We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
IMPORTANT! Have you received an email to your forum username?
Comments
-
Hi, Thanks very much for your very informative post.As you and Stumpy say, this is a serious Trojan, not to be ignored.I have just trawled everything from MSE regarding it, and Cannot find anywhere they mention seeking professional advice if Trojan is found:doesn,t mean it,s not there.That,s my main gripe, no info, other than what forumites like you et.al have given.WHY? There,s no onus on them to have id,d it in their first alert.a Trojan is a very generic term.As you say, the untechie person would need professional advice, Me, I would have gone direct to the Techie site, as Browntoa suggested, MSE could have given that advice, without any comeback.that,s the most likely place to get GOOD advice.without recourse to speculating in "pro"s, who I personally would not go near, unless reccommended by one of the Techies like you and Stumpy et.al.It's bad enough having ones e-mail being hacked, if that,s the case, but to be left without any advice, to me is worse.Lets just hope there are not too many need advice, but if they do,and I bet there are several that do not know they are infected do, this is not the place.the TECHIE site is,:beer:I agree with some of what you're saying, but just to give you some idea of the difficulties.
This particular Trojan does real damage to a couple of System files.
I have cleared up an infection using various scans and manually replacing the files.
The particular variant i looked at (and i have the md5 checksums) works like this:
It infects the Explorer.exe Winlogon.exe or Wininit.exe
also infects the backups of those files in dllcache
adds a file called memory.tmp to the User Account's Templates folder
Creates a new folder called Server in 'All Users\Documents'
adds a couple of files to that folder called admin.txt and hlp.dat
also adds a couple of dat files to the Windows\Temp folder, but they disappear, don't expect to see them.
If you do a file search and find that Server folder with the two files, then you're definitely infected.
SuperAntiSpyware, MalwareBytes, Avira, HijackThis, and others are all good progs but can't resolve this one.
The reason is that the previous mentioned System files are infected and probably need to be replaced with clean ones from another source, such as instal disk.
If scans are carried out identifying those System files as 'infected', quarantining or deleting them, then the pc will no longer boot up!!!
For me, it's not a problem, i have a range of tools to recover from those situations, but the average pc user could REALLY struggle, particularly if no other pc is available.
I see StumpyPumpy has tried Hit_man_pro. Well done for posting the advice.
Not tried it myself but would be very interested to know how it handles the infected System files?
Does it ask the user for an instal disk or clean alternative location?
It can't ignore those files, this is fundamental to this particular Trojan, so it has to take some action, which is probably in the log it created.
If unsure i can dl Hit_man and maybe give it a go myself.0 -
It is quite possible to contact abuse and have all your posts removed from MSE, if that is what you want.
Martin
Is it not about time this thread was closed? I doubt if you guys are learning anything new or even useful and the few remaining participants seem to have bees in their bonnets unrelated to the issue.If you've have not made a mistake, you've made nothing0 -
Is it not about time this thread was closed? I doubt if you guys are learning anything new or even useful and the few remaining participants seem to have bees in their bonnets unrelated to the issue.
Personally I feel it should be left open for any people who perhaps are not frequent visitors find the message and may wish to ask a question about the issue and seek help from others.
I think most people here have enough common sense to sort the 'wheat from the chaff'.
0 -
Actually I got the feeling too, there's far too much publicity and far too long even though there isn't a shred of evidence of breach. People would hesitate to sign up or use links or downloads if any site is publicised as having security issues. Imagine John Lweis showing up as having a security breach and then asking for email address to sign up for offers. I'd think long and hard before I sign up and certainly won't shop. The opportunity to post or give evidence has been offered. There's no evidence. So, imo, no need for banners on top. Since I like a little bit of thrill, i like :snow_grin this thread though.0
-
Actually I got the feeling too, there's far too much publicity and far too long even though there isn't a shred of evidence of breach. People would hesitate to sign up or use links or downloads if any site is publicised as having security issues. Imagine John Lweis showing up as having a security breach and then asking for email address to sign up for offers. I'd think long and hard before I sign up and certainly won't shop. The opportunity to post or give evidence has been offered. There's no evidence. So, imo, no need for banners on top. Since I like a little bit of thrill, i like :snow_grin this thread though.
Have you read the thread meher??? There is abundant evidence there has been a breech. Martin Lewis admits there has been a breech, although they cannot identify exactly how/ when. Users who use an email address dedicated to this site have received emails addressed to their username using the email addy for this site, and this site alone. I'm not out to persecute Martin Lewis or the site.0 -
There are some, like me who got my e-mail via domain not linked to this site but with username correct;?and others.ploddingalong wrote: »Have you read the thread meher??? There is abundant evidence there has been a breech. Martin Lewis admits there has been a breech, although they cannot identify exactly how/ when. Users who use an email address dedicated to this site have received emails addressed to their username using the email addy for this site, and this site alone. I'm not out to persecute Martin Lewis or the site, but for goodness sake, get real, or keep quiet
0 -
I feel a bit left out that I have not received an email
0 -
ploddingalong wrote: »but for goodness sake, get real, or keep quiet
Don't you think that is a little unkind? This is a forum for people to discuss their views and opinions even if others disagree with those opinions, if everyone who had a different view took your advice to keep quiet it would soon become a bit boring here!
Have edited my post, for some reason (I am going senile) I attributed the quote to Joe which was incorrect, sorry for any confusion and sorry to Joe who did not make the quote.0 -
No to both :snow_grinploddingalong wrote: »but for goodness sake, get real, or keep quiet0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards