General Purpose Scanner?
Andrew McNeil
David W. Hodgins
> I still have not completely eliminated this thing. I do know that it sends me to website www.titanvision.ccc (don't go there. I replaced com with ccc to avoid accidental click).
> OK my question: don't most virus scanners work by searching all files in HD for certain strings? Is there some program (virus scanner or otherwise) that will search all files in drive for a specific string? I'd like to search my hard drive for string "titanvision" this could help me find source of infection.
> I've already tried adaware latest version and an online virus scanner.
Spybot Search & Destroy available from
http://security.kolla.de/index.php?lang=en&page=download
will identify & remove the dialer.
The file from the titanvision site is called od-stnd191.exe,
and after installation/uninstall, spybot still finds
the remains in the registry, and cleans them up.
For searching all files in a harddrive for a string, you can
use the Start/Find/Files, or look for a dos based utility like
fgrep.exe. I can email a copy of the dos utility to you.
Email me if you'd like a copy.
Hope this helps.
Regards, Dave Hodgins.
Art Kopp
<dhodg...@rogers.com> wrote:
>Spybot Search & Destroy available from
>http://security.kolla.de/index.php?lang=en&page=download
>will identify & remove the dialer.
>
>The file from the titanvision site is called od-stnd191.exe,
>and after installation/uninstall, spybot still finds
>the remains in the registry, and cleans them up.
Spybot will also alert on the installer if you drag your download
folder from explorer into its directories window.
I used K-MELEON browser to go to the titanvision site. The download
window of K-M came up with the od-stnd191.exe installer file
specified. I downloaded the file and checked to see that Spybot did
alert on this installer file.
What happens using IE (with unsafe settings)? Does the installer
auto-download and auto-execute?
Art
http://www.epix.net/~artnpeg
art...@claymania.com
David W. Hodgins
> Spybot will also alert on the installer if you drag your download
> folder from explorer into its directories window.
I had my e:\downloads directory specified in spybot, but it didn't
detect it, so with my regular and cable modems both disconnected, I
decided to go ahead and try it. After reading your message, I checked,
and realized I'd changed the download directory to e:\download (without)
the s, last week, after I had to recreate the partition (don't run
win 98 (first edition) scandisk, in thorough mode, on a 4gb partition).
> I used K-MELEON browser to go to the titanvision site. The download
> window of K-M came up with the od-stnd191.exe installer file
> specified. I downloaded the file and checked to see that Spybot did
> alert on this installer file.
I'm using opera, and did the same as you.
> What happens using IE (with unsafe settings)? Does the installer
> auto-download and auto-execute?
I expect so. I keep IE blocked via my firewall, except when I run
windows update, or want to run activex, such as for an online scan.
Regards, Dave Hodgins.
nicky
"Art Kopp" <art...@claymania.com> wrote in message
news:o9ap5v8lbn7mchptg...@4ax.com...
> On Wed, 26 Feb 2003 09:43:54 GMT, "David W. Hodgins"
> <dhodg...@rogers.com> wrote:
>
> >Spybot Search & Destroy available from
> >http://security.kolla.de/index.php?lang=en&page=download
> >will identify & remove the dialer.
> >
> I used K-MELEON browser to go to the titanvision site. The download
> window of K-M came up with the od-stnd191.exe installer file
> specified. I downloaded the file and checked to see that Spybot did
> alert on this installer file.
>
> What happens using IE (with unsafe settings)? Does the installer
> auto-download and auto-execute?
>
> Art
Well I use IE but its as safe as I can live with, visited the site, declined
their kind offer of running some active x :) I got a box pop up that said
click yes to install free software there was no "no" option I couldn't get
out of that page without alt/ctr/del.
Nicky
Art Kopp
<dhodg...@rogers.com> wrote:
> I keep IE blocked via my firewall, except when I run
>windows update, or want to run activex, such as for an online scan.
I'm in a different place entirely. I eradicated IE and OE long ago. I
only scan downloads of new software. Haven't ever found anything or
had any problems. Windows update for my Win 98 is a bad memory of the
past and has also long ago been deleted :)
Art Kopp
wrote:
>> What happens using IE (with unsafe settings)? Does the installer
>> auto-download and auto-execute?
>
>Well I use IE but its as safe as I can live with, visited the site, declined
>their kind offer of running some active x :) I got a box pop up that said
>click yes to install free software there was no "no" option I couldn't get
>out of that page without alt/ctr/del.
>
>Nicky
So IE isn't even safe with "safe settings" then :)
nicky
yeah but you're really not surprised are you?
lol
Nicky
Dr. Gee
>For searching all files in a harddrive for a string, you can
>use the Start/Find/Files, or look for a dos based utility like
you can just open a command prompt (Start/Run, type cmd will open a new
command window)
then go to the top level (c:\ or whatever) use find/s or findstr/s
/s tells it to search all subdirectories below.
(you can use help find or findstr for details)
find & findstr are quite adequate althought not as powerful as grep.
also they seem faster than the GUI Find.
regards,
pam @ home 小洞
May all spammers & telemarketers die an agonizing death; have no
burial places; their souls be chased by demons in Gehenna from one
room to another for 1000 years.
我自橫刀向天笑,去留肝膽兩崑崙
David W. Hodgins
> you can just open a command prompt (Start/Run, type cmd will open a new command window)
> then go to the top level (c:\ or whatever) use find/s or findstr/s /s tells it to search all subdirectories below.
I'm running win98. The find command is the same as in dos, and does
not include the /s option. There is no findstr command included.
I use fgrep, and the old pcmag sweep utility, in a batch file, to
search the current and all subdirectories, and then edit the result.
Which os are you using, and what does the findstr command do?
Regards, Dave Hodgins.
Dr. Gee
>I'm running win98. The find command is the same as in dos, and does
>not include the /s option. There is no findstr command included.
>
>I use fgrep, and the old pcmag sweep utility, in a batch file, to
>search the current and all subdirectories, and then edit the result.
>
>Which os are you using, and what does the findstr command do?
too bad. :-( i use Win 2000. i think Win NT also comes with findstr/s &
find/s both find & findstr search for strings in files. findstr looks more
powerful, it has lot's of qualifiers. i dont' know why M$ gives 2 versions of
commands to search strings that are slightly different. oh, well, it's M$,
what do I expect.
Andrew McNeil
find file names, but never new it could find test string in file. It was
sitting there in front of me, never saw it!
I think I've gotten rid of this. I did not have the file od-stnd191.exe.
But I searched all files containing offending website ("titanvision") and
found two: tv[1].htm and connect[1].htm. These appeared to be java
scripts, contained references to titanvision website and to od-stnd191.exe
file.
OK now another dumb Q: I use Iexplorer 6, I try to set my security with
"tools" "internet options" and "security" tab. I don't have a security
tab. ?! WTH !? (What The Heck)
FromTheRafters
" Andrew McNeil" <agt...@inficad.com> wrote in message news:3e5ee727$0$87075$4c5e...@news.newshosting.com...
I think it is under 'Properties' either when you right click the
desktop icon, or use the 'File' pulldown menu.
David W. Hodgins
> Thanks for telling me about the find command. I've used find 1000 times to
> find file names, but never new it could find test string in file. It was
> sitting there in front of me, never saw it!
Same here. I'm so used to using my old dos utilities, I only had it
pointed out to me a few months ago.
snip
> OK now another dumb Q: I use Iexplorer 6, I try to set my security with
> "tools" "internet options" and "security" tab. I don't have a security
> tab. ?! WTH !? (What The Heck)
I have spybot search & destroy installed, with the option set to prevent any
internet options from being changed from within internet explorer.
Try going into "Internet Options" from the control panel. Do you get the
security tab there?
Regards, Dave Hodgins.
Andrew McNeil
> > OK now another dumb Q: I use Iexplorer 6, I try to set my security
with
> > "tools" "internet options" and "security" tab. I don't have a security
> > tab. ?! WTH !? (What The Heck)
>
> I have spybot search & destroy installed, with the option set to prevent
any
> internet options from being changed from within internet explorer.
>
> Try going into "Internet Options" from the control panel. Do you get the
> security tab there?
>
> Regards, Dave Hodgins.
I go to "settings" "control panel" "internet options" and I see 5 tabs:
general, privacy, content, connections, programs
David W. Hodgins
> I go to "settings" "control panel" "internet options" and I see 5 tabs:
> general, privacy, content, connections, programs
Your missing both the security, and the advanced tabs. Unless you've
intentionally installed some software, to prevent other users of your
computer from modifying those settings, I'd strongly suspect some sort
of malware.
Try scanning your system using Spybot Search & Destroy, available from
http://security.kolla.de/index.php?lang=en&page=download
I also suggest a full av scan, from a clean boot, or an online scan like
http://ravantivirus.com
Regards, Dave Hodgins.
Andrew McNeil
I found a place in my registry where my interenet security tab was disabled,
and when I removed this I got my security tab back. Yeah! Doing that I
have set all scripts execution to "prompt". Here is the latest.
1. The problem never occurs unless I go to www.drudgereport.com this is
not a porn site, not sure why this site does this.
2. When I go to drudgereport.com the problem always appeared. Now that
I've set scripting to "prompt" ("do you want to run scripts? this usually is
safe Y/N") it only appears if I hit "Y" to the prompt, never appears
otherwise. Problem is being directed to www.titanvision.com and other porn
sites.
3. When problem appears two files are created: tv[1].htm and
connect[1].htm These files contain references to porn sites. I can
delete these files but then they re-appear next time I run
www.drudgereport.com and say "yes" to scripts execution.
O.K. so someohow running www.drudgereport.com runs a script, which seems
to creave tv and connect files. How do I find out *which* script is being
run, i.e. which file name?
Is there a log I can see what script is run?
Is there a way I can search on files run in a certain time? I can search by
file access time, but only wihin a day, and this nets a ton of files! Is
there a way to search by not just within last few days, but within hours or
minuts?
Or a way to search for files, then sort by file access time? I can only
seem to display and sort by modified date, not access date.
FromTheRafters
" Andrew McNeil" <agt...@inficad.com> wrote in message news:3e636689$0$1001$4c5e...@news.newshosting.com...
> OK the latest in the never ending struggle.
>
> I found a place in my registry where my interenet security tab was disabled,
> and when I removed this I got my security tab back. Yeah! Doing that I
> have set all scripts execution to "prompt". Here is the latest.
>
> 1. The problem never occurs unless I go to www.drudgereport.com this is
> not a porn site, not sure why this site does this.
> 2. When I go to drudgereport.com the problem always appeared. Now that
> I've set scripting to "prompt" ("do you want to run scripts? this usually is
> safe Y/N") it only appears if I hit "Y" to the prompt, never appears
> otherwise. Problem is being directed to www.titanvision.com and other porn
> sites.
> 3. When problem appears two files are created: tv[1].htm and
> connect[1].htm These files contain references to porn sites. I can
> delete these files but then they re-appear next time I run
> www.drudgereport.com and say "yes" to scripts execution.
>
> O.K. so someohow running www.drudgereport.com runs a script, which seems
> to creave tv and connect files. How do I find out *which* script is being
> run, i.e. which file name?
>
> Is there a log I can see what script is run?
I don't know about that, but the scripts seems to be the first
ones on the page (obfuscated 'script' and 'iframe' tags?). Take
a look at the source code for the url that you provided.
Snowsquall
tabs. All I have now is after tools, internet options is: *general*
*content* *connections* and *programs* I am missing *security* and
*advanced*.
Last Friday I went to Geek website for some humour as Geek was mentioned in
some of the Posts. There was some strange pop ups but I cnt alt del'd them.
However on Saturday I went to another of Geek's websites and the popups
again! This time my curiosity got the better of me and I tried the
view-source: to find what script they were using and discovered they
included some kind of dialer. So I deleted and got out as fast as I could.
I do not seem to have any kind of dialer but I have those htm file mentioned
in this thread. I have lost those internet tabs and spent hours looking on
the internet for a solution and then discovered this thread on acv that I
had kind of overlooked.
I will try out your suggestions and see what happens.
"David W. Hodgins" <dhodg...@rogers.com> wrote in message
news:oprldhuzu4zpegei@nntp...