This is new this month. When I am in eBay, instead of opening an
auction page, it sends me to blockbuster.com or circuitcity.com or
netflix.com etc. I have win 98 and IE6 SP1. Ran spyware programs and
it is still there.

Does this sound familier? FR Wilk

On Sun, 17 Jun 2007 20:40:49 -0700, PowerPROM@frwilk.com wrote:

>This is new this month. When I am in eBay, instead of opening an
>auction page, it sends me to blockbuster.com or circuitcity.com or
>netflix.com etc. I have win 98 and IE6 SP1. Ran spyware programs and
>it is still there.
>
>Does this sound familier? FR Wilk

Check to see if you have core.sys It wil be registered as a driver.

This is a particularly nasty one, but relatively easy to get rid of.

I suspect it's this one because it's been surfacing quite a bit
lately, and none of my malware utilities discovered it. I caught it
and got it submitted, so now they do.

here's what I sent out:

Today I began to experience some weird behaviour. Every So often, an
IE window would pop up, trying to take me to various webpages. I could
not find any service etc which would do this.

So I caught one of the urls it was trying to go to: url.cvpfeed.com.

So I went to my Lavasoft A-ware, and it could not recognise anything
(even with a full scan)

Grisoft Professional, with the latest definitions could not find it.

So I googled around, and found this reference:

http://www.lavasoftsupport.com/index...opic=8601&st=0

The discussion explains it. I followed the instructions and fixed it.

I submitted the file to www.virustotal.com and got the attached screen
dump result. So some engines do see it as a trojan. Not sure how it
got to me. I'm Windows XP Pro, with all service packs etc. Not even
Winpatrol saw it coming in.


--

Find out about Australia's most dangerous Doomsday Cult:
http://users.bigpond.net.au/wanglese/pebble.htm

"You can't fool me, it's turtles all the way down."

"Maths proves you know how to plug in some figures into a formula, that's
all"
"Even physics is based on wrong theories, so what's the use of maths"
Carole - demonstrating her mathematical abilities.

Thanks Wally for the reply,

I looked and core.sys is not there. It is something else. Any other
ideas guys?

Start here:
http://aumha.org/a/parasite.htm
--
mae

<PowerPROM@frwilk.com> wrote in message
news:1182171222.266754.67020@d30g2000prg.googlegro ups.com...
| Thanks Wally for the reply,
|
| I looked and core.sys is not there. It is something else. Any other
| ideas guys?
|

Sometimes the hackers put the same basic trojan into a different name, but
they tend to use similar names so they can keep track of their work.

I'd suggest a search for EVERYTHING with the extension .sys that has been
modified or installed since a day or two before the problem began.
Additionally, any file with "core" in it (a file search for "core" would
suffice), since it could have been changed from a .sys file.

And although it is stating the obvious, make sure you check ALL files and
folders, including hidden files & folders.

"mae" wrote:

> Start here:
> http://aumha.org/a/parasite.htm
> --
> mae
>
> <PowerPROM@frwilk.com> wrote in message
> news:1182171222.266754.67020@d30g2000prg.googlegro ups.com...
> | Thanks Wally for the reply,
> |
> | I looked and core.sys is not there. It is something else. Any other
> | ideas guys?
> |
>
>