Advice needed
Anrey Terkin
the who is dns server is not working with my php database.
can anyone help?
you can email me directly or use this address
Address: Truda 14-1
City: Saint-Petersburg
State: Saint-Petersburg
ZIP: 188934
Country: RU
Phone: +7.9113234634
the site is
thanks
Peter Foldes
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"Anrey Terkin " <terk...@gmail.com> wrote in message news:%23fHBlLN...@TK2MSFTNGP05.phx.gbl...
Peter Foldes
Max Wachtel
Peter Foldes <ok...@hotmail.com> after much thought, came up with this
jewel:
>
> "Anrey Terkin " <terk...@gmail.com> wrote in message
> news:%23fHBlLN...@TK2MSFTNGP05.phx.gbl...
>> i need help on my download <<<<<scam >>>>>site
>> the who is dns server is not working with my php database.
>> can anyone help?
>> you can email me directly or use this address
>>
>> Address: Truda 14-1
>> City: Saint-Petersburg
>> State: Saint-Petersburg
>> ZIP: 188934
>> Country: RU
>> Phone: +7.9113234634
>>
>>
>> the site is
>>
>>
>>
>> thanks
Why would you qoute the whole thing Peter and not change the URL?????
--�
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.
David H. Lipman
File setup.exe received on 10.03.2008 00:59:12 (CET)
AhnLab-V3 2008.10.3.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 DR/Small.ght.7
AVG 8.0.0.161 2008.10.02 BackDoor.Generic10.MAB
BitDefender 7.2 2008.10.02 Trojan.Downloader.Zlob.ACJY
CAT-QuickHeal 9.50 2008.10.01 Backdoor.Small.fax
eSafe 7.0.17.0 2008.10.02 Win32.Small.ght
F-Secure 8.0.14332.0 2008.10.02 Trojan-Downloader.Win32.Agent.aigp
GData 19 2008.10.02 Trojan.Downloader.Zlob.ACJY
Ikarus T3.1.1.34.0 2008.10.02 Virus.Trojan.Win32.BHO.egw
K7AntiVirus 7.10.481 2008.10.02 Trojan-Downloader.Win32.Agent.hec
Kaspersky 7.0.0.125 2008.10.02 Backdoor.Win32.Small.ght
Microsoft 1.4005 2008.10.03 TrojanDownloader:Win32/Renos.M
NOD32 3490 2008.10.02 Win32/TrojanDownloader.FakeAlert.KG
Norman 5.80.02 2008.10.02 Malware.DJFR
Prevx1 V2 2008.10.03 Malicious Software
SecureWeb-Gateway 6.7.6 2008.10.02 Trojan.Dropper.Small.ght.7
Symantec 10 2008.10.02 Trojan.Dropper
TheHacker 6.3.1.0.098 2008.10.02 Backdoor/Small.foh
TrendMicro 8.700.0.1004 2008.10.02 TROJ_ZLOB.BYO
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
David H. Lipman
>>> the site is
>>> www.quickbullshitsoftupdate.com
>>> thanks
| Why would you qoute the whole thing Peter and not change the URL?????
He did alter the URL Max. < LOL >
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
Peter Foldes wrote:
>
> "Anrey Terkin " <terk...@gmail.com> wrote in message
> news:%23fHBlLN...@TK2MSFTNGP05.phx.gbl...
>> i need help on my download scam site
>> the who is dns server is not working with my php database.
>> can anyone help?
>> you can email me directly or use this address
>>
>> Address: Truda 14-1
>> City: Saint-Petersburg
>> State: Saint-Petersburg
>> ZIP: 188934
>> Country: RU
>> Phone: +7.9113234634
>>
>>
>> the site is
>>
>> MUNGE!!!.quicksoftupdate.com
>>
>>
>> thanks
Tom [Pepper] Willett
http://safeweb.norton.com/report/show?name=quicksoftupdate.com
"Anrey Terkin " <terk...@gmail.com> wrote in message
news:%23fHBlLN...@TK2MSFTNGP05.phx.gbl...
:i need help on my download scam site
: the who is dns server is not working with my php database.
: can anyone help?
: you can email me directly or use this address
:
: Address: Truda 14-1
: City: Saint-Petersburg
: State: Saint-Petersburg
: ZIP: 188934
: Country: RU
: Phone: +7.9113234634
:
:
: the site is
:
:
:
:
: thanks
Sylvain Lafontaine fill the blanks, no spam please
have still not be deleted from the server? And also, with a company the
size of MS, is there is really no way that these messages could have been
filtered out in the first place?
--
Sylvain Lafontaine, ing.
MVP - Technologies Virtual-PC
E-mail: sylvain aei ca (fill the blanks, no spam please)
"Tom [Pepper] Willett" <t...@youreadaisyifyoudo.com> wrote in message
news:%23T6eCrV...@TK2MSFTNGP06.phx.gbl...
David H. Lipman
| The real problem here is how can it come that at this moment, these messages
| have still not be deleted from the server? And also, with a company the
| size of MS, is there is really no way that these messages could have been
| filtered out in the first place?
| --
| Sylvain Lafontaine, ing.
| MVP - Technologies Virtual-PC
| E-mail: sylvain aei ca (fill the blanks, no spam please)
Easy answer.
Ever since Microsoft pharmed out the news server administration to a contractor that
service has sucked !
Shenan Stanley
> The real problem here is how can it come that at this moment, these
> messages have still not be deleted from the server? And also, with
> a company the size of MS, is there is really no way that these
> messages could have been filtered out in the first place?
If Microsoft was actually in control of the hundreds (thousands..) of news
servers that these things get replicated to, that would - I suppose - make
sense.
Or - better yet - one could use their newsreader to properly block it OR
just ignore it. ;-)
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
Max Wachtel
David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought, came up
with this jewel:
> From: "Max Wachtel" <maxwa...@nomail.afraid.org>
>
>
>>>> the site is
>
>>>> www.quickbullshitsoftupdate.com
>
>
>>>> thanks
>
>> Why would you qoute the whole thing Peter and not change the URL?????
>
> He did alter the URL Max. < LOL >
Tom [Pepper] Willett
place) for stoping these type of things on their servers. C'mon, you're a
MVP, you know that ;-)
"Shenan Stanley" <newsh...@gmail.com> wrote in message
news:OkSQXHZJ...@TK2MSFTNGP04.phx.gbl...
:
:
David H. Lipman
| In news:etPIUPOJ...@TK2MSFTNGP05.phx.gbl,
| David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought, came up
| with this jewel:
>> From: "Max Wachtel" <maxwa...@nomail.afraid.org>
>>>>> the site is
>>>>> www.quickbullshitsoftupdate.com
>>>>> thanks
>>> Why would you qoute the whole thing Peter and not change the URL?????
>> He did alter the URL Max. < LOL >
| no, I added the little "extra" to the url..........
Ooooops...
Sorry buddy.
Peter Foldes
Many think I opened the link which I did not. I never had any virus ,malware,trojan since I have been posting in the Microsoft forums for the last 15 yrs. So I made an error in posting and everyone seems to think I opened the link and that is how I found it. Sheeees.
Thank a bunch to those people
--
Peter
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uy7Qi9YJ...@TK2MSFTNGP02.phx.gbl...
David H. Lipman
| Before anybody else jumps on me. I did not open the link. Someone from microsoft
| Hungary put out the alarm on this post which was also posted there and in all foreign
| groups. I just tried to warn others and unfortunately in my haste without thinking I
| included the original link in my post.
| Many think I opened the link which I did not. I never had any virus ,malware,trojan
| since I have been posting in the Microsoft forums for the last 15 yrs. So I made an
| error in posting and everyone seems to think I opened the link and that is how I found
| it. Sheeees.
| Thank a bunch to those people
| --
| Peter
I did, but NOT with a browser ;-)
I easily found the IFrame and file intended to be downloaded. I recognized the Social
Engineering in the post and was in the process of analizing it when you replied.
It's a fake codec called LPVideoPlugin and installs a BHO as...
C:\Program Files\LPVideoPlugin\5378.exe
C:\WINDOWS\system32\LPVideo.dll
HKLM\Software\Classes\AppID\{B90618AA-A0BF-41EE-8BDA-DC965B49042D}
HKLM\Software\Classes\AppID\LPVideo.DLL
HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink.1
HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink.1\CLSID
HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink
HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink\CLSID
HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink\CurVer
HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}
HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\ProgID
HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\Programmable
HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\InprocServer32
HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\TypeLib
HKLM\Software\Classes\LPVideo.LPVideoPlugin.1
HKLM\Software\Classes\LPVideo.LPVideoPlugin.1\CLSID
HKLM\Software\Classes\LPVideo.LPVideoPlugin
HKLM\Software\Classes\LPVideo.LPVideoPlugin\CLSID
HKLM\Software\Classes\LPVideo.LPVideoPlugin\CurVer
HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}
HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\ProgID
HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\Programmable
HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\InprocServer32
HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\TypeLib
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}
HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}
HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0
HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\0
HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\HELPDIR
HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}
HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}\TypeLib
HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}
HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}\TypeLib
Shenan Stanley
> MS is in control of their own news servers, and are responsible
> (and have in place) for stoping these type of things on their
> servers. C'mon, you're a MVP, you know that ;-)
Unfortunately - their removal (or not) doesn't mean much to the hundreds
(thousands) of replicated groups/forums and other leeches of the original.
;-)
Not everyone access these groups through the same
server/method/applications/etc. ;-)