bar5

Members
 View Profile  See their activity

  • Content Count

    2048

  • Joined

  • Last visited

 Content Type 

Posts posted by bar5

  5. Warning! Do Not Buy From This Company!

    in Open Chat

    Posted

    Nerelda:

    I know it's a little too late, but NEVER deal with anyone that does not have an address, phone # and email. Read their RETURN POLICY. You usually have to request an RMA (return merchandise authorization) this is standard.

    When you check them out, and you cannot find anything on them, deal with someone else. Do like tenmm says, check "resellerratings.com" I use them all the time.

    Sorry, I hope you get your money back. Good luck.

    Barb

    P.S. If you do send them back, make sure you send them return receipt request. get a signature that they received them.

  6. Warning! Do Not Buy From This Company!

    in Open Chat

    Posted

    www.resellerratings.com

    Not much said here about this outfit,so it would have done little in the way of help. :o

    Yeah, I usually check there and the Better Business Beauro before prchasing from a company, but I could find no reports on them unfortunately.

    Nerelda:

    File a Bill Dispute with yout credit card company. They usually have several reasons to use, such as; "Merchandise Received not as Advertised". Keep all your receipts. Find out what that company has for a Return Policy.

    I have done this and got a full refund. If you are not sure how to do it, call them and they will advise you what you need, or email them.

    Good luck

    Barb :D

  19. Hjt Log

    in Malware Removal

    Posted

    Quoted from Microsoft's Security Bulletin MS04-011:
    Affected Software:

    Microsoft Windows NT® Workstation 4.0 Service Pack 6a – Download the update

    Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update

    Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update

    Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4 – Download the update

    Microsoft Windows XP and Microsoft Windows XP Service Pack 1 – Download the update

    Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update

    Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update

    Microsoft Windows Server™ 2003 – Download the update

    Microsoft Windows Server 2003 64-Bit Edition – Download the update

    Microsoft NetMeeting

    Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

    I think you should ignore those popups. The Windows LSASS vulnerability is not a problem with Windows XP SP2. :D

    TJ:

    Thanks for your help. Here is some info from Trend Micro on this subject in case you run across this again.

    Trend Micro

    I did what this bulletin suggested.

    Barb :D

  22. Trendmicro Popup Messages

    in Security Alerts

    Posted

    Hi:

    I have spent most of the day trying to find out about this. Have googled it, not much info other than others had the same problem.

    I was getting a "Network Virus Emergency Center" popup for detected 04-011 (835732) lsass exploit. I was getting them more often than I like. I had posted a HJT log and TJ416 read it for me, as said it is clean, which I thank him for. In the mean time I found this and wanted to post it so it would help someone else.

    Trend Micro

    I'm not sure I'm satisfied with the solution. Don't know that much about it.

    Barb <_<

  23. Hjt Log

    in Malware Removal

    Posted

    You can leave it alone. Your log is clean. The Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail here.

    Running Windows Update should install this critical update and hopefully stop those popups.

    TJ

    TJ:

    I have already installed that patch a long time ago KB835732, that is why I was confused why I'm getting these popups. I checked in my WINNT folder and it is there, dated 4/04. I keep updated with all security updates etc.

    I'm not having any problems with my computer, just wanted to make sure I was clean. I'm thinking there is something in TrendMicro that keeps reading a virus when I don't have one. What do you think?

    Barb :D

  25. Hjt Log

    in Malware Removal

    Posted

    Hi:

    I keep getting a popup from TrendMicro pc-cillin 2005 "lsass exploit 04-011 (835732). I'm pretty sure this is a false positive, but want to make sure.

    I have run Spybot S&D, Ad-awareSE, a-squared, ewido and finally pc-cillin malware scan. NOTHING. Did a scan as TrendMicro suggested the first time, came up clean. I have no symptons of sasser virus. No slow down or shut down.

    Would appreciate some one taking a look at HJT log, for peace of mind.

    Logfile of HijackThis v1.99.0

    Scan saved at 2:22:04 PM, on 2/5/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\Explorer.EXE

    C:\WINNT\system32\spoolsv.exe

    C:\Program Files\ewido\security suite\ewidoctrl.exe

    C:\Program Files\ewido\security suite\ewidoguard.exe

    C:\PROGRA~1\Iomega\System32\AppServices.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    C:\WINNT\System32\svchost.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    C:\Program Files\Iomega\AutoDisk\ADService.exe

    C:\PROGRA~1\VISION~1\ONETOU~2.EXE

    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    C:\Program Files\AdSubtract\adsub.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    C:\Documents and Settings\bar5\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rivnet.net/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)

    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093022335540

    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

    O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq.com/members/DD_v4_Member.CAB

    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A960D13-2B05-453A-98C5-859A5E9C4848}: NameServer = 205.130.32.8,205.130.32.13

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D94E2BF-2C2A-44BA-AE12-0B1C68B8ACDD}: NameServer = 66.19.192.200 216.126.128.40

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

    O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    I hope I did this correct. Thanks for your time.

    Barb