Costalegre Jalisco Mexico

Zone Alarm Pro is available here http://www.zonealarm.com/store/content/home.jsp They have a free 15-day trial but I don't belive that they have a free edition anymore though I think they did at one time have a less complete free edition. Because I use my machines for work I am very concerned about security so I run their full version with anti spyware and anti virus monitoring. It costs me about $50 USD per year for two machines, for one machine I think it is under $30 for yearly renewals and around $50 for the initial purchase.

Ad Aware has a free version and a paid version. I run the free version becasue I really can't see that the paid is that much different - if someone else thinks that there is an important difference please let me know! Here is a link to them http://www.lavasoftusa.com/

Spybot S&D is free, at least the version I use is. They do ask for a donation but that is optional. You can find there information here http://www.safer-networking.org/en/index.html
and a link to their downloads here http://www.safer-networking.org/en/download/index.html

I got rid of Adaware because SpyBot actually blocks a few things and was finding many things on scan that Adaware was not

I run them both, AdAware first then SpyBot after Ad Aware. I started doing that on the advice of an IS Manager friend and associate in Vancouver who works on client database files with me. When we are working with client files I have them on my big machine too so I need to always be super super careful about security. More so than a lot of people need to be. My associate in Vancouver says both Ad Aware and SpyBot catch stuff that the other doesn't so that's what he does with the machines on his networks. I figure better safe than sorry so I do as he suggests. Neither scan takes long to run and my machines are really clean.

so i can just download the spyware without paying a donation if i don't want to, just like that?

another thing, when i go to the download page, and then on the mirror selection page they have the spayware from various sites...which one is the most recommended?

Those mirror sites are just file hosting sites with the same files on each. I usually pick the closest but probably doesn't matter at all.

Latest from TomZap - Bloodhound.Exploit.58

Date,Filename,Virus Name,Original Location,Status
15/06/2007 17:14:10,n404-4[1].htm,Bloodhound.Exploit.58,C:\Documents and Settings\sparks\Configuración local\Archivos temporales de Internet\Content.IE5\27VE3M73\,Infected
15/06/2007 17:14:10,n404-6[1].htm,Hacktool.IE.Exploit,C:\Documents and Settings\sparks\Configuración local\Archivos temporales de Internet\Content.IE5\27VE3M73\,Infected

I just ran my software scans for Bloodhound.Exploit.58 and Hacktool.IE.Exploit plus I looked for it by name in a search and my machines are clean - or at least they appear to be.

If you were infected from the tomzap forum and I was not my Zone Alarm firewall or my Symantec / Norton worm and virus protection must have protected me when I went in to the tomzap forum. However, the Bloodhound.Exploit.58 and Hacktool.IE.Exploit are not listed in my zone alarm alerts. Also my Symantec has both of those registered in it's database of known virus but they are not listed in my Symantec logs as being blocked either. I have other things showing as blocked in both logs so the logs are recording data. I know for sure the s99.winmplayer.com/check alert my Zone Alarm gave me came from tomzap because it came up when I opened the tomzap forum but are you sure these others came from tomzap? You may have another site to watch for this as well.

What a drag, I don't think I will go back to the tomzap forum until I know it's cleared up. I can't take the chance that something will infect my machines and screw up my work.

Fred's Costalegre.ca forum is still down too though it doesn't say why.

i haven't been on that site since the day i mentioned to you guys about the virus attacks.

DON'T visit that site at ALL costs!

i really hope tom can fix that problem pretty soon!

I have the corporate edition of Symantec that gives me a popup window if I get a virus online. This time with the virus above my computer basically locked up and I had to pull the plug to get it going again. Yes on TomZap.

A little spooky if it was an indication Symantec wasn't handling it very well/smoothly. Did another scan on restart

But you said you use FireFox and those are both IE only exploit viruses

Ah, that explains it, I couldn't figure out why you would have been infected and they are not even in my logs. I gave up on IE ages ago, way back in 2003 as I recall, it was just too problematic and I am not a patient person.

Sorry to say I am not going to take any more chances with the tomzap site forum until Tom has this in hand. That's three infections we know of now and I just can't take the chance of having one of my machines down or compromised because I use them for work. I suppose I could always go to an internet cafe to see how it's going on the forum - hee hee hee. No I can't do that, I am nicer than that.

Hopefully Tom will work it out soon with his site.

What I do not understand is this, the virus name Bloodhound.Exploit.58 according to Symantec is related to Windows Media Player. Maybe the part by Symantec (or browses a directory that contains the malformed WMF file) in one of these paragraphs eludes to the usage of Internet Explorer.
As for myself I log into Tomzap or any other website using the Opera Browser. Also Mozilla Firefox, so possibly that is why Nan or myself do not get infected. One other advantage of using either one, you do not constantly have to keep entering your User ID and Passwords since these browsers remember them for you.

The following is copied directly from Symantecs website.
============================================



Symantec Security Response
http://www.symantec.com/security_response/index.jsp
Bloodhound.Exploit.58
Risk Level 1: Very Low
Discovered: February 10, 2006
Updated: February 13, 2007 12:50:32 PM
Type: Trojan Horse, Worm
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
SUMMARY


Bloodhound.Exploit.58 is a heuristic detection for the Windows Media Player Plug-in with Non-Microsoft Internet Browsers Vulnerability (as described in Microsoft Security Bulletin MS06-006).

Protection
Initial Rapid Release version February 10, 2006
Latest Rapid Release version pending
Initial Daily Certified version February 10, 2006
Latest Daily Certified version February 10, 2006
Initial Weekly Certified release date February 15, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Damage
Damage Level: Low
Distribution
Distribution Level: Low
TECHNICAL DETAILS

Bloodhound.Exploit.58 is a heuristic detection for the Graphic Rendering Engine Vulnerability and the Windows Metafile Vulnerability.

An attacker who exploits this vulnerability could perform a denial-of-service attack against the viewing application, in the form of an application crash, or 100% CPU load. The exploit can be triggered if a user browses a Web site that is hosting a malformed WMF file, or receives an e-mail that contains the malformed WMF file, or browses a directory that contains the malformed WMF file. The vulnerability requires no user interaction to trigger.

Files that are detected as Bloodhound.Exploit.58 may be malicious. We suggest that you submit to Symantec Security Response any files that are detected as Bloodhound.Exploit.58. For instructions on how to do this using Scan and Deliver, read How to submit a file to Symantec Security Response using Scan and Deliver.


Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
Site Map · Legal Notices · Privacy Policy · Site Feedback · Contact Us · Global Sites · License Agreements
©1995 - 2007 Symantec Corporation