I am using McAfee 2008 and it has been catching this virus or trojan
every time it scans the computer recently. It always says it repaired
the virus by removing it. However, it appears to keep coming back,
making me think that it's parked somewhere else on the laptop and is
regenerating itself somehow.

The trojan seems to park itself in the C:/System Volume
Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

folder.



The reason I am concerned is that today I got a call from my credit
card security center saying my card had been compromised shortly after
I placed an order online at a place called Texas Towers in PLano, TX.

Now, I don't know if it is the Trojan at fault or some slimeball thief
employee of the company. I keep no credit card information on the
computer, but did type in the credit card number and other information
when placing the order at Texas Towers. Could that Generic.PWS.y
have sent the card information somewhere or would anyone know just how
these trojans mentioned above work?

I really suspect someone at Texas Towers since the problem occured an
hour or so after I placed the order (I got an E-Mail back from their
sales dept saying the item was not in stock and did I want to
backorder). I plan to call Texas Towers tomorrow and report what
happened, but was wondering if it could be that trojan that caused the
problem.

Thanks for any suggestions.

Jim

It could very well be the malware infection.

I suggest you show your computer to a professional immediately. Failing
that I would suggest you erase your hard disk and re-install all your
software. You should not connect your computer to the internet in any
way, shape or form until you know the infection is gone.
---
Leonard Grey
Errare humanum est

Jim wrote:
> I am using McAfee 2008 and it has been catching this virus or trojan
> every time it scans the computer recently. It always says it repaired
> the virus by removing it. However, it appears to keep coming back,
> making me think that it's parked somewhere else on the laptop and is
> regenerating itself somehow.
>
> The trojan seems to park itself in the C:/System Volume
> Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> folder.
>
>
>
> The reason I am concerned is that today I got a call from my credit
> card security center saying my card had been compromised shortly after
> I placed an order online at a place called Texas Towers in PLano, TX.
>
> Now, I don't know if it is the Trojan at fault or some slimeball thief
> employee of the company. I keep no credit card information on the
> computer, but did type in the credit card number and other information
> when placing the order at Texas Towers. Could that Generic.PWS.y
> have sent the card information somewhere or would anyone know just how
> these trojans mentioned above work?
>
> I really suspect someone at Texas Towers since the problem occured an
> hour or so after I placed the order (I got an E-Mail back from their
> sales dept saying the item was not in stock and did I want to
> backorder). I plan to call Texas Towers tomorrow and report what
> happened, but was wondering if it could be that trojan that caused the
> problem.
>
> Thanks for any suggestions.
>
> Jim
>
>

On Thu, 18 Sep 2008 22:50:40 -0400, Jim <nospam@nospam.com> wrote:

> I am using McAfee 2008 and it has been catching this virus or trojan
> every time it scans the computer recently. It always says it repaired
> the virus by removing it. However, it appears to keep coming back,
> making me think that it's parked somewhere else on the laptop and is
> regenerating itself somehow.
>
> The trojan seems to park itself in the C:/System Volume
> Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx folder.

Remove all restore points. Do this by disabling System Restore and
rebooting.
Generic PWS.y Generic.dx are keyloggers. After reboot,update McAfee and
run a full scan.


> The reason I am concerned is that today I got a call from my credit
> card security center saying my card had been compromised shortly after
> I placed an order online at a place called Texas Towers in PLano, TX.

When you found out you had some type of info-stealing pest, why would you
do any kind of banking/credit tranactions? What did you do to prevent this
kind of thing to happen in the future?


> Now, I don't know if it is the Trojan at fault or some slimeball thief
> employee of the company. I keep no credit card information on the
> computer, but did type in the credit card number and other information
> when placing the order at Texas Towers. Could that Generic.PWS.y
> have sent the card information somewhere or would anyone know just how
> these trojans mentioned above work?
>
> I really suspect someone at Texas Towers since the problem occured an
> hour or so after I placed the order (I got an E-Mail back from their
> sales dept saying the item was not in stock and did I want to
> backorder). I plan to call Texas Towers tomorrow and report what
> happened, but was wondering if it could be that trojan that caused the
> problem.
>
> Thanks for any suggestions.
>
> Jim
>
>

You need more protection than just McAfee AV. After scanning with your
updated AV, download, and run SUPERAntiSpyware(don't forget to update it
before scanning your system). You should keep it and scan your system
every week with it. The free version does not include "real-time" scanning
but you need one. Spyware Terminator is a decent, free, spyware
"real-time" scanner.

max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is setup for use in USENET by everyone

Thanks for the help. Should I remove SPYBOT before installing
the two programs you recommend, I have already downloaded them
but did not install them yet.

Jim





On Fri, 19 Sep 2008 00:20:18 -0400, "What's in a Name?"
<maxwachtel@nomail.afraid.org> wrote:

>On Thu, 18 Sep 2008 22:50:40 -0400, Jim <nospam@nospam.com> wrote:
>
>> I am using McAfee 2008 and it has been catching this virus or trojan
>> every time it scans the computer recently. It always says it repaired
>> the virus by removing it. However, it appears to keep coming back,
>> making me think that it's parked somewhere else on the laptop and is
>> regenerating itself somehow.
>>
>> The trojan seems to park itself in the C:/System Volume
>> Information/-restore/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx folder.
>
>Remove all restore points. Do this by disabling System Restore and
>rebooting.
>Generic PWS.y Generic.dx are keyloggers. After reboot,update McAfee and
>run a full scan.
>
>
>> The reason I am concerned is that today I got a call from my credit
>> card security center saying my card had been compromised shortly after
>> I placed an order online at a place called Texas Towers in PLano, TX.
>
>When you found out you had some type of info-stealing pest, why would you
>do any kind of banking/credit tranactions? What did you do to prevent this
>kind of thing to happen in the future?
>
>
>> Now, I don't know if it is the Trojan at fault or some slimeball thief
>> employee of the company. I keep no credit card information on the
>> computer, but did type in the credit card number and other information
>> when placing the order at Texas Towers. Could that Generic.PWS.y
>> have sent the card information somewhere or would anyone know just how
>> these trojans mentioned above work?
>>
>> I really suspect someone at Texas Towers since the problem occured an
>> hour or so after I placed the order (I got an E-Mail back from their
>> sales dept saying the item was not in stock and did I want to
>> backorder). I plan to call Texas Towers tomorrow and report what
>> happened, but was wondering if it could be that trojan that caused the
>> problem.
>>
>> Thanks for any suggestions.
>>
>> Jim
>>
>>
>
>You need more protection than just McAfee AV. After scanning with your
>updated AV, download, and run SUPERAntiSpyware(don't forget to update it
>before scanning your system). You should keep it and scan your system
>every week with it. The free version does not include "real-time" scanning
>but you need one. Spyware Terminator is a decent, free, spyware
>"real-time" scanner.
>
>max

On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam@nospam.com> wrote:

> Thanks for the help. Should I remove SPYBOT before installing
> the two programs you recommend, I have already downloaded them
> but did not install them yet.
>
> Jim

If you mean Spybot Search+Destroy, you should leave it installed.
Post back with results.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is setup for use in USENET by everyone

Max;

The SAS program found 19 tracking cookies that had been missed by both
McAfee and Spybot. I had already taken your advice and stopped
the system restore which got rid of the other Trojan.

Also, another benefit, the Super Anti Spyware is at least 10 times
faster than Spybot and McAfee. With Spybot, a full scan takes well
over an hour, probably two. SAS is really very fast and a full scan
might take 20 minutes or less, and I have two large drives on this
laptop.

Thanks again for your assistance.

I guess if a programmer knew machine language, he could
go into the GENERIC.PWS Trojan, disassemble it, and find out just who
and
where it was reporting to, is that right, as it must report to some
site or IP address? McAfee rates this trojan threat low.

I think my card problem came from the company I placed the
order with, but the owner denied vehemently it could have come
from him, as he said he trusted his employees implicitly, and
was very upset I even suggested it. However, I wonder if his
webmaster or his computer network is really safe? The time involved
from the time I placed the order until the credit card company
notified me was only a few hours They had to move fast whatever
they did. I think from now on will just call the company and give
order verbally, but it is very convenient to be able to place an order
at 2 am....

Jim






On Fri, 19 Sep 2008 09:04:19 -0400, "What's in a Name?"
<maxwachtel@nomail.afraid.org> wrote:

>On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam@nospam.com> wrote:
>
>> Thanks for the help. Should I remove SPYBOT before installing
>> the two programs you recommend, I have already downloaded them
>> but did not install them yet.
>>
>> Jim
>
>If you mean Spybot Search+Destroy, you should leave it installed.
>Post back with results.
>max

I was wrong about the scanning time of SAS, it is longer than I
thought, took almost as long as Spybot, as today I did a complete
scan and it took over 50 minutes with an 80 GB and a 60 GB drive
in my laptop.




On Sat, 20 Sep 2008 09:32:30 -0500, Jim <nospam@nospam.com> wrote:

>Max;
>
>The SAS program found 19 tracking cookies that had been missed by both
>McAfee and Spybot. I had already taken your advice and stopped
>the system restore which got rid of the other Trojan.
>
>Also, another benefit, the Super Anti Spyware is at least 10 times
>faster than Spybot and McAfee. With Spybot, a full scan takes well
>over an hour, probably two. SAS is really very fast and a full scan
>might take 20 minutes or less, and I have two large drives on this
>laptop.
>
>Thanks again for your assistance.
>
>I guess if a programmer knew machine language, he could
>go into the GENERIC.PWS Trojan, disassemble it, and find out just who
>and
>where it was reporting to, is that right, as it must report to some
>site or IP address? McAfee rates this trojan threat low.
>
>I think my card problem came from the company I placed the
>order with, but the owner denied vehemently it could have come
>from him, as he said he trusted his employees implicitly, and
>was very upset I even suggested it. However, I wonder if his
>webmaster or his computer network is really safe? The time involved
>from the time I placed the order until the credit card company
>notified me was only a few hours They had to move fast whatever
>they did. I think from now on will just call the company and give
>order verbally, but it is very convenient to be able to place an order
>at 2 am....
>
>Jim
>
>
>
>
>
>
>On Fri, 19 Sep 2008 09:04:19 -0400, "What's in a Name?"
><maxwachtel@nomail.afraid.org> wrote:
>
>>On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam@nospam.com> wrote:
>>
>>> Thanks for the help. Should I remove SPYBOT before installing
>>> the two programs you recommend, I have already downloaded them
>>> but did not install them yet.
>>>
>>> Jim
>>
>>If you mean Spybot Search+Destroy, you should leave it installed.
>>Post back with results.
>>max

My reply is at the bottom of your sent message.

In news:0446d4dsi0dvto0i3incle9b63fngtdv27@4ax.com,
Jim <nospam@nospam.com> typed:


> I am using McAfee 2008 and it has been catching this virus or trojan
> every time it scans the computer recently. It always says it repaired
> the virus by removing it. However, it appears to keep coming back,
> making me think that it's parked somewhere else on the laptop and is
> regenerating itself somehow.

<snip>

> The reason I am concerned is that today I got a call from my credit
> card security center saying my card had been compromised shortly after
> I placed an order online at a place called Texas Towers in PLano, TX.

<snip>

> Thanks for any suggestions.

I'll type carefully because I don't want to come off sounding like a jerk.
But...

You had reason to suspect you were infected. You used the computer to
transmit your credit card and who knows how much other personal information.
Don't do that. Security is NOT a product. It is an awareness, if you'd like.
It is a state of mind. It is a compromise between what you need to do and
what risks you'll accept.

Cancel your card immediately and order one of the credit watch services to
ensure that these people don't now go out and get new accounts in your name.

Anti-malware products are generally only good at preventing infection and
then they're only good at preventing what they have signatures for. This is
the time when you get ready to completely format your PC and do a new
installation following the Good Hex principles.

I hope that I didn't sound like a jerk or too harsh. Hopefully this is a
small price to pay to learn this lesson and hopefully it doesn't result in a
completely stolen identity or the likes.

--
Galen

My Geek Site: http://kgiii.info
Web Hosting: http://whathostingshould.be

"It is a capital mistake to theorize before you have all the evidence. It
biases the judgment." - Sherlock Holmes

On Sat, 20 Sep 2008 19:07:42 -0400, Jim <nospam@nospam.com> wrote:

*********my replies are inline***************

> I was wrong about the scanning time of SAS, it is longer than I
> thought, took almost as long as Spybot, as today I did a complete
> scan and it took over 50 minutes with an 80 GB and a 60 GB drive
> in my laptop.

Do you have the latest and greatest version of spybot installed? It is
supposed to be faster than previous versions. Anyway, 140 gb/1 hour is a
little over 2 gb a minute, which seems reasonable to me, but I have no
idea how much data was actually scanned and what, if any, other programs
were running at the time. I know that spybot has some tweaks you could
apply to shorten scan times but I don't know if SAS has any settings that
can be changed.

>
> On Sat, 20 Sep 2008 09:32:30 -0500, Jim <nospam@nospam.com> wrote:
>
>> Max;
>>
>> The SAS program found 19 tracking cookies that had been missed by both
>> McAfee and Spybot. I had already taken your advice and stopped
>> the system restore which got rid of the other Trojan.
>>
>> Also, another benefit, the Super Anti Spyware is at least 10 times
>> faster than Spybot and McAfee. With Spybot, a full scan takes well
>> over an hour, probably two. SAS is really very fast and a full scan
>> might take 20 minutes or less, and I have two large drives on this
>> laptop.
>>
>> Thanks again for your assistance.
>>
>> I guess if a programmer knew machine language, he could
>> go into the GENERIC.PWS Trojan, disassemble it, and find out just who
>> and
>> where it was reporting to, is that right, as it must report to some
>> site or IP address? McAfee rates this trojan threat low.

I think that they try to do some type of investigating but I'm sure those
IP addys are changed all the time.

>> I think my card problem came from the company I placed the
>> order with, but the owner denied vehemently it could have come
>> from him, as he said he trusted his employees implicitly, and
>> was very upset I even suggested it. However, I wonder if his
>> webmaster or his computer network is really safe? The time involved
>> from the time I placed the order until the credit card company
>> notified me was only a few hours They had to move fast whatever
>> they did. I think from now on will just call the company and give
>> order verbally, but it is very convenient to be able to place an order
>> at 2 am....
>>
>> Jim

Yes it is but at what cost? You found out the hard way. You need to figure
out how you got infected in the first place. The company is probally
right, as you are the one that had the infestation. Do you practice
"safe-hex"? Maybe you need a bigger rubber! It's like the wild,wild,'net
out here, lots of bandits and not many sherrifs.

>> On Fri, 19 Sep 2008 09:04:19 -0400, "What's in a Name?"
>> <maxwachtel@nomail.afraid.org> wrote:
>>
>>> On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam@nospam.com> wrote:
>>>
>>>> Thanks for the help. Should I remove SPYBOT before installing
>>>> the two programs you recommend, I have already downloaded them
>>>> but did not install them yet.
>>>>
>>>> Jim
>>>
>>> If you mean Spybot Search+Destroy, you should leave it installed.
>>> Post back with results.
>>> max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is setup for use in USENET by everyone

Duh, you didn't read that I said McAfee said it had taken care of
the problem. I believed it.






On Sat, 20 Sep 2008 22:32:23 -0400, "Galen" <galennews@gmail.com>
wrote:

>My reply is at the bottom of your sent message.
>
>In news:0446d4dsi0dvto0i3incle9b63fngtdv27@4ax.com,
>Jim <nospam@nospam.com> typed:
>
>
>> I am using McAfee 2008 and it has been catching this virus or trojan
>> every time it scans the computer recently. It always says it repaired
>> the virus by removing it. However, it appears to keep coming back,
>> making me think that it's parked somewhere else on the laptop and is
>> regenerating itself somehow.
>
><snip>
>
>> The reason I am concerned is that today I got a call from my credit
>> card security center saying my card had been compromised shortly after
>> I placed an order online at a place called Texas Towers in PLano, TX.
>
><snip>
>
>> Thanks for any suggestions.
>
>I'll type carefully because I don't want to come off sounding like a jerk.
>But...
>
>You had reason to suspect you were infected. You used the computer to
>transmit your credit card and who knows how much other personal information.
>Don't do that. Security is NOT a product. It is an awareness, if you'd like.
>It is a state of mind. It is a compromise between what you need to do and
>what risks you'll accept.
>
>Cancel your card immediately and order one of the credit watch services to
>ensure that these people don't now go out and get new accounts in your name.
>
>Anti-malware products are generally only good at preventing infection and
>then they're only good at preventing what they have signatures for. This is
>the time when you get ready to completely format your PC and do a new
>installation following the Good Hex principles.
>
>I hope that I didn't sound like a jerk or too harsh. Hopefully this is a
>small price to pay to learn this lesson and hopefully it doesn't result in a
>completely stolen identity or the likes.