On Tue, 29 Jul 2003 04:33:17 GMT, in <alt.privacy.spyware>, forte agent
<pgmeyer@gte.net> wrote:
>
[snip]

Please don't top-post. Please *DO* trim out unnecessary/irrelevant parts of
the posts you're quoting.

> FYI I did run Norton AV ,Spybot 1.2 ,Latest AdAware build,.I ran noton
> win doctor and found xevvsjgb.exe refernced as being in start and
> Windows\system.and missing.Ran a search and found the exe in
> windows/temp and the dll in two locations. I deleted the
> files.xevsjgb.exe and xevsjgb.dll edited the registry to remove the
> reference to the executable but can not find where my dialer program
> is getting the call to start up as soon as windoww is finished loading
> .I even tried the boot logging option to see if it recorded it. no
> luck so far.
[snip]

Offhand, it sounds like your system is pretty well hosed. It's clear that
you picked up rather nasty parasite; but inasmuch as it is as yet
unidentified, a "surgical" excision is probably not feasible/reliable.
Hence, your best bet is to wipe the disk and restore from your most recent
(but pre-infection, of course) known-good full-system backup.

Then improve your system setup and operating habits so that something like
this won't happen again.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -