http://www.giveawayoftheday.com/forums/ Giveaway of the Day Forums Tag: virus en Tue, 14 Oct 2008 13:09:55 +0000 http://www.giveawayoftheday.com/forums/topic/719/page/5#post-43334 Sun, 12 Oct 2008 07:58:59 +0000 hotdoge3 43334@http://www.giveawayoftheday.com/forums/ <p>RelevantKnowledge".I said no to it but scan come up with RelevantKnowledge so not to good, ccleaner come with a toolbar but they tell you don't need all so filehippo.com say you don't need it,I think we should be told,not like relevant information, search results, and coupons pop-up ads contextual information and services as you surf the Web.<br /> but you need to read it &#38; say yes or no to the EULA I all so check with EULAlyzer it helps with bad words that seem like good like save! information and offers.For your benefit,if it sound good it be bad. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-43333 Sun, 12 Oct 2008 07:28:32 +0000 hotdoge3 43333@http://www.giveawayoftheday.com/forums/ <p>GAOTD antivirus "a2" just blocked the other GAOTD antivirus "Anvir"'s all I can say is on my PC is ok,can you list you spyware AV so,you may like to read, <a href="http://www.realtechnews.com/posts/2675" rel="nofollow">http://www.realtechnews.com/posts/2675</a><br /> <a href="http://news.zdnet.com/2100-1009_22-147187.html" rel="nofollow">http://news.zdnet.com/2100-1009_22-147187.html</a><br /> For a brief period on Friday, McAfee's security tools killed more than viruses.</p> <p><a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&#38;taxonomyName=security&#38;articleId=9002974&#38;taxonomyId=17&#38;intsrc=kc_top" rel="nofollow">http://www.computerworld.com/action/article.do?command=viewArticleBasic&#38;taxonomyName=security&#38;articleId=9002974&#38;taxonomyId=17&#38;intsrc=kc_top</a></p> <p><a href="http://www.theregister.co.uk/2007/07/09/kaspersky_rising_tech_av_bunfight/" rel="nofollow">http://www.theregister.co.uk/2007/07/09/kaspersky_rising_tech_av_bunfight/</a> </p> http://www.giveawayoftheday.com/forums/topic/4021#post-43278 Sat, 11 Oct 2008 01:20:33 +0000 my_name_is_brad 43278@http://www.giveawayoftheday.com/forums/ <p>Nice article.</p> <p>this is similar to phishing techniques that have been used for some time. In the past it was a case of people sending legit looking emails supposed to be from a banking institution or other trusted source. These provide a link to the "site". The link is actually to a semi complete replica of where the user thinks they are going. Then info is gathered.</p> <p>I would be interested to see what these new attacks are actually doing. It seems like a lot of trouble just to trash a few computers.</p> <p>Like I said in the clickjacking thread, and mentioned in the article. ALWAYS check links before visiting. These youtube spoofs will NOT contain a legit youtube address.</p> <p>One quick point though, these are not hackers for the most part. They are using a program to do something they likely have no clue how to do on their own. It would be like calling someone who made a freewebs site a web designer, or calling someone a graphic artist because they decorated their own MySpace. Sorry, that is just a pet peeve of mine. </p> http://www.giveawayoftheday.com/forums/topic/4021#post-43277 Fri, 10 Oct 2008 23:17:14 +0000 LeKanaw 43277@http://www.giveawayoftheday.com/forums/ <p><strong>Bonjour MZ :*)</strong><br /> Big Thanks for the info!!</p> <p>This really is a Cat &#38; Mouse game!!<br /> So much energy wasted!!! *sigh*</p> <p>Peace<br /> <strong>PS:</strong> Did you see my post about ClickJacking? </p> http://www.giveawayoftheday.com/forums/topic/4021#post-43275 Fri, 10 Oct 2008 22:50:21 +0000 copmom 43275@http://www.giveawayoftheday.com/forums/ <p>Uh Oh.. I had one link the other day.. saying I needed to upgrade something!<br /> Thanks for the warning maizey! </p> http://www.giveawayoftheday.com/forums/topic/4021#post-43260 Fri, 10 Oct 2008 17:36:57 +0000 maizeydaze 43260@http://www.giveawayoftheday.com/forums/ <p>The Star Tribune published an article on 10/08/08 stating that links to YouTube videos that you receive in an <strong>email</strong><strong> could take you to a malicious web site when the link is clicked. Read the following article for details: <a href="http://www.artsandlabs.com/news/STARTRIBUNE_Criminals_building_fake_YouTube_pages_to_spread_viruses.aspx">STAR-TRIBUNE: Criminals building fake YouTube pages to spread viruses</a></p> <blockquote><p>A program circulating online helps hackers build those fake pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.</blockquote> </strong> </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-43232 Fri, 10 Oct 2008 07:59:37 +0000 gtoal 43232@http://www.giveawayoftheday.com/forums/ <p>the GAOTD antivirus "a2" just blocked the other GAOTD antivirus "Anvir"'s web site <a href="http://www.anvir.com" rel="nofollow">www.anvir.com</a> with this message:</p> <blockquote><p>Hosts engaged in the selling or distribution of bogus or fraudulent applications. This<br /> classification is assigned to sites being used for the distribution of rogue security or<br /> other such applications, for example: SpyHunter, SpyFalcon, SpywareQuake,</p></blockquote> <p>Either one GAOTD product is rogue, or the other one is for falsely reporting them!</p> <p>G </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-43175 Thu, 09 Oct 2008 07:23:51 +0000 gtoal 43175@http://www.giveawayoftheday.com/forums/ <p>a recent signature update to a2scan has picked up several trojans in old gaotd files...</p> <p>burnaware home edition<br /> jitbit autotext<br /> plato videoconverter<br /> earth3d screensaver<br /> smart installmaker </p> http://www.giveawayoftheday.com/forums/topic/3774#post-42590 Tue, 30 Sep 2008 10:13:48 +0000 hotdoge3 42590@http://www.giveawayoftheday.com/forums/ <p>Software yes Software Like the cleaner spyware scanner make new kill old spybot S &#38; D will do this just tell it no &#38; you be OK. </p> http://www.giveawayoftheday.com/forums/topic/3774#post-42561 Mon, 29 Sep 2008 20:58:57 +0000 sockeyeme 42561@http://www.giveawayoftheday.com/forums/ <p>i have had a similar problem and the solution for me was to go to control panel-- system-- restore tag--and then turn off the monitoring of my extra hard drives so restore was only monitoring my main c drive then system restore works and go back and turn on monitoring for the extra drives </p> <p>hope this helps </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40897 Thu, 28 Aug 2008 22:14:58 +0000 AlexSJ 40897@http://www.giveawayoftheday.com/forums/ <p>Check out Erunt. It's a little utility that will make a complete backup of your registry, every day at system start up and keeps a defined number of backups. If ever issues occur, it will let you go back to an earlier date. It's real easy to use.<br /> Pura vida<br /> AlexSJ </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40862 Wed, 27 Aug 2008 16:29:47 +0000 Robert 40862@http://www.giveawayoftheday.com/forums/ <p>Increasing the space in %-values in the monitored drives 'settings' tab might solve the problem.<br /> But ,some software installations may interfere with the files system restore relies upon also.</p> <p>It seems like every time system restore doesn't respond or hangs ,its SRP's are deleted.</p> <p>Quote:<br /> You run out of disk space on the system drive or on any one of the available non-system drives, and System Restore stops responding and stops monitoring your system.</p> <p>This behavior <strong>causes the system to delete all restore points in an attempt to free up disk space</strong>. However, you have probably already received a warning about running low in disk space prior to this point. In this case, when sufficient disk space is freed, System Restore starts to monitor the system again. At this point, it creates an automatic System Checkpoint.</p> <p>Note If you have a multiple-partition computer with a drive that has almost no free space, this drive may cause System Restore to stop responding all across the system and to delete restore points. However, this only occurs if you have reached the minimum disk space that is allowed and if you perform operations on monitored file types. Examples of such operations are upgrading, uninstalling or installing programs, moving, and deleting or renaming files. If your drive has almost no free space but you only perform operations on non-monitored files, System Restore does not stop responding<br /> Unquote</p> <p>BTW SRP's are set to be deleted after 90 days. </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40859 Wed, 27 Aug 2008 15:41:15 +0000 goodgotd 40859@http://www.giveawayoftheday.com/forums/ <p>avast all by itself can be a pain in the performance department. copying digital pictures around the LAN turning it off is quite a difference.</p> <p>I too strongly recommend revo. </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40854 Wed, 27 Aug 2008 13:50:35 +0000 aRenegade 40854@http://www.giveawayoftheday.com/forums/ <p>The system slow-up was most likely caused by Avast, Comodo, and A-Squared. Mixing and matching third party programs increases exponentially probabilities of running into compatibility issues. You have to keep in mind the programs you’re using all have competing products. For example the developers of A-Squared were not thinking about whether their program will run harmoniously with Avast and vise versa. Developers don’t do a bunch of software tests running their program in combinations against competing programs. All they care about was whether their product will run in harmony with the operating system (i.e., XP, Vista, etc). I run the same security programs you do except for Comodo. What I do might be something you could try. Turning off some of the Avast providers and just run the standard shield and the web shield. Once a week I do an update and system scan with A-Square (incidentally I temporality pause Avast before doing an A-Square deep scan). Next get rid of Comodo. It’s a good program in all but unless you’re involved in some sort of high profile top secret stuff it’s overkill; besides even if you’re involved in some secret stuff I somehow don’t think you’d be mucking around with freeware. The Windows firewall is fine.</p> <p>Now where to start looking for an answer regarding the restore issues - The Registry. Any fooling around with Windows Registry does involve some risk, and cleaning it out can have an impact on your PC's overall performance. It sounds like when you ran the registry cleaner some essential files Windows needed for a restore were deleted, or should I say, “cleaned”. Now can it be fixed? The answer to that is a big fat perhaps. First I would try using your Registry cleaner's restore feature which ensures that only the changes the program just made are reversed (keep in mind at this point restoring might not be possible if some DLL entry was deleted from the previous cleaning). Everything depends on the condition of your Registry.</p> <p>For future reference whatever you do, never choose an autoclean option, they are not to be trusted. In most other programs that walk you through with wizards, it's no big deal if you don't pay attention and you merely keep clicking the Next button. That is not the case with Registry cleaners. I strongly encourage you to stay alert and read whatever the cleaning tool has to say. When you begin scanning, make sure not to have any applications running; if possible, it's also smart to unload any tools running in your system tray. That's because open apps are constantly making Registry changes, and you want the Registry cleaner to do its work with no interference.</p> <p>The Windows Registry is the essential system that houses the massive collection of details about your computer; where programs are stored, which helper programs (known as DLLs) are shared among your various applications, listings of all your Start-menu shortcuts, pointers to the programs that fire up when you click on an icon, and that's just the beginning. Practically everything you do in Windows is recorded somewhere in the Registry. For instance, the URL for this forum probably has an entry now. The paths to the last dozen or so images or documents you opened are there, too, as are the details of the programs you most recently installed or uninstalled.</p> <p>As a last resort, restore your PC with a backup program--which you certainly have, right?</p> <p>I hope this has been of some help because I can certainly relate to the anxiety cause by PC issues and I’m not afraid to say, “Been There &#38; Done That.”</p> <p>(I almost forgot, when you’re through reading this, get your self a copy of Revo Uninstaller)</p> <p><a href="http://www.revouninstaller.com/" rel="nofollow">http://www.revouninstaller.com/</a> </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40820 Tue, 26 Aug 2008 15:14:21 +0000 goodgotd 40820@http://www.giveawayoftheday.com/forums/ <blockquote><p>ran C/cleaner and also let it clean the registry</p></blockquote> <p>have you considered this may have done it?</p> <p>take a look at <a href="http://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths">Debunking Common Windows Performance Tweaking Myths</a>. </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40815 Tue, 26 Aug 2008 11:39:35 +0000 Barry 40815@http://www.giveawayoftheday.com/forums/ <p>Hi rizla,<br /> Here is a link that might help:<br /> <a href="http://bertk.mvps.org/html/srfail.html" rel="nofollow">http://bertk.mvps.org/html/srfail.html</a><br /> Good luck,<br /> Barry </p> http://www.giveawayoftheday.com/forums/topic/3774#post-40811 Tue, 26 Aug 2008 10:33:12 +0000 rizla01 40811@http://www.giveawayoftheday.com/forums/ <p>I have just re-installed my Windows XP2 and set a new restore point every day over a period of a week during which time i was installing various bits of (Bought) software.</p> <p>Also have avast (free) Comodo(free) and Asquared (free) running all of the time.</p> <p>sys started to slow up and freeze a bit and ran C/cleaner and also let it clean the registry, but still no good. triad a few other things like turning off background progs and eventually went to do a sys restore and ALL of the restore points had disappeared.</p> <p>Where do I start looking for an answer?</p> <p>Anyone? </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40577 Fri, 22 Aug 2008 06:30:46 +0000 gracie20 40577@http://www.giveawayoftheday.com/forums/ <p>I am getting a Trojan alert in my system. what should i do? Please reply. </p> <p>Gracie Sh<br /> <a href="http://hdtvlcdplasma.com" rel="nofollow">http://hdtvlcdplasma.com</a> </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40347 Mon, 18 Aug 2008 02:53:16 +0000 skeptic 40347@http://www.giveawayoftheday.com/forums/ <p>Still no word from the GOTD team. it is now over 4 hours since I tried to post on the current giveaway comments section. My comment has not been posted.<br /> This will not go away!<br /> If this silence continue, I will notify all tech newsletters and magazines that I subscribed to. They include: PC WORLD, PC Magazine, Windows Secrets and a dozen more. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40346 Mon, 18 Aug 2008 02:44:43 +0000 crysisevolved 40346@http://www.giveawayoftheday.com/forums/ <p>Yea I got spyware on this latest download. This is the first time I have ever used GAOTD....and I am disappointed. Since I really liked this site, I recommended it to some friends once I found out about it. I now told them they packed spyware in their downloads, and not to visit the website. I have AVG and it tells me this, along with adaware2008 </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40345 Mon, 18 Aug 2008 01:39:53 +0000 JDPower 40345@http://www.giveawayoftheday.com/forums/ <p>So no comment from GAOTD on this matter (neither here or on the comments for today's giveaway), very disappointing. Personally I'd have pulled the download straight away which only leaves two explanations for the silence - either GAOTD knew about the spyware in todays download and don't care, or they are getting paid well to add this spyware software in their giveaways. Either way it seems GAOTD are no longer trustworthy (and fully deserve to go back to being a red listed site with McAfee Site Advisor) </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40337 Sun, 17 Aug 2008 21:12:15 +0000 GAOTD lover to hater in 1 day 40337@http://www.giveawayoftheday.com/forums/ <p>As jstone says: "Today's (8/17/08) giveaway, Plato iPod PSP 3GP Converter (http://www.giveawayoftheday.com/plato-ipod-psp-3gp-converter/) contains spyware called "RelevantKnowledge".</p> <p>There's no need for a detection scan as it actually pops up a screen *telling* you this at the beginning of the install (albeit in tiny print)."</p> <p>This has totally destroyed my confidence in GAOTD. Despite their claims, they obviously DO NOT check the software carefully enough. I have recommended this site to several non-technical friends and now I'll have to advise them that it can no longer be trusted.</p> <p>As of now GAOTD is gone from my bookmarks. Some may say that it's only one instance but that is one instance too many. A sad day indeed. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40321 Sun, 17 Aug 2008 15:41:53 +0000 jstone 40321@http://www.giveawayoftheday.com/forums/ <p>Today's (8/17/08) giveaway, Plato iPod PSP 3GP Converter (http://www.giveawayoftheday.com/plato-ipod-psp-3gp-converter/) contains spyware called "RelevantKnowledge".</p> <p>There's no need for a detection scan as it actually pops up a screen *telling* you this at the beginning of the install (albeit in tiny print).</p> <p>You can find more information about this particular spyware at <a href="http://www.benedelman.org/news/062907-1.html" rel="nofollow">http://www.benedelman.org/news/062907-1.html</a> among other places.</p> <p>According to the message at the beginning of this topic, "The GOTD Team do scan the giveaways prior to making them available, using multiple tools, and take every precaution to ensure that giveaways are virus, spyware or malware free."</p> <p>I really find it hard to believe that they're really checking for malware if they missed something *this* blatant. Simply reading the text on the first install screen would have alerted them.</p> <p>Meanwhile, there's been no response from the GAOTD admins despite the multiple warnings of spyware in the comments.</p> <p>How many people got infected with this garbage because they downloaded and installed it before my warning -- it's the second comment -- got out of the "awaiting moderation" stage and became visible? For that matter, there are probably still people installing it without reading the comments first. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-39953 Wed, 13 Aug 2008 18:03:40 +0000 Violet4714 39953@http://www.giveawayoftheday.com/forums/ <p>McAfee detected something in Smart Install Maker after installation...scan date was 11/30/2007...</p> <p>New Malware.bl</p> <p><a href="http://us.mcafee.com/virusInfo/default.asp?id=alphar&#38;char=New%20Malware.bl" rel="nofollow">http://us.mcafee.com/virusInfo/default.asp?id=alphar&#38;char=New%20Malware.bl</a></p> <p>in: C:\Program Files\Smart Install Maker\sim.exe</p> <p>it was also found in a System Restore point that was created after install...</p> <p>A0040785.exe was the restore point description...</p> <p>it was detected as Heuristic...</p> <p>McAfee Definition of Heuristic: Heuristic analysis is behavior-based analysis of a computer program by anti-virus software to identify a potential virus. Often heuristic scanning produces false alarms when a clean program behaves as a virus might.</p> <p>no other reports of infection were posted, but i wasn't comfortable with it on my PC, so i quarantined it...i haven't restored it to see if updated definitions have changed the status of SIM (the developers may have asked McAfee to check it &#38; verify it is ok)...</p> <p>this is my main PC, and i've had no problems with online transactions...</p> <p>XPSP2 MCE (up to date) </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-39949 Wed, 13 Aug 2008 16:34:59 +0000 gonzo 39949@http://www.giveawayoftheday.com/forums/ <p>Sure. No hits with up-to-date AVG 8.0 Free Edition, but I don't think that it picks up trojans, does it?</p> <p>I'm using DefenseWall as a sandbox isolator. I wish I was confident about exactly how I'd know if DefenseWall was doing any good against a trojan. I regularly get messages from DefenseWall regarding some program I'm using logging keystrokes, but those programs are legit and need keystroke logging to function, or at least their web sites claim so. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39814 Mon, 11 Aug 2008 18:16:28 +0000 Lee 39814@http://www.giveawayoftheday.com/forums/ <p>Did you both scan with any other AV or SW application? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39523 Wed, 06 Aug 2008 22:51:20 +0000 Mercurius 39523@http://www.giveawayoftheday.com/forums/ <p>At least 1 reply. Thanks, Gonzo, for your confirmation. It feels strange to report a trojan banker in a GOTD product and nothing happens almost 1 day.</p> <p>But I do wonder why GOTD remains silent. Bad sign for what's going on behind the stage,<br /> or just due to their vacation? We'll see...</p> <p>Meanwhile I've moved the two suspicious files onto a USB stick, and as a consequence the a² scan of the SIM directory is clean now. Nevertheless, such a state of "security" seems to me nothing but self-deceptive - not at all to my liking. How can we tell whether the two baddies haven't generated "remote server files" (cf. the given link above) hidden deeply inside the registry?</p> <p>So, what has to be done till somebody "official" is going to take over responsibility?!</p> <p>Well, to play safe you've got primarily one solution - all downloaders of Smart Install Maker must QUARANTINE the pc where SIM has been installed on in that they stop doing online banking on that same pc! If you are lucky having a notebook at your disposal, use IT for online banking as long as the coast isn't clear yet.</p> <p>Other than that I don't see an alternative to a reformat of your internet pc ...<br /> Do you, GOTD team??? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39505 Wed, 06 Aug 2008 16:39:53 +0000 gonzo 39505@http://www.giveawayoftheday.com/forums/ <p>Ditto here. Identical experience on my Vista Home Premium Presario laptop while recently trying out Emsi Anti-Malware 3.5.</p> <p>The files are identified further by Emsi as coming from Smart Install Maker -</p> <p>C:\Program Files\Smart Install Maker\Data\Install.exe</p> <p>I downloaded and installed Smart Install Maker from GAOTD on November 15, 2007.</p> <p>Question: If you delete the Smart Install Maker setup.exe file as well as the Install.exe file as I have done, are you then completely free of the Banker Trojan/Spy problem? In other words, can you safely use the Smart Install Maker program? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39449 Tue, 05 Aug 2008 19:22:00 +0000 Mercurius 39449@http://www.giveawayoftheday.com/forums/ <p>Smart Install Maker (GOTD from 11/27/2007) malware ALERT</p> <p>Emsi a² Anti-Malware 3.5 (very recent giveaway) has found a TROJAN-SPY.Win32.Banker.khi which is “capable of stealing private information such as account numbers, passwords and banking credentials” (cf. <a href="http://www.avast.com/eng/win32-banker.html" rel="nofollow">http://www.avast.com/eng/win32-banker.html</a>).<br /> Infected appear to be two files named “install.exe” (in “Data” folder) and "setup.exe” (if you haven’t deleted this file immediately after installation).</p> <p>GOTD team, you definitively ought to investigate that issue! It surely isn’t a minor one!<br /> To be honest, although there have been a few false positives in the a² results, this time I don’t believe in a f.p. for multiple reasons.<br /> Something which is considerably questioning the credibility of the author, I.B.C., as well as in every case alike we had on GOTD, is that on their website they give no hint whatsoever as to their location, not even the country they come from.<br /> The point is, would a serious, customer-related company not be trying to build trust by letting the customer know where, at least in which country, the company’s working that he’s gonna pay and rely his pc on? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-38454 Sat, 19 Jul 2008 06:45:18 +0000 gtoal 38454@http://www.giveawayoftheday.com/forums/ <p>I tried to watch a video this evening with VLC and got an error "<code>C:\Windows\system32\OPENGL32.DLL is either<br /> not designed to run on Windows or it contains an error.<br /> Try installing the program again using the original installation<br /> media or contact your system administrator or the software vendor for support</code>"</p> <p>Remembering what someone posted yesterday about wondershare having updated some DLLs, I pulled out my last complete backup - fortunately from last weekend - and compared the size and date stamps of all the files in system32, thinking it was just<br /> an older version of something that had been badly updated'. Apart from 5 files which<br /> appeared to be related to microsoft update, there was nothing visibly different.</p> <p>However obviously something *had* changed, so I did a hex dump of opengl32.dll from before and after the last backup.</p> <p>It turns out that the most recent one has had its code compressed and some new code added to it, and written back on top of the file so that the length is preserved. Some of the original contents are still present at the end of the file since the compressed code + virus are shorter than the original.</p> <p>The insertion of the virus was also careful to update the date stamps so that they don't appear to have been changed.</p> <p>The only software that I've installed since the last backup (with the exception of one program which I installed under returnil and then removed) is from GAOTD - the Gridinsoft editor, and Wondershare.</p> <p>Here is the start of opengl32.dll from the old safe version:</p> <blockquote><p> 00000000: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 : MZ..............<br /> 00000010: b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 : <a href="mailto:........@.......">........@.......</a><br /> 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................<br /> 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 : ................<br /> 00000040: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 : ........!..L.!Th<br /> 00000050: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f : is program canno<br /> 00000060: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 : t be run in DOS<br /> 00000070: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 : mode....$.......<br /> 00000080: a8 e1 0e 74 ec 80 60 27 ec 80 60 27 ec 80 60 27 : ...t..<code>&#39;..</code>'..`'<br /> 00000090: ec 80 61 27 41 80 60 27 cb 46 1b 27 fd 80 60 27 : ..a'A.<code>&#39;.F.&#39;..</code>' </p></blockquote> <p>and here is the start of the code from the infected version:</p> <blockquote><p> 00000000: 3d 22 97 cb 91 cb e6 f1 7d 9f 8c 9f 92 81 9f f1 : ="......}.......<br /> 00000010: c9 7a 39 06 06 47 d8 b0 71 5b 6f 14 d6 c7 1a 8d : .z9..G..q[o.....<br /> 00000020: 5a bd d9 6c 9d e3 42 2a ee d2 88 3b 43 db 0e 41 : Z..l..B*...;C..A<br /> 00000030: 08 49 22 05 5a 08 91 58 48 aa 81 6e 9e 2e 47 d3 : .I".Z..XH..n..G.<br /> 00000040: f5 40 4f b6 9a ba 3e 51 0c e2 81 6e df f1 5d a5 : <a href="mailto:.@O...&gt;Q...n..].">.@O...&gt;Q...n..].</a><br /> 00000050: 5c 47 2a e5 48 a5 1c 21 85 e7 08 db 9a 26 29 1e : \G*.H..!.....&#38;).<br /> 00000060: c4 db 74 1b 4e ff 16 a2 c9 c7 52 67 80 a0 13 eb : ..t.N.....Rg....<br /> 00000070: b5 a9 5b d5 1a 24 16 db d6 8c f4 7b b9 28 32 eb : ..[..$.....{.(2.<br /> 00000080: bb b2 4e ed c0 f9 c6 0c 17 88 69 29 4b 70 95 04 : ..N.......i)Kp..<br /> 00000090: 5e 40 5c 0c 02 58 0a df b9 d9 7c d7 29 2f 53 f8 : ^@\..X....|.)/S. </p></blockquote> <p>Maybe that'll be enough for other users here to check their own systems and<br /> see if anyone else has picked up this same virus.</p> <p>After getting two viruses in two weeks, with a high likelihood of them coming from here, this is just getting way too risky. As much<br /> as I've enjoyed the petty bickering, I am sad to say I'm outta here. So long guys, it's been nice knowing you.</p> <p>(Although I may drop in to this forum again after I've uploaded the virus to some of the AV sites to see if they can identify it)</p> <p>Graham </p>