| Subject: UAC re-enabling itself? |
| Group: microsoft.public.windows.vista.security,microsoft.public.windows.vista.general |
| Date: 5/5/2008 8:06:29 PM |
| From: "void.no.spam.com@gmail.com" [Email Address Protection] |
I turned off UAC on my parents' new computer a couple days ago. Yesterday, my dad encountered some spyware while browsing (he called me over and I noticed that Firefox had somehow gone to onlinexpscanner.com and downloaded a suspicious executable, and there was a prompt to run the program). I am now trying to figure out if any spyware got installed onto the computer. The first thing I have noticed is that UAC is now enabled, even though I had disabled it a couple days ago. How did that happen? Could any Windows updates have re-enabled it? |
| Back |
| Subject: Re: UAC re-enabling itself? |
| Group: microsoft.public.windows.vista.security,microsoft.public.windows.vista.general |
| Date: 5/5/2008 8:32:32 PM |
| From: Adam Albright [Email Address Protection] |
On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam.com@gmail.com" <void.no.spam.com@gmail.com> wrote: >I turned off UAC on my parents' new computer a couple days ago. >Yesterday, my dad encountered some spyware while browsing (he called >me over and I noticed that Firefox had somehow gone to >onlinexpscanner.com and downloaded a suspicious executable, and there >was a prompt to run the program). I am now trying to figure out if >any spyware got installed onto the computer. The first thing I have >noticed is that UAC is now enabled, even though I had disabled it a >couple days ago. How did that happen? Could any Windows updates have >re-enabled it? Surprise. onlinexpscanner.com IS the threat. It's often called social engineering. Dear old dad or someone with access to this computer might have visited this site under the lure of a free system scan. Sounds harmless enough, except it reports bogus things wrong with you system and then installs itself. Newer versions of anti virus and malware programs like AVG will flag hostile web sites so only dummies like Frank would be dumb enough to still click on them. Confirm onlinexpscanner is on your system. Look in Task Manager under processes tab. According to Google there are many web sites that tell you how to remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the site! Use Google to find web pages that talk about it and offer methods to remove it. First install AVG 8.0. This is a reliable company that makes real anti virus and malware protection software. Once installed when you enter onlinexpscanner into Google and similar threats it will have a red X, while "trusted" sites with have a green check mark. This sounds like a Trojan, not spyware. Trojans have the ability to hijack your system so somebody can remotely control your computer and yes, that means exactly what it sounds like. |
| Back |
| Subject: Re: UAC re-enabling itself? |
| Group: microsoft.public.windows.vista.security,microsoft.public.windows.vista.general |
| Date: 5/5/2008 9:21:46 PM |
| From: "void.no.spam.com@gmail.com" [Email Address Protection] |
On May 5, 11:32=A0pm, Adam Albright <A...@ABC.net> wrote: > On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com" > > <void.no.spam....@gmail.com> wrote: > >I turned off UAC on my parents' new computer a couple days ago. > >Yesterday, my dad encountered some spyware while browsing (he called > >me over and I noticed that Firefox had somehow gone to > >onlinexpscanner.com and downloaded a suspicious executable, and there > >was a prompt to run the program). =A0I am now trying to figure out if > >any spyware got installed onto the computer. =A0The first thing I have > >noticed is that UAC is now enabled, even though I had disabled it a > >couple days ago. =A0How did that happen? =A0Could any Windows updates hav= e > >re-enabled it? > > Surprise. onlinexpscanner.com IS the threat. It's often called social > engineering. Dear old dad or someone with access to this computer > might have visited this site under the lure of a free system scan. > Sounds harmless enough, except it reports bogus things wrong with you > system and then installs itself. Newer versions of anti virus and > malware programs like AVG will flag hostile web sites so only dummies > like Frank would be dumb enough to still click on them. Yeah, I figured it was one of those "anti-spyware" sites that really install spyware onto your computer. > Confirm onlinexpscanner is on your system. Look in Task Manager under > processes tab. > > According to Google there are many web sites that tell you how to > remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the > site! Use Google to find web pages that talk about it and offer > methods to remove it. > > First install AVG 8.0. This is a reliable company that makes real anti > virus and malware protection software. Once installed when you enter > onlinexpscanner into Google and similar threats it will have a red X, > while "trusted" sites with have a green check mark. I did install AntiVir onto the computer, but that sounds like a cool feature in AVG. Would that be AVG Antivirus or AVG Antispyware? > This sounds like a Trojan, not spyware. Trojans have the ability to > hijack your system so somebody can remotely control your computer and > yes, that means exactly what it sounds like. I went to the second site that came up in Google for "onlinexpscanner" - http://www.411-spyware.com/remove-onlinexpscanner-com. That is legitimate, right? I checked for the processes/files/registry keys that it mentioned, and I don't see anything. I do have Explorer configured to show all hidden/system files, and I told Task Manager to show processes for all users. But I guess I'm still a little paranoid. Do you think Windows Defender would have stopped the spyware from executing? Also, what do you think of using System Restore? There is a restore point that is prior to my dad's encounter with the spyware site, so if I restored the system to that point, would it guarantee that any spyware would be removed? I'm not sure if that would work, because I read that System Restore does not restore everything. |
| Back |
| Subject: Re: UAC re-enabling itself? |
| Group: microsoft.public.windows.vista.security,microsoft.public.windows.vista.general |
| Date: 5/5/2008 10:29:08 PM |
| From: Nonny [Email Address Protection] |
On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com" <void.no.spam.com@gmail.com> wrote: >> First install AVG 8.0. This is a reliable company that makes real anti >> virus and malware protection software. Once installed when you enter >> onlinexpscanner into Google and similar threats it will have a red X, >> while "trusted" sites with have a green check mark. > >I did install AntiVir onto the computer, but that sounds like a cool >feature in AVG. Would that be AVG Antivirus or AVG Antispyware? It's the latest version of AVG antivirus. Very nice. |
| Back |
| Subject: Re: UAC re-enabling itself? |
| Group: microsoft.public.windows.vista.security,microsoft.public.windows.vista.general |
| Date: 5/6/2008 6:00:06 AM |
| From: Adam Albright [Email Address Protection] |
On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com" <void.no.spam.com@gmail.com> wrote: >On May 5, 11:32�pm, Adam Albright <A...@ABC.net> wrote: >> On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com" >> >> <void.no.spam....@gmail.com> wrote: >> >I turned off UAC on my parents' new computer a couple days ago. >> >Yesterday, my dad encountered some spyware while browsing (he called >> >me over and I noticed that Firefox had somehow gone to >> >onlinexpscanner.com and downloaded a suspicious executable, and there >> >was a prompt to run the program). �I am now trying to figure out if >> >any spyware got installed onto the computer. �The first thing I have >> >noticed is that UAC is now enabled, even though I had disabled it a >> >couple days ago. �How did that happen? �Could any Windows updates have >> >re-enabled it? >> >> Surprise. onlinexpscanner.com IS the threat. It's often called social >> engineering. Dear old dad or someone with access to this computer >> might have visited this site under the lure of a free system scan. >> Sounds harmless enough, except it reports bogus things wrong with you >> system and then installs itself. Newer versions of anti virus and >> malware programs like AVG will flag hostile web sites so only dummies >> like Frank would be dumb enough to still click on them. > >Yeah, I figured it was one of those "anti-spyware" sites that really >install spyware onto your computer. > > >> Confirm onlinexpscanner is on your system. Look in Task Manager under >> processes tab. >> >> According to Google there are many web sites that tell you how to >> remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the >> site! Use Google to find web pages that talk about it and offer >> methods to remove it. >> >> First install AVG 8.0. This is a reliable company that makes real anti >> virus and malware protection software. Once installed when you enter >> onlinexpscanner into Google and similar threats it will have a red X, >> while "trusted" sites with have a green check mark. > >I did install AntiVir onto the computer, but that sounds like a cool >feature in AVG. Would that be AVG Antivirus or AVG Antispyware? > > >> This sounds like a Trojan, not spyware. Trojans have the ability to >> hijack your system so somebody can remotely control your computer and >> yes, that means exactly what it sounds like. > >I went to the second site that came up in Google for "onlinexpscanner" >- http://www.411-spyware.com/remove-onlinexpscanner-com. That is >legitimate, right? I checked for the processes/files/registry keys >that it mentioned, and I don't see anything. I do have Explorer >configured to show all hidden/system files, and I told Task Manager to >show processes for all users. > >But I guess I'm still a little paranoid. Do you think Windows >Defender would have stopped the spyware from executing? > >Also, what do you think of using System Restore? There is a restore >point that is prior to my dad's encounter with the spyware site, so if >I restored the system to that point, would it guarantee that any >spyware would be removed? I'm not sure if that would work, because I >read that System Restore does not restore everything. I would just install AVG 8.0. The free version. Then let it run it's anti-virus malware routine. If you still have onlinexpscanner or anything else malicious on your system it should be able to isolate it. You are best off not trusting some unknown anti-spyware. That's how you got in trouble in the first space. AVG has been around a long time and has a good reputation. Use it. It is free. That's all you need. If it is a Trojan it may hide itself and not show up in the processes tab. It may or may not be on your system. By using AVG you'll find out and it should be able to remove it or at least render it harmless. If the system appears to be running ok, no real need to use a restore point. |
| Back |
| Subject: Re: UAC re-enabling itself? |
| Group: microsoft.public.windows.vista.security,microsoft.public.windows.vista.general |
| Date: 5/6/2008 7:01:19 PM |
| From: "C.B." [Email Address Protection] |
"Nonny" <nonnymoose@yahoo.com> wrote in message news:c4rv14ldscubsh3chssodouape6jkavqqp@4ax.com... > On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com" > <void.no.spam.com@gmail.com> wrote: > >>> First install AVG 8.0. This is a reliable company that makes real anti >>> virus and malware protection software. Once installed when you enter >>> onlinexpscanner into Google and similar threats it will have a red X, >>> while "trusted" sites with have a green check mark. >> >>I did install AntiVir onto the computer, but that sounds like a cool >>feature in AVG. Would that be AVG Antivirus or AVG Antispyware? > > It's the latest version of AVG antivirus. Very nice. AVG AntiSpyware 7.5.1.43 plus is the last version of the antispyware product offered by AVG. It is now incorporated into their new AVG Antivirus 8.0. Their antispyware product will no longer be offered as a standalone product. C.B. -- It is the responsibility and duty of everyone to help the underprivileged and unfortunate among us. |
| Back |