Guest Anrey Terkin Posted October 2, 2008 Posted October 2, 2008 i need help on my download scam site the who is dns server is not working with my php database. can anyone help? you can email me directly or use this address Address: Truda 14-1 City: Saint-Petersburg State: Saint-Petersburg ZIP: 188934 Country: RU Phone: +7.9113234634 the site is www.quicksoftupdate.com thanks Quote
Guest Peter Foldes Posted October 2, 2008 Posted October 2, 2008 DO Not OPEN LINK -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Anrey Terkin " <terkin14@gmail.com> wrote in message news:%23fHBlLNJJHA.3644@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> >i need help on my download scam site > the who is dns server is not working with my php database. > can anyone help? > you can email me directly or use this address > > Address: Truda 14-1 > City: Saint-Petersburg > State: Saint-Petersburg > ZIP: 188934 > Country: RU > Phone: +7.9113234634 > > > the site is > > www.quicksoftupdate.com > > > thanks</span> Quote
Guest Peter Foldes Posted October 2, 2008 Posted October 2, 2008 DO NOT OPEN LINK -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. Quote
Guest Max Wachtel Posted October 2, 2008 Posted October 2, 2008 Re: DO Not OPEN LINK In news:#Xchy4NJJHA.740@TK2MSFTNGP03.phx.gbl, Peter Foldes <okf22@hotmail.com> after much thought, came up with this jewel:<span style="color:blue"> > > "Anrey Terkin " <terkin14@gmail.com> wrote in message > news:%23fHBlLNJJHA.3644@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> i need help on my download <<<<<scam >>>>>site >> the who is dns server is not working with my php database. >> can anyone help? >> you can email me directly or use this address >> >> Address: Truda 14-1 >> City: Saint-Petersburg >> State: Saint-Petersburg >> ZIP: 188934 >> Country: RU >> Phone: +7.9113234634 >> >> >> the site is >> >> www.quickbullshitsoftupdate.com >> >> >> thanks</span></span> Why would you qoute the whole thing Peter and not change the URL????? --Â Virus Removal http://max.shplink.com/removal.html Keep Clean http://max.shplink.com/keepingclean.html Change nomail.afraid.org to gmail.com to reply by email. nomail.afraid.org is for use in USENET-feel free to use it yourself. Quote
Guest David H. Lipman Posted October 2, 2008 Posted October 2, 2008 Re: DO Not OPEN LINK From: "Peter Foldes" <okf22@hotmail.com> File setup.exe received on 10.03.2008 00:59:12 (CET) AhnLab-V3 2008.10.3.0 2008.10.02 - AntiVir 7.8.1.34 2008.10.02 DR/Small.ght.7 AVG 8.0.0.161 2008.10.02 BackDoor.Generic10.MAB BitDefender 7.2 2008.10.02 Trojan.Downloader.Zlob.ACJY CAT-QuickHeal 9.50 2008.10.01 Backdoor.Small.fax eSafe 7.0.17.0 2008.10.02 Win32.Small.ght F-Secure 8.0.14332.0 2008.10.02 Trojan-Downloader.Win32.Agent.aigp GData 19 2008.10.02 Trojan.Downloader.Zlob.ACJY Ikarus T3.1.1.34.0 2008.10.02 Virus.Trojan.Win32.BHO.egw K7AntiVirus 7.10.481 2008.10.02 Trojan-Downloader.Win32.Agent.hec Kaspersky 7.0.0.125 2008.10.02 Backdoor.Win32.Small.ght Microsoft 1.4005 2008.10.03 TrojanDownloader:Win32/Renos.M NOD32 3490 2008.10.02 Win32/TrojanDownloader.FakeAlert.KG Norman 5.80.02 2008.10.02 Malware.DJFR Prevx1 V2 2008.10.03 Malicious Software SecureWeb-Gateway 6.7.6 2008.10.02 Trojan.Dropper.Small.ght.7 Symantec 10 2008.10.02 Trojan.Dropper TheHacker 6.3.1.0.098 2008.10.02 Backdoor/Small.foh TrendMicro 8.700.0.1004 2008.10.02 TROJ_ZLOB.BYO -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest David H. Lipman Posted October 2, 2008 Posted October 2, 2008 Re: DO Not OPEN LINK From: "Max Wachtel" <maxwachtel@nomail.afraid.org> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> the site is</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> www.quickbullshitsoftupdate.com</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> thanks</span></span></span> | Why would you qoute the whole thing Peter and not change the URL????? He did alter the URL Max. < LOL > -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest PA Bear [MS MVP] Posted October 3, 2008 Posted October 3, 2008 Re: DO Not OPEN LINK DO NOT QUOTE SUCH LINKS IN REPLIES!! Peter Foldes wrote:<span style="color:blue"> > > "Anrey Terkin " <terkin14@gmail.com> wrote in message > news:%23fHBlLNJJHA.3644@TK2MSFTNGP05.phx.gbl... <span style="color:green"> >> i need help on my download scam site >> the who is dns server is not working with my php database. >> can anyone help? >> you can email me directly or use this address >> >> Address: Truda 14-1 >> City: Saint-Petersburg >> State: Saint-Petersburg >> ZIP: 188934 >> Country: RU >> Phone: +7.9113234634 >> >> >> the site is >> >> MUNGE!!!.quicksoftupdate.com >> >> >> thanks</span></span> Quote
Guest Tom [Pepper] Willett Posted October 3, 2008 Posted October 3, 2008 Symantec says that there are 1,980 threats on that site: http://safeweb.norton.com/report/show?name...ksoftupdate.com "Anrey Terkin " <terkin14@gmail.com> wrote in message news:%23fHBlLNJJHA.3644@TK2MSFTNGP05.phx.gbl... :i need help on my download scam site : the who is dns server is not working with my php database. : can anyone help? : you can email me directly or use this address : : Address: Truda 14-1 : City: Saint-Petersburg : State: Saint-Petersburg : ZIP: 188934 : Country: RU : Phone: +7.9113234634 : : : the site is : : : : : thanks Quote
Guest Sylvain Lafontaine Posted October 3, 2008 Posted October 3, 2008 The real problem here is how can it come that at this moment, these messages have still not be deleted from the server? And also, with a company the size of MS, is there is really no way that these messages could have been filtered out in the first place? -- Sylvain Lafontaine, ing. MVP - Technologies Virtual-PC E-mail: sylvain aei ca (fill the blanks, no spam please) "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com> wrote in message news:%23T6eCrVJJHA.4568@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > Symantec says that there are 1,980 threats on that site: > http://safeweb.norton.com/report/show?name...ksoftupdate.com > > "Anrey Terkin " <terkin14@gmail.com> wrote in message > news:%23fHBlLNJJHA.3644@TK2MSFTNGP05.phx.gbl... > :i need help on my download scam site > : the who is dns server is not working with my php database. > : can anyone help? > : you can email me directly or use this address > : > : Address: Truda 14-1 > : City: Saint-Petersburg > : State: Saint-Petersburg > : ZIP: 188934 > : Country: RU > : Phone: +7.9113234634 > : > : > : the site is > : > : > : > : > : thanks > > </span> Quote
Guest David H. Lipman Posted October 3, 2008 Posted October 3, 2008 From: "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam please)> | The real problem here is how can it come that at this moment, these messages | have still not be deleted from the server? And also, with a company the | size of MS, is there is really no way that these messages could have been | filtered out in the first place? | -- | Sylvain Lafontaine, ing. | MVP - Technologies Virtual-PC | E-mail: sylvain aei ca (fill the blanks, no spam please) Easy answer. Ever since Microsoft pharmed out the news server administration to a contractor that service has sucked ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Shenan Stanley Posted October 3, 2008 Posted October 3, 2008 Sylvain Lafontaine wrote:<span style="color:blue"> > The real problem here is how can it come that at this moment, these > messages have still not be deleted from the server? And also, with > a company the size of MS, is there is really no way that these > messages could have been filtered out in the first place?</span> If Microsoft was actually in control of the hundreds (thousands..) of news servers that these things get replicated to, that would - I suppose - make sense. Or - better yet - one could use their newsreader to properly block it OR just ignore it. ;-) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html Quote
Guest Max Wachtel Posted October 3, 2008 Posted October 3, 2008 Re: DO Not OPEN LINK In news:etPIUPOJJHA.1160@TK2MSFTNGP05.phx.gbl, David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought, came up with this jewel:<span style="color:blue"> > From: "Max Wachtel" <maxwachtel@nomail.afraid.org> > ><span style="color:green"><span style="color:darkred"> >>>> the site is</span></span> ><span style="color:green"><span style="color:darkred"> >>>> www.quickbullshitsoftupdate.com</span></span> > ><span style="color:green"><span style="color:darkred"> >>>> thanks</span></span> ><span style="color:green"> >> Why would you qoute the whole thing Peter and not change the URL?????</span> > > He did alter the URL Max. < LOL ></span> no, I added the little "extra" to the url.......... -- Virus Removal http://max.shplink.com/removal.html Keep Clean http://max.shplink.com/keepingclean.html Change nomail.afraid.org to gmail.com to reply by email. nomail.afraid.org is for use in USENET-feel free to use it yourself. Quote
Guest Tom [Pepper] Willett Posted October 3, 2008 Posted October 3, 2008 MS is in control of their own news servers, and are responsible (and have in place) for stoping these type of things on their servers. C'mon, you're a MVP, you know that ;-) "Shenan Stanley" <newshelper@gmail.com> wrote in message news:OkSQXHZJJHA.6088@TK2MSFTNGP04.phx.gbl... : Sylvain Lafontaine wrote: : > The real problem here is how can it come that at this moment, these : > messages have still not be deleted from the server? And also, with : > a company the size of MS, is there is really no way that these : > messages could have been filtered out in the first place? : : If Microsoft was actually in control of the hundreds (thousands..) of news : servers that these things get replicated to, that would - I suppose - make : sense. : : Or - better yet - one could use their newsreader to properly block it OR : just ignore it. ;-) : : -- : Shenan Stanley : MS-MVP : -- : How To Ask Questions The Smart Way : http://www.catb.org/~esr/faqs/smart-questions.html : : Quote
Guest David H. Lipman Posted October 3, 2008 Posted October 3, 2008 Re: DO Not OPEN LINK From: "Max Wachtel" <maxwachtel@nomail.afraid.org> | In news:etPIUPOJJHA.1160@TK2MSFTNGP05.phx.gbl, | David H. Lipman <DLipman~nospam~@Verizon.Net> after much thought, came up | with this jewel:<span style="color:blue"><span style="color:green"> >> From: "Max Wachtel" <maxwachtel@nomail.afraid.org></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>>>> the site is</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>>>> www.quickbullshitsoftupdate.com</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>>>> thanks</span></span></span> <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> Why would you qoute the whole thing Peter and not change the URL?????</span></span></span> <span style="color:blue"><span style="color:green"> >> He did alter the URL Max. < LOL ></span></span> | no, I added the little "extra" to the url.......... Ooooops... Sorry buddy. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Peter Foldes Posted October 3, 2008 Posted October 3, 2008 Before anybody else jumps on me. I did not open the link. Someone from microsoft Hungary put out the alarm on this post which was also posted there and in all foreign groups. I just tried to warn others and unfortunately in my haste without thinking I included the original link in my post. Many think I opened the link which I did not. I never had any virus ,malware,trojan since I have been posting in the Microsoft forums for the last 15 yrs. So I made an error in posting and everyone seems to think I opened the link and that is how I found it. Sheeees. Thank a bunch to those people -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uy7Qi9YJJHA.5704@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > From: "Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam please)> > > | The real problem here is how can it come that at this moment, these messages > | have still not be deleted from the server? And also, with a company the > | size of MS, is there is really no way that these messages could have been > | filtered out in the first place? > > | -- > | Sylvain Lafontaine, ing. > | MVP - Technologies Virtual-PC > | E-mail: sylvain aei ca (fill the blanks, no spam please) > > > Easy answer. > > Ever since Microsoft pharmed out the news server administration to a contractor that > service has sucked ! > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Quote
Guest David H. Lipman Posted October 3, 2008 Posted October 3, 2008 From: "Peter Foldes" <okf22@hotmail.com> | Before anybody else jumps on me. I did not open the link. Someone from microsoft | Hungary put out the alarm on this post which was also posted there and in all foreign | groups. I just tried to warn others and unfortunately in my haste without thinking I | included the original link in my post. | Many think I opened the link which I did not. I never had any virus ,malware,trojan | since I have been posting in the Microsoft forums for the last 15 yrs. So I made an | error in posting and everyone seems to think I opened the link and that is how I found | it. Sheeees. | Thank a bunch to those people | -- | Peter I did, but NOT with a browser ;-) I easily found the IFrame and file intended to be downloaded. I recognized the Social Engineering in the post and was in the process of analizing it when you replied. It's a fake codec called LPVideoPlugin and installs a BHO as... C:\Program Files\LPVideoPlugin\5378.exe C:\WINDOWS\system32\LPVideo.dll HKLM\Software\Classes\AppID\{B90618AA-A0BF-41EE-8BDA-DC965B49042D} HKLM\Software\Classes\AppID\LPVideo.DLL HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink.1 HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink.1\CLSID HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink\CLSID HKLM\Software\Classes\LPVideo.XMLDOMDocumentEventsSink\CurVer HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999} HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\ProgID HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\Programmable HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\InprocServer32 HKLM\Software\Classes\CLSID\{BEDA34FB-740D-4975-95DD-003A068CF999}\TypeLib HKLM\Software\Classes\LPVideo.LPVideoPlugin.1 HKLM\Software\Classes\LPVideo.LPVideoPlugin.1\CLSID HKLM\Software\Classes\LPVideo.LPVideoPlugin HKLM\Software\Classes\LPVideo.LPVideoPlugin\CLSID HKLM\Software\Classes\LPVideo.LPVideoPlugin\CurVer HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3} HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\ProgID HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\Programmable HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\InprocServer32 HKLM\Software\Classes\CLSID\{724B80DE-D97A-4384-8960-6AF64CE5BBB3}\TypeLib HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724B80DE-D97A-4384-8960-6AF64CE5BBB3} HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230} HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0 HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\FLAGS HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\0 HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\0\win32 HKLM\Software\Classes\TypeLib\{A3433B72-420B-4074-81AA-BD253532C230}\1.0\HELPDIR HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547} HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}\ProxyStubClsid HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}\ProxyStubClsid32 HKLM\Software\Classes\Interface\{F19273AA-BD78-4EEA-A783-6177F6A1A547}\TypeLib HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112} HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}\ProxyStubClsid HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}\ProxyStubClsid32 HKLM\Software\Classes\Interface\{F9713375-EC34-4638-8176-7884D5CEF112}\TypeLib -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Shenan Stanley Posted October 3, 2008 Posted October 3, 2008 Tom [Pepper] Willett wrote:<span style="color:blue"> > MS is in control of their own news servers, and are responsible > (and have in place) for stoping these type of things on their > servers. C'mon, you're a MVP, you know that ;-)</span> Unfortunately - their removal (or not) doesn't mean much to the hundreds (thousands) of replicated groups/forums and other leeches of the original. ;-) Not everyone access these groups through the same server/method/applications/etc. ;-) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.