Got an issue which is causing me to be a bit worried.

Using IE7. For the last few days, the M$ phishing filter at the bottom of my browser says it can't check sites because it is temporarily unavailable.

First, are others experiencing this? If not, I might have caught a bug (but there's no virus or spyware on the system). How to fix it?

TIA

Regards

Same here the last three days. I'm in the western United States.

Happening even on sites I frequent often.

Good to know. I did pi8ck up a dose of the svehost.exe/perfs.exe virus/spyware, which is a newy going around. There's also something called discover.exe sitting in my LocalService which I can't get a hold of and none of my utilities seem to kill it (NAV does mark it as a virus), bit I think it is responsible for svehost coming back now and again.

Real PITA.

Thanks for the confirmation.

Regards

Your Welcome

Thanks for the tip on the new nasty's going around,

You have inspired me to run special scans on all our PC's in the house.

http://forum.digital-digest.com/showthread.php?postid=545412#post545412

try this

Thanks Chewy, I'll give it a go.

Spybot & Ad-aware came up clean as did TrendMicro and Symantec's online scanners. M$'s online scanner found 4 severe issues (bloody hell, they don't ID them by name) but couldn't fix them! Then Norton AV (2002!!) ID'ed this thing called discover.exe in LocalService. Now, LS is not easily accessible via ordinary Explorer, but here's a tip. Rotten old Ner0 can access it! So, using Ner0's browser, I went to TIF of LS and cleaned out the temp files there (which only the Lord can me how they were caused).

Everyone should look in their c:\windows\system32 folder for a file called svehost.exe (not svchost.exe - that is core windows stuff) and delete it. Also, check for key logging text files and delete them. Look for Discover.exe, Perfs.exe (same icon as Perfmon.exe but it's a trojan) and ndt2.exe as well (these are part of the same rootkit). Use Autoruns from sysinternals to eliminate any startup of these files. And then use something that guards your registry against unauthorised changes to these locations - TeaTimer for example.

If you don't clean out all these files, they'll return on the next boot. The system is cute.

BTW: The Phishing filter seems to be back online sometimes. :)

Regards

It usually all starts with a tiny trojan downloader that installs with scripting from a web site, maybe a contaiminated ad. The longer it goes the more crap gets downloaded and installed, in extreme cases after I get all my weapons downloaded I pull the internet plug, the SOB can be updating while you are trying to kill it. Last bad case I had was the bookkeeping computer at a business I help, the OS has been patched repaired for 2 years now, I spent 3 evenings killing malware on it, most of the time in safe mode.
Found 4 full fledged virus, and 70 some trojans, they said the computer had been running fine just a little glitchy, this new species/variants are very subtle, not going for porn or gambling popups like older versions. They steal your sensitive data, turn your box into a bot so they sell the services to the highest bidder, shape your browsing, etc.

Bloody hell Blu, have you been a naughty boy? :)

Who? Me? :D

All seems fne now. Fingers xd.

Happy Thanksgiving.

Regards

Same to you Blu and I know you want some of my turkey

I'll wait till XMAS mate. Firey's making XMAS dinner this year (:yum:)

Regards

Good to know. I did pi8ck up a dose of the svehost.exe/perfs.exe virus/spyware, which is a newy going around. There's also something called discover.exe sitting in my LocalService which I can't get a hold of and none of my utilities seem to kill it (NAV does mark it as a virus), bit I think it is responsible for svehost coming back now and again.

Real PITA.

Thanks for the confirmation.

Regards


Once you get your system clean you might consider using the Sandboxie
approach. Basically it intercepts the HD writes and simulates your drives,
registry, whatever in a sandbox folder. I have Firefox with
the NoScript that I run sandboxed. But after a while clicking
"allow this" and "temporarily allow that" gets to be a pain so
I just run an old version of Opera sandboxed with no other
virus scans or protections. I'm told it works fine for IE
too.

The main fly in the ointment with Sandboxie is it either works
with your HD or it doesn't. So when you attempt to install
the device driver, it may crash your system(it gives a warning
during the install that it may crash) If it installs ok then you're good.

The other issue is the installer sets up the Sandboxie Service to
start Automatic. I find it interferes with DVD burns so I set it
to Manual. After you close the Sandboxie Control app use
this one-liner to stop the Sandboxie Service much
faster than using the Services Applet thing:
C:\Windows\System32\sc.exe stop SbieSvc

The newest version(3.20) is still kind of buggy so I recommend
getting v. 3.02 from the old versions page:
http://www.sandboxie.com/index.php?OldVersions

The freeware version does everything you need. The paid app has a
couple of convenience functions, mainly to automatically prompt you
to copy stuff out of the sandbox to the "real" folder on your HD.
I've been running it for a few months now and it seems to work as
advertised afaict. :)

One thing is to remember to turn off system restore before the repair, that way you do not have the same problem if you have to do a system restore. Just remember to turn on the restore, after the repair is done.

general consensus is do the repair and if you can still boot into regular mode and everything works then turn off system restore(deleting the bad ones) and then turn it back on created a repaired one

in a quite a few cases the system is damaged during any heavy duty malware fix

I agree Chewy.

general consensus is do the repair and if you can still boot into regular mode and everything works then turn off system restore(deleting the bad ones) and then turn it back on created a repaired one

in a quite a few cases the system is damaged during any heavy duty malware fix

Another way to skin the cat I've made habitual to save space on backups
is to use the Windows Disk Cleanup utility. I make a restore point, then
on the 2nd tab of Disk Cleanup there's a button to delete all but the
last restore point.

6 of one or approx. 50% of a dozen. :)