Query

[Graham Hazel]

I'm running online no probs. Suddenly the line becomes disconnected and a
new and unknown dialup wants to dial out from my PC.

Its called "it_0163" and has an icon of two red lips.

Frankly, I dont know if this is spywear or a virus or trojan or wotever.

Has anyone else seen this ? I have run my Sophos AV, and Webroot
Spyweeper, and Trojanhunter, and nothing warns me that this little program
is a danger to my system, or indeed finds it at all. It seems to be
completely inoccuous.

It lives in...... Documents and Settings> 'Uname'> Local Settings>
Temp


When I delete it, it seems to disappear for good, and I simply get back onto
my Broadband Inet as normal.

Nothing unusual occurs again in the current session. Its just the once .

However, after shutting it all off overnight, and then powering it all up
again in the morning of the next day, it will at some random point re-appear
and drop the connction again.


Any ideas please ?

Is it a virus really and Sophos isnt picking it up ? Or wot ?


G

[David H. Lipman]

From: "Graham Hazel" <grahamchazel@tiscali.co.uk>

| I'm running online no probs. Suddenly the line becomes disconnected and a
| new and unknown dialup wants to dial out from my PC.
|
| Its called "it_0163" and has an icon of two red lips.
|
| Frankly, I dont know if this is spywear or a virus or trojan or wotever.
|
| Has anyone else seen this ? I have run my Sophos AV, and Webroot
| Spyweeper, and Trojanhunter, and nothing warns me that this little program
| is a danger to my system, or indeed finds it at all. It seems to be
| completely inoccuous.
|
| It lives in...... Documents and Settings> 'Uname'> Local Settings>
| Temp
|
| When I delete it, it seems to disappear for good, and I simply get back onto
| my Broadband Inet as normal.
|
| Nothing unusual occurs again in the current session. Its just the once .
|
| However, after shutting it all off overnight, and then powering it all up
| again in the morning of the next day, it will at some random point re-appear
| and drop the connction again.
|
| Any ideas please ?
|
| Is it a virus really and Sophos isnt picking it up ? Or wot ?
|
| G
|


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[sid]

David,

What I don't understand, is why you would advise anyone
to disable their firewall, as opposed to simply advising them
to give WGET.EXE permission to pass.

Personally, I wouldn't drop my firewall for any reason...

Perhaps you could edify my feeble mind in this regard.

Sid


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:W%01h.917$CT5.108@trnddc02...
> From: "Graham Hazel" <grahamchazel@tiscali.co.uk>
>
> | I'm running online no probs. Suddenly the line becomes disconnected and a
> | new and unknown dialup wants to dial out from my PC.
> |
> | Its called "it_0163" and has an icon of two red lips.
> |
> | Frankly, I dont know if this is spywear or a virus or trojan or wotever.
> |
> | Has anyone else seen this ? I have run my Sophos AV, and Webroot
> | Spyweeper, and Trojanhunter, and nothing warns me that this little program
> | is a danger to my system, or indeed finds it at all. It seems to be
> | completely inoccuous.
> |
> | It lives in...... Documents and Settings> 'Uname'> Local Settings>
> | Temp
> |
> | When I delete it, it seems to disappear for good, and I simply get back onto
> | my Broadband Inet as normal.
> |
> | Nothing unusual occurs again in the current session. Its just the once .
> |
> | However, after shutting it all off overnight, and then powering it all up
> | again in the morning of the next day, it will at some random point re-appear
> | and drop the connction again.
> |
> | Any ideas please ?
> |
> | Is it a virus really and Sophos isnt picking it up ? Or wot ?
> |
> | G
> |
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal
Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
>
> You can choose to go to each menu item and just download the needed files or you
can
> download the files and perform a scan in Normal Mode. Once you have downloaded the
files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in
Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

[David H. Lipman]

From: "sid" <sid.see@willcox.net>

| David,
|
| What I don't understand, is why you would advise anyone
| to disable their firewall, as opposed to simply advising them
| to give WGET.EXE permission to pass.
|
| Personally, I wouldn't drop my firewall for any reason...
|
| Perhaps you could edify my feeble mind in this regard.
|
| Sid
|

I guess you missed the statement, "...or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files."

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[sid]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%3v1h.2162$VX5.1902@trnddc05...
> From: "sid" <sid.see@willcox.net>
>
> | David,
> |
> | What I don't understand, is why you would advise anyone
> | to disable their firewall, as opposed to simply advising them
> | to give WGET.EXE permission to pass.
> |
> | Personally, I wouldn't drop my firewall for any reason...
> |
> | Perhaps you could edify my feeble mind in this regard.
> |
> | Sid
> |
>
> I guess you missed the statement, "...or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files."


I understood that part... but I still don't get your advice to "disable"... are
there firewalls that don't allow programs to pass, but instead, must be
disabled instead?

Sid

>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

[David H. Lipman]

From: "sid" <sid.see@willcox.net>


|
| I understood that part... but I still don't get your advice to "disable"... are
| there firewalls that don't allow programs to pass, but instead, must be
| disabled instead?
|
| Sid
|


It is for the clueless who fail to let WGET.EXE through the FireWall.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[sid]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
newsZP1h.2330$CT5.1478@trnddc02...
> From: "sid" <sid.see@willcox.net>
>
>
> |
> | I understood that part... but I still don't get your advice to "disable"... are
> | there firewalls that don't allow programs to pass, but instead, must be
> | disabled instead?
> |
> | Sid
> |
>
>
> It is for the clueless who fail to let WGET.EXE through the FireWall.
>

I don't mean any offense, but aren't you exacerbating that which you
call "clueless" by offering such not-so-sound advice? It seems to me,
if one has enough of a clue to grasp the concept of malware/spyware
and to use/activate a firewall, would it not be safe to assume they'd
also be able to grasp the concept of allowing a program to pass?
Especially since most firewalls I'm aware of, automatically ask
permission for such!

Perhaps clueless lies closer to home than you realize...

Sid

>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

[David H. Lipman]

From: "sid" <sid.see@willcox.net>


| I don't mean any offense, but aren't you exacerbating that which you
| call "clueless" by offering such not-so-sound advice? It seems to me,
| if one has enough of a clue to grasp the concept of malware/spyware
| and to use/activate a firewall, would it not be safe to assume they'd
| also be able to grasp the concept of allowing a program to pass?
| Especially since most firewalls I'm aware of, automatically ask
| permission for such!
|
| Perhaps clueless lies closer to home than you realize...
|
| Sid

Funny Sid.

This has been discussed before and it is the clueless who are the most affected/infected and
it is those that need the Multi AV the most (other than those who use it professionally ior
on another's behalf). I came to ther wording based upon experinces in posting other text
other the past couple of years.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[sid]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:sA82h.5868$ul5.4124@trnddc03...
> From: "sid" <sid.see@willcox.net>
>
>
> | I don't mean any offense, but aren't you exacerbating that which you
> | call "clueless" by offering such not-so-sound advice? It seems to me,
> | if one has enough of a clue to grasp the concept of malware/spyware
> | and to use/activate a firewall, would it not be safe to assume they'd
> | also be able to grasp the concept of allowing a program to pass?
> | Especially since most firewalls I'm aware of, automatically ask
> | permission for such!
> |
> | Perhaps clueless lies closer to home than you realize...
> |
> | Sid
>
> Funny Sid.
>
> This has been discussed before and it is the clueless who are the most
affected/infected and
> it is those that need the Multi AV the most (other than those who use it
professionally ior
> on another's behalf). I came to ther wording based upon experinces in posting
other text
> other the past couple of years.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

I wasn't trying to be funny, Dave.

Nor is it funny, IMNSHO to give clueless people clueless
advice such as its ok to disable their firewall-- good
intentions or not. That your opinion or those of others
may vary in this regard, does nothing to lessen the
danger in such an ill-advised suggestion.

Sid

[David H. Lipman]

From: "sid" <sid.see@willcox.net>

|
| I wasn't trying to be funny, Dave.
|
| Nor is it funny, IMNSHO to give clueless people clueless
| advice such as its ok to disable their firewall-- good
| intentions or not. That your opinion or those of others
| may vary in this regard, does nothing to lessen the
| danger in such an ill-advised suggestion.
|
| Sid
|

If is wasn't the experince to have to give the advice in the first pla ce, it woouln't be
there.

The fact is those words were chosen based upon News Group and email dialogues. They were
not chosen based upon opinion. They were based soley upon experience. If it was't that
case I would revert back to just stating that they need to allow the GNU WGET.EXE utility
access to the Internet.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm