to posts in this
group. And now, I am so close to having broadband, yet a 'spanner' has
been thrown into the works.

What I am asking, is, could you guys take a look at my post titled, "Two
Bugs within days". I really really really do want to hook up the whole
broadband thing, and its frustratin' knowing whether or whether not to do
it while a gremlin resides within, and what mr. gremlins purpose is.!

Many thanks to all who help...
(damn its hard, the new modem is sitting in a box right behind me.)
Gekko

"Gekko" wrote in message
...
DAMN, my last post musta sounded lame.
I just want to know if it would be a SMART thing to do if I use
add/rem knowing full well I am 'removing' a trojan? (seems to easy)
Most trojans I've heard of, like to have this process done as it executes
the virus itself....... erring on the side of caution.
cant type anymore,,,,,,
to whichever country that has trade-winds or whatever, stop sending the
flu here every damn winter.
Ge _ACHOO_kko




All I can say is that the only time I've met this was on an XP machine - and
the uninstall worked fine..... but the machine was also infested with
Spywarequake!! which had to be removed at the same time.
Worth checking for?

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

Gekko wrote:

I seem to have picked up a 'bug' (vcodec.emedia--)

As has already been pointed out, that's ZLOB.

There are web sites that are generating new varients of it every
hour. A month or two ago, the only way to get it was to browse porn
sites and click on a link promising some sort of porn video, but then
be told you need to download a new codec to watch it. The codec was
ZLOB.

A few weeks ago, the same sort of automatically-generated varient was
being delivered via URL in spam e-mail.

If you can find the original file responsible for the infection, try
submitting it to www.virustotal.com and get a better identification as
to which exact varient it is.

Also, google the web for "ZLOB removal" and see if you can find info
about your exact varient (or close to it). You should find info about
what registry entries it creates, which files it creates or re-names,
etc.

Then re-start in DOS mode and delete as many of the bad files as you
can.

In the mean time, don't connect the infected computer to the internet
- you will just become infected with more stuff.

It will be hard to run virus-detection tools on the infected computer,
because most viruses and trojans tend to shut down AV software and
prevent them from running.

From time to time, when I have a PC that I suspect is infected
(Windows 98 or any version of windows), I remove the hard drive and
slave it to a "trusted" PC running a similar operating system and then
scan the drive. Because it's a slave, it won't be running any viral
software, but any malware will be there all laid out in the open for
the scanning software to find. This is especially useful when the
malware could be hiding in hidden directories or other places that you
don't normally have access to (that's more of a problem with XP than
for 98).

I haven't had a virus yet to get rid of that I know of. As someone asked in the other thread, why not let your virus scanner do it for a start? Then, try HiJackThis per Bear's thread, &/or some of the other good advice in this thread.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"Gekko" wrote in message ...
| and oh so many others I could name;;;; all people whose advice I read
| daily in this n/g.
|
| I'm bustin' my breachces at the moment due to having a broadband modem
| delivered here yesterday;; the account is already set up and will be
| active
| the instant I instal the modem etc...... I CANT WAIT..
| But, I seem to have picked up a 'bug' (vcodec.emedia--more detail in other
| post) and I dont want to instal anything at all while I have a trojan
| active/
| resident/ALIVE.........grrrr.
| If any can put themselves in my place and would like to help me get the
| trojan off, then I would be very grateful.... If only you knew
| how
| excited (& frustrated) I am at the moment. I have just put up with two
| months of a dial-up that boots me off at least ten times a day. Not to
| mention the lack of ability to see posts or replies to posts in this group.
| And now, I am so close to having broadband, yet a 'spanner' has been
| thrown into the works.
|
| What I am asking, is, could you guys take a look at my post titled, "Two
| Bugs within days". I really really really do want to hook up the whole
| broadband thing, and its frustratin' knowing whether or whether not to do
| it while a gremlin resides within, and what mr. gremlins purpose is.!
|
| Many thanks to all who help...
| (damn its hard, the new modem is sitting in a box right behind me.)
| Gekko
|
|

All I can say is that the only time I've met this was on an XP machine -
and
the uninstall worked fine..... but the machine was also infested with
Spywarequake!! which had to be removed at the same time.
Worth checking for?

--
Noel Paton (MS-MVP 2002-2006, Windows)

Yeah, it seems that it is definately attracted to XP as fodder, because
while I was/am at TomCoyotes forum, 99% of the people there asking
for help to get rid of this same bug, are XP users.
I havent yet come across a 98 user with the bug. The XP fixes are just
that, 'only' XP fixes. (even then it seems like a drama to do)
Gekko

Am already doing all those things PA, am not leaving a stone
unturned.
No replies yet have come in from anyone here on what would be
the sensible thing to do regarding the fact that the gremlin is actually
sitting in my add/rem.
I just dont want to set off a time bomb, so to speak.

The "help me I've got a bug on my computer" forums are absolutely
snowed under at the moment with ppl asking for assist........... and
from the ones I've perused, the eMedia piece of s**t is primary on all
lists. (at the moment)
Ta for time PA,
Gekko

Oh, I've left my HJT with forums, just waiting for a reply.
(but I wanna use my new toy modem........ sniff)


"PA Bear" wrote in message
...
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware.
**Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**

Protect Your PC
http://www.microsoft.com/athome/security/protect/
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

Gekko wrote:
and oh so many others I could name;;;; all people whose advice I read
daily in this n/g.

I'm bustin' my breachces at the moment due to having a broadband modem
delivered here yesterday;; the account is already set up and will be
active
the instant I instal the modem etc...... I CANT WAIT..
But, I seem to have picked up a 'bug' (vcodec.emedia--more detail in
other
post) and I dont want to instal anything at all while I have a trojan
active/
resident/ALIVE.........grrrr.
If any can put themselves in my place and would like to help me get the
trojan off, then I would be very grateful.... If only you
knew how
excited (& frustrated) I am at the moment. I have just put up with
two months of a dial-up that boots me off at least ten times a day. Not
to
mention the lack of ability to see posts or replies to posts in this
group. And now, I am so close to having broadband, yet a 'spanner' has
been thrown into the works.

What I am asking, is, could you guys take a look at my post titled, "Two
Bugs within days". I really really really do want to hook up the
whole
broadband thing, and its frustratin' knowing whether or whether not to
do
it while a gremlin resides within, and what mr. gremlins purpose is.!

Many thanks to all who help...
(damn its hard, the new modem is sitting in a box right behind me.)
Gekko

"98 Guy" wrote in message ...
Gekko wrote:

I seem to have picked up a 'bug' (vcodec.emedia--)

As has already been pointed out, that's ZLOB.

yeah, I know that already, thats why I mentioned it in the 'other' post.


There are web sites that are generating new varients of it every
hour. A month or two ago, the only way to get it was to browse porn
sites and click on a link promising some sort of porn video, but then
be told you need to download a new codec to watch it. The codec was
ZLOB.

hear you loud and clear. only thing i've downloaded prior to this bug is a
few of Pavlovs Dogs old songs,,,, they had some old footage of some
gigs so I d/loaded 2 of those, except WMP couldnt play them and I had to
go grab 'realplayer'.
the bug must have come in via those channels.


If you can find the original file responsible for the infection, try
submitting it to www.virustotal.com and get a better identification as
to which exact varient it is.

as above...............................


Also, google the web for "ZLOB removal" and see if you can find info
about your exact varient (or close to it). You should find info about
what registry entries it creates, which files it creates or re-names,
etc.

been checking and re-checking and googlin' and re-googlin'.

Then re-start in DOS mode and delete as many of the bad files as you
can.

FIRST, I just wanna know if it is a smart thing to do if I go into add/rem
and kill it from there first????
I dont wanna get any hidden '.exe's' executing something just cos' I tried
to delete/remove the said bug using an 'obvious' solution.


It will be hard to run virus-detection tools on the infected computer,
because most viruses and trojans tend to shut down AV software and
prevent them from running.

so far, I havent had any ill effects from the bug cept for some icon
associations etc.
my anti's havent been affected and can still point to the fact that it is
there,,
i did however quarantine/chest something the first time using Avast.

Cheers (& sneezesz) for feedback 98guy.
Gekko

"PCR" wrote in message
...
I haven't had a virus yet to get rid of that I know of. As someone asked in
the other thread, why not let your virus scanner do it for a start? Then,
try HiJackThis per Bear's thread, &/or some of the other good advice in this
thread.


already on it pcr.................. just so damn frustratin' having a
new toy
to play with, but not actually being able to play with it.
like getting a toy from granny, but no batteries!!
I took the modem out of the box yesterday, fits in the palm of my hand;;;;
its the first time I seen one.(B/B)
Gekko

oh, should I or should I not remove it from add/rem?????????
will it set off alarm bells to the bug?