I think, It came from Hillbilly-Hangout. She sent an email saying that there was a virus, but I had just visited before I got the email. Did a scan and it came up with 3 of them, That was AVG. I then scanned with Macfee and had a trojan.

I reboot and I had the worm and I think it's deleted now.

I just got to work and changed all passwords on paypal and other important accounts.

This is a nightmare. Someone is going after all the sites with this $%@&!

Not sure how it''s done but that certain virus, that can take screen shots, track cookies and somehow get the info and some just distroy your computer.

If you read the mail from the site subjec Urgent. I wouldn't open the site till it's fixed, to late for me but not for you. LOL

I suspect this sucker appeared after clicking a Search Engine

I click much too fast so I'm not sure which PTR it really was from
It may have even come from one of the many Popups

AVG AntiVirus
----------------
Trojan Horse found in Windows/PUP.exe = Downloader.VB.C<-? (?-unknown letter was partially hidden and did not copy to my log file..)
Results of Complete Test, date and time 13/04/2004 10:40:40 :

Testing C:\WINDOWS
C:\WINDOWS\PUP.EXE repaired

Test finished, duration 00:14:40.6 s
12265 objects tested, 1 found infected

Anyone else get the same one?

pup.exe? Hmmm. Possibly the cover up name made up for a virus executionable file created by a very talented teenage adolesent who has not quite grown to full maturity yet..

It sure seems that way doesn't it? Up until the last couple of days I'd only had 1 virus in 4+ years online - and that was in my early days when I was a total noob about everything.

Just this week alone, though, I've gotten 4 different trojans and had 16 separate files infected. And I know all of them had to have come from my PTR programs.

I got that one twice yesterday even though I have a firewall and many other things to protect my puter...GEEZ what I pain

Yes, they can, Bizex is a KEYLOGGER. Be careful.

Read here:
http://securityresponse.symantec.com/avcen...bizex.worm.html

And here:
http://www.trendmicro.com/vinfo/virusencyc...me=WORM_BIZEX.A

Read my post here:

http://www.getpaidforum.com/forums/index.p...dpost&p=1882151

Here is the definition of this file and the solution.

http://www.trendmicro.com/vinfo/virusencyc...me=TROJ_REVOP.A

Good Luck in getting it removed and any other that you may come across.

A hint to anyone who does not know how to look these viruses up on their own. Go to google or whichever, big SE you prefer, not the PTC ones, and type in the file name ie) pup.exe make sure you look at more than one result and find something that defines it and gives you the tool to remove it, then follow the instructions carefully.

Symantic is fantastic and micro trends is very good too. I highly recommend them both for information and removal tools.

Patricia

Yep same here for the Jungle cash one. I notified the owner but haven't heard anything back.

Luckly I was able to change some of my passwords at work. I am not logging into anything till I know I've been cured. LOL

That's next on the list...Long night ahead of me.

http://www.keywallet.com

Encrypts your passwords and allows you to drag-and-drop them

Should protect keyloggers from getting your passwords.

http://www.zonelabs.com

ZoneAlarm should prevent these keyloggers from sending back information to their "masters"

ZoneAlarm should prevent these keyloggers from sending back information to their "masters", how do I know if they already have? I think I got it in the AM but I might have had it longer for all I know. Is there anyway to know?

I am going to download this too.

First of all, use an encrypted password manager: http://www.keywallet.com

It features drag-and-drop also which will prevent PWs from being logged...

Second, if you use E-gold, use the SRK button located next to the passphrase entry field if you must use E-gold while you have the worm.

If you do these two things you could be safe even with the worm on your computer.

Sent you a PM

Nope. Once the bizex worm becomes active, it can disable your firewall.

I was updating after I read your post...turns out...the site I was visiting for Microsoft was NOT the correct site it was a dummy site. I had found though a forum and had bookmarked it a few weeks ago. When I went to do download the updates last night, I looked at the site and it looked a bit fuzzy, didn't look right. I looked at the address and noticed it had some kind of a code before microsoft.com ! So I deleted it from my favorites, then went to the real microsoft.com and downloaded my updates.
Is it poosible that I downloaded something from the dummy site a couple of weeks ago and it's just starting to act up now?


I also downloaded Zonelabs yesterday. I have to say I feel much more secure with it. I keep looking at the logs of what is trying to access my computer and am very happy I have this now.

I will check on this when I get home but it seemed to be working last night.


I wanted to say thanks to everyone for there Help

I got the same worm yesterday evening from a link from shanes. It says it is in restore and cannot be put in vault. I disabled restore for now, until my son can go delete the file for me. After I disabled restore, I ran avg, and macafee and nothing was found. So, it is contained there until I can get it deleted. I don't know how to find the file:(
I sent shanes an email forwarding the email the link came from.
Isn't there a way the wm can scan these for virus before sending them out?

I run adaware 3 and 4 times a day and always find at least 5 and up spyware.
i run my avg twice a day now and do update every day. make sure you update your avg every day too, there has been a lot of uodates lately.
I need to find out if my fire wall is still working. Will most likely have my son check it for me.