(Msg. 1) Posted: Thu Sep 18, 2008 9:50 pm
Post subject: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" (Trojan) Archived from groups: microsoft>public>windowsxp>newusers (more info?)
I am using McAfee 2008 and it has been catching this virus or trojan
every time it scans the computer recently. It always says it repaired
the virus by removing it. However, it appears to keep coming back,
making me think that it's parked somewhere else on the laptop and is
regenerating itself somehow.
The trojan seems to park itself in the C:/System Volume
Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
folder.
The reason I am concerned is that today I got a call from my credit
card security center saying my card had been compromised shortly after
I placed an order online at a place called Texas Towers in PLano, TX.
Now, I don't know if it is the Trojan at fault or some slimeball thief
employee of the company. I keep no credit card information on the
computer, but did type in the credit card number and other information
when placing the order at Texas Towers. Could that Generic.PWS.y
have sent the card information somewhere or would anyone know just how
these trojans mentioned above work?
I really suspect someone at Texas Towers since the problem occured an
hour or so after I placed the order (I got an E-Mail back from their
sales dept saying the item was not in stock and did I want to
backorder). I plan to call Texas Towers tomorrow and report what
happened, but was wondering if it could be that trojan that caused the
problem.
(Msg. 2) Posted: Fri Sep 19, 2008 12:14 am
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" (Trojan) [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
It could very well be the malware infection.
I suggest you show your computer to a professional immediately. Failing
that I would suggest you erase your hard disk and re-install all your
software. You should not connect your computer to the internet in any
way, shape or form until you know the infection is gone.
---
Leonard Grey
Errare humanum est
Jim wrote:
> I am using McAfee 2008 and it has been catching this virus or trojan
> every time it scans the computer recently. It always says it repaired
> the virus by removing it. However, it appears to keep coming back,
> making me think that it's parked somewhere else on the laptop and is
> regenerating itself somehow.
>
> The trojan seems to park itself in the C:/System Volume
> Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> folder.
>
>
>
> The reason I am concerned is that today I got a call from my credit
> card security center saying my card had been compromised shortly after
> I placed an order online at a place called Texas Towers in PLano, TX.
>
> Now, I don't know if it is the Trojan at fault or some slimeball thief
> employee of the company. I keep no credit card information on the
> computer, but did type in the credit card number and other information
> when placing the order at Texas Towers. Could that Generic.PWS.y
> have sent the card information somewhere or would anyone know just how
> these trojans mentioned above work?
>
> I really suspect someone at Texas Towers since the problem occured an
> hour or so after I placed the order (I got an E-Mail back from their
> sales dept saying the item was not in stock and did I want to
> backorder). I plan to call Texas Towers tomorrow and report what
> happened, but was wondering if it could be that trojan that caused the
> problem.
>
> Thanks for any suggestions.
>
> Jim
>
>
(Msg. 3) Posted: Fri Sep 19, 2008 12:20 am
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Thu, 18 Sep 2008 22:50:40 -0400, Jim <nospam.TakeThisOut@nospam.com> wrote:
> I am using McAfee 2008 and it has been catching this virus or trojan
> every time it scans the computer recently. It always says it repaired
> the virus by removing it. However, it appears to keep coming back,
> making me think that it's parked somewhere else on the laptop and is
> regenerating itself somehow.
>
> The trojan seems to park itself in the C:/System Volume
> Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx folder.
Remove all restore points. Do this by disabling System Restore and
rebooting.
Generic PWS.y Generic.dx are keyloggers. After reboot,update McAfee and
run a full scan.
> The reason I am concerned is that today I got a call from my credit
> card security center saying my card had been compromised shortly after
> I placed an order online at a place called Texas Towers in PLano, TX.
When you found out you had some type of info-stealing pest, why would you
do any kind of banking/credit tranactions? What did you do to prevent this
kind of thing to happen in the future?
> Now, I don't know if it is the Trojan at fault or some slimeball thief
> employee of the company. I keep no credit card information on the
> computer, but did type in the credit card number and other information
> when placing the order at Texas Towers. Could that Generic.PWS.y
> have sent the card information somewhere or would anyone know just how
> these trojans mentioned above work?
>
> I really suspect someone at Texas Towers since the problem occured an
> hour or so after I placed the order (I got an E-Mail back from their
> sales dept saying the item was not in stock and did I want to
> backorder). I plan to call Texas Towers tomorrow and report what
> happened, but was wondering if it could be that trojan that caused the
> problem.
>
> Thanks for any suggestions.
>
> Jim
>
>
You need more protection than just McAfee AV. After scanning with your
updated AV, download, and run SUPERAntiSpyware(don't forget to update it
before scanning your system). You should keep it and scan your system
every week with it. The free version does not include "real-time" scanning
but you need one. Spyware Terminator is a decent, free, spyware
"real-time" scanner.
(Msg. 4) Posted: Fri Sep 19, 2008 7:43 am
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" (Trojan) [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Thanks for the help. Should I remove SPYBOT before installing
the two programs you recommend, I have already downloaded them
but did not install them yet.
Jim
On Fri, 19 Sep 2008 00:20:18 -0400, "What's in a Name?"
<maxwachtel.DeleteThis@nomail.afraid.org> wrote:
>On Thu, 18 Sep 2008 22:50:40 -0400, Jim <nospam.DeleteThis@nospam.com> wrote:
>
>> I am using McAfee 2008 and it has been catching this virus or trojan
>> every time it scans the computer recently. It always says it repaired
>> the virus by removing it. However, it appears to keep coming back,
>> making me think that it's parked somewhere else on the laptop and is
>> regenerating itself somehow.
>>
>> The trojan seems to park itself in the C:/System Volume
>> Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx folder.
>
>Remove all restore points. Do this by disabling System Restore and
>rebooting.
>Generic PWS.y Generic.dx are keyloggers. After reboot,update McAfee and
>run a full scan.
>
>
>> The reason I am concerned is that today I got a call from my credit
>> card security center saying my card had been compromised shortly after
>> I placed an order online at a place called Texas Towers in PLano, TX.
>
>When you found out you had some type of info-stealing pest, why would you
>do any kind of banking/credit tranactions? What did you do to prevent this
>kind of thing to happen in the future?
>
>
>> Now, I don't know if it is the Trojan at fault or some slimeball thief
>> employee of the company. I keep no credit card information on the
>> computer, but did type in the credit card number and other information
>> when placing the order at Texas Towers. Could that Generic.PWS.y
>> have sent the card information somewhere or would anyone know just how
>> these trojans mentioned above work?
>>
>> I really suspect someone at Texas Towers since the problem occured an
>> hour or so after I placed the order (I got an E-Mail back from their
>> sales dept saying the item was not in stock and did I want to
>> backorder). I plan to call Texas Towers tomorrow and report what
>> happened, but was wondering if it could be that trojan that caused the
>> problem.
>>
>> Thanks for any suggestions.
>>
>> Jim
>>
>>
>
>You need more protection than just McAfee AV. After scanning with your
>updated AV, download, and run SUPERAntiSpyware(don't forget to update it
>before scanning your system). You should keep it and scan your system
>every week with it. The free version does not include "real-time" scanning
>but you need one. Spyware Terminator is a decent, free, spyware
>"real-time" scanner.
>
>max
(Msg. 5) Posted: Fri Sep 19, 2008 9:04 am
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam RemoveThis @nospam.com> wrote:
> Thanks for the help. Should I remove SPYBOT before installing
> the two programs you recommend, I have already downloaded them
> but did not install them yet.
>
> Jim
If you mean Spybot Search+Destroy, you should leave it installed.
Post back with results.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is setup for use in USENET by everyone
(Msg. 6) Posted: Sat Sep 20, 2008 9:32 am
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" (Trojan) [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Max;
The SAS program found 19 tracking cookies that had been missed by both
McAfee and Spybot. I had already taken your advice and stopped
the system restore which got rid of the other Trojan.
Also, another benefit, the Super Anti Spyware is at least 10 times
faster than Spybot and McAfee. With Spybot, a full scan takes well
over an hour, probably two. SAS is really very fast and a full scan
might take 20 minutes or less, and I have two large drives on this
laptop.
Thanks again for your assistance.
I guess if a programmer knew machine language, he could
go into the GENERIC.PWS Trojan, disassemble it, and find out just who
and
where it was reporting to, is that right, as it must report to some
site or IP address? McAfee rates this trojan threat low.
I think my card problem came from the company I placed the
order with, but the owner denied vehemently it could have come
from him, as he said he trusted his employees implicitly, and
was very upset I even suggested it. However, I wonder if his
webmaster or his computer network is really safe? The time involved
from the time I placed the order until the credit card company
notified me was only a few hours They had to move fast whatever
they did. I think from now on will just call the company and give
order verbally, but it is very convenient to be able to place an order
at 2 am....
Jim
On Fri, 19 Sep 2008 09:04:19 -0400, "What's in a Name?"
<maxwachtel.RemoveThis@nomail.afraid.org> wrote:
>On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam.RemoveThis@nospam.com> wrote:
>
>> Thanks for the help. Should I remove SPYBOT before installing
>> the two programs you recommend, I have already downloaded them
>> but did not install them yet.
>>
>> Jim
>
>If you mean Spybot Search+Destroy, you should leave it installed.
>Post back with results.
>max
(Msg. 7) Posted: Sat Sep 20, 2008 6:07 pm
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" (Trojan) [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
I was wrong about the scanning time of SAS, it is longer than I
thought, took almost as long as Spybot, as today I did a complete
scan and it took over 50 minutes with an 80 GB and a 60 GB drive
in my laptop.
On Sat, 20 Sep 2008 09:32:30 -0500, Jim <nospam.TakeThisOut@nospam.com> wrote:
>Max;
>
>The SAS program found 19 tracking cookies that had been missed by both
>McAfee and Spybot. I had already taken your advice and stopped
>the system restore which got rid of the other Trojan.
>
>Also, another benefit, the Super Anti Spyware is at least 10 times
>faster than Spybot and McAfee. With Spybot, a full scan takes well
>over an hour, probably two. SAS is really very fast and a full scan
>might take 20 minutes or less, and I have two large drives on this
>laptop.
>
>Thanks again for your assistance.
>
>I guess if a programmer knew machine language, he could
>go into the GENERIC.PWS Trojan, disassemble it, and find out just who
>and
>where it was reporting to, is that right, as it must report to some
>site or IP address? McAfee rates this trojan threat low.
>
>I think my card problem came from the company I placed the
>order with, but the owner denied vehemently it could have come
>from him, as he said he trusted his employees implicitly, and
>was very upset I even suggested it. However, I wonder if his
>webmaster or his computer network is really safe? The time involved
>from the time I placed the order until the credit card company
>notified me was only a few hours They had to move fast whatever
>they did. I think from now on will just call the company and give
>order verbally, but it is very convenient to be able to place an order
>at 2 am....
>
>Jim
>
>
>
>
>
>
>On Fri, 19 Sep 2008 09:04:19 -0400, "What's in a Name?"
><maxwachtel.TakeThisOut@nomail.afraid.org> wrote:
>
>>On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam.TakeThisOut@nospam.com> wrote:
>>
>>> Thanks for the help. Should I remove SPYBOT before installing
>>> the two programs you recommend, I have already downloaded them
>>> but did not install them yet.
>>>
>>> Jim
>>
>>If you mean Spybot Search+Destroy, you should leave it installed.
>>Post back with results.
>>max
(Msg. 8) Posted: Sat Sep 20, 2008 10:32 pm
Post subject: Re: Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" (Trojan) [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
My reply is at the bottom of your sent message.
In news:0446d4dsi0dvto0i3incle9b63fngtdv27@4ax.com,
Jim <nospam.RemoveThis@nospam.com> typed:
> I am using McAfee 2008 and it has been catching this virus or trojan
> every time it scans the computer recently. It always says it repaired
> the virus by removing it. However, it appears to keep coming back,
> making me think that it's parked somewhere else on the laptop and is
> regenerating itself somehow.
<snip>
> The reason I am concerned is that today I got a call from my credit
> card security center saying my card had been compromised shortly after
> I placed an order online at a place called Texas Towers in PLano, TX.
<snip>
> Thanks for any suggestions.
I'll type carefully because I don't want to come off sounding like a jerk.
But...
You had reason to suspect you were infected. You used the computer to
transmit your credit card and who knows how much other personal information.
Don't do that. Security is NOT a product. It is an awareness, if you'd like.
It is a state of mind. It is a compromise between what you need to do and
what risks you'll accept.
Cancel your card immediately and order one of the credit watch services to
ensure that these people don't now go out and get new accounts in your name.
Anti-malware products are generally only good at preventing infection and
then they're only good at preventing what they have signatures for. This is
the time when you get ready to completely format your PC and do a new
installation following the Good Hex principles.
I hope that I didn't sound like a jerk or too harsh. Hopefully this is a
small price to pay to learn this lesson and hopefully it doesn't result in a
completely stolen identity or the likes.
All times are: Eastern Time (US & Canada) (change) Goto page 1, 2
Page 1 of 2
You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Windows XP