Is it me or Yahoo ?

[AMUN]

"AMUN" <antispam@sparmmstop.net> wrote in message
news:gd3pr3$p99$1@aioe.org...
>
> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
> news:gd3201$gjn$1@registered.motzarella.org...
>> AMUN wrote:
>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>> news:gd2j41$g23$1@registered.motzarella.org...
>>>> AMUN wrote:
>>>>> I'm a bit stumped if my machine picked up some malware infection, or
>>>>> is Yahoo and a few other sites pulling something new ?
>>>>>
>>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>>> intermittently get re-directed to strange link pages or sales sites.
>>>>>
>>>>> Noticed when I try to go back (using the back button), there are often
>>>>> several strange pages in the history after the page I was at.
>>>>> Some actually do say "re-direct."
>>>>> Yet ran several scans on my system using several anti-mal/spyware's
>>>>> and no malware is being found.
>>>>> Also often noticing the same thing at Amazon.com.
>>>>> Yet other websites show no problems at all.
>>>>>
>>>>> So is my system infected with some rare redirection trojan, or, are
>>>>> some sites getting really ignorant with the ad's ?
>>>> Sounds like your system has been compromised. Are there any other
>>>> strange goings-on? What scanners have you run? (please be specific)
>>>> What browser do you use? Have you installed any toolbars lately? I see
>>>> by your posting headers, you are running XP. Is it up-to-date?
>>>
>>> First thing I thought was something infiltrated the system.
>>> Classic MO of a redirect trojan.
>>> No changes have been made (to my knowledge) and no new IE helper apps,
>>> or toolbars are installed.
>>> And IE (version 6) security settings are higher than most,
>>>
>>> Only change that was tried, was to update the winamp player (see my post
>>> about that choking AVG)
>>> But even that was removed and an older version restored.
>>>
>>> Spybot and AVG always show 100% clean (with latest updates)
>>
>> You should scan your system with SUPERAntiSpyware and malwarebytes' mbam
>> scanners.
>>>
>>> Yet results from yahoo & Amazon often lead to completely wrong web
>>> pages.
>>> Not all the time though. and IE home page is normal.
>>> System does not seem to be showing ANY other problems.
>>> Router logs don't show any suspicious activity either, all unauthorized
>>> access seems to be blocked
>>
>> Have you tried those sites with another browser?
>>>
>>> It is XP but a HP ******* version that quit allowing Microsoft updates
>>> months ago.
>>> (last HP/Compaq I ever #*^%$## buy.)
>>
>> This issue must be fixed! (I am using an older compaq laptop)
>> Have you looked into if the update service is running?
>> Administrative Tools/Services
>>>
>>> Perhaps tonight I'll look into it further.
>>> We do run the MVP Hosts files, but had not updated in a while, so I'll
>>> try that too.
>>>
>> MVP hosts file should not be causing your problem(I use it also)
>>
>> As a last resort, do you still have the install disk that came with your
>> system? It might be a good idea to make copies of all important files
>> (docs,pics,music,etc) on removable media, today.
>> --
>> Virus Removal http://max.shplink.com/removal.html
>> Keep Clean http://max.shplink.com/keepingclean.html
>> Change nomail.afraid.org to gmail.com to reply by email.
>> nomail.afraid.org is for use in USENET-feel free to use it yourself.
>
>
> We backup religiously here, so no real chance of losing much of
> importance.
>
> But yes, I do have the HP Install disks, but they only get your system
> back to what HP sold you "loaded" in the first place. So they really are
> more "restore" disks, than "installation"
> As it was full of trial programs and outright malware that took weeks to
> clean out, it's hardly an option I want to repeat.
>
> If it came to that I have a "hacked" version of XP, I'd install first, as
> a CLEAN INSTALL.
>
> Just running Trend micro (second try)on it now.
> First try found a few "questionable" files, but not much info about them.
>
> Strangely the first run of Trend micro seemed to have zeroed in on my
> hosts file, and listed hosts\127.0.0.1 as a bad link/file
> (and why I'm running it a second time before letting it fix anything)
>
>
> And it did show a dozen or so "windows security flaws", so perhaps
> tomorrow I'll phone HP again and rip them a new one over why their XP
> won't update from Microsoft.
> Of course Microsoft will offer no help/support on the "XP" that HP sells
> installed in their systems.
>
> And why I'd never buy another HP "preloaded" computer again.
> (unless they throw in a full version operating system)
> But I suppose all the others like Dell etc, are the same too.
>
> Still a bit strange that after a week of updates both Spybot AND AVG still
> didn't find any problems at all.
> Yet something IS clearly wrong.
>


Still waiting to see what Trend Micro scan will turn up.
But so far it's showing a strange entry in "application data" \
lobqjkvc\lwrkruxm.exe
And I just don't remember installing "lobqjkvc" at all, either the full or
trial versions <g>

But decided to also try your suggestions "SUPERAntiSpyware and malwarebytes'
mbam" before I let anything get fixed.

I'll post the results tomorrow here of what each found.
And which could actually get rid of problems.

[AMUN]

AMUN wrote:
> "AMUN" <antispam@sparmmstop.net> wrote in message
> news:gd3pr3$p99$1@aioe.org...
>>
>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>> news:gd3201$gjn$1@registered.motzarella.org...
>>> AMUN wrote:
>>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>>> news:gd2j41$g23$1@registered.motzarella.org...
>>>>> AMUN wrote:
>>>>>> I'm a bit stumped if my machine picked up some malware infection,
>>>>>> or is Yahoo and a few other sites pulling something new ?
>>>>>>
>>>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>>>> intermittently get re-directed to strange link pages or sales
>>>>>> sites. Noticed when I try to go back (using the back button), there
>>>>>> are
>>>>>> often several strange pages in the history after the page I was at.
>>>>>> Some actually do say "re-direct."
>>>>>> Yet ran several scans on my system using several anti-mal/spyware's
>>>>>> and no malware is being found.
>>>>>> Also often noticing the same thing at Amazon.com.
>>>>>> Yet other websites show no problems at all.
>>>>>>
>>>>>> So is my system infected with some rare redirection trojan, or, are
>>>>>> some sites getting really ignorant with the ad's ?
>>>>> Sounds like your system has been compromised. Are there any other
>>>>> strange goings-on? What scanners have you run? (please be specific)
>>>>> What browser do you use? Have you installed any toolbars lately? I
>>>>> see by your posting headers, you are running XP. Is it up-to-date?
>>>>
>>>> First thing I thought was something infiltrated the system.
>>>> Classic MO of a redirect trojan.
>>>> No changes have been made (to my knowledge) and no new IE helper
>>>> apps, or toolbars are installed.
>>>> And IE (version 6) security settings are higher than most,
>>>>
>>>> Only change that was tried, was to update the winamp player (see my
>>>> post about that choking AVG)
>>>> But even that was removed and an older version restored.
>>>>
>>>> Spybot and AVG always show 100% clean (with latest updates)
>>>
>>> You should scan your system with SUPERAntiSpyware and malwarebytes'
>>> mbam scanners.
>>>>
>>>> Yet results from yahoo & Amazon often lead to completely wrong web
>>>> pages.
>>>> Not all the time though. and IE home page is normal.
>>>> System does not seem to be showing ANY other problems.
>>>> Router logs don't show any suspicious activity either, all
>>>> unauthorized access seems to be blocked
>>>
>>> Have you tried those sites with another browser?
>>>>
>>>> It is XP but a HP ******* version that quit allowing Microsoft
>>>> updates months ago.
>>>> (last HP/Compaq I ever #*^%$## buy.)
>>>
>>> This issue must be fixed! (I am using an older compaq laptop)
>>> Have you looked into if the update service is running?
>>> Administrative Tools/Services
>>>>
>>>> Perhaps tonight I'll look into it further.
>>>> We do run the MVP Hosts files, but had not updated in a while, so
>>>> I'll try that too.
>>>>
>>> MVP hosts file should not be causing your problem(I use it also)
>>>
>>> As a last resort, do you still have the install disk that came with
>>> your system? It might be a good idea to make copies of all important
>>> files (docs,pics,music,etc) on removable media, today.
>>> --
>>> Virus Removal http://max.shplink.com/removal.html
>>> Keep Clean http://max.shplink.com/keepingclean.html
>>> Change nomail.afraid.org to gmail.com to reply by email.
>>> nomail.afraid.org is for use in USENET-feel free to use it yourself.
>>
>>
>> We backup religiously here, so no real chance of losing much of
>> importance.
>>
>> But yes, I do have the HP Install disks, but they only get your system
>> back to what HP sold you "loaded" in the first place. So they really
>> are more "restore" disks, than "installation"
>> As it was full of trial programs and outright malware that took weeks
>> to clean out, it's hardly an option I want to repeat.
>>
>> If it came to that I have a "hacked" version of XP, I'd install first,
>> as a CLEAN INSTALL.
>>
>> Just running Trend micro (second try)on it now.
>> First try found a few "questionable" files, but not much info about
>> them. Strangely the first run of Trend micro seemed to have zeroed in on
>> my
>> hosts file, and listed hosts\127.0.0.1 as a bad link/file
>> (and why I'm running it a second time before letting it fix anything)
>>
>>
>> And it did show a dozen or so "windows security flaws", so perhaps
>> tomorrow I'll phone HP again and rip them a new one over why their XP
>> won't update from Microsoft.
>> Of course Microsoft will offer no help/support on the "XP" that HP
>> sells installed in their systems.
>>
>> And why I'd never buy another HP "preloaded" computer again.
>> (unless they throw in a full version operating system)
>> But I suppose all the others like Dell etc, are the same too.
>>
>> Still a bit strange that after a week of updates both Spybot AND AVG
>> still didn't find any problems at all.
>> Yet something IS clearly wrong.
>>
>
>
> Still waiting to see what Trend Micro scan will turn up.
> But so far it's showing a strange entry in "application data" \
> lobqjkvc\lwrkruxm.exe
> And I just don't remember installing "lobqjkvc" at all, either the full
> or trial versions <g>
>
> But decided to also try your suggestions "SUPERAntiSpyware and
> malwarebytes' mbam" before I let anything get fixed.
>
> I'll post the results tomorrow here of what each found.
> And which could actually get rid of problems.








And my results.
(For those who give a crap.)
-------------------------------------------------------------------------------
Spybot still found nothing wrong

AVG still found nothing wrong

Trend micro online scan found trojan - gave info on what and exactly where
it was located, but could not delete it (could be done manually)
Also pointed out various weaknesses in Windows and what updates were needed.
Also a repeated false positive (cautionary warning only) about the MPVS
host file. (better warned than not though)

Superspyware fround (Trojan.FakeAlert.H) but could not delete it (could
be done manually)

Malwarebytes found (Trojan.FakeAlert.H) and two registry entries, deleted
all 3 automatically.

So this round has to go to Malwarebytes, but with honorable mention to Trend
micro (online scan) for being the most "verbose" of any of the 4 above.

Some mention should go to MVPS hosts, as it did seem to do what it was
intended to.
HOWEVER,......one of the things the tojan seemed to do was exploit that, and
re-direct 404 pages to "sales" sites.

And explains why mostly yahoo and amazon was affected, as the pages full of
ads that MVPS hosts blocked, triggered the trojan to re-direct to other
sites.


This whole mess does point out that no one program will protect you from
everything.
And nothing short of never going on the net will keep you 100% safe.

None of the any-malware programs could tell me how it got in, in the first
place.
So I'm still not out of the woods yet.


Additional note though.

The problem was first noticed after using Yahoo and Amazon and seeing a lot
of "adware sites" while trying to back out of pages using the BACK button.

And even after the trojan was cleaned out, .....Those still show up in the
history, but no longer do much.

Sooooooo
Yahoo and Amazon ARE sending links past ad-trackers far more often than
people might realize.
And perhaps using the MPVS hosts solution is doing a lot more good than most
ever know.

[Max Wachtel]

AMUN wrote:
> AMUN wrote:
>> "AMUN" <antispam@sparmmstop.net> wrote in message
>> news:gd3pr3$p99$1@aioe.org...
>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>> news:gd3201$gjn$1@registered.motzarella.org...
>>>> AMUN wrote:
>>>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>>>> news:gd2j41$g23$1@registered.motzarella.org...
>>>>>> AMUN wrote:
>>>>>>> I'm a bit stumped if my machine picked up some malware infection,
>>>>>>> or is Yahoo and a few other sites pulling something new ?
>>>>>>>
>>>>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>>>>> intermittently get re-directed to strange link pages or sales
>>>>>>> sites. Noticed when I try to go back (using the back button), there
>>>>>>> are
>>>>>>> often several strange pages in the history after the page I was at.
>>>>>>> Some actually do say "re-direct."
>>>>>>> Yet ran several scans on my system using several anti-mal/spyware's
>>>>>>> and no malware is being found.
>>>>>>> Also often noticing the same thing at Amazon.com.
>>>>>>> Yet other websites show no problems at all.
>>>>>>>
>>>>>>> So is my system infected with some rare redirection trojan, or, are
>>>>>>> some sites getting really ignorant with the ad's ?
>>>>>> Sounds like your system has been compromised. Are there any other
>>>>>> strange goings-on? What scanners have you run? (please be specific)
>>>>>> What browser do you use? Have you installed any toolbars lately? I
>>>>>> see by your posting headers, you are running XP. Is it up-to-date?
>>>>> First thing I thought was something infiltrated the system.
>>>>> Classic MO of a redirect trojan.
>>>>> No changes have been made (to my knowledge) and no new IE helper
>>>>> apps, or toolbars are installed.
>>>>> And IE (version 6) security settings are higher than most,
>>>>>
>>>>> Only change that was tried, was to update the winamp player (see my
>>>>> post about that choking AVG)
>>>>> But even that was removed and an older version restored.
>>>>>
>>>>> Spybot and AVG always show 100% clean (with latest updates)
>>>> You should scan your system with SUPERAntiSpyware and malwarebytes'
>>>> mbam scanners.
>>>>> Yet results from yahoo & Amazon often lead to completely wrong web
>>>>> pages.
>>>>> Not all the time though. and IE home page is normal.
>>>>> System does not seem to be showing ANY other problems.
>>>>> Router logs don't show any suspicious activity either, all
>>>>> unauthorized access seems to be blocked
>>>> Have you tried those sites with another browser?
>>>>> It is XP but a HP ******* version that quit allowing Microsoft
>>>>> updates months ago.
>>>>> (last HP/Compaq I ever #*^%$## buy.)
>>>> This issue must be fixed! (I am using an older compaq laptop)
>>>> Have you looked into if the update service is running?
>>>> Administrative Tools/Services
>>>>> Perhaps tonight I'll look into it further.
>>>>> We do run the MVP Hosts files, but had not updated in a while, so
>>>>> I'll try that too.
>>>>>
>>>> MVP hosts file should not be causing your problem(I use it also)
>>>>
>>>> As a last resort, do you still have the install disk that came with
>>>> your system? It might be a good idea to make copies of all important
>>>> files (docs,pics,music,etc) on removable media, today.
>>>> --
>>>> Virus Removal http://max.shplink.com/removal.html
>>>> Keep Clean http://max.shplink.com/keepingclean.html
>>>> Change nomail.afraid.org to gmail.com to reply by email.
>>>> nomail.afraid.org is for use in USENET-feel free to use it yourself.
>>>
>>> We backup religiously here, so no real chance of losing much of
>>> importance.
>>>
>>> But yes, I do have the HP Install disks, but they only get your system
>>> back to what HP sold you "loaded" in the first place. So they really
>>> are more "restore" disks, than "installation"
>>> As it was full of trial programs and outright malware that took weeks
>>> to clean out, it's hardly an option I want to repeat.
>>>
>>> If it came to that I have a "hacked" version of XP, I'd install first,
>>> as a CLEAN INSTALL.
>>>
>>> Just running Trend micro (second try)on it now.
>>> First try found a few "questionable" files, but not much info about
>>> them. Strangely the first run of Trend micro seemed to have zeroed in on
>>> my
>>> hosts file, and listed hosts\127.0.0.1 as a bad link/file
>>> (and why I'm running it a second time before letting it fix anything)
>>>
>>>
>>> And it did show a dozen or so "windows security flaws", so perhaps
>>> tomorrow I'll phone HP again and rip them a new one over why their XP
>>> won't update from Microsoft.
>>> Of course Microsoft will offer no help/support on the "XP" that HP
>>> sells installed in their systems.
>>>
>>> And why I'd never buy another HP "preloaded" computer again.
>>> (unless they throw in a full version operating system)
>>> But I suppose all the others like Dell etc, are the same too.
>>>
>>> Still a bit strange that after a week of updates both Spybot AND AVG
>>> still didn't find any problems at all.
>>> Yet something IS clearly wrong.
>>>
>>
>> Still waiting to see what Trend Micro scan will turn up.
>> But so far it's showing a strange entry in "application data" \
>> lobqjkvc\lwrkruxm.exe
>> And I just don't remember installing "lobqjkvc" at all, either the full
>> or trial versions <g>
>>
>> But decided to also try your suggestions "SUPERAntiSpyware and
>> malwarebytes' mbam" before I let anything get fixed.
>>
>> I'll post the results tomorrow here of what each found.
>> And which could actually get rid of problems.
>
>
>
>
>
>
>
>
> And my results.
> (For those who give a crap.)
> -------------------------------------------------------------------------------
> Spybot still found nothing wrong
>
> AVG still found nothing wrong
>
> Trend micro online scan found trojan - gave info on what and exactly where
> it was located, but could not delete it (could be done manually)
> Also pointed out various weaknesses in Windows and what updates were needed.
> Also a repeated false positive (cautionary warning only) about the MPVS
> host file. (better warned than not though)
>
> Superspyware fround (Trojan.FakeAlert.H) but could not delete it (could
> be done manually)
>
> Malwarebytes found (Trojan.FakeAlert.H) and two registry entries, deleted
> all 3 automatically.
>
> So this round has to go to Malwarebytes, but with honorable mention to Trend
> micro (online scan) for being the most "verbose" of any of the 4 above.
>
> Some mention should go to MVPS hosts, as it did seem to do what it was
> intended to.
> HOWEVER,......one of the things the tojan seemed to do was exploit that, and
> re-direct 404 pages to "sales" sites.
>
> And explains why mostly yahoo and amazon was affected, as the pages full of
> ads that MVPS hosts blocked, triggered the trojan to re-direct to other
> sites.
>
>
> This whole mess does point out that no one program will protect you from
> everything.
> And nothing short of never going on the net will keep you 100% safe.
>
> None of the any-malware programs could tell me how it got in, in the first
> place.
> So I'm still not out of the woods yet.
>
>
> Additional note though.
>
> The problem was first noticed after using Yahoo and Amazon and seeing a lot
> of "adware sites" while trying to back out of pages using the BACK button.
>
> And even after the trojan was cleaned out, .....Those still show up in the
> history, but no longer do much.
>
> Sooooooo
> Yahoo and Amazon ARE sending links past ad-trackers far more often than
> people might realize.
> And perhaps using the MPVS hosts solution is doing a lot more good than most
> ever know.
>
Thanks for the update. Glad to hear you got it sorted out! There are
some programs that say that they can protect the hosts file from
modifications.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.

[AMUN]

Max Wachtel wrote:
> AMUN wrote:
>> AMUN wrote:
>>> "AMUN" <antispam@sparmmstop.net> wrote in message
>>> news:gd3pr3$p99$1@aioe.org...
>>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>>> news:gd3201$gjn$1@registered.motzarella.org...
>>>>> AMUN wrote:
>>>>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>>>>> news:gd2j41$g23$1@registered.motzarella.org...
>>>>>>> AMUN wrote:
>>>>>>>> I'm a bit stumped if my machine picked up some malware infection,
>>>>>>>> or is Yahoo and a few other sites pulling something new ?
>>>>>>>>
>>>>>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>>>>>> intermittently get re-directed to strange link pages or sales
>>>>>>>> sites. Noticed when I try to go back (using the back button),
>>>>>>>> there are
>>>>>>>> often several strange pages in the history after the page I was
>>>>>>>> at. Some actually do say "re-direct."
>>>>>>>> Yet ran several scans on my system using several
>>>>>>>> anti-mal/spyware's and no malware is being found.
>>>>>>>> Also often noticing the same thing at Amazon.com.
>>>>>>>> Yet other websites show no problems at all.
>>>>>>>>
>>>>>>>> So is my system infected with some rare redirection trojan, or,
>>>>>>>> are some sites getting really ignorant with the ad's ?
>>>>>>> Sounds like your system has been compromised. Are there any other
>>>>>>> strange goings-on? What scanners have you run? (please be
>>>>>>> specific) What browser do you use? Have you installed any
>>>>>>> toolbars lately? I see by your posting headers, you are running
>>>>>>> XP. Is it up-to-date?
>>>>>> First thing I thought was something infiltrated the system.
>>>>>> Classic MO of a redirect trojan.
>>>>>> No changes have been made (to my knowledge) and no new IE helper
>>>>>> apps, or toolbars are installed.
>>>>>> And IE (version 6) security settings are higher than most,
>>>>>>
>>>>>> Only change that was tried, was to update the winamp player (see my
>>>>>> post about that choking AVG)
>>>>>> But even that was removed and an older version restored.
>>>>>>
>>>>>> Spybot and AVG always show 100% clean (with latest updates)
>>>>> You should scan your system with SUPERAntiSpyware and malwarebytes'
>>>>> mbam scanners.
>>>>>> Yet results from yahoo & Amazon often lead to completely wrong web
>>>>>> pages.
>>>>>> Not all the time though. and IE home page is normal.
>>>>>> System does not seem to be showing ANY other problems.
>>>>>> Router logs don't show any suspicious activity either, all
>>>>>> unauthorized access seems to be blocked
>>>>> Have you tried those sites with another browser?
>>>>>> It is XP but a HP ******* version that quit allowing Microsoft
>>>>>> updates months ago.
>>>>>> (last HP/Compaq I ever #*^%$## buy.)
>>>>> This issue must be fixed! (I am using an older compaq laptop)
>>>>> Have you looked into if the update service is running?
>>>>> Administrative Tools/Services
>>>>>> Perhaps tonight I'll look into it further.
>>>>>> We do run the MVP Hosts files, but had not updated in a while, so
>>>>>> I'll try that too.
>>>>>>
>>>>> MVP hosts file should not be causing your problem(I use it also)
>>>>>
>>>>> As a last resort, do you still have the install disk that came with
>>>>> your system? It might be a good idea to make copies of all important
>>>>> files (docs,pics,music,etc) on removable media, today.
>>>>> --
>>>>> Virus Removal http://max.shplink.com/removal.html
>>>>> Keep Clean http://max.shplink.com/keepingclean.html
>>>>> Change nomail.afraid.org to gmail.com to reply by email.
>>>>> nomail.afraid.org is for use in USENET-feel free to use it yourself.
>>>>
>>>> We backup religiously here, so no real chance of losing much of
>>>> importance.
>>>>
>>>> But yes, I do have the HP Install disks, but they only get your
>>>> system back to what HP sold you "loaded" in the first place. So they
>>>> really are more "restore" disks, than "installation"
>>>> As it was full of trial programs and outright malware that took weeks
>>>> to clean out, it's hardly an option I want to repeat.
>>>>
>>>> If it came to that I have a "hacked" version of XP, I'd install
>>>> first, as a CLEAN INSTALL.
>>>>
>>>> Just running Trend micro (second try)on it now.
>>>> First try found a few "questionable" files, but not much info about
>>>> them. Strangely the first run of Trend micro seemed to have zeroed
>>>> in on my
>>>> hosts file, and listed hosts\127.0.0.1 as a bad link/file
>>>> (and why I'm running it a second time before letting it fix anything)
>>>>
>>>>
>>>> And it did show a dozen or so "windows security flaws", so perhaps
>>>> tomorrow I'll phone HP again and rip them a new one over why their XP
>>>> won't update from Microsoft.
>>>> Of course Microsoft will offer no help/support on the "XP" that HP
>>>> sells installed in their systems.
>>>>
>>>> And why I'd never buy another HP "preloaded" computer again.
>>>> (unless they throw in a full version operating system)
>>>> But I suppose all the others like Dell etc, are the same too.
>>>>
>>>> Still a bit strange that after a week of updates both Spybot AND AVG
>>>> still didn't find any problems at all.
>>>> Yet something IS clearly wrong.
>>>>
>>>
>>> Still waiting to see what Trend Micro scan will turn up.
>>> But so far it's showing a strange entry in "application data" \
>>> lobqjkvc\lwrkruxm.exe
>>> And I just don't remember installing "lobqjkvc" at all, either the
>>> full or trial versions <g>
>>>
>>> But decided to also try your suggestions "SUPERAntiSpyware and
>>> malwarebytes' mbam" before I let anything get fixed.
>>>
>>> I'll post the results tomorrow here of what each found.
>>> And which could actually get rid of problems.
>>
>>
>>
>>
>>
>>
>>
>>
>> And my results.
>> (For those who give a crap.)
>> -------------------------------------------------------------------------------
>> Spybot still found nothing wrong
>>
>> AVG still found nothing wrong
>>
>> Trend micro online scan found trojan - gave info on what and exactly
>> where it was located, but could not delete it (could be done manually)
>> Also pointed out various weaknesses in Windows and what updates were
>> needed. Also a repeated false positive (cautionary warning only) about
>> the MPVS host file. (better warned than not though)
>>
>> Superspyware fround (Trojan.FakeAlert.H) but could not delete it
>> (could be done manually)
>>
>> Malwarebytes found (Trojan.FakeAlert.H) and two registry entries,
>> deleted all 3 automatically.
>>
>> So this round has to go to Malwarebytes, but with honorable mention to
>> Trend micro (online scan) for being the most "verbose" of any of the
>> 4 above. Some mention should go to MVPS hosts, as it did seem to do what
>> it was
>> intended to.
>> HOWEVER,......one of the things the tojan seemed to do was exploit
>> that, and re-direct 404 pages to "sales" sites.
>>
>> And explains why mostly yahoo and amazon was affected, as the pages
>> full of ads that MVPS hosts blocked, triggered the trojan to re-direct
>> to other sites.
>>
>>
>> This whole mess does point out that no one program will protect you
>> from everything.
>> And nothing short of never going on the net will keep you 100% safe.
>>
>> None of the any-malware programs could tell me how it got in, in the
>> first place.
>> So I'm still not out of the woods yet.
>>
>>
>> Additional note though.
>>
>> The problem was first noticed after using Yahoo and Amazon and seeing
>> a lot of "adware sites" while trying to back out of pages using the
>> BACK button. And even after the trojan was cleaned out, .....Those still
>> show up in
>> the history, but no longer do much.
>>
>> Sooooooo
>> Yahoo and Amazon ARE sending links past ad-trackers far more often than
>> people might realize.
>> And perhaps using the MPVS hosts solution is doing a lot more good
>> than most ever know.
>>
> Thanks for the update. Glad to hear you got it sorted out! There are
> some programs that say that they can protect the hosts file from
> modifications.


They all promise to protect you, but as you can see, not always.
And I am hardly reckless with opening links to anything and everything, and
still, even I got nailed.

I realized long ago the only thing can really protect you is
backing-up,....often.
(and not just windoze restore, as it can be compromised just as easily)

Knowing I have backups, kept me quite calm, as I know even if the
anti-malware programs fail miserably, at worst I'll only lose a day or two's
worth of data.