Hi everyone, maybe a virus, I was downloading from kazaa and completed the downloads ran avg and previewed some of them. Got a phone call came back to it about 20 mins.later and they were all gone. Tried kazaa again and the same thing happen. Diff music files. Just picked at random this time. Went to these sites http://www.bitdefender.com/scan/licence.php http://housecall.antivirus.com/ = also nortons site no virus found. Can not find any of these files. Can anyone tell me whats up? Thank you . also I do not know what these files are.C:\WINDOWSC\system32\oobe\actsetup C:\WINDOWSC\system32\oobe\setup whatever help you can give would be greatly appreciated win xp pro os

Do you have AdAware or another spyware detector? I would run something like that to see if you have some fresh spyware installed that may be messing things up. Kazaa apparently frequently has spyware associated with it.

If you need to download spy detection software check out:

http://www.pcguide.com/vb/showthread.php?s=&threadid=15179

Good luck,
Budfred

Could the RIAA be going ahead with plans sans govenrment approval?

There have been a couple of malware apps that do infect KaZaa (Benjamin and friends) but they don't really "erase" files. What you describe sounds like something the RIAA was planning...an app that will, when downloaded, will "seek and destroy" music files that you downloaded.


There are links in my sig...for both AdAware and Spybot S&D

OOBE:

OOBE is the wizard that usually runs after Setup and performs the following functions:

product activation
registration
mouse tutorial
user creation

Budfred Thanks have adware ran it again, and found what kazaa has in it just what i have too leave in to run it. dloaded swat it and found a binder.a in win acegot rid of that in was in a help file. i do not think that erased the files thou, maybe \ Mjc Thanks will dload spybot think i have in my dloads file will look first and run it. thought the riaa was up to new tricks also.deleted kazaa will reinstall and see what happens from there Thank-You Both again

Hi everyone, well uninstall/reinstall same thing happen again.uninstalled Kazaa.did every scan over again plus reg clean took out.went to kazaa folder in c it would not let me remove it. said : Cannot delete KazaA: It is being used by another Person or program Close any prog it might be using the file and try again, removed the insides of folder 0 bytes left in it still some prog useing it.what prog i don't know,it won't tell me.01,01,00,00,0100,11 running around saying bye,bye,s000000 long,fairwell,byte to byte,to the funny farm with mp3s, bye,bye . no really tried ctrl,alt,del kazaa isn't running but some program is using it.any ideas what programs to look for. help please Thank-You

Sounds like it is time to use msconfig. Use Selective Startup and deselect everything that you are not sure about, like Task Manager. Reboot and see if you can delete Kazaa. If you still can't, I am not sure what to do. If you can, gradually add back programs to see if any of them screw things up, although without Kazaa installed it will be difficult to know. The other option is to pick the most likely suspects and unselect them, then try deleting Kazaa. At least that would narrow the field. I suspect you have something sneaky running under the surface. Did you use the most recent version of AdAware, it just came out a couple of weeks ago?

If you don't know how to use msconfig, write back here.

Budfred

Sorry edited that paragraph - I had misread something.

You could try working in safe mode or delete the folder from DOS. A RegCleaner might also help. Could there be any hidden or even superhidden files inside the "empty" folder?

Skip Swat-it, download TDS-3 (30 day trial...those folders/names sure sound like some kind of trojan). And the fact that something is controlling KaZaa.

Safe mode may be your best bet.

There is no doubt, in my mind, you have been Own3d, but the question is by whom?

first of all thank you for your response and your help. Budfred,Paul,Mjc, deleted the kazaa file after finding super rabbit reg opt.took it off the safe mode that they have and deleted 250 files from scan for wrong address plus others i quess.i back it up for once.then ran the scan tds3 pro no trojans.nice program,i thought with the reg cleaner what the hell if i have spend another 6 hrs. at this reformating so be it.it's been 6hrs at this already whats another 6-12 hrs hee hee yea right.Thanks Once Again. hope this solved it.if not i'll just reformat.need my mp3s fix.

Had to go and look-up what Own3d was! Found THIS LINK (http://www.dslreports.com/forum/remark,2244172~root=security,1~mode=flat) which has a few interesting bits in it (notably how to make the hidden pif, lnk, etc files visible and also the correct plural of virus).

hi everyone,don't know which mp3 file did it mjc,had about 10 to 20 dloaded. so i don't know which one did it.lost about 150 mp3. well reloaded kazaa this time it did it again lost files.so should i reformat c:or run maxtor exe. which would make the hhd like it came from the factory.really don't want to lose 30gigs no cd back up on most of it.but i do not want files disappearing ether.Paul thanks for the link maybe,i'm just not seeing it just right. about how to make the hidden files visible.new at this.

Sorry, I should have said hidden file extensions not hidden files, which is something else. M$ completely hides certain file extensions and I happened to find a way to unhide them in that link. That is not related to your immediate problem, which sounds like someone has gained direct access to your computer and is/has been hacking you and that is why you may have had files disappearing mysteriously; either hacking directly or by connecting with a Trojan Horse planted on your computer.

You therefore need to discover (a) if this is ongoing and (b) search for any Trojans that may be still on your pc. Suggest installing anti-spyware and antitrojan utilities (see the links in mjc's sig) and also a personal firewall like ZoneAlarm, which detects and allows you to control connections to and from your computer to the net.

Suggest do a Google Search and read up on Kazaa's vulnerabilities (search these forums too) before you use it willy nilly - or at all.

btw, entering netstat -ar at a DOS-prompt will show you what internet connections are active at any moment in time.

paul have zone alarm,tds3,and did all the scans with 5 diff virus prog and 3diff trogan prog. nothing is comeing up on the scans. what to know should just format or use the maxtor exe for the hhd. as per say in last post thanks fo the info.or am i looking at this all wrong. the smilie really just popped in it was surpose to be a o i am not mad at anyone if anything i'm mad at me.

Actually, that is the "red in the face" embarassed smilie. I didn't get it either, but I didn't think you were mad.

For my 2 cents: I would probably backup and reformat if I were you, simply to clean it out and start over. If you do, I suggest you do a minimal install, only loading enuf stuff to see if you can successfully download your files without having them deleted on you. That way you would have a better chance at figuring out what is doing it to you and you may be able to block it or at least avoid it after you reformat and reinstall again.

Good luck,
Budfred

will try refomat and see what goes thanks oh by the way it's only mp3 files.

well i think i got the little bugger by reformating c,d, e,if it not port 5000 which just happens to be open.lost some files,nothing like a few hours putting them back in.needed to clean out c: anyway just did not want to do it so soon. question how do you close the ports like 5000 which is open. THANKS

well budfred,paul mjc, THANKS for all the help.after reformating with minimal install found 1 backdoor trogan in my download scan first file, 6 dual file ext. in C: bryce had files deleted and a dual files in it,quarintine them all, gov wipe them.gov wipe freespace in c.d.e.f. refomated d,e, gov wipe them again.it's been about 15hrs or more nothing is be deleted.will do google search on kazaa. just can not figure out how to closed the ports i know that you go to adim tools/local security policy/ip security policies just cant figure it out fron there, on what to do.will try another google search and maybe it wiil give me some other sites than the ones that say get a router for 40 bucks have swbell dsl with a westell wirespeed is a router or a hub the way to go.

Router, because you will kill two birds with one stone...allow you to connect more than one machine to the internet at the same time and if you get one with firewall functions, that too.

If you are running XP I beleive that port 5000 is for UPnP....and that can be turned off, which should close it.

A good tweaking site, listing unecessary services for XP/2k is http://www.blackviper.com/

If THIS (http://www.microsoft.com/technet/security/bulletin/MS01-059.asp) is the same vulnerability then it is not specific to XP. It can be "patched" if you believe M$ - or better to disable it. It can produce bugs with some versions of Norton Internet Security as well.

mjc think i go the router route.i'll do a little research on which one.found that site also like it alot, makes it easy for a newbie like me.Paul thanks for the link to the patch..it and disable it.thank you all for the help, now back to putter installing again.uninstall Kazaa again not comeing back 20 gigs will have to be just find untill i can trade one on one.

Might be easier to just diable uPnP. Add/Remove Programs, Windows, Communications and remove the check mark beside "Universal Plug and Play". It is (I think) enabled by default in ME and XP and is a "future" technology to allow things like your fridge to be monitored for when you need more supplies etc, and is not really necessary at all.

thanks paul i disabled it from services, did not see it in ad removed/comm/so i went service and did it. it one of the first things i do when i reformat is go to services and site "411 blackviper" Thanks Again