Just wanted to give a heads up to whoever attempts to do a REGEDIT that they better know exactly what they are doing and what consequences their modifications will have! (speaking from experience here! ) I would side with rtharp and say just go for a clean re-install. The time spent installing can be spent meditating on the following: 1]always have a firewall 2]always have an up to date virus scanner 3]never run .exe files or double click on attachments unknown
Sanjuro said : "It's not a virus. It's just a program created by some trader who wants to get back at other traders for taking his money. The programs have different purposes (some delete all system files off the computer) while others open back doors to your system so the creator can look onto your computer. " If that is nto a virus then what woudl you call it?? That is a virus no matter how you look at it. Someone made a comment about Editing your registy , If you dont know what you are doing then dont do it , I happen to know what I am doing . And as always make a back up before :-}
Thug_Life, Do you use a personal firewall like ZoneAlarm? Have you done a search for emm486.exe and iecfg.exe? Hopefully you don't wake up one morning to find yourself long 100,000 STLC (Stolichnaya Vodka Ltd). Following is an exchange of emails between yours truly and Online Trading Academy (OTA) : -------------------- To: info @tradingacademy.com Sent: Monday, March 18, 2002 8:23 PM Subject: Free download Dear Sir/Madam, Are you in any way connected to http://XXXXXXXXXXXXX/ ? They are offering a free download of your ebook. I ask because there is suspicion of piracy/trojan horse. Sincerely, Tom -------------------- To: Tom P Date: Tue, 19 Mar 2002 11:27:03 Subject: Re: Free download Hi Tom, We are not connected with them. Are you sure it's our book they are making available? There are a lot of e-books out there. Did you download it? Just curious. I have not yet, but am about to. Jennifer Perrier webmaster, OTA -------------------- To: webmaster @tradingacademy.com Sent: Tuesday, March 19, 2002 1:10 PM Subject: Re: Free download Jennifer, hello again, I just tried getting on the site, but notice that it's not available. As a matter of interest, I enclose some of the ebook that my friend downloaded - you'll then be able to tell if it's really yours. Tom (I appended some of the tips posted by Thug_Life, without actually mentioning ET) -------------------- To: Tom P Date: Tue, 19 Mar 2002 13:20:44 Subject: Re: Free download Thanks Tom - I actually got interrupted before I had a chance to try the download, plus I was a little nervous about downloading something that may have had a virus myself. As for the trading info below - I will have to double check to see if it is ours verbatim or not. Thanks so much for alerting me to this possible problem. Jennifer --------------------
musicman, Malicious program code includes but is not limited to (Virus, Worms, Trojan horses etc.) I would call this altered ebook either a 'malicious program' or a 'trojan horse'. It looks like this program is trying to give others access to the computer it is being run on. It probably loads itself into all of Window's startup files. It doesn't e-mail itself or try to spread itself to other computers. It doesn't infect and attach itself to other executable files. When I use to play games... I played Total Annihilation and there were some people who used cheats. Somebody created a windows application which deleted all files in your windows directory, renamed it tacheat.exe and put it on a public site. Then went online and told everyone they can get a copy of the new cheat. After I fell for that once, had to re-install windows, I will never run executable files from an unknown source again. Virus scanners detect viruses. NOT self developed malicious programs.
I used to be on tracdingacademy.com's email list. It got hacked into and during a 3 day period they sent their entire list over 12 computer viruses. This is probably the same person who sent those viruses Robert Tharp
No one has any evidence that it is a true virus they downloaded do they? Frequently changes to your registry can occur from downloads due to a number of reasons. Doesn't have to be a virus, and it is not reasonable to conclude it is until you have proof. There may simply be some imcompatibility b/w your system and the application, similar to crashes from perfectly fine programs. Let's not go off half-cocked all you chikenlittles out there. Check your registry like I told you. But first do that other stuff I said to do.
"Let's not go off half-cocked all you chikenlittles out there." That was my original attitude. However, I also have those 2 files EMM486 and the other one. I have win2K. They won't delete - "file is in use." I just downloaded "The Cleaner" anti-Trojan program from download.com and used it to search, but the search came back clean. I then downloaded "Anti-Trojan 5.5" and I am running it as I type this. It appears that my original skepticism was foolhardy. I was ignorant of the way Trojans operate. I realize that downloading random exe files is stupid, but the computer I am using is a 233mhz relic with no valuable software. So I figured what the hell, if there is a virus at least I can tell everybody. I imagine just about everyone has a lot more to lose with their pc than I have with mine. It was a pretty pointless file, so I posted the best part to satisfy the curiousity of anyone who might be as foolhardy as me. IMO, there is NO WAY that entire e-book was created by a hacker. It had to be a tradingacademy.com file that he stole. It was far too slick of a sales gimmick - newsletters, books, seminars, classes - a genuine work of snake oil art that I don't think any computer hacker could recreate. The properties on those 2 files say they have been accessed as recently as today. I am on an AOL trial CD net connection. I don't have Outlook or any trading programs that access the net on this computer. My only concern is that I had to give AOL a visa # to sign up for the trial. It is a check card to an account with only a couple hundred bucks in it. It has to be farfetched that the Trojan recipient could access this info, right? (insert hopeful look) Baron - you have the guy's IP logged, right? Plug it into Neotrace or a trace utility and let's see what location comes up. I'm sure all of us would be interested to know if he's in mother Russia or something. TIA And thank you to those who are more computer savy than I and enlightened me about Trojans. I apologize if I misled anybody. Now the Anti-Trojan program says "No Trojans found on your system" What the hell?
Steve Gibson gave some good info on how trojans work and how they are used by hackers to do their bidding on http://grc.com -- Unfortunately at the moment the site appears to be down. From memory (I found the cached article so never fear) a good way to check if you have an active trojan on your computer: Shut off all chat software including instant messaging software. Go to the dos prompt. netstat -an | find ":6667" netstat -an | find ":113 " or just netstat -a to list all your connections. The cached article is on google (a real page turner) at: http://www.google.com/search?q=cach...search+trojans&hl=en&lr=lang_en&ie=ISO-8859-1
I think it's well known by now that this has a virus attached. I got McAfee because my Norton didn't pick it up, and just ran a scan. I'd already got rid of all the files that had been listed in this and the other thread but still got this from McAfee: File: C:\Temp\ebooknt.exe Virus: BackDoor-GQ The reason that I couldn't shutdown my computer as earlier noted was that there were numerous .exe's from the virus running in the background. Once I got rid of those I was able to shutdown ok.
Have had failures with Norton and McAfee in the past but need some input on other protection programs. Any favorites out there?