Page 1 of 2 12 LastLast
Results 1 to 20 of 25
  1.    #1  
    I just received a virus on my computer the other day. What I am wondering is does anyone think I should refrain from synching my Treo with my PC until the virus is off the system? Could the virus be ported thru the hot sync to the Treo?

    Thanks.
    Rob
    8GB iPhone
  2. #2  
    Quote Originally Posted by dimensiondvdrob
    I just received a virus on my computer the other day. What I am wondering is does anyone think I should refrain from synching my Treo with my PC until the virus is off the system? Could the virus be ported thru the hot sync to the Treo?

    Thanks.
    Depends on the virus. Most, if not all of the viruses now (the pathetic ones created from PoC by some 13 year old Malaysian script-kiddie) install themselves into HKLM\..\Run or HKCU\..\Run and are used to proliferate spam, mass-mail itself, or act as a listening daemon for some botnet used to DDoS IRC victims or other hosts.

    A few I've seen do some nefarious stuff like connect-back shells but usually they are quickly shutdown after contacting the ISP.

    As far as it following itself over to your Treo, I wouldn't worry. Completely separate processor arch's as well as OS. Today's viruses aren't like the old days, where things like Empire Monkey.B and Form.A were things people talked about.

    Now it's about DDoS'n folks, proliferating spam, or just being one of these "look how 31337 I am" trash from pre-teen asshats.

    Can you tell it makes me happy?
  3. #3  
    I would take all necessary steps to remove the "Virus" from your computer, lest you continue to operate on an "owned" box and **** your ISP off by sending spam, DDoS attacks, etc.
  4.    #4  
    Quote Originally Posted by evilghost
    Depends on the virus. Most, if not all of the viruses now (the pathetic ones created from PoC by some 13 year old Malaysian script-kiddie) install themselves into HKLM\..\Run or HKCU\..\Run and are used to proliferate spam, mass-mail itself, or act as a listening daemon for some botnet used to DDoS IRC victims or other hosts.

    A few I've seen do some nefarious stuff like connect-back shells but usually they are quickly shutdown after contacting the ISP.

    As far as it following itself over to your Treo, I wouldn't worry. Completely separate processor arch's as well as OS. Today's viruses aren't like the old days, where things like Empire Monkey.B and Form.A were things people talked about.

    Now it's about DDoS'n folks, proliferating spam, or just being one of these "look how 31337 I am" trash from pre-teen asshats.

    Can you tell it makes me happy?
    hehe, yeah, you seem over-joyed about this stuff! I was just worried, but last night I synched after trying (exhaustively) to delete this thing (w32.kelvir - name of the virus) from my computer and no ill effects from the sync seemed to have occurred. I would assume that IF something had transferred during the sync, 1 of 2 things would be noticeable:
    1. Less RAM would be available.
    2. Less RAM would be available and I would probably see a weird file in the launcher, unless it was hidden. Also, since the upgrade (1.13 ROW Unlocked GSM) my Treo has been ROCK-SOLID.

    Anyway, thanks for the quick response, Evil Ghost. I feel better now that at least someone feels that this would not invade my precious Treo!

    All the best,
    Robert
    Rob
    8GB iPhone
  5.    #5  
    Quote Originally Posted by evilghost
    I would take all necessary steps to remove the "Virus" from your computer, lest you continue to operate on an "owned" box and **** your ISP off by sending spam, DDoS attacks, etc.
    It's crazy! I have been trying to get this off, but no luck. Tomorrow I will be re-formatting my hard drive and starting over.

    Hey, if I start over, what's the best way to get the PALM Desktop to the same place it is now? I was thinking to install the Palm Desktop, remove the set of installation files which want to install at the first sync (from the Install folder in Program Files) and then set the conduits to Handheld overwrites Desktop and transfer to the Desktop all my contacts, tasks, calendar, etc. Also, can I install apps like Splash ID over the install already on the Treo (same version numbers most likely) or should I just remove the .prc in the install folder before synching? If I remove the .prc from installing onto the palm, will the conduit sync properly with my palm, or am I doomed to have to hard reset and reinstall all from scratch?

    Thanks.
    Rob
    8GB iPhone
  6. #6  
    Hang on before you reformat, let me look up the virus and what "elite ninja" things it does. Chances are a reformat isn't necessary and it'll be easy to remove it.
  7. #7  
    Ok, you sucker. First, quit using Internet Exploder to view the web, install something like Firefox or Opera. Secondly, there's a reason for Windows Updates, so install them

    Microsoft releases scheduled updates the 2nd Tuesday of every month (Black Tuesday).

    If you give me the variant name, I can give you the exact removal instructions, but it's pretty simple, and some of the common HKLM\..\Run trash.

    Here you go. The Regedit deal is pretty simple...
    http://securityresponse.symantec.com....kelvir.b.html
  8.    #8  
    Quote Originally Posted by evilghost
    Ok, you sucker. First, quit using Internet Exploder to view the web, install something like Firefox or Opera. Secondly, there's a reason for Windows Updates, so install them

    Microsoft releases scheduled updates the 2nd Tuesday of every month (Black Tuesday).

    If you give me the variant name, I can give you the exact removal instructions, but it's pretty simple, and some of the common HKLM\..\Run trash.

    Here you go. The Regedit deal is pretty simple...
    http://securityresponse.symantec.com....kelvir.b.html
    Evil Ghost...I have been using Firefox to browse the web. I did, however, get this file from a TRUSTED friend (business associate) through an instant message, using AIM. I, like and *****, clicked on the link, which then it started to download a file to my desktop, which (again, like an *****), double-clicked on the downloaded file and WHAM! got stuck with this w32.kelvir worm or whatever this thing is. I have been trying like mad today to remove this from my system, but my extent of knowledge is limited in this respect. I will take, however, whatever info you can offer to me to help get rid of it and I DO APPRECIATE it a lot!

    Thanks so much!
    Rob
    8GB iPhone
  9. #9  
    If you have MSN Messenger, PM me your contact name and I'll add you to my contact list and gladly walk you through removal.
  10. #10  
    And tell your Trusted friend, "Thanx!" and be sure he wipes his arse, I mean computer as well.
    MaxiMunK.com The Forum That Asks, "Are You Not Entertained?"

    Remember: "Anyone that thinks the Treo should just work right out of the box, shouldn't own a Treo..."
  11.    #11  
    Quote Originally Posted by evilghost
    Ok, you sucker. First, quit using Internet Exploder to view the web, install something like Firefox or Opera. Secondly, there's a reason for Windows Updates, so install them

    Microsoft releases scheduled updates the 2nd Tuesday of every month (Black Tuesday).

    If you give me the variant name, I can give you the exact removal instructions, but it's pretty simple, and some of the common HKLM\..\Run trash.

    Here you go. The Regedit deal is pretty simple...
    http://securityresponse.symantec.com....kelvir.b.html
    Evil Ghost,

    I checked the registry from your link against my registry values and here is what I have:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run – NO “CPQHotkeys” = “hotkeysvc.exe” LOCATED IN THIS DIRECTORY.


    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    RunServices – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY!



    HKEY_CURRENT_USER\Software\Microsoft\Ole – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY!



    HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY! (HIGHLIGHTED VALUE)



    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run – NO “CPQHotkeys” = “hotkeysvc.exe” LOCATED IN THIS DIRECTORY.



    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    RunServices – NO “CPQHotkeys” = “hotkeysvc.exe” LOCATED IN THIS DIRECTORY.



    HKEY_LOCAL_MACHINE\Software\Microsoft\Ole – NO “CPQHotkeys” = “hotkeysvc.exe” LOCATED IN THIS DIRECTORY.



    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY! (HIGHLIGHTED VALUE)



    HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Run – NO “CPQHotkeys” = “hotkeysvc.exe” LOCATED IN THIS DIRECTORY.



    HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\
    RunServices – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY!



    HKEY_USERS\.default\Software\Microsoft\Ole – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY!



    HKEY_USERS\.default\System\CurrentControlSet\Control\Lsa – THIS DIRECTORY DOES NOT EXIST IN MY REGISTRY! (HIGHLIGHTED VALUE)


    Now, I suspect some of the entries that don't exist may be due to the fact that I used Spybot S&D and Adaware and Norton already. The ONLY thing I was able to do was set the "EnableDCOM" = "N" value and exited the registry. I keep getting pop ups from Norton letting me know it found an instance of the virus (w32.kelvir) and is deleting it from my system.

    Thanks again for your help and diligence.
    Rob
    8GB iPhone
  12.    #12  
    Quote Originally Posted by Insertion
    And tell your Trusted friend, "Thanx!" and be sure he wipes his arse, I mean computer as well.
    I already did...she inadvertently infected her whole company and some other outside vendors and other friends!
    Rob
    8GB iPhone
  13.    #13  
    Quote Originally Posted by evilghost
    If you have MSN Messenger, PM me your contact name and I'll add you to my contact list and gladly walk you through removal.
    Thanks Evil Ghost! I will await your IM! I sent you the PM, by the way.
    Rob
    8GB iPhone
  14. #14  
    Quote Originally Posted by dimensiondvdrob
    I already did...she inadvertently infected her whole company and some other outside vendors and other friends!
    Ahhh...that explains it. This is why I am pushing for a 6 month waiting/screening period before women are allowed to use anything more advanced than a mop!
    MaxiMunK.com The Forum That Asks, "Are You Not Entertained?"

    Remember: "Anyone that thinks the Treo should just work right out of the box, shouldn't own a Treo..."
  15. kaoswlf's Avatar
    Posts
    349 Posts
    Global Posts
    353 Global Posts
    #15  
    Quote Originally Posted by Insertion
    Ahhh...that explains it. This is why I am pushing for a 6 month waiting/screening period before women are allowed to use anything more advanced than a mop!
    Dude... I was drinking soda when I read this and almost choked... Hilarious!!!
  16. #16  
    Quote Originally Posted by KAOSWLF
    Dude... I was drinking soda when I read this and almost choked... Hilarious!!!
    Two words...Woman Mop

    Remember this....
    MaxiMunK.com The Forum That Asks, "Are You Not Entertained?"

    Remember: "Anyone that thinks the Treo should just work right out of the box, shouldn't own a Treo..."
  17. #17  
    Quote Originally Posted by Insertion
    Two words...Woman Mop

    Remember this....
    I don't know why I'm with you...you are truly an ***!
  18. #18  
    Lol. Well I VNC'd into his computer and helped him spice up those viruses. I also noticed a very large amount of donkey-sex images and something about tubgirl.com being on the recent history for IE? I won't ask what Rob does in his free time.
  19. #19  
    Just stay away from my goatse.cx collection!!
    MaxiMunK.com The Forum That Asks, "Are You Not Entertained?"

    Remember: "Anyone that thinks the Treo should just work right out of the box, shouldn't own a Treo..."
  20. #20  
    tubgirl.com
    couldnt resist checking it out....that is absolutely the nastiest thing I have ever seen,...but had me lmao
    thanks
Page 1 of 2 12 LastLast

Posting Permissions