........BEWARE BROTHERS
....ya-all better do a deep scan of your machines
as mine just had a full meltdown the day before

starting with a STOP ERROR no BOOT INI (so i replaced "boot dot ini" file with another i keep for such ocassions
but with each successive reboot something new would crop up so i fixed MBR and BOOT the more i fixed the quicker the meltdown
going next to formats n partitions been taken off my floppy n harddrives (2x320GB data HDs now useless)
then lost use of dvd(so no emergency grab) and then couldnt access the net or network(last full backup i did was 06,........yeah i know:banghead:
...but i can be selective on choice now of downloads:d

so lucky i had another backup www hardrive kept for such emergencies
......because i have quite a high level of anti protection i'm amiss with how this could have happened and after seeing SOH posting there probs of the last few days i guess this little monster(cause it turned out to be a suite of virals which are in the one package,)is similar,
the main parcel sneaking in like a submarine under a battleship to hide its radar ping and once safely in harbour the scouting party or 'trojan" finds a suitable docking 'port-xxx'
perfect to unload main package
in this case "Downloader OBW"
which keeps the port open so other gremlins can come down the gangway
then it sneakily uninstalls the main parcel so it escapes detection on scanning
....but "beware everyone" it would have had to hide damn good to get past my sentries "if it happened to me etc"
.........so go into "safe" mode and do a full scan
good luck

That'll teach you to stay off those Bulgarian sites.
Seriously,,,sorry for your troubles...thanks for the HU.

Downloader OBW....I think that is the thing that nailed me a week or so ago. Luckily I was able to catch it before it did too much damage.....once I realized something had slipped under the radar, I yanked the ethernet cord out of the cable modem to get my system of line.

Have run anti-viral/anti-spy/anti-malware sweeps three times a day every day since and nothing has been found...not even by Remove It Pro which has found things that other packages don't.

OBIO

....HEY HC great to see your moniker matey:wavey:
.........damn bulgarians:d

........yeah OBIO but its what the trojan DOWNLOADER OBW brought with it.:banghead:
after it jammed a "port" open and sucessfully disguised itself from ZONE ALARM PRO it unleashed the hounds of hell

........so i'd suggest getting a PORT SCANNER as well as ZAPPRO... i'm using this free one for the moment
Advanced Port Scanner 1.3 (FREE)

http://www.radmin.com/products/utilities/portscanner.php#review

Very sorry to hear of your troubles Bro; I just fix a friends notebook that had a similar bug, it tore the guts right out of XP Pro.

The o/s still booted but: no USB or Ethernet conductivity, "Add-Remove Programs" list was BLANK!

About the only thing you could do was play the stock MS games.

It wouldn't even let me reload XP - had to remove the HD, slave it to my old box & re-format it - then everything was fine upon re-installation & reloaded the o/s with no problem.

----------------------------------------
BUG INFO:

Aug 22.08; A Trojan Dropper found ME!!!
(7 days after I fired up my NEW BRAND BOX!!!) :banghead: :banghead: :banghead:


AVG Free 8.0: saved my ass once again :applause: :applause: :applause:
The bug is: Trojan horse Dropper.Agent.JOC

Why is it so nasty / destructive? - check the file path:

C:\Program Files\Common Files\InstallShield\Engine\6\Intel32\knlwrap.exe

Awe-Geez ... This bug goes right for the place where it can access every program you have .... then it starts deleting them.


(On the notebook I ran "Recuva" a freeware recovery app. which checks the HD & shows what has been delete & what is recoverable. The main system files WERE NOT recoverable)


What is the best defense?

Only access the internet while logged in as a USER .. NEVER as an ADMINISTRATOR.


Why?

- As an ADMIN. it can assume full Admin. privilege & access every file on your box. (simple right?)

- As a USER; it only has a very limited area (inside the User domain) & cannot access the Main system files easily.

- this configuration should be considered: a standard operational procedure for all computer users.



My infection was a stupid mistake on my part :isadizzy:.
Because I was still loading the new box, I had not yet set up a User profile for myself.

I got off easy (Luck of the Irish??) You didn't & have paid the price.
- I do feel your pain Brother!

I hope this info helps you & everyone else who heads this advice in the future.


.
.

........."quote"
Only access the internet while logged in as a USER .. NEVER as an ADMINISTRATOR.
.
........i hear ya D-MAN............ damn good idea:jump:

........the strange thing is i can still fly a copy of CFS2 and IL2 that i had on another partition on the C drive no probs and nothing wierd
........but i nearly have my offline FLIGHT drive and new box ready (which will never go on the web)
.well i been lucky for 4-5 yrs now and hardly even had a CTD:ernae:
.. speakin so glibly in that other thread about safety should have realised i'd get MURPHYS LAW payback:d
stuff happens:d

........."quote"
Only access the internet while logged in as a USER .. NEVER as an ADMINISTRATOR.
.
........i hear ya D-MAN............ damn good idea:jump:
If ya can't stop the explosion - then at least try to minimize the damage.
- I think I read about this configuration in some Microsoft literature. (XP operating recommendations?)



........the strange thing is i can still fly a copy of CFS2 and IL2 that i had on another partition on the C drive no probs and nothing weird

Logical guess: You caught the bug early, perhaps before it migrated to the other partitions on the disk?



.well i been lucky for 4-5 yrs now and hardly even had a CTD:ernae:
Me too Bro .... Hallelujah...... Praise the Lord & pass gigabytes!!!
But honestly I've learned allot from dealing with problems & bugs like this. - whatever doesn't kill ya - just makes ya stronger (and smarter)




.. speakin so glibly in that other thread about safety should have realized i'd get MURPHYS LAW payback:d
stuff happens:d

I agree .... "tempting fate" perhaps?
But the more time you spend on-line; the odd are sumthing is gonna git ya sooner or later!!! (Law of Probabilities)

The best defense is to keep yer box clean, defragged, install the Microsoft updates as soon as they are released, scan & update with yer Anti Virus /Anti Spyware daily.

NEVER DELETE TIF's OR ANY OTHER FILES ... ALWAYS SECURELY ERASE THEM!!

In the previous thread I have learned new things. Tango really knows his stuff & shared a wealth of information with us. (he's my Hero!!) plus everyone else who chipped in.

No one knows everything but sharing our "collective knowledge" benefits us all.

:applause: :applause: :applause:

..........WELL FOR ANYONE INTERESTED
after a lot of investigating and talking to IT PROTECTION PRO'S i decided i was hit by a ROOTKIT
http://www.virus.gr/portal/en/content/rootkits-what-are-they-how-remove-them
these are very dangerous, very sophisticated packages that are made by organisations based on getting info from your machine very stealthily so as not to be discovered polymorphing as they go (ie the ability to hide as a jpeg or avi or word doc etc)
but by opening ports to be used by them, inadvertantly allow other more malicious monsters through
.......so it seems ROOTKITS are getting more prevalent but there is one process that can be used which is called SANDBOXING
.......http://www.virus.gr/portal/en/content/sandboxing-a-new-method-protection
this is intelligently creating a virtual space(enclosed sandbox) on the HD that everything from the web needs to go into so all the files are contained and easy to be analysed
.
SO ive opted forPAYING for and using Trustport-PC-Security Suite:ernae:
...........http://www.trustport.com.au/products/trustport-pc-security.html
.
.......which is a group of apps in one:applause:
........4 antivirus,firewall,spyware,sandbox and lots more

..........but for those wanting to try a FREE sandbox with there present setup there is SANDBOXIE:d

..............http://www.sandboxie.com/