|
What to do if you are infected!
First, download and run CCleaner from here. This should clean alot of junk from your computer and make virus scans faster. Next scan with at least 2 of the online virus scanners listed at the bottom of the page, I recommend the e-set scanner and the f-secure scanner. Run them in Internet explorer. Once that has finished download and install Malwarebytes. Once its installed restart if you have to then do a full update and a full scan.
Once the scan has finished restart your computer, if you're still experiencing problems or just want to be safe download HijackThis. Do a full scan and save a logfile. Post the logfile here but first READ THIS. It is a forum of expert computer users who will be able to understand your logfile and diagnose your problem.
----------------------------------------------------------------------------------------------------------------------------------------------
How to prevent infections!
Try to run an antivirus program with a real time scanner, as a rule of thumb, do not run multiple real-time scanners. They will conflict and could cause problems. And remember to ALWAYS SCAN SUSPICIOUS FILES. This includes most files from services like bittorrent / p2p programs.
----------------------------------------------------------------------------------------------------------------------------------------------
Anti-Virus Programs First and foremost everyone should have a good local anti-virus and anti-spyware program to prevent infections before they begin.
Recommendation
Avast 4 Home Edition
avast! 4 Home Edition is a complete antivirus and anti-spyware solution, fully able to find computer viruses, to create and check the integrity of programs installed, to test executed programs and opened documents, to test and check email and other functions. Scanning is also available in the shell extension and screen server.
-Automatic updates -Real-Time protection -P2P and IM Shields -Support for 64-bit Windows -99.4% Detection Rate
+ Show Spoiler [Other good antivirus programs] +AVG Anti-VirusAVG Free Edition is the well-known antivirus protection tool. AVG Free is available free of charge to home users for the life of the product. -Easy to use, low system resources -Automatic update functionality -Real-time protection as files are opened and programs are run -Detects both Spyware and Viruses -98.1% Detection Rate AntiVirAvira AntiVir PersonalEdition Classic is a comprehensive, easy to use antivirus program, designed to offer reliable free of charge virus protection to home-users only. -Real-Time scanning -Automatic updates -99.6% Detection Rate BitDefenderBitDefender Free Edition is your chance to use one of the world's most effective antivirus engines for free! BitDefender Free Edition uses the same ICSA Labs certified scanning engines found in other BitDefender products, allowing you to enjoy basic virus protection for no cost at all. -Scheduled scanning -No Real-Time scanning -98% Detection Rate Comodo AntivirusDeveloped by one of the world's leading IT security providers, Comodo AntiVirus leverages multiple technologies (including on demand & on access scanning, email scanning, process monitoring, worm blocking and host intrusion prevention) to immediately start cleaning or quarantining suspicious files from your hard drives, shared disks, emails, downloads and system memory. -Real-time On Access scanning -Daily, automatic updates of virus definitions PCTools Anti-virusWith PC Tools AntiVirus Free Edition you are protected against the most nefarious cyber-threats attempting to gain access to your PC and personal information. -Real Time Protection -On Demand scanner -Automatically Updates ClamWinA desktop antivirus based on the open source ClamAv. -Standalone Virus scanner -No Real-time scanning -Automatic Updates
----------------------------------------------------------------------------------------------------------------------------------------------
Anti-Spyware
EVERYONE should have a good anti-spyware program. Spyware are unwanted programs that install themselves on your computer. Instead of simply breaking your computer, these programs do things like Steal passwords, credit card numbers,Serial keys, and even watch what you type.
Programs like Ad-Aware and Spybot Search and Destroy are outdated and should be replaced with Malwarebytes and SUPERAntiSpyware which are the next generation of anti-spyware products.
Recommendation
MalwareBytes' Anti-Malware Recommended by 1a2a9a
-Support for Windows 2000, XP, and Vista. -Settings to enhance your Malwarebytes' Anti-Malware performance. -Works together with other anti-malware programs.
AND
SUPERAntiSpyware Recommended by 1a2a9a, Guru of all things anti-spyware.
-High detection Rate -Manual Update Only -Scans for all known types of spyware including rootkits.
+ Show Spoiler [Other good anti-spyware software] +AVG Anti-SpywareAVG Anti-Spyware Free Edition is a popular free antispyware solution available at no cost to home users and provides a high level of detection capability. -High detection rate -No Automatic updates -No real-Time protection Dr.Web CuritRecommended by 1a2a9a -Automatic Updates up to twice per hour. -Fast response time to new threats. -Detects all forms of spyware including rootkits.
----------------------------------------------------------------------------------------------------------------------------------------------
Firewalls
Firewalls basically attempt to stop malicious programs or users from passing data to or from your computer.
Recommendation
Either. Both firewalls should be able to protect you from most intrusions. Feel free to try them both and decide which suits you best.
Zonealarm
Protect yourself with the best multi-layered firewall technology around. ZoneAlarm keeps intruders out, protects your PC to the core and makes you invisible to hackers.
-Essential firewall protection -Be invisible to others online -Easy to use and install
Comodo Firewall
The program provides a smorgasbord of information and options for advanced users, but it's simple enough for beginners, and runs smoothly and silently in the background. The most obvious new features include support for Windows Vista.
-'Smart' Popup Alerts -Application Behavior Analysis -Automatic 'Firewall Training' mode -Windows Security Center Integration -Application Recognition Database -Automatic Updates -Submit Suspicious Files to Comodo
Single File Scan
Have a file your suspicious about and dont want to do a complete scan or dont trust your current antivirus? Use one of these scanners.
Virus Total Jotti Online File scanner
----------------------------------------------------------------------------------------------------------------------------------------------
Online Scanners
Online scanners are a great way to scan your computer with top notch software without having to pay. I'd recommend everyone to scan with a couple scanners every now and then to check for anything your normal scanner may have missed.
Most detect both spyware and viruses.
Most of these require IE and its recommended to use it for all scans.
Eset (Nod-32) Online scanner - Recommended F-Secure - Recommended Trendmicro Housecall BitDefender Online scanner Kaspersky Online Scanner Ewido Online scan Panda Online scanner
Microsoft Windows Live One scanner This scanner not only scans for viruses and spyware, but defrags your harddisk and cleans your registry to keep your computer running fast. Recommended for those who do not know how to defrag or clean their registry.
|
Nice post, I would have found this very useful a few months ago. Now I had to figure it out myself. Hope it will be useful to others though
|
Supposedly KasperSky has the best detection rate:
1. Kaspersky version 7.0.0.125 - 99.62% 2. Active Virus Shield by AOL version 6.0.0.299 - 99.62% 3. F-Secure 2006 version 6.12.90 - 96.86% 4. BitDefender Professional version 9 - 96.63% 5. CyberScrub version 1.0 - 95.98% 6. eScan version 8.0.671.1 - 95.82% 7. BitDefender freeware version 8.0.202 - 95.57% 8. BullGuard version 6.1 - 95.57% 9. AntiVir Premium version 7.01.01.02 - 95.45% 10. Nod32 version 2.51.30 - 95.14% 11. AntiVir Classic version 7.01.01.02 - 94.26% 12. ViruScape 2006 version 1.02.0935.0137 - 93.87% 13. McAfee version 10.0.27 - 93.03% 14. McAfee Enterprise version 8.0.0 - 91.76% 15. F-Prot version 6.0.4.3 beta - 87.88% 16. Avast Professional version 4.7.871 - 87.46% 17. Avast freeware version 4.7.871 - 87.46% 18. Dr. Web version 4.33.2 - 86.03% 19. Norman version 5.90.23 - 85.65% 20. F-Prot version 3.16f - 85.14% 21. ArcaVir 2006 - 83.44% 22. Norton Professional 2006 - 83.18% 23. AVG Professional version 7.1.405 - 82.82% 24. AVG freeware version 7.1.405 - 82.82% 25. Panda 2007 version 2.00.01 - 82.23% 26. Virus Chaser version 5.0a - 81.47% 27. PC-Cillin 2006 version 14.10.1051 - 80.90% 28. VBA32 version 3.11.0 - 79.12% 29. ViRobot Expert version 4.0 - 76.22% 30. UNA version 1.83 - 75.44% 31. Rising AV version 18.41.30 - 73.60% 32. Sophos Sweep version 6.0.2 - 69.48% 33. Ikarus version 5.19 - 63.22% 34. Antiy Ghostbusters version 5.1.3 - 61.55% 35. Digital Patrol version 5.00.12 - 54.29% 36. Vexira 2006 version 5.002.45 - 52.66% 37. V3Pro 2004 version 6.1.1.2.640 - 52.38% 38. Ewido Premium version 4.0.0.172 - 51.27% 39. Ewido freeware version 4.0.0.172 - 51.27% 40. ClamWin version 0.88.4 - 51.23% 41. E-Trust version 7.2.0.0 - 50.36% 42. ZoneAlarm with VET Antivirus version 6.5.722.000 - 44.65% 43. A Squared Anti-Malware version 2.0 - 43.28% 44. A Squared Free version 2.0 - 43.28% 45. Zondex Guard version 5.4.2 - 41.73% 46. Comodo version 1.0.0.4 - 41.02% 47. Solo 4.0 version 3.1.0 - 40.83% 48. Protector Plus version 7.2.H03 - 37.04% 49. Quick Heal version 8.00 - 33.66% 50. PC Door Guard version 4.2.0.35- 24.13% 51. AntiTrojan Shield version 2.1.0.14 - 24.11% 52. VirIT version 6.1.9 - 21.39% 53. Trojan Hunter version 4.2.924 - 13.44% 54. Trojan Remover version 6.5.1 - 8.00% 55. Tauscan version 1.70.1414 - 7.70% 56. The Cleaner version 4.2.4319 - 6.03% 57. Hacker Eliminator version 1.2 - 1.70% 58. Abacre version 1.4 - 0.00%
just ROFL...LOL at the bottom ones.. 1.7% wtf i feel so bad for people that got scammed to buy those shit software
|
Shit I use abacre...
Thats a nice list, where'd you find it?
|
I'll add my two cents to Zone Alarm. And my next two cents to AVG for healing a virus none other antivir could.
|
The list is from the company that tests AV progs rather thoroughly on a regular basis, afaik. Forget the name. And as far as I can tell, it's up to date.
Imho, Kaspersky is good but a resource hog, I wouldn't use AOL software if they paid me, I haven't given F-Secure a try in years and I like BitDef.
|
perhaps you can rank each programme with stars to show how good each of them are when compared to the rest.
|
For anti-spyware scanners throw in SUPERAntiSpyware, Malware Bytes Anti Malware, and Dr. Web Cureit.
Ad-Aware, Spybot, and Windows Defender are useless
You may want to throw in some basic anti-rootkit programs like Blacklight, AVG anti-rootkit, Sophos anti-rootkit. However you should include a warning not to fix anything if these detect anything, and instead post on a known anti-malware forum.
Also you could have a group for other programs like SpywareGuard, SpywareBlaster, MVPS hosts file, and other tools that don't fit into any category.
|
*makes obligatory comment about using alternative operating systems*
|
On February 26 2008 21:32 1a2a9a wrote: Ad-Aware, Spybot, and Windows Defender are useless
I've never found ad-aware or spybot useless - unless I'm behind the times and they have fallen off the list in the last year or so.
Back in college and around that time I was constantly asked to fix people's computer that had been overridden with spyware. My way I used to knock it out pretty consistently (except against the most extreme cases) was simply running ad-aware and spybot in safe mode. The two programs complemented each other nicely because ad-aware searched for spyware patterns while spybot was more of a brute force approach for thousands of known issues.
However as I said, I've been out of the computer fixing scene for a while. I haven't had to deal with anyone's PC in like 2 years. Since I'm educated enough to not get spyware or viruses in the first place, I don't even scan my computer but once every 3-4 months. When I need to do that, ad-aware seems to be ok.
|
Anyone use or know about system spyware interrogator?
|
Windows Live OneCare Safety scanner is pretty good to check out (online scanner for free).
If not for the virus protection, then for the performance checkpoint (defragmentation, registry cleaner, ect).
http://safety.live.com/
|
Firewall, just use windows firewall. There's no reason to use any other firewall. I used to use Comodo Firewall but decided that it offers the same functions except for outgoing connections? You should only worry about outgoing connections leaks if you are stupid enough to download exe from fucked up sites.
|
unless I'm behind the times and they have fallen off the list in the last year or so. This is the case, those programs are nowhere near as good as they were a few years ago
system spyware interrogator? Nope which isn't a good sign
Firewall, just use windows firewall. There's no reason to use any other firewal The Windows Firewall is pretty bad, it won't help you against spyware. Comodo and any other decent firewalls will
|
United States17042 Posts
I'm going to hafta put a vote towards ad-aware: even though it's fallen off lists becuase it's gotten worse against the really nasty stuff (which more of the spyware/adaware stuff is becoming) it's still pretty good about the light stuff that you're going to be able to remove easily. And on top of that, it's free, so you can just use it without worrying about the cost
|
ok Question: there are TONS of free antivirus and antispyware ... should you just have 1 of each, or should you download multiple of each and run all of them? Does it matter ?
|
You should only have one anti-virus, and one firewall
You can have multiple anti-spyware programs, just make sure you don't have more than one real-time protection program. For example, Spybot has TeaTimer to protect your registry, if you install Ad-Watch by AdAware, or SpywareGuard then they will conflict and cause problems.
Other than that, there are no problems with multiple anti-spyware programs
|
On February 27 2008 02:27 1a2a9a wrote:Show nested quote +unless I'm behind the times and they have fallen off the list in the last year or so. This is the case, those programs are nowhere near as good as they were a few years ago Nope which isn't a good sign Show nested quote +Firewall, just use windows firewall. There's no reason to use any other firewal The Windows Firewall is pretty bad, it won't help you against spyware. Comodo and any other decent firewalls will
The inbound firewall of windows firewall is as effective as the inbound firewall of Comodo.
|
Don't fight with 1a2a9a he knows his stuff.
And I will clean the post up a bit and try and list each program from best to worst and add a detection rate for each program (pending I can find one). And i'll add those programs you guys suggested. Thanks.
|
SUPERAntiSpyware Recommended by 1a2a9a, Guru of all things anti-spyware.
-High detection Rate -Manual Update Only -Scans for all known types of spyware including rootkits.
See Kennigit I told you it was legit!
|
Meh, maybe I just had a bad experience with Kasperky. Its full scan took like 7 hours or something ridiculous like that rofl....
I have just been using Ad-Aware, which acrually caught a bad trojan that I had on my comp that AVG missed....
|
this is an important thread. Thanks to 1a2a9a and jimminy for this 1a2a9a is AMAZING guys dont doubt
|
Does anyone have any recommendation on which anti-spyware product to use for the average user? I added a "recommended" section for each product to make it easier but I dont know what anti-spyware to recommend as I've only tried AVG in the past (i use a paid product).
People with experience gimme your input!
|
I always wary of taking advice about antivirus and spyware from people I don't know, as most of the time they are just trying to get you to download their own brand of spyware, so that they can screw you themselves.
|
I will obviously look into any programs people recommend. And if you're implying I am doing that, then die.
|
ctrl-F: adblock not found
While adblock is not a standalone program, this firefox extensions/add-on will help block a lot of ads and potentially dangerous sites from loading. Very handy.
|
Just saw this thread from Pony Express ... you should add NOD32 because it's been saving my ass for quite a while now
It's not free, though.
|
I am soo screwed. I got a spyware which changed my desktop wallpaper with this huge warning thing. the color is blue, and in the letters it says YOUR COMPUTER IS IN DANGER! IT IS AFFECTED WITH SPYWARE!. or something like that and it's hard to change it. plus im starting to get all these random popups, and in my toolbar thing, there is this icon that, when i highlight it, it says, "Warning: Your computer is infected" Windows detected spyware infection! click this message to install the last update of Windows Security Software. and yeah i clicked it and thats how i got the desktop background thing. sunuvabiatch. -_-;; Any idea of how to take it out? i tried to install the mal-ware thing in the OP's post, but when i did, during installation it said there was some errors or something like that. But i'm scanning with Avira AntiVirus rite now.
|
has anyone had trouble finding a suitable working anti-spyware program for vista? there's windows defender but i don't think it's very good, seeing as it hasn't found anything lol. i know for me quite a few programs don't work with vista, or well the version i have, which is vista ultimate 64bit etcetc, basically the highest version of vista. currently im using avg anti-spyware and it seems to be working ok, just wondering if anyone else has problems with vista? :|
|
Alright, well after not being home for 3 days. I decide to go onto my PC and for some reason it's hibernating... Which means some one was on my PC and doesn't realize that when you turn it off it just got into hibernation, unless you actually select to turn it off.
Well anyways, I turn it on. Only to find my computer with spyware. Now I'm unsure as to what the damage is. I found one called "Seekmo" but I'll be needing help to see if there is any more damage.
God people who have no idea how to use PC's shouldn't even touch them.
My highjackthis log is located in the spoiler.
+ Show Spoiler +Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:57:47 PM, on 3/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O13 - Gopher Prefix: O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7803 bytes
|
On March 05 2008 13:59 Krohm wrote:Alright, well after not being home for 3 days. I decide to go onto my PC and for some reason it's hibernating... Which means some one was on my PC and doesn't realize that when you turn it off it just got into hibernation, unless you actually select to turn it off. Well anyways, I turn it on. Only to find my computer with spyware. Now I'm unsure as to what the damage is. I found one called "Seekmo" but I'll be needing help to see if there is any more damage. God people who have no idea how to use PC's shouldn't even touch them. My highjackthis log is located in the spoiler.+ Show Spoiler +Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:57:47 PM, on 3/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O13 - Gopher Prefix: O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7803 bytes I presume you already have fixed your PC but if not you can check your log here: http://www.hijackthis.de/en.
|
Don't use http://www.hijackthis.de/en. anybody, those automated scanners are terrible
ChkChk.Boom you should post on that site Jiminy_Kriket listed in his original post
Same for you Krohm
Fix these entries in HJT
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
Then delete this folder
C:\Program Files\ShoppingReport
|
alright, i need help asap. my computer is slow as fuck now, and i get a lot of popups..
in OP, there is a link to AVG Anti-Spyware Free Edition, but when i click the link, i only see AVG Anti-Virus Free Edition 8.0 and some other virus removals.
i need to get rid of spywares.. i get rundll error when i first start up my computer.
search & destroy suck, because they find the spywares, but do not get rid of it. even if they do, they still come back.
i need some powerful spayware removal that will even get rid of the ones already "running".
please help!
here are some screenshots of what is happening on my comp
btw, it's not just access.exe, sometimes i see different files as well. samething with the last pic, i see more than one infected file names, whenever they re-popup.
|
right now, im downloading a bunch of spyware removals and etc. by using flashget. under each one of these comments, i see ADW_PURITY.AA, which is apparently the name of the spyware.
anyone has knowledge of this particular one?
|
I can help you out, you got AIM? First of all stop using Internet explorer, switch to firefox.
Download AVG free, AS and AV. Also download Hijackthis from majorgeeks.com
|
Did they seriously change your wallpaper? Goddamn son, lay off the porn.
|
On June 05 2008 09:01 CharlieMurphy wrote: I can help you out, you got AIM? First of all stop using Internet explorer, switch to firefox.
Download AVG free, AS and AV. Also download Hijackthis from majorgeeks.com
Don't listen to him. Search for anything relating to IE, secure delete from your hard drive, but back it up on a flash drive. Burn the flash drive and mix it with peanuts to feed it to an elephant.
The best way to stop any type of viruses or popups, is to buy a mac. /advertisement.
Go on http://www.filehippo.com
They have a large selection of a bunch of anti virus, spyware, etc. Helped my PC with viruses a lot. Some of them lie to you though, and say you have 100100302034023402034 viruses.
|
United States22883 Posts
Safari is actually far less secure than IE. Within the next year there will probably be a flood of Mac virii, now that so many universities are going towards them.
|
On June 05 2008 20:47 mahnini wrote: Did they seriously change your wallpaper? Goddamn son, lay off the porn.
i never download porns.. i only watch streams on youporn anyway, AVG's awesome. it got rid of the spywares and everything that is running in my memory as well!
now, i can't access my task manager though.. i posted my hijackthis log in techsupportforum, so i'll wait.. /tear
|
Mac sucks period. It is inferior in about every way (including price).
Capo, feel free to aim or pm me if you need any more help
|
Mac is better in every sense except games and certain applications.
|
It looks like avg antivirus and avg antispyware are now one. Updated the OP.
Capo: Use the fsecure online scanner from the op.
|
Jimminy, please explain why you think this?
|
Its just easier, windows is ok but if I had to pick one in terms of the operating system itself I would pick mac hands down. But im here using windows because I play games. Both are legit os's.
|
The new version of AVG - 8.0 is not free anymore - it costs 51.74 euro for 1 year subscription for 1 computer. Check out here.
I will stay with the latest free AVG - v.7.5.524 for now and will see what to do in the future .
|
how is mac easier? Its basically just a noob system where you can't do anything to customize shit. Not to mention all the other bullshit that comes along with owning a mac instead of a PC. (ps vista sucks even worse than mac).
|
On June 06 2008 04:39 CharlieMurphy wrote: how is mac easier? Its basically just a noob system where you can't do anything to customize shit. Not to mention all the other bullshit that comes along with owning a mac instead of a PC. (ps vista sucks even worse than mac).
word.
|
Oh my god. I need help. I was using stumbleupon and stupidly downloaded this free online stupid tank game on a whim, and as a result my computer seems to be infected. I already had avg on this computer but i don't appear to be able to open it, or the websites listed in op including the hijackthis site. I am fairly certainly being blocked from access to prominent anti-spyware. I have this red circle with a white X in it in my taskbar telling me every minute that i'm inffected and need antispyware. Clearly that would lead to more trouble. What do i do?! Thanks to any responders.
|
What do you think of Nod32 is it good? i have heard it is =)
|
Germany2896 Posts
On October 20 2008 18:28 zobz wrote: Oh my god. I need help. I was using stumbleupon and stupidly downloaded this free online stupid tank game on a whim, and as a result my computer seems to be infected. I already had avg on this computer but i don't appear to be able to open it, or the websites listed in op including the hijackthis site. I am fairly certainly being blocked from access to prominent anti-spyware. I have this red circle with a white X in it in my taskbar telling me every minute that i'm inffected and need antispyware. Clearly that would lead to more trouble. What do i do?! Thanks to any responders. My brother cought that one too. At least you are not as stupid as him downloading additional spyware from the site it points too It is no standalone program, but a dll loaded inside explorer.exe. I forgot the details, but you can find the name of the dll examining explorer.exe with processexplorer. I think you can delete it in safemode, and you should also delete all registry entries pointing to it(optional).
|
my computer randomly restarted when I was playing dota and now I have a fake windows security system tray icon and it stops all my anit-virus/anti-malware programs from working. First time I've ever had a problem like this. I'm trying some of the online scans right now and hoping they will work. I can't even open 'Hijackthis'
|
http://en.wikipedia.org/wiki/Endian_Firewall Well personally I'd rather never have the damn problem of having stuff slow down my computer/internet.. I'm sure most of you have a spare PC floating around... it doesn't even have to be a good one... there is well over 20 distro-firewalls out there, and if you really care the chances of anything (even, if you like, unharmful stuff like content types (flash, jpg or w/e)) get the chance to slow down your connection. Instead of a responsive personal firewall (where the data has already used up your bandwidth before detection) why not simply stop it from ever getting in...?
Of course if it was only viruses/spyware you were worried about... why wouldn't you be using Linux anyways? Considering most games i play run fine on Wine, its not as though I really care about viruses... The day that someone can be bothered creating a virus to cater to ALL Linux distro's, is the day i give that man a medal
Edit: as if you'd like Mac. Its like a toned down version of Linux, with the exception that it's based on both BDS and NeXT. Admittedly I can run everything Windows can run, but not mac. But thats not the problem, because there is like nothing that I'd want that is 'mac only'. All their iLife stuff is slow as shit. If i had my way iTunes and Quicktime would be shot.
|
On October 25 2008 07:05 Wysp wrote: my computer randomly restarted when I was playing dota and now I have a fake windows security system tray icon and it stops all my anit-virus/anti-malware programs from working. First time I've ever had a problem like this. I'm trying some of the online scans right now and hoping they will work. I can't even open 'Hijackthis' go to majorgeeks.com, search for "smitfraud". It defines a process that removes "fake scanner" virii.
|
Of course if it was only viruses/spyware you were worried about... why wouldn't you be using Linux anyways? Linux is absolute hell if you're used to Windows and don't have the time to learn a new operating system...
In any case, the best anti-virus is just not downloading shit you don't trust =/ I don't even bother with anti virus software anymore, cause frankly it slows the computer down as much as any virus anyway.
|
On October 25 2008 08:21 HeadBangaa wrote:Show nested quote +On October 25 2008 07:05 Wysp wrote: my computer randomly restarted when I was playing dota and now I have a fake windows security system tray icon and it stops all my anit-virus/anti-malware programs from working. First time I've ever had a problem like this. I'm trying some of the online scans right now and hoping they will work. I can't even open 'Hijackthis' go to majorgeeks.com, search for "smitfraud". It defines a process that removes "fake scanner" virii.
Thanks, my scanners are now working. The malware is still lurking, though.
|
Look for suspicious .exe loading at startup:
1) start->run->msconfig->startup tab and uncheck any rogue entries
2) start->run->regedit First, backup registry (File -> backup or w/e) and then go to: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\RUN
and then delete mysterious .exe entries. ALso, if you find obvious malicious entries, also remove from the filesystem.
If the "smitfraud" method helped remove some of it, conventional virus scans may find the remaining malware. Try AVG, Housecall, ad-aware, spybot, etc. Those fake scanner are extremely difficult to remove, GL!
|
So I used to use sbc yahoo's anti-virus and I liked it a lot. But when I bought computer parts and threw it together, I couldn't plug my old harddrive into the mother board, and was too lazy to go buy an adapter to make it an external harddrive (and my dad doesn't know the password for the sbc account, so I couldn't re-download the antivirus, and he had lost the disk which had it too), but with my mother board came a some-number trial of "Bullguard" antivirus, which I absolutely hated as it was a big memory hog and was fairly invasive and annoying, but it was definitely a lot better than nothing. So my bullguard trial ran out, I saw this thread and got Avira. After like 2 days of using Avira I already love it. It's totally non-invasive, uses a ridiculously low amount of cpu, and found a couple things sitting in my computer which bullguard had never noticed.
tl;dr Avira is great.
|
On October 25 2008 08:57 PsycHOTemplar wrote: In any case, the best anti-virus is just not downloading shit you don't trust =/ I don't even bother with anti virus software anymore, cause frankly it slows the computer down as much as any virus anyway.
It's not the 90s anymore. Malware is being distributed via clever ways these days, often via exploits in very common applications (often the browser or one of its plugins (e.g. Flash player)). There are also things like malicious ads or compromised/cracked servers (so that even trusted sites can in some cases spread malware (without the admins knowing it for a while)). Most of that stuff is completely invisible for the user. Plus, modern malware rarely wants to make your PC malfunction, because that would make you realize your PC is infected. Instead, it wants to include your PC into a botnet and then use it for sending spam or for DDoS, or it wants to spy out passwords, files etc. A virus scanner is simply essential when using Windows, and updating all your software is just as essential. Plus, most Windows home users use at least a few cracks or pirated software (games, MS Office, Photoshop, maybe more), and these things are often infested (unless you have good sources, but then you're not the majority anymore).
*Desktop firewalls* are almost useless though (i.e. all those firewalls which run on the very machine you want to secure), since they can always be circumvented (even non-malware sometimes uses firewall circumvention techniques, e.g. Real Player) and they are only useful in rare cases and only when configured properly, but the target audience for those firewalls (clueless home users) has no clue about that anyway and/or just uses the default settings.
|
I'm wondering if this is normal but, when I tried to use the Kaspersky Lab's free online computer scan, my fire fox suddenly closed. Anyone? Please and thank you.
|
On November 04 2008 12:54 Indreide wrote: I'm wondering if this is normal but, when I tried to use the Kaspersky Lab's free online computer scan, my fire fox suddenly closed. Anyone? Please and thank you. use IE probably.
|
i think this thread deserves a bump
My ad-aware has been picking up a malware called virtumonde, but it keeps coming back when i try to delete it. any tips?
|
On December 28 2008 01:59 goldenkrnboi wrote: i think this thread deserves a bump
My ad-aware has been picking up a malware called virtumonde, but it keeps coming back when i try to delete it. any tips? safe mode probably. and there's freeware out there that's supposed to kill any file, regardless of restrictions. i can't remember where i found it, was just looking at it the other day.
hmm i'll get back to you
|
maybe do a google search? i found like 5 removal entries, normally some pests like that need an special software because they make an entry on your registry file and save files on hidden places. In case nothing works its always good to look for the exact file that contains the pest (look at the task bar on windows, find the process that contains the pest then make a search on your HD to find the file). Then with the name go safe mode and delete the file, normally you cant delete in normal mode because the process is being used. Just work a little.
|
Northern Ireland22201 Posts
Oh wow, I've been relying on Spybot and Adaware....thanks for opening my eyes
Edit: I had Virtumonde a while ago, had to use ComboFix to get rid of it.
|
i think malwarebytes got rid of it. not 100% sure though.
|
Aotearoa39261 Posts
Hum, I have no idea what I'm dealing with here. My brothers laptop is pretty much fucked and barely anything runs right. More specifically, his firefox has been hijacked and I'm pretty sure he's got a virus which is fucking with the comp (he thinks its virut, but i've check for it and nothing has come up =/)
I've tried installing/running avast, avg and bitdefender but they aren't picking anything up since I can't update them to the latest version (i think the virus is to blame here, but i could be wrong). In my efforts to update, I've tried downloading the manual update on my clean laptop and tried to run it on the infected one - that failed. Here's hoping TL can help out!!
+ Show Spoiler [Hijack this log] +Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:42 p.m., on 10/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - skrb32.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (file missing) O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing) O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Network.exe (file missing) -- End of file - 10446 bytes
I can try anything you want.
|
|
|
Aotearoa39261 Posts
I'll give it a go, but I dont think i'll be able to update avira
UPDATE: browser hijack fix thing didn't fix anything =/
|
On February 26 2008 21:32 1a2a9a wrote: For anti-spyware scanners throw in SUPERAntiSpyware, Malware Bytes Anti Malware, and Dr. Web Cureit.
Ad-Aware, Spybot, and Windows Defender are useless
You may want to throw in some basic anti-rootkit programs like Blacklight, AVG anti-rootkit, Sophos anti-rootkit. However you should include a warning not to fix anything if these detect anything, and instead post on a known anti-malware forum.
Also you could have a group for other programs like SpywareGuard, SpywareBlaster, MVPS hosts file, and other tools that don't fit into any category.
Why spybot useless? I have faith in spybot
|
On July 10 2009 20:34 Plexa wrote:Hum, I have no idea what I'm dealing with here. My brothers laptop is pretty much fucked and barely anything runs right. More specifically, his firefox has been hijacked and I'm pretty sure he's got a virus which is fucking with the comp (he thinks its virut, but i've check for it and nothing has come up =/) I've tried installing/running avast, avg and bitdefender but they aren't picking anything up since I can't update them to the latest version (i think the virus is to blame here, but i could be wrong). In my efforts to update, I've tried downloading the manual update on my clean laptop and tried to run it on the infected one - that failed. Here's hoping TL can help out!! + Show Spoiler [Hijack this log] +Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:42 p.m., on 10/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - skrb32.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (file missing) O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing) O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Network.exe (file missing) -- End of file - 10446 bytes I can try anything you want.
Spybot search & destroy? Not endorsed in this thread but I have experienced it as very good. What about service pack and windows update? Especially worms can infect removable media and other computers through the network so make sure your other machine is protected
|
Aotearoa39261 Posts
I'm starting to think it isn't a hijack at all =/ probably something much worse. I keep getting redirected to odd sites and none of the standard virus sites will load.
UPDATE: Avira won't install. It starts loading then gets nuked about 3/4 of the way through
|
none of the standard virus sites will load? that reminds me of conficker. Was the infected machine patched through windows update?
Does the sites you get redirected to propose downloading their antivirus programs?
|
Aotearoa39261 Posts
My brother says that he did an update earlier today (after infection). He thinks he got an infection from Bitdefender off one of the sites listed at katz.cd. (doh)
it gets redirected to abcjmp.com which redirects to chinasexculture.com
|
then please search for csrss.exe using win+f
did you find anything?
|
Aotearoa39261 Posts
yes, one in system 32 and one in windows/servicepackfiles
|
please remove the files and reboot the computer
|
Aotearoa39261 Posts
system32 one won't remove itself, its currently in use as a process - do you want me to kill it anyway?
|
no. go to system32 and enable show hidden files search for tdssadw.dll tdssl.dll tdssmain.dll tdssinit.dll tdsservers.dat
|
Aotearoa39261 Posts
|
did you enable show hidden files? in that case try using "run" and type C:\WINDOWS\system32\tdssl.dll what happends?
|
Aotearoa39261 Posts
yup enabled file not found when i try to run it
|
then it's a different type. http://www.combofix.org/ might be of assistance try to install it. with luck it's to unknown to be blocked
|
Aotearoa39261 Posts
|
this is some kind of really nasty rootkit infection. Is the machine 32bit or 64? I think it's very hard to bust out either way but probably impossible if you have 64 bit
|
|
Aotearoa39261 Posts
I'm fairly sure its 32bit XP
|
|
wait does this mean bleepingcomputer is a bad site?
|
On July 10 2009 20:51 Patriot.dlk wrote:Show nested quote +On February 26 2008 21:32 1a2a9a wrote: For anti-spyware scanners throw in SUPERAntiSpyware, Malware Bytes Anti Malware, and Dr. Web Cureit.
Ad-Aware, Spybot, and Windows Defender are useless
You may want to throw in some basic anti-rootkit programs like Blacklight, AVG anti-rootkit, Sophos anti-rootkit. However you should include a warning not to fix anything if these detect anything, and instead post on a known anti-malware forum.
Also you could have a group for other programs like SpywareGuard, SpywareBlaster, MVPS hosts file, and other tools that don't fit into any category. Why spybot useless? I have faith in spybot
I do think that SUPERAntiSpyware is a lot better though, that program fixed a lot of shit for me that other programs couldnt
|
Aotearoa39261 Posts
lol i just tried to install the microsoft rootkit thing above, but it needed to not be in safemode. I restarted into normal windows and lol it just took ages to load then BSODd
will try the link above now
|
I think this like malign cancer all over a human brain. Treatment it either to weak our will leave the computer totally crippled afterwards and probably not totally clean either :/
|
Aotearoa39261 Posts
LOL the ftp you linked has been blocked by this motherfucker lolol
|
On July 10 2009 21:53 7mk wrote:Show nested quote +On July 10 2009 20:51 Patriot.dlk wrote:On February 26 2008 21:32 1a2a9a wrote: For anti-spyware scanners throw in SUPERAntiSpyware, Malware Bytes Anti Malware, and Dr. Web Cureit.
Ad-Aware, Spybot, and Windows Defender are useless
You may want to throw in some basic anti-rootkit programs like Blacklight, AVG anti-rootkit, Sophos anti-rootkit. However you should include a warning not to fix anything if these detect anything, and instead post on a known anti-malware forum.
Also you could have a group for other programs like SpywareGuard, SpywareBlaster, MVPS hosts file, and other tools that don't fit into any category. Why spybot useless? I have faith in spybot I do think that SUPERAntiSpyware is a lot better though, that program fixed a lot of shit for me that other programs couldnt
Yeah OK. I will try it out for sure! Thanks for reply.
Plexa I im still naked in my computer chair and i'm out of ideas. I will proceed with life and then check into this thread later
|
|
Aotearoa39261 Posts
|
try again it was probably not updated
|
the best way of keeping your system clean while not having gay performance decreasing antivirus/firewall/antspy software, is makin constant backups of a clean system and restore those often enough.
to make a backup you can use applications like CloneZilla: http://www.clonezilla.org/
just format your HDD. make 2 partitions to seperate data from applications. (with gparted f.e.) make a clean install of an OS you like. install all the applications that you like and you know are clean. then use clonezilla to make a backup image.
now all you gotta do is collect the applications you would like to add to the system (the installers) and every month or so you can do this: - restore your image of the system partition. - install all the apps you collected and whish to add to your system - make a new backup image of the new system - enjoy a "brand new" computer every month without needles bullshit apps which slow down your pc
|
|
Aotearoa39261 Posts
aha! victory!! Dr Web looks like it's going to do the trick
|
Please check PM for further instruction. Really glad to be of assistance to you
|
ah thats a relief lol
SUPER anti spyware and malwarebytes are great btw, not so sure about spybot and the others
how does AVG rate against the other free anti virus software in terms of detection and real time protection?
|
On July 10 2009 23:13 JohnColtrane wrote:ah thats a relief lol SUPER anti spyware and malwarebytes are great btw, not so sure about spybot and the others how does AVG rate against the other free anti virus software in terms of detection and real time protection?
Good if remember correctly. I think youtube has plenty of clips regarding that and you can probably find first hand sources using google!
I personally use nod32 that I assumed was veery good but after being very badly hurt by smitfraud trojans right under the nose of nod32 I now have doubt.
Also I would like to point out that my opinion is not professional at all as I only studied Internet security for a total of 7.5 swedish HP, (it was 6 weeks of studies) so anything I say could be wrong. Should've warned plexa about that lol
btw I successfully removed Smitfraud with SS&D.
|
would love to find a guy who makes viruses.. the things' he'd endure..
|
|
|
On July 11 2009 00:07 epicdoom wrote:Nice! Great idea. Oh and this.. + Show Spoiler +
at first i thought the linux guy got run over by the motorcycle xD
|
On July 10 2009 23:24 Patriot.dlk wrote:Show nested quote +On July 10 2009 23:13 JohnColtrane wrote:ah thats a relief lol SUPER anti spyware and malwarebytes are great btw, not so sure about spybot and the others how does AVG rate against the other free anti virus software in terms of detection and real time protection? Good if remember correctly. I think youtube has plenty of clips regarding that and you can probably find first hand sources using google! I personally use nod32 that I assumed was veery good but after being very badly hurt by smitfraud trojans right under the nose of nod32 I now have doubt. Also I would like to point out that my opinion is not professional at all as I only studied Internet security for a total of 7.5 swedish HP, (it was 6 weeks of studies) so anything I say could be wrong. Should've warned plexa about that lol btw I successfully removed Smitfraud with SS&D.
Which more than enough, I was following this thread and you did everything pretty well short of picking apart the HijackThis log. There really isn't a need for professional advice as anyone with access to google can make a legitimate attempt at fixing their computer (because nobody is alone come spyware and viruses)
|
|
On July 10 2009 23:24 Patriot.dlk wrote: I personally use nod32 that I assumed was veery good but after being very badly hurt by smitfraud trojans right under the nose of nod32 I now have doubt.
nod32/eset smart security is a great av/firewall combo. Low resource usage and unobtrusiveness is great in comparison to the competeition*cough* Norton *cough*. However that said EVERY av in existance is only as good as it's signature database/heuristic detections. Most trojans and virus will be undetectable for a period of time until the av companies catch on.
You got unlucky but it's still a great product, at the end of the day there is no 100% protection.
|
at least its rated as a very low threat, so if you are infected its not likely to be a disabling virus but more of an annoyance?
|
On July 11 2009 17:13 JohnColtrane wrote:at least its rated as a very low threat, so if you are infected its not likely to be a disabling virus but more of an annoyance?
It downloads other malware is very hard to get rid off. Not sure why they rank it as low threat
|
On July 11 2009 16:29 ibutoss wrote:Show nested quote +On July 10 2009 23:24 Patriot.dlk wrote: I personally use nod32 that I assumed was veery good but after being very badly hurt by smitfraud trojans right under the nose of nod32 I now have doubt.
nod32/eset smart security is a great av/firewall combo. Low resource usage and unobtrusiveness is great in comparison to the competeition*cough* Norton *cough*. However that said EVERY av in existance is only as good as it's signature database/heuristic detections. Most trojans and virus will be undetectable for a period of time until the av companies catch on. You got unlucky but it's still a great product, at the end of the day there is no 100% protection.
That rings true to me. I guess you can't trust any software the way I did. I didn't even have additional removal software installed a lesson i've learned now.
|
Everytime i "correctly" turn off my comp, it fucks up when i have to start it back up again. I get a error message and I have to fix the errors with my windows CD which takes 5 to 10 minutes. Now when I want to turn off my comp, I hold the power button for 5 seconds which kills the power and my comp starts up fine the next time around.
|
|
nitram I suffered from similar problems when using SUPER anti-spyware. So i suggest this:
win+r -> type msconfing -> autostart -> google everything you don't recognizing in your startup. Uncheck one thing at the time and then reboot to see if it did the trick.
Whatever causes the error should be reinstalled. Also, I actually missed that Plexa posted a hijack this log, I understand those a little bit so please post one
|
What would possess you to make a virus in the first place?
|
What would possess you to make a virus in the first place?
After many hours of research and investigation the field has been narroved down to two reasons:
+ Show Spoiler +The first one is money, duh
+ Show Spoiler +THEY DO IT FOR THE LULZ OBV
|
On July 10 2009 22:01 Patriot.dlk wrote: Plexa I im still naked in my computer chair and i'm out of ideas. I will proceed with life and then check into this thread later
Sorry for being off topic, but this cracked me up. Useful thread btw, bookmarked.
|
On July 11 2009 18:00 Patriot.dlk wrote:Show nested quote +On July 11 2009 17:13 JohnColtrane wrote:at least its rated as a very low threat, so if you are infected its not likely to be a disabling virus but more of an annoyance? It downloads other malware is very hard to get rid off. Not sure why they rank it as low threat i believe it is low threat in terms of somebody actually catching it...
|
Something to add from experience
How to prevent infections (addendum)
It's good to have a software AV like AVG, Karspersky or NOD32, but I highly recommend having a router with up to date firmware as well. To be honest, the best thing that can help prevent a virus is being smart about things.
From my own experience, awhile back for 2 years I used nothing but a router, without an AV. I would occasionally put AVG, Karspersky or NOD32 for a day or so and scan the whole computer. Nothing came up, but this is pushing it and I don't recommend just going with a router. Nowadays I let AVG do a daily scan.
Another thing is, if you have an illegal copy of Windows and you turned Windows Update off, it's a big risk. Microsoft releases bug and exploit fixes constantly as it tries to keep up with the new exploits. Same with AV programs. I highly recommend you either find a source of manual window updates, or just buy the damn thing.
In the end, not doing stupid things and visiting risky websites (including porn, warez, and sometimes chinese/russian sites) can prevent a lot of infections, because browsers like Firefox, Internet Explorer, etc themselves may have problems that people find and exploit.
Hope it helps.
|
I had a really annoying google hijack virus/spyware and tried many different things like AVG antivirus, malwarebytes, spyware search & destroy, etc etc and then found this thread and tried Avast and the thing was gone. Conclusion: thx for this thread, TL.net is the best & avast owns.
|
a good program is NetLimiter. if you suspect a program is accessing the internet, you can stop all communication and have complete control of any outgoing internet usage, limiting or stoping any program.
|
|
im not sure if this is a virus problem, but
whenever i try to go full screen when playing guild wars, my computer restarts. ive had no other problems, no new startup files or addons except for dumprep (which i think isnt malicious anyway.)
ive been using system restore frequently lately, would that have affected this? is this a virus? i scanned with malware bytes in safe mode and nothing came up. or is this just a shitty install? it seems weird because it was working yesterday fine. maybe too much system restore?
|
Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.
From the geekstogo forum. Whenever I have a computer problem that I can't fix I usually just go there. Check out their malware/spyware removal guide. It's really helpful. http://www.geekstogo.com/forum/Malware-Spyware-Cleaning-Guide-t2852.html
It's basically: Remove temp files->Backup->Run Scans->Run OTL and post log on forum
|
Comodo Firewall/Antivirus froze my comp with its new update, dont get it
|
So today I realized that i have the vista smart security 2010, total pc defender, and a bunch of other viruses pretending to be anti virus programs. Yesterday my computer ran fine. Avast doesn't work, its in an "inconsistent state" spybots not finding anything, malewarebytes doesn't install, my computer is only able to start in safe mode. What do I do? :o Now im following some instructions from www.geekstogo.com. I've run OTL and tried to install malwarebytes but its still not working... Dled it again for the 3rd time, still nothing.
|
On April 01 2010 04:59 nitram wrote:So today I realized that i have the vista smart security 2010, total pc defender, and a bunch of other viruses pretending to be anti virus programs. Yesterday my computer ran fine. Avast doesn't work, its in an "inconsistent state" spybots not finding anything, malewarebytes doesn't install, my computer is only able to start in safe mode. What do I do? :o Now im following some instructions from www.geekstogo.com. I've run OTL and tried to install malwarebytes but its still not working... Dled it again for the 3rd time, still nothing.
If you have that many problems... Formatting is easier.
|
On April 01 2010 05:45 Gnosis wrote:Show nested quote +On April 01 2010 04:59 nitram wrote:So today I realized that i have the vista smart security 2010, total pc defender, and a bunch of other viruses pretending to be anti virus programs. Yesterday my computer ran fine. Avast doesn't work, its in an "inconsistent state" spybots not finding anything, malewarebytes doesn't install, my computer is only able to start in safe mode. What do I do? :o Now im following some instructions from www.geekstogo.com. I've run OTL and tried to install malwarebytes but its still not working... Dled it again for the 3rd time, still nothing. If you have that many problems... Formatting is easier. Yep. I ended up giving up and formatting my C drive (still have my D with my music and a couple games) I honestly don't know what happened. I've never been hit with this many viruses before. It was so bad i was contemplating getting a mac.
|
On April 01 2010 06:44 nitram wrote:Show nested quote +On April 01 2010 05:45 Gnosis wrote:On April 01 2010 04:59 nitram wrote:So today I realized that i have the vista smart security 2010, total pc defender, and a bunch of other viruses pretending to be anti virus programs. Yesterday my computer ran fine. Avast doesn't work, its in an "inconsistent state" spybots not finding anything, malewarebytes doesn't install, my computer is only able to start in safe mode. What do I do? :o Now im following some instructions from www.geekstogo.com. I've run OTL and tried to install malwarebytes but its still not working... Dled it again for the 3rd time, still nothing. If you have that many problems... Formatting is easier. Yep. I ended up giving up and formatting my C drive (still have my D with my music and a couple games) I honestly don't know what happened. I've never been hit with this many viruses before. It was so bad i was contemplating getting a mac.
Combofix it first next time before you format.
|
It said i have 812 problem things. How do i get rid of all this?
|
On April 01 2010 11:19 Jlab wrote: It said i have 812 problem things. How do i get rid of all this? your going to have to be a little more specific buddy
|
On April 01 2010 11:19 Jlab wrote: It said i have 812 problem things. How do i get rid of all this?
Press delete all!
|
and i can't buy it so it wont delete them all.
|
I really hope you are just oblivious and not trolling.
|
Sorry to bump this thread, I don't where else I can ask this simple and stupid question. It's just out of paranoia, I'm following the geekstogo's tutorial to preventing viruses/malware and I'm at the OpenDNS part of the section. Would doing this hurt me as an avid torrent user? Thanks.
|
United States4053 Posts
On July 30 2010 12:32 YoonHo wrote: Sorry to bump this thread, I don't where else I can ask this simple and stupid question. It's just out of paranoia, I'm following the geekstogo's tutorial to preventing viruses/malware and I'm at the OpenDNS part of the section. Would doing this hurt me as an avid torrent user? Thanks.
I'm pretty sure it won't affect your torrenting, but could I have a link to the page so I can see exactly what it says?
|
|
United States4053 Posts
ok, got it. OpenDNS shouldn't affect torrenting at all.
|
On July 30 2010 13:45 infinitestory wrote:ok, got it. OpenDNS shouldn't affect torrenting at all.
Thanks! :D
|
Ok today while I was browsing TL, a popup appeared and it said that my computer was infected and I need to install Antivir Pro or something like that to clean it. I can't start any programs cuz it says something is wrong and I can't go on any websites/links. The only thing I had on my laptop is Microsoft Security Essentials and right now i'm scanning in safe mode. I have a feeling its not going to work and I might have to do a clean format. But is there anything else I can do?
Is it possible to download a program and get the .exe on my external and run it from there or what?
|
I know it's not caused by browsing TL, but I think it's one of the files I DLed yesterday.
|
Might as well add my two cents.
Nothing can replace just not being a dumb ass and downloading and installing things randomly or randomly click ok or yes to everything.
But things i'd endorse http://www.virustotal.com/ A Single file scanner that works by putting that file though practically every online scanner out there, it's good for small files that you just need to doubt check.
Microsoft security essentals http://www.microsoft.com/security_essentials/ I'd use this as my basic virus scanner, becuase 1 it's free 2 it's as good as the rest and 3 it's not going to give any problems to normal windows operations as it's built for windows by the ppl who made windows. Ofc adding other things to your mothly scan like malbytes or S&D can't hurt either
And for ppl who don't regularly check for updates http://secunia.com/vulnerability_scanning/personal/ I haven't used it too much but i've read about it and it seems to be a pretty good update checker for ppl who would need it.
Out of all those things i'd say the last one is the most important. Most things can be avoided simply be keeping everything up to date. And you want to run it at least once a week.
Think you are pretty good at keeping things up to date well try their online scanner and see http://secunia.com/vulnerability_scanning/online/?task=load
|
Zone alarm is like a virus in itself, and will often screw with your computer. My and several of my colleagues experience with Zone alarm has not been good.
|
So I got myself the 'System Tools' virus. I had a similar experience with 'Security Suite' a while ago.
I can't remember exactly how I got rid of Security Suite but I remember it was complicated because I had to borrow my neighbor's connection, etc but in the end it was malwarebyte that god rid of it.
Now I'm trying to run mwb and I can get it to run fine but it won't detect System Tools correctly. I think the problem is that's outdated and I can't get it to update on the infected computer. I tried copying the installer + rkill but to no avail. The infected computer is unable to connect to the internet, regardless of whether I'm on safe mode with network capability.
Any help? I think next time I'll try updating on my laptop and moving the whole folders over. Right now I'm running a full scan on my desktop in hopes that it'll do something.
I don't have much experience with computers and most of my knowledge comes from just first-hand experience trying to circumvent weird barriers in my life. I'm going out for a bit but I'll update when I get back.
|
United States4053 Posts
On December 13 2010 06:39 Wala.Revolution wrote: So I got myself the 'System Tools' virus. I had a similar experience with 'Security Suite' a while ago.
I can't remember exactly how I got rid of Security Suite but I remember it was complicated because I had to borrow my neighbor's connection, etc but in the end it was malwarebyte that god rid of it.
Now I'm trying to run mwb and I can get it to run fine but it won't detect System Tools correctly. I think the problem is that's outdated and I can't get it to update on the infected computer. I tried copying the installer + rkill but to no avail. The infected computer is unable to connect to the internet, regardless of whether I'm on safe mode with network capability.
Any help? I think next time I'll try updating on my laptop and moving the whole folders over. Right now I'm running a full scan on my desktop in hopes that it'll do something.
I don't have much experience with computers and most of my knowledge comes from just first-hand experience trying to circumvent weird barriers in my life. I'm going out for a bit but I'll update when I get back. Just transfer the installer over on a USB stick. It should work fine.
|
|
United States4053 Posts
On December 13 2010 06:57 Wala.Revolution wrote: Tried; didn't work. Try renaming mbam-setup-1.50.0.0.exe to mbam-setup-1.50.0.0.scr
|
Okay, I think I got rid of the virus, but I can't connect to the internet.
Not certain if related, but task bar shows that I have 'limited or no connectivity'. When I log on to windows I get the error 'Windows cannot find c:\docume~1\owner\locals~1\temp\csrss.exe ......'. Currently trying to fix it; if anyone has any idea, help!
|
United States4053 Posts
On December 13 2010 18:43 Wala.Revolution wrote: Okay, I think I got rid of the virus, but I can't connect to the internet.
Not certain if related, but task bar shows that I have 'limited or no connectivity'. When I log on to windows I get the error 'Windows cannot find c:\docume~1\owner\locals~1\temp\csrss.exe ......'. Currently trying to fix it; if anyone has any idea, help! Go to your command prompt and type sfc /scannow
|
says I need windows cd to proceed; is there a (legitimate) way to do it without?
|
My Vote is for Z Free Antivirus Free Antivirus Zone Alarm and ZenOK the other made my computer slow
|
So my university's IT notifies me that I have a corrupted program on my computer, and they shut down my ethernet network. Specifically, what they want me to do is do a complete factory setting restore and change my passwords, which I think is ridiculous (factory restore part). I now just used microsoft forefront to see what exactly caused this situation, and I found 3 variations of Exploit:Java/CVE-2008-5353. I immediately chose to remove them. Do you think I can get away with telling them I have "successfully restored the computer in that my computer will not harm the school's network?"
From what I've heard, they verify that a student restored his computer through a phone call; they don't necessarily need direct evidence. But still, I'm a bit weary whether I should alter the truth or not..Will removing such malicious code by a program be enough to avoid restoring the computer its factory settings?
|
So yesterday I was doing some starcraft related things such as the final year end tournament for my uni, the IPL qualifiers + the craftcup. I had won my first match in craftcup and as I remember at the time was logged into the US craftcup site, team liquid and sc2. Around when I was looking into my second match for CC where I had clicked back into SC2 I hit a large lag spike for around a minute and then was hit with a fake antivirus called Vista Anti-spyware.
Basically, i've had to do a full system reset on my computer and pretty much restore everything because even without installing the virus (clicking the bs comments which say you should install it), it rerouted all of the executables and made it impossible to get into any files which was not a shortcut to begin with.
It's not so much removing the virus, though I do know there was most likely a better method to do so, the frustrating part is getting such a nasty virus without seeming to have done anything obvious to get it in the first place. Aside from adding an antispyware such as malwarebytes is there anything else I can do in the future to prevent this? I'm almost hesitant at this point to sign up for tourneys at the moment even though i'm sure it was mostly just bad luck.
|
Just wanted to express my thanks; thread saved me from yet another reformat. Thanks again!
|
On May 05 2011 08:58 billy5000 wrote: Do you think I can get away with telling them I have "successfully restored the computer in that my computer will not harm the school's network?" If the issue is recurring, they'll be notified again and know that you didn't tell the truth.
On May 05 2011 08:58 billy5000 wrote: From what I've heard, they verify that a student restored his computer through a phone call; they don't necessarily need direct evidence. But still, I'm a bit weary whether I should alter the truth or not..Will removing such malicious code by a program be enough to avoid restoring the computer its factory settings? It depends on the specific exploit and its characteristics. I've had customers with compromised machines that even after system restores, or formatting and re-installing Windows, there are still issues and it requires further investigation. Some are solved simply by deleting the affected files.
What are your reservations about restoring?
On May 10 2011 02:43 KingDime wrote: Aside from adding an antispyware such as malwarebytes is there anything else I can do in the future to prevent this? I'm almost hesitant at this point to sign up for tourneys at the moment even though i'm sure it was mostly just bad luck. Experience around the web mostly. The biggest thing comes from knowledge of what you're associated with and what you're visiting. Something as simple as alt-tabbing from a game and accidentally clicking some ad on a website could be an issue that most people wouldn't think twice about; then 2 weeks later, they've been compromised and don't know what's going on.
A lot of people mistakenly believe that there are hackers out there that are just going to pick your computer out of the millions. It doesn't work that way, and people get really paranoid over something that's generally their fault for lack of experience and ignorance.
I've been running 5+ years without an anti-virus or spyware protection and I've had no issues, and the customers that come to me with problems are always confused how that is. It's getting to the point where the calls I'm getting, it's going to be worth setting up a class just to teach people safe habits.
|
Hey, Im worried i may have a virus on my computer, its running much slower than usual and things like my iphone wont be noticed by my computer or itunes ect. I was wandering how much of the stuff on the first page is still considered to be good and what the best course of action for someone in my situation. I used to have Kaspersky intalled by the subscription recently ran out but i had just assumed it was still fine and i didnt need to upgrade, so i had been scanning all the files i use before opening with them assuming it would be fine but having read around now i think i might be in trouble =S, Any advice guys?
|
On June 29 2011 03:08 Pure.Calm wrote: Hey, Im worried i may have a virus on my computer, its running much slower than usual and things like my iphone wont be noticed by my computer or itunes ect. I was wandering how much of the stuff on the first page is still considered to be good and what the best course of action for someone in my situation. I used to have Kaspersky intalled by the subscription recently ran out but i had just assumed it was still fine and i didnt need to upgrade, so i had been scanning all the files i use before opening with them assuming it would be fine but having read around now i think i might be in trouble =S, Any advice guys?
malware is still pretty strong spybot search and destroy works as well. if you don't have malware bytes you might want to try running that as long as something like spybot.
|
I just ran malware bytes and it said it found something in the registrar directory is it? Anyway i clicked fix it and my computer appears to be working better now
|
If I install one of these firewall programs, should I still keep my Windows firewall running?
|
On July 06 2011 04:22 Karliath wrote: If I install one of these firewall programs, should I still keep my Windows firewall running? i have the same question
|
No one firewall is enough 2 is like putting a door next to a door if you have to make a doggy door you need to make 2 and frankly on vista and windows 7 the default firewall is plenty, in reality the firewall that you should care about is the one on the router, you shouldn't disable that just because it messes with games but manually enter in ports that you want open when you run into issues.
|
On July 20 2011 06:47 JiYan wrote:Show nested quote +On July 06 2011 04:22 Karliath wrote: If I install one of these firewall programs, should I still keep my Windows firewall running? i have the same question
No, but it shouldn't be an issue. Almost all of the installers will disable your Windows Firewall automatically. You shouldn't run two firewalls, just like you shouldn't run two of the same type of anti-virus. They cause all kinds of annoying conflicts.
I strongly recommend Comodo's free firewall - it is much better than Windows Firewall (and ZoneAlarm).
I have the feeling the OP has not been updated recently because Microsoft Security Essentials is not on that list, and by almost all standard tests it is better than Avast.
|
I decided to necro this thread because after searching the internets I hadn't found a definite answer to an urgent issue - and I know tl.net has members who can and will help me out:
Is it completely safe and OK to plug in a (most likely) infected usb stick, cancel any autorun hokey pokey that might appear and format it? Data loss is not an issue.
+ Show Spoiler [Info about the stick.] +
|
Giving this a little bump, attempting to fix a computer whose problem is (blue screens upon trying to get on the internet)
So that sucks.
Just going to be following the suggestions on scanning and removing of viruses, etc. If anyone has some updated information on a programs out there that would be great.
|
On November 27 2011 05:20 StorrZerg wrote: Giving this a little bump, attempting to fix a computer whose problem is (blue screens upon trying to get on the internet)
So that sucks.
Just going to be following the suggestions on scanning and removing of viruses, etc. If anyone has some updated information on a programs out there that would be great.
whats the blue screen error code?
|
On November 27 2011 05:21 Boblhead wrote:Show nested quote +On November 27 2011 05:20 StorrZerg wrote: Giving this a little bump, attempting to fix a computer whose problem is (blue screens upon trying to get on the internet)
So that sucks.
Just going to be following the suggestions on scanning and removing of viruses, etc. If anyone has some updated information on a programs out there that would be great. whats the blue screen error code?
where can i find that? the screen pops up, and is gone within seconds.
Also, booting in safe mode with networking (still same problems)
I ran malwarbytes and it is 90 days overdue for an update, is there a latter version listed some where? (or can i update it and just copy it on my flash drive and then run it?)
|
|
All righty, first time using this, i have the "logs now"
2 files are "red"
ntkrnlpa.exe raspptp.sys
what am i looking for now? I still don't see a "error" code.
|
On November 27 2011 05:41 StorrZerg wrote: All righty, first time using this, i have the "logs now"
2 files are "red"
ntkrnlpa.exe raspptp.sys
what am i looking for now? I still don't see a "error" code.
The website I linked goto it and look at those 2 pictures, it will show you the actual BSOD and then the Bluescreenview, you will see that Bug Check Code is what your looking for. Same with the Bug Check String
|
ok Bug check string is IRQL_NOT_LESS_OR_EQUAL Bug check code is 0x0000000a
running ccleaner now :/
|
|
|
|