Possible New Virus/Spyware? (shared printers and folder)

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Several hours ago, while roaming the internet (broadband connection),
something installed a new shared folder in the My Network Places folder and
several new shared printers on my computer. No software has been installed
recently. A check of the registry showed several dozen new entries relating
to those printers and that folder.

There are only two computers on this home-based network, with neither
sharing printers. None of the new printers (from HP, Canon, and others) are,
or have ever been, installed on either computer. Both computers have the
latest updates, are firewalled, and have anti-virus programs running.
Nothing caught the installation of those new printers or folder.

The folder was named "timbertime" and each registry entry found mentioned
that "timbertime" folder, often with very vague, inconsistent, internet
references. However, if this is a virus or spyware, that name may not remain
constant. Therefore, if you want to check your own computer, I would suggest
just checking for any new, unexpected, shared folders (whatever the name)
and any new, unexpected, shared printers.

At this point, my situation appears to be under control. I deleted all
temporary internet files, deleted the shared folder in My Network Places,
deleted the printers, and returned to a previous restore point to eliminate
the new registry entries. Finally, I used the Windows search feature to look
at every file/program created or changed within the last day and found
nothing unexpected. Since then, I've seen nothing out of the ordinary (no
new printers, folders, unusual network or internet activity, or anything
else).

Stewart
2 answers Last reply
More about possible virus spyware shared printers folder
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Dwight

    Some basic steps to removing Spyware/Adware..

    First step is to run a one shot virus remover.. I have found that McAfee
    Stinger works for people.. download and run it..

    http://vil.nai.com/vil/stinger/

    You will also need to download Spyware removal software.. Spybot and Adaware
    are available at these websites.. both are free.. download and run them..
    don't forget to check for updates after you have started them..

    http://www.safer-networking.org/en/index.html

    http://www.lavasoftusa.com/software/adaware/

    .... and this link is for the latest Microsoft helping..

    http://www.microsoft.com/athome/security/spyware/software/default.mspx

    Spybot has the ability to immunize a system, but there is better for this
    function, so download and run Spyware Blaster too.. again, check for
    updates..

    http://www.javacoolsoftware.com/

    If you have had your Internet browser hijacked, that is to say, you get
    redirected through a search engine NOT of your choosing, you will need
    different tools..

    HijackThis is a popular and effective tool.. download it from here..

    http://www.spychecker.com/download/download_hijackthis.html

    CWShredder will eliminate CoolWebSearch and variants.. there is a free
    download here..

    CWShredder.. http://www.intermute.com/spysubtract/cwshredder_download.html

    About:blank.. http://lunatic-skydance.de/mr/soft/SpoonWeg.exe


    For other tools in the fight against spyware, visit this website and
    bookmark it..

    http://www.pchell.com

    You must also run a firewall and anti-virus program.. here are some links
    for you..

    http://www.mcafee.com
    http://www.symantec.com
    http://www.zonealarm.com
    http://www.kerio.com
    http://www.gate.com
    http://www.avast.com
    http://www.grisoft.com


    Please return to this thread and provide feedback.. it is the only way that
    helpers here can determine how effective the advice given has been..

    Good luck..

    --
    Mike Hall
    MVP - Windows Shell/user

    http://dts-l.org/goodpost.htm


    "Dwight Stewart" <stewartx@NOearthlinkSPAM.net> wrote in message
    news:9eh_d.6316$qW.154@newsread3.news.atl.earthlink.net...
    > Several hours ago, while roaming the internet (broadband connection),
    > something installed a new shared folder in the My Network Places folder
    > and several new shared printers on my computer. No software has been
    > installed recently. A check of the registry showed several dozen new
    > entries relating to those printers and that folder.
    >
    > There are only two computers on this home-based network, with neither
    > sharing printers. None of the new printers (from HP, Canon, and others)
    > are, or have ever been, installed on either computer. Both computers have
    > the latest updates, are firewalled, and have anti-virus programs running.
    > Nothing caught the installation of those new printers or folder.
    >
    > The folder was named "timbertime" and each registry entry found mentioned
    > that "timbertime" folder, often with very vague, inconsistent, internet
    > references. However, if this is a virus or spyware, that name may not
    > remain constant. Therefore, if you want to check your own computer, I
    > would suggest just checking for any new, unexpected, shared folders
    > (whatever the name) and any new, unexpected, shared printers.
    >
    > At this point, my situation appears to be under control. I deleted all
    > temporary internet files, deleted the shared folder in My Network Places,
    > deleted the printers, and returned to a previous restore point to
    > eliminate the new registry entries. Finally, I used the Windows search
    > feature to look at every file/program created or changed within the last
    > day and found nothing unexpected. Since then, I've seen nothing out of the
    > ordinary (no new printers, folders, unusual network or internet activity,
    > or anything else).
    >
    > Stewart
    >
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "Dwight Stewart" wrote:
    >
    > Several hours ago, (snip)


    Okay, I did a little more testing after posting that last message and was
    able to get the folder and printers back again. Still more testing suggests
    it had something to do with either "Microsoft Management Console" or
    "Microsoft HTML Application Host" being selected as exceptions in the
    Windows Firewall. After disabling those two exceptions, I was able to
    repeat, several times, all the steps taken earlier without a repeat of the
    problem. Now I just have to figure out which of those steps (which web site)
    ultimately caused the folder and printers to appear. But, since I have a few
    other things to do at the moment, that will have to wait till later.

    Stewart
Ask a new question

Read More

Printers Internet Windows XP