Discussion in 'Trading' started by daytradingebook, Mar 17, 2002.
Yes, seems that way... I hope enough people read my first post on this thread and were not foolhardy enough to download a .exe file from an unknown source...
Hi - this pisses me off. I downloaded and ran this as well, and since running it my zonealarm firewall keeps alerting me that emm486.exe is trying to access the internet.
It looks like a trojan horse program, I did some research on emm486.exe (use ixquick.com search engine) and found this link:
So it looks like this @#$ infects not only emm486.exe but a log.dll file and tapi32.exe mstask.exe msgsrv16.exe etc, and some registry entries.
Apparently this crap trojan sends your passwords out!
I had thought I had scanned it with my norton 2002, it's not alerting me to the worm though, I'll try mcafee to see if that does it.
Any other ideas? And, do we still need the emm486.exe for running win2K? (i think it was for the w98 and earlier os's, not sure)
Thug Life, you are a good typer.Would'nt call it a free lunch,liked #13 anyway.Including but not limited to ''picking stocks making new medium trend highs to trade with''.
This was the exact problem I had. Stupidly, I deleted the file EMM486.exe and removed it from my registry without thinking first. The reason that I removed it from the registry was that it was created just after I ran trader.exe and I therefor assumed that it would not affect my operating system. Since then I have had minor annoyances with my system. I cannot shut Windows down without turning the power off and when I start up Windows my System32 file automatically opens up.
I've had lots of great advice on fixing this from another thread (http://www.elitetrader.com/vb/showthread.php?threadid=4525), the consensus seeming to be to format and have a clean install. At the moment I am going to live with these minor annoyances as a reminder not to open .exe programs and not to screw with my registry, until I figure out how the hell to format and reinstall.
You could use an old backup version of your registry if there is one available (c:windows\comand\scanreg /restore) but make a new backup of today's version before doing so.
You will have to go into DOS to do this. Restoring a backup registry in win98 for instance is only available for the past 5 days (Start>Run>regedit>import>?).
Also, you can repair your registry if possible. (scanreg /fix) Again, make a backup of your current registry before doing this. For win2k systems, try running fast repair from the win2k cd disk.
Try either one or both before you format/reinstall everything. One more thing, make sure you use test "Thorough" in scandisk before you start. It takes time but works wonders
Here's what I've found so far.. I run Windows 2000 Pro and here's the worm profile:
here's another link:
Win2K Pro does Not use emm486.exe (I compared w/my install on my 2nd pc w/win2K pro, there's no emm486.exe there).
So, given that, I have just
1) wiped (not deleted, wiped), the emm486.exe file from c:\
2) used regedit to search for and delete all registry entries related to emm486.exe (since win2k doesnt use this)
3) run an advanced search in windows explorer to look for all files modified since 3/17, when I downloaded this #$%
I'm downloading/installing McAfee, will boot to command line and use their directions etc..
PE,Trojan,Internet Worm and memory resident:
Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner:
SCANPM /ADL /CLEAN /ALL
Will post later/edit this with an update.. Too bad my tauscan trojan detector and new norton 2002 didn't help with this.
daytradingebook - devils?
Hmmm....either you're a party to the attempted spreading of the virus that infects this rather dubious ebook and which has infected the computers of a number of poor souls on this board and if so you therefore should be castrated with a blunt knife and sent on winter vacation in Siberia wearing Bermuda shorts
YOU JUST DON"T GET IT!! - people have had negative comments about this particular ebook for two very good reasons - (1) it's a fairly worthless collection of common market/trading generalities mixed with poorly conceived (or misconceived) ideas of the author AND (2) it's infected with (and spreading) a damn virus - and nobody wants anyone else to waste their time (and risk their computers) on this lousy thing.
On the other hand, people recommend good books, etc. all the time on the board and no "devils" poke a pitchfork at them
Of course, maybe we all missed this ebook's quintissential value - what was it that you found most useful/enlightening about this particular ebook? The many pieces of misinformation about things like stops, etc. or the password stealing virus?
Also, here's what I've found, the file
is a trojan that this piece of s#$% installs too, delete this thing.. mcafee caught it, but norton 2002 didn't. It's not anything to do with IE the browser from what I can tell. Mcafee said it had some backdoor-GQ in it.
Also, there was 1 other dll file in winnt\system32 that it installed, some mailer.dll type name, can't recall offhand. If you're lucky, you'll remember what date you installed it, eg I installed this on 3/17/2002 .. so you can sort your winnt and \system32 subdirectories by date, then nuke anything that looks suspicous. And there were two hidden .ocx files too, installed on that date, so I wiped them for good measure. Be sure to set your pc to show hidden files etc .
I've changed all my paypal and other passwords, advise anyone else to as well, eg this thing tries to email your passwords to someone in russia from what the docs say.
After installing mcafee, the system would hang on bootup, after finding this iecfg.exe virus, so I had to reboot in safe mode, uninstall mcafee, then reboot in regular mode..
So far, everything looks ok, I'll post any updates.
Highly recommend ZoneAlarmPro, it correctly caught the outbound messages, this emm486.exe tried to connect 6 times since 3/17/02.
I really had better things to do this morning than d--- around with this.
Anyone else, pls post what you've found.
Where did the book go I hear it has a Trojan in it for free. Is it lubricated or is it the rough kind that makes you wish it were lubricated after a screwing.
Separate names with a comma.