So I got up, showered, etc, and got to the office (yeah, I know...I'm on a weird-ass sleep schedule). So, I'm supposed to be setting stuff up for the new semester, which starts tomorrow (ie finishing up syllabi, etc).

Well, I haven't heard the Bob and Tom show in awhile, so I go into the VIP portion of the Bob and Tom Webpage (http://www.bobandtom.com) and tried to download an episode after making a new folder for it. My next thoughts were:

"Hmmm..that's odd...it downloaded really fast...oh well, let's open it up.."

*click-click*

"Hey, what's that DOS window doing th--FUCK!!! THAT ISN'T AN .MP3 FILE!!!"

The name of the executable that downloads instead of any .mp3 file from the Bob and Tom site is called egate.com. As far as I can tell, what happened (before I freaked out and shut it down) was the following: My printer started spitting out blank sheets of paper, and the DOS window that appeared had a blinking cursor bouncing around all over the inside of the window.

I just got done scanning my system with Norton Antivirus Corporate Edition, and it found nothing...I've also done numerous google searches, to no avail.

Sometimes, my stupidity asounds me. :(

Have you tried anti-spyware stuff?

Just finished downloading Spybot S&D...I've been meaning to install it on this system, anyways.

Just finished downloading Spybot S&D...I've been meaning to install it on this system, anyways.

I had to download that today after doing some research on competition for our very low end market and suddenly having my Norton going nuts telling me I had a trojan propogating itself all over my drive.
The bosses shoulda known when you market to a certain demographic, you get to deal with the scammers, spammers, fraudsters and scum that go with them.

Anyhoo, the S&D seemed to take care of what the Norton wasn't able to.

Okay, Spybot is able to detect but not get rid of the following (in the sense that I can "fix" these 5 problems, but they crop up right away on the next scan):

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2840674408-2725979992-1359939690-33476\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-01-04 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2005-01-04 Includes\Trojans.sbi

...what does it all mean, Grandma? :?

Ah wait, those 5 problems are just security loopholes in IE...

My work computer got something like that over the weekend. The dimwits on duty here (no offense meant, Goliath) downloaded it somehow. The guy on days I relieved said they had IT people in here all day trying to fix it, they said it was some kind of virus that has infected about 200 computers in the company. Once I saw what it was doing and all the popups, I suspected it was a Trojan horse .exe, which some anti-spyware programs can detect and get rid of. After relieving the day operator, I ran the new Microsoft AntiSpyware program on the entire hard drive, it found four critical programs, which were quarantined and supposedly deleted. Then I ran Spysweeper, it found a shitload of spyware and other stuff. Finally, I ran Spybot Search and Destroy, it found a dozen that the others either didn't find at all or didn't get rid of, one of these had been detected and supposedly deleted by MS AntiSpyware but it was still there. For some reason about 8 of these had to be dealt with individually by Spybot S&D. After running that I deleted all the quarantined stuff, and a couple items in the startup folder, rebooted and everything seems to be fine now. I don't know jack about computers, but I'm miles ahead of my coworkers. That's what they get for giving me a week off.

Okay, Spybot is able to detect but not get rid of the following (in the sense that I can "fix" these 5 problems, but they crop up right away on the next scan):

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2840674408-2725979992-1359939690-33476\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-01-04 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2005-01-04 Includes\Trojans.sbi

...what does it all mean, Grandma? :?
Goliath, those DSO exploit ones are the ones that I had to get rid of one at a time. Just run the routine to delete them over and over again, it'll get rid of them one at a time. It did for me. Spysweeper has a shield that detects attempts to load those type programs, allowing you to stop them in their tracks.