This is the latest article about P2P:
Music fans running Windows are being targeted by new worm-like malware that attacks those who download tracks from peer-to-peer (P2P) networks.
Playing an infected music file will launch Internet Explorer, and load a malicious web page which asks the user to download a codec, a well-known trick to get someone to download malware.
The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, according to David Emm, senior technology consultant at Kaspersky. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.
IF your son still has P2P on his computer, I would urge him to uninstall it.
Did you run an on-line scan on his computer?
Please run the Housecall online virus scan located at:
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, please restart your computer.
Support for Windows 2000, XP, and Vista
Please download Malwarebytes Anti-Malware or alternate download link
* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll
Come both up clean?
I dont have much experience with malware,etc.and am trying to learn all I can.My kids only use AOL at home. I know techies seem to hate it,but as a mother of young kids,who was ultra paranoid of inappropriate stuff, its been a safe place for the past 13 years.
My son got a new pc with vista for his bday, and while at his father's,(who is clueless about internet security)he was infected with a ton of stuff. His older cousin who is supposedly a pc guru showed them some p2p places(dont know if I can say them here) to get free video games, movies, pc programs, etc. Well,they downloaded some stuff and at one point my son noticed a quick popup from norton about a backdoor trojan, but it went away. He told the men about this and they just shrugged it off and told him it was no biggie,you cant get hurt,gave him this live and learn speech, and left him to his own devices to figure it out. He eventually let me know and was really upset and scared. I said I'd figure it out when he got home.
I've scanned his pc with several programs and cleaned it and it seems ok now,but my biggest question is about the original infected program. He is not sure when exactly he noticed the popup, but tried to give me a history of what they did so we could narrow it down. Now my question is this; if a trojan comes when you download a certain program, does it extract itself OFF that program so that when the pc is supposedly clean, is that original program now usable or do you need to delete it from your pc because it will always be corrupt? When learning about malware,I just never understood if the suspect download truly does have the real program with it,or is it not even there and all that is downloaded is the virus, because if that is the case, I am really lost because he does have these programs and used them! Am I making sense?
Any information or advice who so greatly be appreciated!