Enable Task Manager

http://support.microsoft.com/kb/555480/en-us

Popularity: 4% [?]

Re: [AntivirusClub] virus ~77.vys

Dear All,

saveral days ego my computer was infected by virus ~77.vys, it attack ms.word.
Please help me to remove it, I have tried to clean by mc.Afee & NAV, but they can not detect it.

Indrasp

What is it doing?

How did you orignally detect it?

I've done research and it sounds like a Macro virus.  But it does not seem wide spread as I only found one forum with anything about it: 

http://www.infokomputer.com/forum/display_messages.php?mid=54578&fid=60&ids=54578

(don't even know what language that is)

Here is a page you should try out:

http://support.microsoft.com/?scid=kb;en-us;187243 It is about Macro virus' from microsoft I believe it will give you more insight into what it maybe.

Have you tried Hijackthis detect it?

http://www.majorgeeks.com/download3155.html 

Make sure you update it with the latest definitions How to use Hijackthis –> http://forums.majorgeeks.com/showthread.php?t=38752 Not sure it hijackthis will detect macros.

Can you find the process running in Task Manager?

http://elamb.blogharbor.com/hacked/IDTools.htm

On 6/21/05, Indra> wrote:

Dear Mr. Robert

 

    Thank you very much for your attantion of my problem. “What is it doing?” , if your computer was infected by this virus, when you insert the disket to diskdrive automatically file ~77.vys will copy to your diskette, and when you open your ms.word document and than you save it, the document couldn't be opened. Virus ~77.vys will appear as vys~77.doc, and you can find your document content in vys~77.doc.

 

I will try to do your suggestion, thank you very much and I'm so sorry about my bad English.

 

Indra

Technical facts about W97M.Ethan.AK computer virus:

Indra, Check this out,

Could you have some variation of the W97M.Ethan.AK Macro virus?  Do you have Word 97?  97 seems to be pretty vulnerable to attack.

Here is what I found out about the W97M.Ethan.AK
The virus copies itself in a temporary file, named “evolve.tmp”, in “C:\”.

At opening, if the virus is a macro in a “.doc” file, it infects normal.dot.  If the virus is a macro in normal template (”normal.dot”), it infects documents when they are opened.

It verifies the file macros, and it doesn't infect a macro that begins with “Private Sub Open” and ends with “End sub”. So, it doesn't infect the same macro twice.

The virus doesn't have any destructive payload, it only spreads itself through Microsoft Word Application.

Popularity: 2% [?]

Re: HELP ME!!!! "Trojan-Spy.HTML.Smithfraud.c" removal procedure

Popularity: 1% [?]

Re: [AntivirusClub] virus ~77.vys

Popularity: 2% [?]

What a Virus looks like on Hijackthis

Popularity: 2% [?]

Remove the HWCLOCK.EXE/W32.Hwbot-A Trojan

I got the HWCLOCK.EXE when I was testing my new Internet connection.  I noticed it when my Internet DSL connection started feeling like a  56K dialup. 

I removed it by going into Showing all files, going into Safe Mode and deleting the HWCLOCK.exe/W32.Hwbot-A Trojan.

This is a trojan that can actually steal your passwords and other personal data.  On my system is was attacking other system.

I've got more detail instructions on how to remove the HWCLOCK.exe at http://elamb.blogharbor.com/hacked/hwclock.htm

If you found this post or others useful, feel free to donate to

elamb - Home Computer Security.  No amount is too low (or high).

Popularity: 2% [?]

Securing Internet Explorer

Securing Internet Explorer:
Step 1.  Turn Security WAY UP
   Tools | Internet Options | select the Security tab | Move the
“security levels for this zone” to HIGH

Step 2. Turn off and Delete All Cookies.
   The first thing you should do is clear out all your cookies.
   Tools | Internet Options | select the Privacy tab | Move the slider in the Settings area to a higher level of security.  Keep in mind that if you block ALL cookies some sites will be limited or even unaccessable.. but you can always go back and change it.

Limiting the number of cookies you except can increase your privacy

Step 3. Disable Java and Active X
THIS IS PRETTY EXTREME.  YOU WILL NOT BE ALOWED TO LOG ON TO WEB BASE EMAIL ACCOUNTS AND OTHER SITES REQUIRING A LOG IN.  BUT YOU WILL BE ABLE TO SURF. I personally Can not use this because it is TOO restricting.   
   Jave and Active X are know as mobile code because they download software from a remote source (or run from a remote source) to your computer.  Some of the most effective malware are mobile code.
   Tools | Internet Options | select the Security tab | Select the “Costum Level” button which will open up “security settings.”
   Once in Security Settings disable everything under “Active X” and “Scripting.”

What I do is Highten the Security Tab and use Internet Explorer as little as possible.  I use Firefox.  It is also very important to update these (and all other applications) with the latest patches.  This, combined with my router firewall, seems to work really well. 

Neither Firefox or Internet Explorer are secure if you don't take the appropriate measures.

If you do use cookies you should delete them all about twice a week.

http://elamb.blogharbor.com/hacked/igothacked.htm –> get rid of malware
http://elamb.blogharbor.com/broadband/broadband.htm –> secure your broadband connection

Popularity: 2% [?]

Removal of TROJAN-SPY.HTML.SMITFRAUD.C

A lot of people seem to have the Smitfraud trojan and seem to looking all over the place to get a fix.  So I've consolidated the best resources that I've found on the Smithfraud this blog.  Enjoy.

Popularity: 2% [?]