herme3

I just received an e-mail, and I'm sure that it is a phishing scam because I don't use Bank of the West. The strange thing is that the e-mail talks about protecting yourself from these types of scams. The e-mail says: At the bottom, there is a link to http://61.95.74.220/.bankofthewest.com/OnlineBanking/index.htm but I never clicked on the link because I'm worried it might contain a Trojan or virus. Do you think this is a scam, or could it be real?

I ran Rootkit Revealer again, but nothing showed up in the log. Here is the new Hijack This log:

I just figured out how to delete the virus! I used Microsoft Word, and clicked on the "open" button. I went to the system32 folder, and manually typed "avpe32.dll" into the file name box. I got an error message, and it did not work. After that, I typed "avpe64.sys" and Word loaded the file. I pressed ctrl+A to select everything, and then I pressed delete. After that I pressed "Save" and Word asked me if I was sure that I wanted to save because the file may not convert to text correctly. I pressed "Yes" and it saved over the virus file. I repeated the previous steps for "klgcptini.dat", "qz.dll", "qz.sys", and "stt82.ini". After all of those files were resaved as blank files, I restarted my computer. When it loaded again, I went into the System32 folder from My Computer. All of the virus files were now visible, including the "avpe32.dll" file that would not open in Word. I used the Unlock application to delete "avpe32.dll" and I easily deleted all of the other virus files without any problems. Now, ZoneAlarm Pro is working again and my computer isn't showing any other strange behavior. I want to thank everyone here, especially Dak and Cap'n Refsmmat. I couldn't have deleted this virus without your help.

Dak, when I try to run the F-Secure Blacklight application, I receive an error message. It says:

I think I may have found the IP addresses of the people who may be using this trojan to gather passwords and other information! I downloaded a packet sniffer program, and I noticed that the "System" process was sending data. The "System" process is also what the Unlock application said was locking the ZoneAlarm Pro files. Therefore, I think this data that was being sent is from the virus. The two IP addresses that I found were: 212.27.63.103 and 67.15.35.7 Both IP addresses lead to an apache server without an index page. Also, the WHOIS information is blocked. This certainly sounds suspicious to me. Does anybody know how I can further trace these IP addresses to see if they could be the people that created this virus? Dak, I ran the Microsoft Malicious Software Removal Tool and it said, "No malicious software was detected."

Here are the contents of the log.txt file: Here is the new HighjackThis log: Here is the new Rootkit Revealer log:

Thanks, Dak. I will download that file and post the log files. Did this virus probably enter as a trojan instead of from the web site I was viewing at the time?

Cap'n Refsmmat, how did you remove the virus from your computer? Do you know how I could remove the virus from my computer and get ZoneAlarm Pro to work again? Does anybody see anything that could be the virus in the rootkit revealer report I posted? Isn't avpe32.dll and avpe64.sys part of Haxdoor? Should I try to manually delete those files? What about the other files that it listed?

Here is the report from the rootkit revealer: I used the Unlock application to see what process was locking vsmon.exe. It said that the file was locked by the "System" process. I thought that process was part of Windows. Why would it be locking vsmon.exe? Also, I found some strange temporary files in the temp folder. There is a folder named "W01804300" and it contains all of the source codes of the web sites I have visited since the virus entered the computer. Could this be part of a spyware program? If so, why won't my AntiSpyware program detect it?

I was able to completely remove ZoneAlarm Pro using the Unlocker that Cap'n Refsmmat recommended. I also reinstalled ZoneAlarm Pro, and the installation was successful. However, ZoneAlarm Pro still won't work. The actual security engine of ZoneAlarm Pro is vsmon.exe and that process is immediately terminated when I try to start ZoneAlarm Pro. When I tried to manually click on vsmon.exe I received an error that said, "Another program is currently using this file." I don't understand why I am receiving this error. Vsmon.exe is not running in my list of processes. Although I am not sure what all of the processes are, I do not see think any of them are the virus. 0.exe has been deleted from the computer. Which process could be stopping the vsmon process from running?

Dak, here is the log from HijackThis: 5614, the computer is acting different in several ways besides the problem with ZoneAlarm Pro. First, the Windows firewall is disabled and will not start. Second, the computer will not connect to my home network. Third, explorer.exe will crash when I try to access the Control Panel. When this happens, my taskbar will disappear. It will come back after a few seconds. After that, I will be able to access the Control Panel normally until the next time I start my computer.

I wish I could join all of the people that are blaming this on IE. Unfortunately, I must admit that I was using a web browser that I created... I'm not sure how many other browsers would be affected by this virus. I have been using my own browser for several months, and this is the first security problem I have ever had. I had many more virus problems when I used IE, but Symantec AntiVirus always detected them and deleted them. Symantec won't even detect this one. I have already started my computer in safe mode, and I still couldn't delete ZoneAlarm Pro so I can install it again. It appears that the security engine of ZoneAlarm is still running, but it isn't working as a firewall. It is almost like the virus has hijacked ZoneAlarm Pro so it can't be deleted and reinstalled. I will try the link that Cap'n Refsmmat posted, and let you know if it works. This virus seems to target firewalls. I can't get the Windows firewall to work either. Everything else on my computer seems to be working correctly.

I'm sure that this virus is still in my computer, and the most updated definitions of Symantec AntiVirus won't find it. I've checked all the processes, and I don't see anything unusual. I am unable to reinstall ZoneAlarm Pro because it says that the file is opened by another process. This still comes up even after a restart. Due to this problem, I am unable to reinstall ZoneAlarm Pro. I don't believe that script prompt window was part of Internet Explorer. I've never seen it before, and it is called, "Explorer User Prompt". This doesn't seem to be part of Explorer.exe and Microsoft is always careful to label every part of Internet Explorer as "Internet Explorer", not just "Explorer". That prompt must have been a downloader that is part of the virus. Also, I am unable to start the Windows firewall or the security center that came with Service Pack 2. When I try to start the firewall, I get a message that says, "Due to an unidentified problem, Windows cannot display Windows Firewall settings." I ran a scan on the 0.exe file at http://virusscan.jotti.org/ and I got the following results: What does that mean?

One of my computers have been infected with a virus or worm that got past Symantec AntiVirus Corporate Edition, and ZoneAlarm Pro. In fact, the virus has disabled my ZoneAlarm Pro firewall, and I'm trying to figure out how to fix it. The virus automatically downloaded itself into my computer from a web site. It only took a few seconds to download, so I didn't have time to press the Cancel button. While it was downloading, I saw the following window: Then a file named 0.exe was on my hard drive. Before ZoneAlarm Pro was disabled, it warned me that 0.exe was trying to act like a server. It also warned me that 0.exe was attempting to send e-mail messages. At first, I tried to delete 0.exe but I received an error message that said, "Access Denied". After that, I restarted my computer to find that ZoneAlarm Pro was disabled. Although I was able to delete 0.exe, I have a feeling that the virus/worm is still somewhere in my computer. I would appreciate it if anyone could tell me something about this virus. I don't even know what it is called, and I can't get any good information by searching for "0.exe". I have compressed the 0.exe file and placed it at http://www.bluealan.com/virus.zip so if there are any virus experts here, maybe they could figure out how it works.

I don't think anybody is understanding my first post... The scientists that started this idea are saying that Venus was just like Earth. It had oceans, land, and breathable air. The idea is that an advanced civilization lived on Venus millions, or maybe billions of years ago. They changed the planet to the condition that it is in today. Some say it was pollution, and others say it may have been a type of nuclear or chemical war. I don't understand why people keep bringing the theory of evolution into this topic. If human evolution happened 200,000 years ago on Earth, that doesn't mean that it took the same amount of time on Venus. If you believe in natural selection, then you should also believe that different environmental conditions on Venus could change the amount of time that it would take for an intelligent species to come into existence. If you believe in creationism, you could also believe that God created an intelligent species on Venus before Earth. The solar system has existed for billions of years before life on Earth. I don't understand why it would be impossible for advanced life to have existed on Venus during that time.

I've noticed that data sent across a wireless LAN network can be read very easily if you don't use WEP encryption keys. I was wondering, how far can a signal from a wireless network travel? If I used a wireless network without encryption, could somebody with a very power receiver read my data from miles away?

I have had my Hotmail account for about 4 years, and there have been two times where messages that I have deleted appeared in my Inbox. These were messages that I had deleted months ago, and removed from the trash can. However, they just came back into my Inbox. I was sure that Microsoft was secretly keeping deleted messages on their server. I e-mailed Microsoft, and they promised that they did not keep any deleted messages. They claimed that once a message was deleted from the trash can, it was gone forever. I didn't really believe this, and I was still sure that there was a hidden place in my Hotmail account that contained deleted messages. Now, I think I have found it. I was carefully looking at the packets that were sent to my computer when I accessed my Hotmail account. I discovered that there is a hidden folder in every Hotmail account that is named, "sAVeD". There doesn't appear to be any way to access this folder, or even see it from Hotmail's web site. However, I can prove that it exists. Try to create a new folder in your Hotmail account that is named, "sAVeD". You will get an error message that says the message already exists! Now, does anybody have any ideas how I can see what is inside this folder? I have a feeling that there are a lot of old messages in there...

I've heard several people say that they believe there used to be humans on Venus, millions of years before they were on Earth. Scientists have said that Venus was once very similar to Earth, and probably had oxygen and oceans. I found an article that talks about some of this here: http://www.space.com/scienceastronomy/venus_life_040826.html Some scientists say that ancient humans lived on Venus that were more technologically advanced than us. However, pollution and possibly a nuclear war has left Venus in its current state. Does this sound possible?

TerraServer at http://www.terraserver.com is a service that provides online imagery. They are a very popular web site, and they started in 1997. Microsoft opened a web site in 1998 at http://www.terraserverusa.com and it seems to provide a similar service. On this web site, it says: I can't find any information about Microsoft at http://www.terraserver.com. So, isn't Microsoft breaking the copyrights of http://www.terraserver.com by claiming that they own the service?

I've noticed that you can make a folder appear to be a file with an extension. For example, you can create a folder called folder.txt and it will still be a folder. Now, couldn't this be a security problem if you do this on a web site? My web host does not allow me to put an extension on a folder name. However, wouldn't some web hosts allow you to create something like http://www.(sitename).com/picture.gif and most people will think it is a picture file, while Internet Explorer recognizes it is a folder? Therefore, it will begin looking for index.html in the folder, which could contain a picture and hidden code? I'm worried about people signing up for banner advertising services, and giving the banner service a link to a .gif folder. The banner service will think it is a harmless banner image, but someone could be placing tracking code in an index.html file in the .gif folder. If this banner opens on a web site that requires users to enter secure information, couldn't this be a problem?

Hi RyanJ, thank you for your reply. So, my subconscious is like a parallel mind that analyzes the thoughts of my conscious mind? That is very interesting. Could a subconscious have its own personality? For example, could a really nice person have a mean subconscious? As a result, could this cause the nice person to "mentally snap" and kill somebody? Is there any way that I could actually read the thoughts of my own subconscious? For example, could I ask my subconscious for advice when I'm making a decision, or does all of that happen automatically?

What exactly is a subconscious? Do the thoughts of my subconscious sometimes flow into the thoughts that I am aware of? When a certain thought comes into my mind, was it processed in my subconscious first? Sometimes I feel like my mind is arguing with itself. I sometimes make a decision, even though I really want to make another decision. Is this my subconscious taking over my mind?

My IP address is dynamic, but I figured out how to change it. When I go to the Internet connection's properties, and then go to the Internet Protocol TCP/IP properties, "Obtain an IP address automatically" is checked. However, I can check "Use the following IP address:" and then I can type in another IP address. When I click OK, my computer will automatically register the new IP address. When I visit my web site, it will log the new IP address that I typed in, not the old one that I got dynamically when I first started the computer. Is it legal to do this?

That is a good idea, but how would you do that? My cable modem automatically registers the same IP address every time I start my computer. Is there a way I can create a program that could visit a web site, change the IP address, then visit it again? Could it keep repeating this until the user of the program stops it? I would like this program to be compatible with multiple types of ISPs, because I plan on selling it to web site owners. Exactly. The counters that advertisers use check for unique IP addresses. I believe that the legality would depend on the terms agreement of the advertiser. My program should be legal for me to sell, but it would be the web site owner's responsibility to check the terms agreement of their advertisers.

Ok, I understand. Is there any legal way to send a ping from a randomly generated IP address, so it counts as a visitor? Could I create a program that could repeatedly ping a web site from a random IP address, so it looks like the web page has received lots of different visitors? I don't want to create any type of program that is illegal or could be used to overload a web site. I'm just thinking about creating a tool that could make a web site's owner think they are receiving tons of unique visitors.