Guest Yves Ferrer Posted March 23, 2009 Posted March 23, 2009 Hi everyone, new to this game, please bear with me? Some messages on screen tell me that I am infected by WORM/Rbot.425984.1 a friend directed me towards 'tucows' (?) but I cannot really make sense of the site (I AM that SLOW!!!). Will the MS Windows own scan system get rid of this worm? and how do I find it again? I came across it once quite awhile ago, but I don't remember what i didi to get there... If you are kind enought o help, please keep the instructions in 'baby-speak'? I am a translator by profession, but jargon (and IT) are way beyond me! Thanks in adavance! -- YF Quote
Guest Leythos Posted March 23, 2009 Posted March 23, 2009 In article <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com>, YvesFerrer@discussions.microsoft.com says...<span style="color:blue"> > Hi everyone, > > new to this game, please bear with me? > Some messages on screen tell me that I am infected by WORM/Rbot.425984.1 > > a friend directed me towards 'tucows' (?) but I cannot really make sense of > the site (I AM that SLOW!!!). > > Will the MS Windows own scan system get rid of this worm? and how do I find > it again? I came across it once quite awhile ago, but I don't remember what i > didi to get there... > > If you are kind enought o help, please keep the instructions in > 'baby-speak'? I am a translator by profession, but jargon (and IT) are way > beyond me! > > Thanks in adavance! > > </span> Download and run/use the MBAM tool listed below, it's considered one of the best free removal tools, is created and hosted by a reputable group that is respected by the anti-malware community, and you can read about it at the link below./ Do not trust anything from disreputable sources such as PCBUTTS1.COM, no reputable person or group in the anti-malware community will direct you to that site. MalwareBytes Anti-Malware http://www.malwarebytes.org/mbam.php -- Leythos - spam999free@rrohio.com (remove 999 to email me) Public Service Warning: Learn about PCButts before you trust: http://www.velocityreviews.com/forums/t513...f-removeit.html http://www.google.com/search?hl=en&q=pcbutts1+thief http://tinyurl.com/4rruwd Quote
Guest Malke Posted March 23, 2009 Posted March 23, 2009 Yves Ferrer wrote: <span style="color:blue"> > Hi everyone, > > new to this game, please bear with me? > Some messages on screen tell me that I am infected by WORM/Rbot.425984.1 > > a friend directed me towards 'tucows' (?) but I cannot really make sense > of the site (I AM that SLOW!!!). > > Will the MS Windows own scan system get rid of this worm? and how do I > find it again? I came across it once quite awhile ago, but I don't > remember what i didi to get there... > > If you are kind enought o help, please keep the instructions in > 'baby-speak'? I am a translator by profession, but jargon (and IT) are way > beyond me!</span> Some messages from what program? The reason I ask is that it is common to get messages from a "rogue" antivirus/antispyware program that you are infected. You are, but with the "rogue" program (called that because it pretends to be a Good Guy but is really the Bad Guy) that is trying to get you to buy it. I'll give you the general malware removal steps - which also cover "rogues" - but if you find any of this difficult you should take your machine to a competent local computer tech. There is no shame in doing this. If you go this route, I don't recommend using a BigComputerStore/GeekSquad type of place. Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2....emoving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions You can also check to see if there are targeted removal steps for your malware here (if you have a rogue): Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html Or here: Malwarebytes malware removal guides - http://tinyurl.com/5xrpft When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! http://www.elephantboycomputers.com/#FAQ Quote
Guest PA Bear [MS MVP] Posted March 23, 2009 Posted March 23, 2009 Use my Remove-it software, it will remove that malware from your system. Choose yes for all options when prompted. Download it here http://www.ms-mvp.org/ -- WARNING Do NOT follow any advice given by the people listed below. They do NOT have the expertise or knowledge to fix your issue. Do not waste your time. David H Lipman, Malke, Beauregard T. Shagnasty, Leythos. "Yves Ferrer" <YvesFerrer@discussions.microsoft.com> wrote in message news:503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com...<span style="color:blue"> > Hi everyone, > > new to this game, please bear with me? > Some messages on screen tell me that I am infected by WORM/Rbot.425984.1 > > a friend directed me towards 'tucows' (?) but I cannot really make sense > of > the site (I AM that SLOW!!!). > > Will the MS Windows own scan system get rid of this worm? and how do I > find > it again? I came across it once quite awhile ago, but I don't remember > what i > didi to get there... > > If you are kind enought o help, please keep the instructions in > 'baby-speak'? I am a translator by profession, but jargon (and IT) are way > beyond me! > > Thanks in adavance! > > -- > YF </span> Quote
Guest David H. Lipman Posted March 23, 2009 Posted March 23, 2009 From: "Yves Ferrer" <YvesFerrer@discussions.microsoft.com> | Hi everyone, | new to this game, please bear with me? | Some messages on screen tell me that I am infected by WORM/Rbot.425984.1 | a friend directed me towards 'tucows' (?) but I cannot really make sense of | the site (I AM that SLOW!!!). | Will the MS Windows own scan system get rid of this worm? and how do I find | it again? I came across it once quite awhile ago, but I don't remember what i | didi to get there... | If you are kind enought o help, please keep the instructions in | 'baby-speak'? I am a translator by profession, but jargon (and IT) are way | beyond me! | Thanks in adavance! | -- | YF WARNING ! You have been replied to by an imposter. The reply from "PA Bear [MS MVP}" is faked. This is NOT the real Microsoft MVP Robear Dyer. The site; h p://www.ms-mvp.org/ has NOTHING to do with the Microsoft MVP program and it will redirect yuour browser to PCBUTTS1.COM PCBUTTS1 is a fake MS MVP who is offering up plagiarized and pirated software. Both he and some of his software is malicious. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest PA Bear [MS-MVP] Posted March 23, 2009 Posted March 23, 2009 You might be able to spoof my username, pcbuttsHO1E, but you can't spoof my headers: Yours: <QP> Path: g2news2.google.com!news3.google.com!feeder.news-service.com! news.motzarella.org!motzarella.org!news.motzarella.org!not-for-mail From: "PA Bear [MS MVP]" <p...@bear.con> Newsgroups: microsoft.public.security.virus Subject: Re: Worm? Date: Mon, 23 Mar 2009 13:38:47 -0700 Organization: A noiseless patient Spider Lines: 39 Message-ID: <gq8s0n$ou8$1@news.motzarella.org> References: <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original Content-Transfer-Encoding: 7bit X-Trace: news.eternal-september.org U2FsdGVkX1+G7sU3vIqbgAHQfnHg64DHp/ Dcm2qAfURnOrIMuWG9qRRDHqcUoi6SNThd8fc42MT4UE3QJSdgUMev68H1bmjgYiouEbuW8pRCfpeXOz1S2gi8grVLamOIiDsdqkaklkQ= X-Complaints-To: Please send complaints to abuse@motzarella.org with full headers NNTP-Posting-Date: Mon, 23 Mar 2009 20:38:48 +0000 (UTC) X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 In-Reply-To: <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com> X-Antivirus-Status: Clean X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 X-Auth-Sender: U2FsdGVkX18s0qWQRnLpYgRbjwrWrI4N4FYLNEF545vma56asNPKkw== X-Antivirus: avast! (VPS 090322-0, 03/22/2009), Outbound message Cancel-Lock: sha1:XVRJxyT8h7svspp8Z+g+AYBPuoc= X-Priority: 3 X-MSMail-Priority: Normal </QP> Mine from a recent post: <QP> Reply-To: "PA Bear [MS MVP]" <moc.liamg@PVMraeBAP> From: "PA Bear [MS MVP]" < MUNGE @gmail.com> References: <eQ6td69qJHA.4364@TK2MSFTNGP04.phx.gbl> Subject: Re: unable to update winXP - error 0x80096004 Date: Mon, 23 Mar 2009 14:28:44 -0400 Lines: 35 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Message-ID: <eEVrsa#qJHA.496@TK2MSFTNGP06.phx.gbl> Newsgroups: microsoft.public.windowsupdate NNTP-Posting-Host: 24.152.248.232.res-cmts.tvh.ptd.net 24.152.248.232 </QP> -- The real ~PA Bear On Mar 23, 4:38Â pm, "PA Bear [MS MVP]" <p...@bear.con> wrote:<span style="color:blue"> > Use my Remove-it software, it will remove that malware from your system. > Choose yes for all options when prompted. Download it here xxxx://xxx.ms-mvp.org/</span> Quote
Guest Peter Foldes Posted March 23, 2009 Posted March 23, 2009 You are a fraud on top of everything else that you do Chris. Now you turn and became an impostor on top of posting bad and dangerous links. You are definitely one sick puppy -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "PA Bear [MS MVP]" <pa@bear.con> wrote in message news:gq8s0n$ou8$1@news.motzarella.org...<span style="color:blue"> > Use my Remove-it software, it will remove that malware from your system. Choose > yes for all options when prompted. Download it here http://www.ms-mvp.org/ > > -- > WARNING Do NOT follow any advice given by the people listed below. > They do NOT have the expertise or knowledge to fix your issue. Do not waste your > time. > David H Lipman, Malke, Beauregard T. Shagnasty, Leythos. > > > > > "Yves Ferrer" <YvesFerrer@discussions.microsoft.com> wrote in message > news:503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com...<span style="color:green"> >> Hi everyone, >> >> new to this game, please bear with me? >> Some messages on screen tell me that I am infected by WORM/Rbot.425984.1 >> >> a friend directed me towards 'tucows' (?) but I cannot really make sense of >> the site (I AM that SLOW!!!). >> >> Will the MS Windows own scan system get rid of this worm? and how do I find >> it again? I came across it once quite awhile ago, but I don't remember what i >> didi to get there... >> >> If you are kind enought o help, please keep the instructions in >> 'baby-speak'? I am a translator by profession, but jargon (and IT) are way >> beyond me! >> >> Thanks in adavance! >> >> -- >> YF</span> > </span> Quote
Guest Leythos Posted March 23, 2009 Posted March 23, 2009 In article <gq8s0n$ou8$1@news.motzarella.org>, pa@bear.con says...<span style="color:blue"> > Path: news.astraweb.com!border5.newsrouter.astraweb.com!news.glorb.com!news.motzarella.org!motzarella.org!news.motzarella.org!not-for-mail > From: "PA Bear [MS MVP]" <pa@bear.con> > Newsgroups: microsoft.public.security.virus > Subject: Re: Worm? > Date: Mon, 23 Mar 2009 13:38:47 -0700 > Organization: A noiseless patient Spider > Lines: 39 > Message-ID: <gq8s0n$ou8$1@news.motzarella.org> > References: <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com> > Mime-Version: 1.0 > Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original > Content-Transfer-Encoding: 7bit > X-Trace: news.eternal-september.org U2FsdGVkX1+G7sU3vIqbgAHQfnHg64DHp/Dcm2qAfURnOrIMuWG9qRRDHqcUoi6SNThd8fc42MT4UE3QJSdgUMev68H1bmjgYiouEbuW8pRCfpeXOz1S2gi8grVLamOIiDsdqkaklkQ= > X-Complaints-To: Please send complaints to abuse@motzarella.org with full headers > NNTP-Posting-Date: Mon, 23 Mar 2009 20:38:48 +0000 (UTC) > X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 > In-Reply-To: <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com> > X-Antivirus-Status: Clean > X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 > X-Auth-Sender: U2FsdGVkX18s0qWQRnLpYgRbjwrWrI4N4FYLNEF545vma56asNPKkw== > X-Antivirus: avast! (VPS 090322-0, 03/22/2009), Outbound message > Cancel-Lock: sha1:XVRJxyT8h7svspp8Z+g+AYBPuoc= > X-Priority: 3 > X-MSMail-Priority: Normal > > Use my Remove-it software, it will remove that malware from your system. > Choose yes for all options when prompted. Download it here > http://www.ms-mvp.org/ > > WARNING Do NOT follow any advice given by the people listed below. > They do NOT have the expertise or knowledge to fix your issue. Do not waste > your time.</span> PCButts1 impersonating a reputable member again. -- Leythos - spam999free@rrohio.com (remove 999 to email me) Public Service Warning: Learn about PCButts before you trust: http://www.velocityreviews.com/forums/t513...f-removeit.html http://www.google.com/search?hl=en&q=pcbutts1+thief http://tinyurl.com/4rruwd Quote
Guest ---Fitz--- Posted March 24, 2009 Posted March 24, 2009 "Leythos" <spam999free@rrohio.com> wrote in message news:MPG.2431d5112bd13267989a60@us.news.astraweb.com...<span style="color:blue"> > In article <gq8s0n$ou8$1@news.motzarella.org>, pa@bear.con says...<span style="color:green"> >> Path: >> news.astraweb.com!border5.newsrouter.astraweb.com!news.glorb.com!news.motzarella.org!motzarella.org!news.motzarella.org!not-for-mail >> From: "PA Bear [MS MVP]" <pa@bear.con> >> Newsgroups: microsoft.public.security.virus >> Subject: Re: Worm? >> Date: Mon, 23 Mar 2009 13:38:47 -0700 >> Organization: A noiseless patient Spider >> Lines: 39 >> Message-ID: <gq8s0n$ou8$1@news.motzarella.org> >> References: <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com> >> Mime-Version: 1.0 >> Content-Type: text/plain; format=flowed; charset="UTF-8"; >> reply-type=original >> Content-Transfer-Encoding: 7bit >> X-Trace: news.eternal-september.org >> U2FsdGVkX1+G7sU3vIqbgAHQfnHg64DHp/Dcm2qAfURnOrIMuWG9qRRDHqcUoi6SNThd8fc42MT4UE3QJSdgUMev68H1bmjgYiouEbuW8pRCfpeXOz1S2gi8grVLamOIiDsdqkaklkQ= >> X-Complaints-To: Please send complaints to abuse@motzarella.org with full >> headers >> NNTP-Posting-Date: Mon, 23 Mar 2009 20:38:48 +0000 (UTC) >> X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 >> In-Reply-To: <503CACF1-89E0-4D06-8E5D-5C94012E9F93@microsoft.com> >> X-Antivirus-Status: Clean >> X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 >> X-Auth-Sender: U2FsdGVkX18s0qWQRnLpYgRbjwrWrI4N4FYLNEF545vma56asNPKkw== >> X-Antivirus: avast! (VPS 090322-0, 03/22/2009), Outbound message >> Cancel-Lock: sha1:XVRJxyT8h7svspp8Z+g+AYBPuoc= >> X-Priority: 3 >> X-MSMail-Priority: Normal >> >> Use my Remove-it software, it will remove that malware from your system. >> Choose yes for all options when prompted. Download it here >> http://www.ms-mvp.org/ >> >> WARNING Do NOT follow any advice given by the people listed below. >> They do NOT have the expertise or knowledge to fix your issue. Do not >> waste >> your time.</span> > > PCButts1 impersonating a reputable member again. > > > > -- > Leythos - spam999free@rrohio.com (remove 999 to email me) > Public Service Warning: Learn about PCButts before you trust: > http://www.velocityreviews.com/forums/t513...f-removeit.html > http://www.google.com/search?hl=en&q=pcbutts1+thief > http://tinyurl.com/4rruwd</span> But it's only because Chris has no life (or ethics, or morality, or common sense, or ability, or honor)! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.