The Giant anti-spyware/anti-virus thread.

jimminy_kriket

Canada5498 Posts

February 26 2008 07:13 GMT

What to do if you are infected!

First, download and run CCleaner from here. This should clean alot of junk from your computer and make virus scans faster. Next scan with at least 2 of the online virus scanners listed at the bottom of the page, I recommend the e-set scanner and the f-secure scanner. Run them in Internet explorer. Once that has finished download and install Malwarebytes. Once its installed restart if you have to then do a full update and a full scan.

Once the scan has finished restart your computer, if you're still experiencing problems or just want to be safe download HijackThis. Do a full scan and save a logfile. Post the logfile here but first READ THIS. It is a forum of expert computer users who will be able to understand your logfile and diagnose your problem.

----------------------------------------------------------------------------------------------------------------------------------------------

How to prevent infections!

Try to run an antivirus program with a real time scanner, as a rule of thumb, do not run multiple real-time scanners. They will conflict and could cause problems.
And remember to ALWAYS SCAN SUSPICIOUS FILES. This includes most files from services like bittorrent / p2p programs.

----------------------------------------------------------------------------------------------------------------------------------------------

Anti-Virus Programs
First and foremost everyone should have a good local anti-virus and anti-spyware program to prevent infections before they begin.

Recommendation

Avast 4 Home Edition

avast! 4 Home Edition is a complete antivirus and anti-spyware solution, fully able to find computer viruses, to create and check the integrity of programs installed, to test executed programs and opened documents, to test and check email and other functions. Scanning is also available in the shell extension and screen server.

-Automatic updates
-Real-Time protection
-P2P and IM Shields
-Support for 64-bit Windows
-99.4% Detection Rate

+ Show Spoiler [Other good antivirus programs] +

AVG Anti-Virus
AVG Free Edition is the well-known antivirus protection tool. AVG Free is available free of charge to home users for the life of the product.

-Easy to use, low system resources
-Automatic update functionality
-Real-time protection as files are opened and programs are run
-Detects both Spyware and Viruses
-98.1% Detection Rate

AntiVir

Avira AntiVir PersonalEdition Classic is a comprehensive, easy to use antivirus program, designed to offer reliable free of charge virus protection to home-users only.

-Real-Time scanning
-Automatic updates
-99.6% Detection Rate

BitDefender
BitDefender Free Edition is your chance to use one of the world's most effective antivirus engines for free!

BitDefender Free Edition uses the same ICSA Labs certified scanning engines found in other BitDefender products, allowing you to enjoy basic virus protection for no cost at all.

-Scheduled scanning
-No Real-Time scanning
-98% Detection Rate

Comodo Antivirus

Developed by one of the world's leading IT security providers, Comodo AntiVirus leverages multiple technologies (including on demand & on access scanning, email scanning, process monitoring, worm blocking and host intrusion prevention) to immediately start cleaning or quarantining suspicious files from your hard drives, shared disks, emails, downloads and system memory.

-Real-time On Access scanning
-Daily, automatic updates of virus definitions

PCTools Anti-virus
With PC Tools AntiVirus Free Edition you are protected against the most nefarious cyber-threats attempting to gain access to your PC and personal information.

-Real Time Protection
-On Demand scanner
-Automatically Updates

ClamWin
A desktop antivirus based on the open source ClamAv.

-Standalone Virus scanner
-No Real-time scanning
-Automatic Updates

----------------------------------------------------------------------------------------------------------------------------------------------

Anti-Spyware

EVERYONE should have a good anti-spyware program. Spyware are unwanted programs that install themselves on your computer. Instead of simply breaking your computer, these programs do things like Steal passwords, credit card numbers,Serial keys, and even watch what you type.

Programs like Ad-Aware and Spybot Search and Destroy are outdated and should be replaced with Malwarebytes and SUPERAntiSpyware which are the next generation of anti-spyware products.

Recommendation

MalwareBytes' Anti-Malware
Recommended by 1a2a9a

-Support for Windows 2000, XP, and Vista.
-Settings to enhance your Malwarebytes' Anti-Malware performance.
-Works together with other anti-malware programs.

AND

SUPERAntiSpyware
Recommended by 1a2a9a, Guru of all things anti-spyware.

-High detection Rate
-Manual Update Only
-Scans for all known types of spyware including rootkits.

+ Show Spoiler [Other good anti-spyware software] +

AVG Anti-Spyware

AVG Anti-Spyware Free Edition is a popular free antispyware solution available at no cost to home users and provides a high level of detection capability.

-High detection rate
-No Automatic updates
-No real-Time protection

Dr.Web Curit
Recommended by 1a2a9a

-Automatic Updates up to twice per hour.
-Fast response time to new threats.
-Detects all forms of spyware including rootkits.

----------------------------------------------------------------------------------------------------------------------------------------------

Firewalls

Firewalls basically attempt to stop malicious programs or users from passing data to or from your computer.

Recommendation

Either. Both firewalls should be able to protect you from most intrusions. Feel free to try them both and decide which suits you best.

Zonealarm

Protect yourself with the best multi-layered firewall technology around. ZoneAlarm keeps intruders out, protects your PC to the core and makes you invisible to hackers.

-Essential firewall protection
-Be invisible to others online
-Easy to use and install

Comodo Firewall

The program provides a smorgasbord of information and options for advanced users, but it's simple enough for beginners, and runs smoothly and silently in the background. The most obvious new features include support for Windows Vista.

-'Smart' Popup Alerts
-Application Behavior Analysis
-Automatic 'Firewall Training' mode
-Windows Security Center Integration
-Application Recognition Database
-Automatic Updates
-Submit Suspicious Files to Comodo

Single File Scan

Have a file your suspicious about and dont want to do a complete scan or dont trust your current antivirus? Use one of these scanners.

Virus Total
Jotti Online File scanner

----------------------------------------------------------------------------------------------------------------------------------------------

Online Scanners

Online scanners are a great way to scan your computer with top notch software without having to pay. I'd recommend everyone to scan with a couple scanners every now and then to check for anything your normal scanner may have missed.

Most detect both spyware and viruses.

Most of these require IE and its recommended to use it for all scans.

Eset (Nod-32) Online scanner - Recommended
F-Secure - Recommended
Trendmicro Housecall
BitDefender Online scanner
Kaspersky Online Scanner
Ewido Online scan
Panda Online scanner

Microsoft Windows Live One scanner
This scanner not only scans for viruses and spyware, but defrags your harddisk and cleans your registry to keep your computer running fast. Recommended for those who do not know how to defrag or clean their registry.

{ToT}Strafe

Thailand7026 Posts

February 26 2008 07:34 GMT

Nice post, I would have found this very useful a few months ago. Now I had to figure it out myself. Hope it will be useful to others though

BlueRoyaL

United States2493 Posts

February 26 2008 09:06 GMT

Supposedly KasperSky has the best detection rate:

1. Kaspersky version 7.0.0.125 - 99.62%
2. Active Virus Shield by AOL version 6.0.0.299 - 99.62%
3. F-Secure 2006 version 6.12.90 - 96.86%
4. BitDefender Professional version 9 - 96.63%
5. CyberScrub version 1.0 - 95.98%
6. eScan version 8.0.671.1 - 95.82%
7. BitDefender freeware version 8.0.202 - 95.57%
8. BullGuard version 6.1 - 95.57%
9. AntiVir Premium version 7.01.01.02 - 95.45%
10. Nod32 version 2.51.30 - 95.14%
11. AntiVir Classic version 7.01.01.02 - 94.26%
12. ViruScape 2006 version 1.02.0935.0137 - 93.87%
13. McAfee version 10.0.27 - 93.03%
14. McAfee Enterprise version 8.0.0 - 91.76%
15. F-Prot version 6.0.4.3 beta - 87.88%
16. Avast Professional version 4.7.871 - 87.46%
17. Avast freeware version 4.7.871 - 87.46%
18. Dr. Web version 4.33.2 - 86.03%
19. Norman version 5.90.23 - 85.65%
20. F-Prot version 3.16f - 85.14%
21. ArcaVir 2006 - 83.44%
22. Norton Professional 2006 - 83.18%
23. AVG Professional version 7.1.405 - 82.82%
24. AVG freeware version 7.1.405 - 82.82%
25. Panda 2007 version 2.00.01 - 82.23%
26. Virus Chaser version 5.0a - 81.47%
27. PC-Cillin 2006 version 14.10.1051 - 80.90%
28. VBA32 version 3.11.0 - 79.12%
29. ViRobot Expert version 4.0 - 76.22%
30. UNA version 1.83 - 75.44%
31. Rising AV version 18.41.30 - 73.60%
32. Sophos Sweep version 6.0.2 - 69.48%
33. Ikarus version 5.19 - 63.22%
34. Antiy Ghostbusters version 5.1.3 - 61.55%
35. Digital Patrol version 5.00.12 - 54.29%
36. Vexira 2006 version 5.002.45 - 52.66%
37. V3Pro 2004 version 6.1.1.2.640 - 52.38%
38. Ewido Premium version 4.0.0.172 - 51.27%
39. Ewido freeware version 4.0.0.172 - 51.27%
40. ClamWin version 0.88.4 - 51.23%
41. E-Trust version 7.2.0.0 - 50.36%
42. ZoneAlarm with VET Antivirus version 6.5.722.000 - 44.65%
43. A Squared Anti-Malware version 2.0 - 43.28%
44. A Squared Free version 2.0 - 43.28%
45. Zondex Guard version 5.4.2 - 41.73%
46. Comodo version 1.0.0.4 - 41.02%
47. Solo 4.0 version 3.1.0 - 40.83%
48. Protector Plus version 7.2.H03 - 37.04%
49. Quick Heal version 8.00 - 33.66%
50. PC Door Guard version 4.2.0.35- 24.13%
51. AntiTrojan Shield version 2.1.0.14 - 24.11%
52. VirIT version 6.1.9 - 21.39%
53. Trojan Hunter version 4.2.924 - 13.44%
54. Trojan Remover version 6.5.1 - 8.00%
55. Tauscan version 1.70.1414 - 7.70%
56. The Cleaner version 4.2.4319 - 6.03%
57. Hacker Eliminator version 1.2 - 1.70%
58. Abacre version 1.4 - 0.00%

just ROFL...LOL at the bottom ones.. 1.7% wtf i feel so bad for people that got scammed to buy those shit software

jimminy_kriket

Canada5498 Posts

February 26 2008 09:39 GMT

Shit I use abacre...

Thats a nice list, where'd you find it?

One Page Memory

Bulgaria2145 Posts

February 26 2008 10:17 GMT

I'll add my two cents to Zone Alarm. And my next two cents to AVG for healing a virus none other antivir could.

chiflutz

Romania1025 Posts

February 26 2008 10:21 GMT

The list is from the company that tests AV progs rather thoroughly on a regular basis, afaik. Forget the name. And as far as I can tell, it's up to date.

Imho, Kaspersky is good but a resource hog, I wouldn't use AOL software if they paid me, I haven't given F-Secure a try in years and I like BitDef.

pangshai

Chinatown5333 Posts

February 26 2008 10:53 GMT

perhaps you can rank each programme with stars to show how good each of them are when compared to the rest.

1a2a9a

Finland206 Posts

February 26 2008 12:32 GMT

For anti-spyware scanners throw in SUPERAntiSpyware, Malware Bytes Anti Malware, and Dr. Web Cureit.

Ad-Aware, Spybot, and Windows Defender are useless

You may want to throw in some basic anti-rootkit programs like Blacklight, AVG anti-rootkit, Sophos anti-rootkit. However you should include a warning not to fix anything if these detect anything, and instead post on a known anti-malware forum.

Also you could have a group for other programs like SpywareGuard, SpywareBlaster, MVPS hosts file, and other tools that don't fit into any category.

Sirakor

Great Britain455 Posts

February 26 2008 15:14 GMT

*makes obligatory comment about using alternative operating systems*

draeger

United States3256 Posts

February 26 2008 16:17 GMT

#10

On February 26 2008 21:32 1a2a9a wrote:
Ad-Aware, Spybot, and Windows Defender are useless

I've never found ad-aware or spybot useless - unless I'm behind the times and they have fallen off the list in the last year or so.

Back in college and around that time I was constantly asked to fix people's computer that had been overridden with spyware. My way I used to knock it out pretty consistently (except against the most extreme cases) was simply running ad-aware and spybot in safe mode. The two programs complemented each other nicely because ad-aware searched for spyware patterns while spybot was more of a brute force approach for thousands of known issues.

However as I said, I've been out of the computer fixing scene for a while. I haven't had to deal with anyone's PC in like 2 years. Since I'm educated enough to not get spyware or viruses in the first place, I don't even scan my computer but once every 3-4 months. When I need to do that, ad-aware seems to be ok.

scrapperdog

United States779 Posts

February 26 2008 16:31 GMT

#11

Anyone use or know about system spyware interrogator?

Neo7

United States922 Posts

February 26 2008 16:41 GMT

#12

Windows Live OneCare Safety scanner is pretty good to check out (online scanner for free).

If not for the virus protection, then for the performance checkpoint (defragmentation, registry cleaner, ect).

http://safety.live.com/

FreeZEternal

Korea (South)3396 Posts

February 26 2008 16:44 GMT

#13

Firewall, just use windows firewall. There's no reason to use any other firewall. I used to use Comodo Firewall but decided that it offers the same functions except for outgoing connections? You should only worry about outgoing connections leaks if you are stupid enough to download exe from fucked up sites.

1a2a9a

Finland206 Posts

February 26 2008 17:27 GMT

#14

unless I'm behind the times and they have fallen off the list in the last year or so.

This is the case, those programs are nowhere near as good as they were a few years ago

system spyware interrogator?

Nope which isn't a good sign

Firewall, just use windows firewall. There's no reason to use any other firewal

The Windows Firewall is pretty bad, it won't help you against spyware. Comodo and any other decent firewalls will

GHOSTCLAW

United States17042 Posts

February 26 2008 17:50 GMT

#15

I'm going to hafta put a vote towards ad-aware: even though it's fallen off lists becuase it's gotten worse against the really nasty stuff (which more of the spyware/adaware stuff is becoming) it's still pretty good about the light stuff that you're going to be able to remove easily. And on top of that, it's free, so you can just use it without worrying about the cost

Xeris

Iran17695 Posts

February 26 2008 17:51 GMT

#16

ok Question: there are TONS of free antivirus and antispyware ... should you just have 1 of each, or should you download multiple of each and run all of them? Does it matter ?

1a2a9a

Finland206 Posts

February 26 2008 19:15 GMT

#17

You should only have one anti-virus, and one firewall

You can have multiple anti-spyware programs, just make sure you don't have more than one real-time protection program. For example, Spybot has TeaTimer to protect your registry, if you install Ad-Watch by AdAware, or SpywareGuard then they will conflict and cause problems.

Other than that, there are no problems with multiple anti-spyware programs

FreeZEternal

Korea (South)3396 Posts

February 26 2008 19:16 GMT

#18

On February 27 2008 02:27 1a2a9a wrote:

Show nested quote +

This is the case, those programs are nowhere near as good as they were a few years ago

Show nested quote +

Nope which isn't a good sign

Show nested quote +

The Windows Firewall is pretty bad, it won't help you against spyware. Comodo and any other decent firewalls will

The inbound firewall of windows firewall is as effective as the inbound firewall of Comodo.

jimminy_kriket

Canada5498 Posts

February 26 2008 22:20 GMT

#19

Don't fight with 1a2a9a he knows his stuff.

And I will clean the post up a bit and try and list each program from best to worst and add a detection rate for each program (pending I can find one). And i'll add those programs you guys suggested. Thanks.

ShaLLoW[baY]

Canada12499 Posts

February 26 2008 23:21 GMT

#20

SUPERAntiSpyware
Recommended by 1a2a9a, Guru of all things anti-spyware.

-High detection Rate
-Manual Update Only
-Scans for all known types of spyware including rootkits.

See Kennigit I told you it was legit!

Enki

United States2548 Posts

February 27 2008 00:45 GMT

#21

Meh, maybe I just had a bad experience with Kasperky. Its full scan took like 7 hours or something ridiculous like that rofl....

I have just been using Ad-Aware, which acrually caught a bad trojan that I had on my comp that AVG missed....

Pressure

7326 Posts

February 27 2008 00:50 GMT

#22

this is an important thread. Thanks to 1a2a9a and jimminy for this
1a2a9a is AMAZING guys dont doubt

jimminy_kriket

Canada5498 Posts

March 04 2008 01:00 GMT

#23

Does anyone have any recommendation on which anti-spyware product to use for the average user? I added a "recommended" section for each product to make it easier but I dont know what anti-spyware to recommend as I've only tried AVG in the past (i use a paid product).

People with experience gimme your input!

Meh

Sweden458 Posts

March 04 2008 01:09 GMT

#24

I always wary of taking advice about antivirus and spyware from people I don't know, as most of the time they are just trying to get you to download their own brand of spyware, so that they can screw you themselves.

jimminy_kriket

Canada5498 Posts

March 04 2008 01:13 GMT

#25

I will obviously look into any programs people recommend. And if you're implying I am doing that, then die.

useLess

United States4781 Posts

March 04 2008 01:58 GMT

#26

ctrl-F: adblock
not found

While adblock is not a standalone program, this firefox extensions/add-on will help block a lot of ads and potentially dangerous sites from loading. Very handy.

Equinox_kr

United States7395 Posts

March 04 2008 03:48 GMT

#27

Just saw this thread from Pony Express ... you should add NOD32 because it's been saving my ass for quite a while now

It's not free, though.

ChkChk.Boom

United States140 Posts

March 05 2008 00:56 GMT

#28

I am soo screwed. I got a spyware which changed my desktop wallpaper with this huge warning thing. the color is blue, and in the letters it says YOUR COMPUTER IS IN DANGER! IT IS AFFECTED WITH SPYWARE!. or something like that and it's hard to change it. plus im starting to get all these random popups, and in my toolbar thing, there is this icon that, when i highlight it, it says, "Warning: Your computer is infected" Windows detected spyware infection! click this message to install the last update of Windows Security Software. and yeah i clicked it and thats how i got the desktop background thing. sunuvabiatch. -_-;; Any idea of how to take it out? i tried to install the mal-ware thing in the OP's post, but when i did, during installation it said there was some errors or something like that. But i'm scanning with Avira AntiVirus rite now.

Dark.Carnival

United States5095 Posts

March 05 2008 02:32 GMT

#29

has anyone had trouble finding a suitable working anti-spyware program for vista? there's windows defender but i don't think it's very good, seeing as it hasn't found anything lol. i know for me quite a few programs don't work with vista, or well the version i have, which is vista ultimate 64bit etcetc, basically the highest version of vista. currently im using avg anti-spyware and it seems to be working ok, just wondering if anyone else has problems with vista? :|

Krohm

Canada1857 Posts

March 05 2008 04:59 GMT

#30

Alright, well after not being home for 3 days. I decide to go onto my PC and for some reason it's hibernating... Which means some one was on my PC and doesn't realize that when you turn it off it just got into hibernation, unless you actually select to turn it off.

Well anyways, I turn it on. Only to find my computer with spyware. Now I'm unsure as to what the damage is. I found one called "Seekmo" but I'll be needing help to see if there is any more damage.

God people who have no idea how to use PC's shouldn't even touch them.

My highjackthis log is located in the spoiler.

+ Show Spoiler +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:47 PM, on 3/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7803 bytes

Schnake

Germany2819 Posts

March 16 2008 13:42 GMT

#31

On March 05 2008 13:59 Krohm wrote:
Alright, well after not being home for 3 days. I decide to go onto my PC and for some reason it's hibernating... Which means some one was on my PC and doesn't realize that when you turn it off it just got into hibernation, unless you actually select to turn it off.

Well anyways, I turn it on. Only to find my computer with spyware. Now I'm unsure as to what the damage is. I found one called "Seekmo" but I'll be needing help to see if there is any more damage.

God people who have no idea how to use PC's shouldn't even touch them.

My highjackthis log is located in the spoiler.

+ Show Spoiler +

I presume you already have fixed your PC but if not you can check your log here: http://www.hijackthis.de/en.

1a2a9a

Finland206 Posts

March 16 2008 14:04 GMT

#32

Don't use http://www.hijackthis.de/en. anybody, those automated scanners are terrible

ChkChk.Boom you should post on that site Jiminy_Kriket listed in his original post

Same for you Krohm

Fix these entries in HJT

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

Then delete this folder

C:\Program Files\ShoppingReport

CapO

United States1615 Posts

June 04 2008 22:39 GMT

#33

alright, i need help asap. my computer is slow as fuck now, and i get a lot of popups..

in OP, there is a link to AVG Anti-Spyware Free Edition, but when i click the link, i only see AVG Anti-Virus Free Edition 8.0 and some other virus removals.

i need to get rid of spywares.. i get rundll error when i first start up my computer.

search & destroy suck, because they find the spywares, but do not get rid of it. even if they do, they still come back.

i need some powerful spayware removal that will even get rid of the ones already "running".

please help!

here are some screenshots of what is happening on my comp

btw, it's not just access.exe, sometimes i see different files as well. samething with the last pic, i see more than one infected file names, whenever they re-popup.

CapO

United States1615 Posts

June 04 2008 23:14 GMT

#34

right now, im downloading a bunch of spyware removals and etc. by using flashget. under each one of these comments, i see ADW_PURITY.AA, which is apparently the name of the spyware.

anyone has knowledge of this particular one?

CharlieMurphy

United States22895 Posts

June 05 2008 00:01 GMT

#35

I can help you out, you got AIM? First of all stop using Internet explorer, switch to firefox.

Download AVG free, AS and AV. Also download Hijackthis from majorgeeks.com

mahnini

United States6862 Posts

June 05 2008 11:47 GMT

#36

Did they seriously change your wallpaper? Goddamn son, lay off the porn.

Archaic

United States4024 Posts

June 05 2008 12:27 GMT

#37

On June 05 2008 09:01 CharlieMurphy wrote:
I can help you out, you got AIM? First of all stop using Internet explorer, switch to firefox.

Download AVG free, AS and AV. Also download Hijackthis from majorgeeks.com

Don't listen to him. Search for anything relating to IE, secure delete from your hard drive, but back it up on a flash drive. Burn the flash drive and mix it with peanuts to feed it to an elephant.

The best way to stop any type of viruses or popups, is to buy a mac. /advertisement.

Go on http://www.filehippo.com

They have a large selection of a bunch of anti virus, spyware, etc. Helped my PC with viruses a lot. Some of them lie to you though, and say you have 100100302034023402034 viruses.

Jibba

United States22883 Posts

June 05 2008 12:57 GMT

#38

Safari is actually far less secure than IE. Within the next year there will probably be a flood of Mac virii, now that so many universities are going towards them.

CapO

United States1615 Posts

June 05 2008 13:50 GMT

#39

On June 05 2008 20:47 mahnini wrote:
Did they seriously change your wallpaper? Goddamn son, lay off the porn.

i never download porns.. i only watch streams on youporn

anyway, AVG's awesome. it got rid of the spywares and everything that is running in my memory as well!

now, i can't access my task manager though.. i posted my hijackthis log in techsupportforum, so i'll wait.. /tear

CharlieMurphy

United States22895 Posts

June 05 2008 18:44 GMT

#40

Mac sucks period. It is inferior in about every way (including price).

Capo, feel free to aim or pm me if you need any more help

jimminy_kriket

Canada5498 Posts

June 05 2008 19:11 GMT

#41

Mac is better in every sense except games and certain applications.

jimminy_kriket

Canada5498 Posts

June 05 2008 19:19 GMT

#42

It looks like avg antivirus and avg antispyware are now one. Updated the OP.

Capo: Use the fsecure online scanner from the op.

CharlieMurphy

United States22895 Posts

June 05 2008 19:21 GMT

#43

Jimminy, please explain why you think this?

jimminy_kriket

Canada5498 Posts

June 05 2008 19:23 GMT

#44

Its just easier, windows is ok but if I had to pick one in terms of the operating system itself I would pick mac hands down. But im here using windows because I play games. Both are legit os's.

Emptyness

Bulgaria1016 Posts

June 05 2008 19:37 GMT

#45

The new version of AVG - 8.0 is not free anymore

- it costs 51.74 euro for 1 year subscription for 1 computer. Check out here.

I will stay with the latest free AVG - v.7.5.524 for now and will see what to do in the future

CharlieMurphy

United States22895 Posts

June 05 2008 19:39 GMT

#46

how is mac easier? Its basically just a noob system where you can't do anything to customize shit. Not to mention all the other bullshit that comes along with owning a mac instead of a PC. (ps vista sucks even worse than mac).

funkie

Venezuela9374 Posts

June 05 2008 19:41 GMT

#47

On June 06 2008 04:39 CharlieMurphy wrote:
how is mac easier? Its basically just a noob system where you can't do anything to customize shit. Not to mention all the other bullshit that comes along with owning a mac instead of a PC. (ps vista sucks even worse than mac).

word.

zobz

Canada2175 Posts

October 20 2008 09:28 GMT

#48

Oh my god. I need help. I was using stumbleupon and stupidly downloaded this free online stupid tank game on a whim, and as a result my computer seems to be infected. I already had avg on this computer but i don't appear to be able to open it, or the websites listed in op including the hijackthis site. I am fairly certainly being blocked from access to prominent anti-spyware. I have this red circle with a white X in it in my taskbar telling me every minute that i'm inffected and need antispyware. Clearly that would lead to more trouble. What do i do?! Thanks to any responders.

Tunnan

Sweden5 Posts

October 20 2008 10:19 GMT

#49

What do you think of Nod32 is it good?
i have heard it is =)

MasterOfChaos

Germany2896 Posts

October 20 2008 12:51 GMT

#50

On October 20 2008 18:28 zobz wrote:
Oh my god. I need help. I was using stumbleupon and stupidly downloaded this free online stupid tank game on a whim, and as a result my computer seems to be infected. I already had avg on this computer but i don't appear to be able to open it, or the websites listed in op including the hijackthis site. I am fairly certainly being blocked from access to prominent anti-spyware. I have this red circle with a white X in it in my taskbar telling me every minute that i'm inffected and need antispyware. Clearly that would lead to more trouble. What do i do?! Thanks to any responders.

My brother cought that one too. At least you are not as stupid as him downloading additional spyware from the site it points too

It is no standalone program, but a dll loaded inside explorer.exe. I forgot the details, but you can find the name of the dll examining explorer.exe with processexplorer. I think you can delete it in safemode, and you should also delete all registry entries pointing to it(optional).

Wysp

Canada2299 Posts

October 24 2008 22:05 GMT

#51

my computer randomly restarted when I was playing dota and now I have a fake windows security system tray icon and it stops all my anit-virus/anti-malware programs from working. First time I've ever had a problem like this. I'm trying some of the online scans right now and hoping they will work. I can't even open 'Hijackthis'

Tyraz

New Zealand310 Posts

October 24 2008 22:49 GMT

#52

http://en.wikipedia.org/wiki/Endian_Firewall
Well personally I'd rather never have the damn problem of having stuff slow down my computer/internet.. I'm sure most of you have a spare PC floating around... it doesn't even have to be a good one... there is well over 20 distro-firewalls out there, and if you really care the chances of anything (even, if you like, unharmful stuff like content types (flash, jpg or w/e)) get the chance to slow down your connection. Instead of a responsive personal firewall (where the data has already used up your bandwidth before detection) why not simply stop it from ever getting in...?

Of course if it was only viruses/spyware you were worried about... why wouldn't you be using Linux anyways? Considering most games i play run fine on Wine, its not as though I really care about viruses... The day that someone can be bothered creating a virus to cater to ALL Linux distro's, is the day i give that man a medal

Edit: as if you'd like Mac. Its like a toned down version of Linux, with the exception that it's based on both BDS and NeXT. Admittedly I can run everything Windows can run, but not mac. But thats not the problem, because there is like nothing that I'd want that is 'mac only'. All their iLife stuff is slow as shit. If i had my way iTunes and Quicktime would be shot.

HeadBangaa

United States6512 Posts

October 24 2008 23:21 GMT

#53

On October 25 2008 07:05 Wysp wrote:
my computer randomly restarted when I was playing dota and now I have a fake windows security system tray icon and it stops all my anit-virus/anti-malware programs from working. First time I've ever had a problem like this. I'm trying some of the online scans right now and hoping they will work. I can't even open 'Hijackthis'

go to majorgeeks.com, search for "smitfraud". It defines a process that removes "fake scanner" virii.

Chef

10810 Posts

October 24 2008 23:57 GMT

#54

Of course if it was only viruses/spyware you were worried about... why wouldn't you be using Linux anyways?

Linux is absolute hell if you're used to Windows and don't have the time to learn a new operating system...

In any case, the best anti-virus is just not downloading shit you don't trust =/ I don't even bother with anti virus software anymore, cause frankly it slows the computer down as much as any virus anyway.

Wysp

Canada2299 Posts

October 26 2008 11:03 GMT

#55

On October 25 2008 08:21 HeadBangaa wrote:

Show nested quote +

go to majorgeeks.com, search for "smitfraud". It defines a process that removes "fake scanner" virii.

Thanks, my scanners are now working. The malware is still lurking, though.

HeadBangaa

United States6512 Posts

October 26 2008 11:11 GMT

#56

Look for suspicious .exe loading at startup:

1) start->run->msconfig->startup tab
and uncheck any rogue entries

2) start->run->regedit
First, backup registry (File -> backup or w/e) and then go to:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\RUN

and then delete mysterious .exe entries. ALso, if you find obvious malicious entries, also remove from the filesystem.

If the "smitfraud" method helped remove some of it, conventional virus scans may find the remaining malware. Try AVG, Housecall, ad-aware, spybot, etc. Those fake scanner are extremely difficult to remove, GL!

Nightmarjoo

United States3360 Posts

October 26 2008 11:23 GMT

#57

So I used to use sbc yahoo's anti-virus and I liked it a lot. But when I bought computer parts and threw it together, I couldn't plug my old harddrive into the mother board, and was too lazy to go buy an adapter to make it an external harddrive (and my dad doesn't know the password for the sbc account, so I couldn't re-download the antivirus, and he had lost the disk which had it too), but with my mother board came a some-number trial of "Bullguard" antivirus, which I absolutely hated as it was a big memory hog and was fairly invasive and annoying, but it was definitely a lot better than nothing. So my bullguard trial ran out, I saw this thread and got Avira. After like 2 days of using Avira I already love it. It's totally non-invasive, uses a ridiculously low amount of cpu, and found a couple things sitting in my computer which bullguard had never noticed.

tl;dr Avira is great.

0xDEADBEEF

Germany1235 Posts

October 26 2008 12:05 GMT

#58

On October 25 2008 08:57 PsycHOTemplar wrote:
In any case, the best anti-virus is just not downloading shit you don't trust =/ I don't even bother with anti virus software anymore, cause frankly it slows the computer down as much as any virus anyway.

It's not the 90s anymore. Malware is being distributed via clever ways these days, often via exploits in very common applications (often the browser or one of its plugins (e.g. Flash player)). There are also things like malicious ads or compromised/cracked servers (so that even trusted sites can in some cases spread malware (without the admins knowing it for a while)).
Most of that stuff is completely invisible for the user. Plus, modern malware rarely wants to make your PC malfunction, because that would make you realize your PC is infected. Instead, it wants to include your PC into a botnet and then use it for sending spam or for DDoS, or it wants to spy out passwords, files etc.
A virus scanner is simply essential when using Windows, and updating all your software is just as essential.
Plus, most Windows home users use at least a few cracks or pirated software (games, MS Office, Photoshop, maybe more), and these things are often infested (unless you have good sources, but then you're not the majority anymore).

*Desktop firewalls* are almost useless though (i.e. all those firewalls which run on the very machine you want to secure), since they can always be circumvented (even non-malware sometimes uses firewall circumvention techniques, e.g. Real Player) and they are only useful in rare cases and only when configured properly, but the target audience for those firewalls (clueless home users) has no clue about that anyway and/or just uses the default settings.

Indreide

United States23 Posts

November 04 2008 03:54 GMT

#59

I'm wondering if this is normal but, when I tried to use the Kaspersky Lab's free online computer scan, my fire fox suddenly closed. Anyone? Please and thank you.

CharlieMurphy

United States22895 Posts

November 04 2008 22:45 GMT

#60

On November 04 2008 12:54 Indreide wrote:
I'm wondering if this is normal but, when I tried to use the Kaspersky Lab's free online computer scan, my fire fox suddenly closed. Anyone? Please and thank you.

use IE probably.

goldenkrnboi

United States3104 Posts

December 27 2008 16:59 GMT

#61

i think this thread deserves a bump

My ad-aware has been picking up a malware called virtumonde, but it keeps coming back when i try to delete it. any tips?

dm47

82 Posts

December 27 2008 18:18 GMT

#62

On December 28 2008 01:59 goldenkrnboi wrote:
i think this thread deserves a bump

My ad-aware has been picking up a malware called virtumonde, but it keeps coming back when i try to delete it. any tips?

safe mode probably.
and there's freeware out there that's supposed to kill any file, regardless of restrictions. i can't remember where i found it, was just looking at it the other day.

hmm i'll get back to you

Malongo

Chile3472 Posts

December 27 2008 19:07 GMT

#63

maybe do a google search? i found like 5 removal entries, normally some pests like that need an special software because they make an entry on your registry file and save files on hidden places.
In case nothing works its always good to look for the exact file that contains the pest (look at the task bar on windows, find the process that contains the pest then make a search on your HD to find the file). Then with the name go safe mode and delete the file, normally you cant delete in normal mode because the process is being used. Just work a little.

ahswtini

Northern Ireland22208 Posts

December 27 2008 20:49 GMT

#64

Oh wow, I've been relying on Spybot and Adaware....thanks for opening my eyes

Edit: I had Virtumonde a while ago, had to use ComboFix to get rid of it.

goldenkrnboi

United States3104 Posts

December 27 2008 21:17 GMT

#65

i think malwarebytes got rid of it. not 100% sure though.

Plexa

Aotearoa39261 Posts

July 10 2009 11:34 GMT

#66

Hum, I have no idea what I'm dealing with here. My brothers laptop is pretty much fucked and barely anything runs right. More specifically, his firefox has been hijacked and I'm pretty sure he's got a virus which is fucking with the comp (he thinks its virut, but i've check for it and nothing has come up =/)

I've tried installing/running avast, avg and bitdefender but they aren't picking anything up since I can't update them to the latest version (i think the virus is to blame here, but i could be wrong). In my efforts to update, I've tried downloading the manual update on my clean laptop and tried to run it on the infected one - that failed. Here's hoping TL can help out!!

+ Show Spoiler [Hijack this log] +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:42 p.m., on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - skrb32.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Network.exe (file missing)

--
End of file - 10446 bytes

I can try anything you want.

Vex

Ireland454 Posts

July 10 2009 11:42 GMT

#67

avira > all.

Vex

Ireland454 Posts

July 10 2009 11:46 GMT

#68

Plexa, Install Browser Hijack Recoverer
http://www.browser-hijack.com/download.htm
That will fix your internet hijack and sort out your startup.

after that run Avira Personal Free,
http://www.free-av.de/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html

Make sure you update it first.

Another thing to do if it stops you downloading or w/e is to go run > msconfig > click startup, and uncheck everything you deem un-nesessary or suspicious. alot of viruses can be seen there.

U can pm me if u need anything else.

Plexa

Aotearoa39261 Posts

July 10 2009 11:48 GMT

#69

I'll give it a go, but I dont think i'll be able to update avira

UPDATE: browser hijack fix thing didn't fix anything =/

Patriot.dlk

Sweden5462 Posts

July 10 2009 11:51 GMT

#70

On February 26 2008 21:32 1a2a9a wrote:
For anti-spyware scanners throw in SUPERAntiSpyware, Malware Bytes Anti Malware, and Dr. Web Cureit.

Ad-Aware, Spybot, and Windows Defender are useless

You may want to throw in some basic anti-rootkit programs like Blacklight, AVG anti-rootkit, Sophos anti-rootkit. However you should include a warning not to fix anything if these detect anything, and instead post on a known anti-malware forum.

Also you could have a group for other programs like SpywareGuard, SpywareBlaster, MVPS hosts file, and other tools that don't fit into any category.

Why spybot useless? I have faith in spybot

Patriot.dlk

Sweden5462 Posts

July 10 2009 11:54 GMT

#71

On July 10 2009 20:34 Plexa wrote:
Hum, I have no idea what I'm dealing with here. My brothers laptop is pretty much fucked and barely anything runs right. More specifically, his firefox has been hijacked and I'm pretty sure he's got a virus which is fucking with the comp (he thinks its virut, but i've check for it and nothing has come up =/)

I've tried installing/running avast, avg and bitdefender but they aren't picking anything up since I can't update them to the latest version (i think the virus is to blame here, but i could be wrong). In my efforts to update, I've tried downloading the manual update on my clean laptop and tried to run it on the infected one - that failed. Here's hoping TL can help out!!

+ Show Spoiler [Hijack this log] +

I can try anything you want.

Spybot search & destroy? Not endorsed in this thread but I have experienced it as very good. What about service pack and windows update? Especially worms can infect removable media and other computers through the network so make sure your other machine is protected

Plexa

Aotearoa39261 Posts

July 10 2009 11:57 GMT

#72

I'm starting to think it isn't a hijack at all =/ probably something much worse. I keep getting redirected to odd sites and none of the standard virus sites will load.

UPDATE: Avira won't install. It starts loading then gets nuked about 3/4 of the way through

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:03 GMT

#73

none of the standard virus sites will load? that reminds me of conficker. Was the infected machine patched through windows update?

Does the sites you get redirected to propose downloading their antivirus programs?

Plexa

Aotearoa39261 Posts

July 10 2009 12:06 GMT

#74

My brother says that he did an update earlier today (after infection). He thinks he got an infection from Bitdefender off one of the sites listed at katz.cd. (doh)

it gets redirected to abcjmp.com which redirects to chinasexculture.com

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:10 GMT

#75

then please search for csrss.exe using win+f

did you find anything?

Plexa

Aotearoa39261 Posts

July 10 2009 12:12 GMT

#76

yes, one in system 32 and one in windows/servicepackfiles

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:12 GMT

#77

please remove the files and reboot the computer

Plexa

Aotearoa39261 Posts

July 10 2009 12:15 GMT

#78

system32 one won't remove itself, its currently in use as a process - do you want me to kill it anyway?

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:18 GMT

#79

no. go to system32 and enable show hidden files
search for tdssadw.dll tdssl.dll tdssmain.dll tdssinit.dll tdsservers.dat

Plexa

Aotearoa39261 Posts

July 10 2009 12:21 GMT

#80

nothing

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:23 GMT

#81

did you enable show hidden files? in that case try using "run" and type C:\WINDOWS\system32\tdssl.dll what happends?

Plexa

Aotearoa39261 Posts

July 10 2009 12:25 GMT

#82

yup enabled
file not found when i try to run it

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:25 GMT

#83

then it's a different type.
http://www.combofix.org/ might be of assistance try to install it. with luck it's to unknown to be blocked

Plexa

Aotearoa39261 Posts

July 10 2009 12:32 GMT

#84

it was a fresh copy =[

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:35 GMT

#85

this is some kind of really nasty rootkit infection. Is the machine 32bit or 64? I think it's very hard to bust out either way but probably impossible if you have 64 bit

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:37 GMT

#86

im basically running out of good ideas. try to install microsofts anti rootkit stuff
http://technet.microsoft.com/sv-se/sysinternals/bb897445(en-us).aspx

Plexa

Aotearoa39261 Posts

July 10 2009 12:39 GMT

#87

I'm fairly sure its 32bit XP

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:46 GMT

#88

then this is my last idea:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
restart in safemode (press F8 several times).

Try starting it and running it several times. Go to options and make it do "complete scan". I have not tested this myself but i read it in a danish forum that looked pretty neat.

http://www.spywarefri.dk/forum/viewthread/55177/

JohnColtrane

Australia4813 Posts

July 10 2009 12:52 GMT

#89

wait does this mean bleepingcomputer is a bad site?

7mk

Germany10157 Posts

July 10 2009 12:53 GMT

#90

On July 10 2009 20:51 Patriot.dlk wrote:

Show nested quote +

Why spybot useless? I have faith in spybot

I do think that SUPERAntiSpyware is a lot better though, that program fixed a lot of shit for me that other programs couldnt

Plexa

Aotearoa39261 Posts

July 10 2009 12:54 GMT

#91

lol i just tried to install the microsoft rootkit thing above, but it needed to not be in safemode. I restarted into normal windows and lol it just took ages to load then BSODd

will try the link above now

Patriot.dlk

Sweden5462 Posts

July 10 2009 12:55 GMT

#92

I think this like malign cancer all over a human brain. Treatment it either to weak our will leave the computer totally crippled afterwards and probably not totally clean either :/

Plexa

Aotearoa39261 Posts

July 10 2009 13:01 GMT

#93

LOL the ftp you linked has been blocked by this motherfucker lolol

Patriot.dlk

Sweden5462 Posts

July 10 2009 13:01 GMT

#94

On July 10 2009 21:53 7mk wrote:

Show nested quote +

I do think that SUPERAntiSpyware is a lot better though, that program fixed a lot of shit for me that other programs couldnt

Yeah OK. I will try it out for sure! Thanks for reply.

Plexa I im still naked in my computer chair and i'm out of ideas. I will proceed with life and then check into this thread later

Patriot.dlk

Sweden5462 Posts

July 10 2009 13:02 GMT

#95

On July 10 2009 22:01 Plexa wrote:
LOL the ftp you linked has been blocked by this motherfucker lolol

http://files.getdropbox.com/u/860312/drweb-cureit.exe

Plexa

Aotearoa39261 Posts

July 10 2009 13:06 GMT

#96

404 from getdropbox

Patriot.dlk

Sweden5462 Posts

July 10 2009 13:07 GMT

#97

try again it was probably not updated

WhuazGoodJaggah

Lesotho777 Posts

July 10 2009 13:38 GMT

#98

the best way of keeping your system clean while not having gay performance decreasing antivirus/firewall/antspy software, is makin constant backups of a clean system and restore those often enough.

to make a backup you can use applications like CloneZilla: http://www.clonezilla.org/

just format your HDD.
make 2 partitions to seperate data from applications. (with gparted f.e.)
make a clean install of an OS you like.
install all the applications that you like and you know are clean.
then use clonezilla to make a backup image.

now all you gotta do is collect the applications you would like to add to the system (the installers) and every month or so you can do this:
- restore your image of the system partition.
- install all the apps you collected and whish to add to your system
- make a new backup image of the new system
- enjoy a "brand new" computer every month without needles bullshit apps which slow down your pc

Patriot.dlk

Sweden5462 Posts

July 10 2009 13:50 GMT

#99

On July 10 2009 21:52 JohnColtrane wrote:
wait does this mean bleepingcomputer is a bad site?

http://www.siteadvisor.com/sites/bleedingcomputer.com

Plexa

Aotearoa39261 Posts

July 10 2009 13:56 GMT

#100

aha! victory!! Dr Web looks like it's going to do the trick

Patriot.dlk

Sweden5462 Posts

July 10 2009 14:05 GMT

#101

Please check PM for further instruction. Really glad to be of assistance to you

JohnColtrane

Australia4813 Posts

July 10 2009 14:13 GMT

#102

On July 10 2009 22:50 Patriot.dlk wrote:

Show nested quote +

http://www.siteadvisor.com/sites/bleedingcomputer.com

ah thats a relief lol

SUPER anti spyware and malwarebytes are great btw, not so sure about spybot and the others

how does AVG rate against the other free anti virus software in terms of detection and real time protection?

Patriot.dlk

Sweden5462 Posts

July 10 2009 14:24 GMT

#103

On July 10 2009 23:13 JohnColtrane wrote:

Show nested quote +

Good if remember correctly. I think youtube has plenty of clips regarding that and you can probably find first hand sources using google!

I personally use nod32 that I assumed was veery good but after being very badly hurt by smitfraud trojans right under the nose of nod32 I now have doubt.

Also I would like to point out that my opinion is not professional at all as I only studied Internet security for a total of 7.5 swedish HP, (it was 6 weeks of studies) so anything I say could be wrong. Should've warned plexa about that lol

btw I successfully removed Smitfraud with SS&D.

Vex

Ireland454 Posts

July 10 2009 14:25 GMT

#104

would love to find a guy who makes viruses.. the things' he'd endure..

Patriot.dlk

Sweden5462 Posts

July 10 2009 15:05 GMT

#105

NOTE:
The virus fought off by Plexa was probably Virut so if you stumbled upon this thread though google search or w/e here's relevant removal information:

http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99

epicdoom

United States489 Posts

July 10 2009 15:07 GMT

#106

Nice! Great idea. Oh and this..

+ Show Spoiler +

iPF[Div]

Spain572 Posts

July 10 2009 15:54 GMT

#107

On July 11 2009 00:07 epicdoom wrote:
Nice! Great idea. Oh and this..

+ Show Spoiler +

at first i thought the linux guy got run over by the motorcycle xD

Judicator

United States7270 Posts

July 10 2009 16:02 GMT

#108

On July 10 2009 23:24 Patriot.dlk wrote:

Show nested quote +

Which more than enough, I was following this thread and you did everything pretty well short of picking apart the HijackThis log. There really isn't a need for professional advice as anyone with access to google can make a legitimate attempt at fixing their computer (because nobody is alone come spyware and viruses)

Halfpastnoob

United States191 Posts

July 11 2009 07:12 GMT

#109

AVAST 4.8 IS WIN!

ibutoss

Australia341 Posts

July 11 2009 07:29 GMT

#110

On July 10 2009 23:24 Patriot.dlk wrote:
I personally use nod32 that I assumed was veery good but after being very badly hurt by smitfraud trojans right under the nose of nod32 I now have doubt.

nod32/eset smart security is a great av/firewall combo. Low resource usage and unobtrusiveness is great in comparison to the competeition*cough* Norton *cough*. However that said EVERY av in existance is only as good as it's signature database/heuristic detections. Most trojans and virus will be undetectable for a period of time until the av companies catch on.

You got unlucky but it's still a great product, at the end of the day there is no 100% protection.

JohnColtrane

Australia4813 Posts

July 11 2009 08:13 GMT

#111

On July 11 2009 00:05 Patriot.dlk wrote:
NOTE:
The virus fought off by Plexa was probably Virut so if you stumbled upon this thread though google search or w/e here's relevant removal information:

http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99

at least its rated as a very low threat, so if you are infected its not likely to be a disabling virus but more of an annoyance?

Patriot.dlk

Sweden5462 Posts

July 11 2009 09:00 GMT

#112

On July 11 2009 17:13 JohnColtrane wrote:

Show nested quote +

at least its rated as a very low threat, so if you are infected its not likely to be a disabling virus but more of an annoyance?

It downloads other malware is very hard to get rid off. Not sure why they rank it as low threat

Patriot.dlk

Sweden5462 Posts

July 11 2009 09:02 GMT

#113

On July 11 2009 16:29 ibutoss wrote:

Show nested quote +

That rings true to me. I guess you can't trust any software the way I did. I didn't even have additional removal software installed a lesson i've learned now.

nitram

Canada5412 Posts

July 11 2009 09:10 GMT

#114

Everytime i "correctly" turn off my comp, it fucks up when i have to start it back up again. I get a error message and I have to fix the errors with my windows CD which takes 5 to 10 minutes.
Now when I want to turn off my comp, I hold the power button for 5 seconds which kills the power and my comp starts up fine the next time around.

Elemenope

Burkina Faso1704 Posts

July 11 2009 10:37 GMT

#115

On July 10 2009 22:50 Patriot.dlk wrote:

Show nested quote +

http://www.siteadvisor.com/sites/bleedingcomputer.com

http://www.siteadvisor.com/sites/teamliquid.net

D:

+ Show Spoiler +

just kidding

Patriot.dlk

Sweden5462 Posts

July 11 2009 17:49 GMT

#116

nitram I suffered from similar problems when using SUPER anti-spyware. So i suggest this:

win+r -> type msconfing -> autostart -> google everything you don't recognizing in your startup. Uncheck one thing at the time and then reboot to see if it did the trick.

Whatever causes the error should be reinstalled. Also, I actually missed that Plexa posted a hijack this log, I understand those a little bit so please post one

ActualSteve

United States627 Posts

July 11 2009 18:04 GMT

#117

What would possess you to make a virus in the first place?

bN`

Slovenia504 Posts

July 11 2009 18:28 GMT

#118

What would possess you to make a virus in the first place?

After many hours of research and investigation the field has been narroved down to two reasons:

+ Show Spoiler +

The first one is money, duh

+ Show Spoiler +

THEY DO IT FOR THE LULZ OBV

ShAsTa

Belgium2841 Posts

July 11 2009 19:32 GMT

#119

On July 10 2009 22:01 Patriot.dlk wrote:
Plexa I im still naked in my computer chair and i'm out of ideas. I will proceed with life and then check into this thread later

Sorry for being off topic, but this cracked me up.
Useful thread btw, bookmarked.

R3condite

Korea (South)1541 Posts

July 11 2009 19:44 GMT

#120

On July 11 2009 18:00 Patriot.dlk wrote:

Show nested quote +

It downloads other malware is very hard to get rid off. Not sure why they rank it as low threat

i believe it is low threat in terms of somebody actually catching it...

Jovan

Canada65 Posts

July 11 2009 20:28 GMT

#121

Something to add from experience

How to prevent infections (addendum)

It's good to have a software AV like AVG, Karspersky or NOD32, but I highly recommend having a router with up to date firmware as well. To be honest, the best thing that can help prevent a virus is being smart about things.

From my own experience, awhile back for 2 years I used nothing but a router, without an AV. I would occasionally put AVG, Karspersky or NOD32 for a day or so and scan the whole computer. Nothing came up, but this is pushing it and I don't recommend just going with a router. Nowadays I let AVG do a daily scan.

Another thing is, if you have an illegal copy of Windows and you turned Windows Update off, it's a big risk. Microsoft releases bug and exploit fixes constantly as it tries to keep up with the new exploits. Same with AV programs. I highly recommend you either find a source of manual window updates, or just buy the damn thing.

In the end, not doing stupid things and visiting risky websites (including porn, warez, and sometimes chinese/russian sites) can prevent a lot of infections, because browsers like Firefox, Internet Explorer, etc themselves may have problems that people find and exploit.

Hope it helps.

ItchReliever

2489 Posts

July 12 2009 00:20 GMT

#122

I had a really annoying google hijack virus/spyware and tried many different things like AVG antivirus, malwarebytes, spyware search & destroy, etc etc and then found this thread and tried Avast and the thing was gone. Conclusion: thx for this thread, TL.net is the best & avast owns.

The_Australian

Australia458 Posts

July 13 2009 11:43 GMT

#123

a good program is NetLimiter. if you suspect a program is accessing the internet, you can stop all communication and have complete control of any outgoing internet usage, limiting or stoping any program.

MrHoon

10183 Posts

July 19 2009 16:12 GMT

#124

I think I got a virus, and I think it came when I started torrenting sims 3

Whenever I open folders suddenly this pops up

And the thing is it keeps asking me to download Antivirus System PRO

I tried the programs on the OP but it never seems to be caught

Any suggestions?

EDIT: Wow so apparently... Virus Scan =/= Spyware Scan. Anyways I got rid of it and now it is fixed!

JohnColtrane

Australia4813 Posts

July 22 2009 08:33 GMT

#125

im not sure if this is a virus problem, but

whenever i try to go full screen when playing guild wars, my computer restarts. ive had no other problems, no new startup files or addons except for dumprep (which i think isnt malicious anyway.)

ive been using system restore frequently lately, would that have affected this? is this a virus? i scanned with malware bytes in safe mode and nothing came up. or is this just a shitty install? it seems weird because it was working yesterday fine. maybe too much system restore?

madnessman

United States1581 Posts

July 23 2009 12:06 GMT

#126

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

From the geekstogo forum. Whenever I have a computer problem that I can't fix I usually just go there. Check out their malware/spyware removal guide. It's really helpful.
http://www.geekstogo.com/forum/Malware-Spyware-Cleaning-Guide-t2852.html

It's basically: Remove temp files->Backup->Run Scans->Run OTL and post log on forum

United States3249 Posts

July 31 2009 15:07 GMT

#127

Comodo Firewall/Antivirus froze my comp with its new update, dont get it

nitram

Canada5412 Posts

March 31 2010 19:59 GMT

#128

So today I realized that i have the vista smart security 2010, total pc defender, and a bunch of other viruses pretending to be anti virus programs. Yesterday my computer ran fine. Avast doesn't work, its in an "inconsistent state" spybots not finding anything, malewarebytes doesn't install, my computer is only able to start in safe mode. What do I do? :o
Now im following some instructions from www.geekstogo.com. I've run OTL and tried to install malwarebytes but its still not working... Dled it again for the 3rd time, still nothing.

Gnosis

Scotland912 Posts

March 31 2010 20:45 GMT

#129

On April 01 2010 04:59 nitram wrote:
So today I realized that i have the vista smart security 2010, total pc defender, and a bunch of other viruses pretending to be anti virus programs. Yesterday my computer ran fine. Avast doesn't work, its in an "inconsistent state" spybots not finding anything, malewarebytes doesn't install, my computer is only able to start in safe mode. What do I do? :o
Now im following some instructions from www.geekstogo.com. I've run OTL and tried to install malwarebytes but its still not working... Dled it again for the 3rd time, still nothing.

If you have that many problems... Formatting is easier.

nitram

Canada5412 Posts

March 31 2010 21:44 GMT

#130

On April 01 2010 05:45 Gnosis wrote:

Show nested quote +

If you have that many problems... Formatting is easier.

Yep.
I ended up giving up and formatting my C drive (still have my D with my music and a couple games)
I honestly don't know what happened. I've never been hit with this many viruses before. It was so bad i was contemplating getting a mac.

Judicator

United States7270 Posts

March 31 2010 22:57 GMT

#131

On April 01 2010 06:44 nitram wrote:

Show nested quote +

Combofix it first next time before you format.

Jlab

United States217 Posts

April 01 2010 02:19 GMT

#132

It said i have 812 problem things. How do i get rid of all this?

DanceCommander

United States1808 Posts

April 01 2010 03:10 GMT

#133

On April 01 2010 11:19 Jlab wrote:
It said i have 812 problem things. How do i get rid of all this?

your going to have to be a little more specific buddy

ggrrg

Bulgaria2716 Posts

April 01 2010 03:52 GMT

#134

On April 01 2010 11:19 Jlab wrote:
It said i have 812 problem things. How do i get rid of all this?

Press delete all!

Jlab

United States217 Posts

April 01 2010 19:20 GMT

#135

and i can't buy it so it wont delete them all.

Judicator

United States7270 Posts

April 01 2010 22:29 GMT

#136

I really hope you are just oblivious and not trolling.

YoonHo

Canada1043 Posts

July 30 2010 03:32 GMT

#137

Sorry to bump this thread, I don't where else I can ask this simple and stupid question. It's just out of paranoia, I'm following the geekstogo's tutorial to preventing viruses/malware and I'm at the OpenDNS part of the section. Would doing this hurt me as an avid torrent user? Thanks.

infinitestory

United States4053 Posts

July 30 2010 04:29 GMT

#138

On July 30 2010 12:32 YoonHo wrote:
Sorry to bump this thread, I don't where else I can ask this simple and stupid question. It's just out of paranoia, I'm following the geekstogo's tutorial to preventing viruses/malware and I'm at the OpenDNS part of the section. Would doing this hurt me as an avid torrent user? Thanks.

I'm pretty sure it won't affect your torrenting, but could I have a link to the page so I can see exactly what it says?

YoonHo

Canada1043 Posts

July 30 2010 04:42 GMT

#139

Sure, sorry for the late response.
http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/

Just scroll down a little bit, it will still be on the first post, below the Extras: section.

infinitestory

United States4053 Posts

July 30 2010 04:45 GMT

#140

On July 30 2010 13:42 YoonHo wrote:
Sure, sorry for the late response.
http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/

Just scroll down a little bit, it will still be on the first post, below the Extras: section.

ok, got it. OpenDNS shouldn't affect torrenting at all.

YoonHo

Canada1043 Posts

July 30 2010 05:01 GMT

#141

On July 30 2010 13:45 infinitestory wrote:

Show nested quote +

ok, got it. OpenDNS shouldn't affect torrenting at all.

Thanks! :D

StukA

United States64 Posts

August 06 2010 21:42 GMT

#142

Ok today while I was browsing TL, a popup appeared and it said that my computer was infected and I need to install Antivir Pro or something like that to clean it. I can't start any programs cuz it says something is wrong and I can't go on any websites/links. The only thing I had on my laptop is Microsoft Security Essentials and right now i'm scanning in safe mode. I have a feeling its not going to work and I might have to do a clean format. But is there anything else I can do?

Is it possible to download a program and get the .exe on my external and run it from there or what?

StukA

United States64 Posts

August 06 2010 21:54 GMT

#143

I know it's not caused by browsing TL, but I think it's one of the files I DLed yesterday.

semantics

10040 Posts

September 13 2010 17:42 GMT

#144

Might as well add my two cents.

Nothing can replace just not being a dumb ass and downloading and installing things randomly or randomly click ok or yes to everything.

But things i'd endorse
http://www.virustotal.com/
A Single file scanner that works by putting that file though practically every online scanner out there, it's good for small files that you just need to doubt check.

Microsoft security essentals
http://www.microsoft.com/security_essentials/
I'd use this as my basic virus scanner, becuase 1 it's free 2 it's as good as the rest and 3 it's not going to give any problems to normal windows operations as it's built for windows by the ppl who made windows. Ofc adding other things to your mothly scan like malbytes or S&D can't hurt either

And for ppl who don't regularly check for updates
http://secunia.com/vulnerability_scanning/personal/
I haven't used it too much but i've read about it and it seems to be a pretty good update checker for ppl who would need it.

Out of all those things i'd say the last one is the most important. Most things can be avoided simply be keeping everything up to date. And you want to run it at least once a week.

Think you are pretty good at keeping things up to date well try their online scanner and see
http://secunia.com/vulnerability_scanning/online/?task=load

Darpa

Canada4413 Posts

September 13 2010 18:45 GMT

#145

Zone alarm is like a virus in itself, and will often screw with your computer. My and several of my colleagues experience with Zone alarm has not been good.

Wala.Revolution

7582 Posts

December 12 2010 21:39 GMT

#146

So I got myself the 'System Tools' virus. I had a similar experience with 'Security Suite' a while ago.

I can't remember exactly how I got rid of Security Suite but I remember it was complicated because I had to borrow my neighbor's connection, etc but in the end it was malwarebyte that god rid of it.

Now I'm trying to run mwb and I can get it to run fine but it won't detect System Tools correctly. I think the problem is that's outdated and I can't get it to update on the infected computer. I tried copying the installer + rkill but to no avail. The infected computer is unable to connect to the internet, regardless of whether I'm on safe mode with network capability.

Any help? I think next time I'll try updating on my laptop and moving the whole folders over. Right now I'm running a full scan on my desktop in hopes that it'll do something.

I don't have much experience with computers and most of my knowledge comes from just first-hand experience trying to circumvent weird barriers in my life. I'm going out for a bit but I'll update when I get back.

infinitestory

United States4053 Posts

December 12 2010 21:54 GMT

#147

On December 13 2010 06:39 Wala.Revolution wrote:
So I got myself the 'System Tools' virus. I had a similar experience with 'Security Suite' a while ago.

I can't remember exactly how I got rid of Security Suite but I remember it was complicated because I had to borrow my neighbor's connection, etc but in the end it was malwarebyte that god rid of it.

Now I'm trying to run mwb and I can get it to run fine but it won't detect System Tools correctly. I think the problem is that's outdated and I can't get it to update on the infected computer. I tried copying the installer + rkill but to no avail. The infected computer is unable to connect to the internet, regardless of whether I'm on safe mode with network capability.

Any help? I think next time I'll try updating on my laptop and moving the whole folders over. Right now I'm running a full scan on my desktop in hopes that it'll do something.

I don't have much experience with computers and most of my knowledge comes from just first-hand experience trying to circumvent weird barriers in my life. I'm going out for a bit but I'll update when I get back.

Just transfer the installer over on a USB stick. It should work fine.

Wala.Revolution

7582 Posts

December 12 2010 21:57 GMT

#148

Tried; didn't work.

infinitestory

United States4053 Posts

December 12 2010 22:07 GMT

#149

On December 13 2010 06:57 Wala.Revolution wrote:
Tried; didn't work.

Try renaming mbam-setup-1.50.0.0.exe to mbam-setup-1.50.0.0.scr

Wala.Revolution

7582 Posts

December 13 2010 09:43 GMT

#150

Okay, I think I got rid of the virus, but I can't connect to the internet.

Not certain if related, but task bar shows that I have 'limited or no connectivity'. When I log on to windows I get the error 'Windows cannot find c:\docume~1\owner\locals~1\temp\csrss.exe ......'. Currently trying to fix it; if anyone has any idea, help!

infinitestory

United States4053 Posts

December 13 2010 10:02 GMT

#151

On December 13 2010 18:43 Wala.Revolution wrote:
Okay, I think I got rid of the virus, but I can't connect to the internet.

Not certain if related, but task bar shows that I have 'limited or no connectivity'. When I log on to windows I get the error 'Windows cannot find c:\docume~1\owner\locals~1\temp\csrss.exe ......'. Currently trying to fix it; if anyone has any idea, help!

Go to your command prompt and type sfc /scannow

Wala.Revolution

7582 Posts

December 13 2010 10:39 GMT

#152

says I need windows cd to proceed; is there a (legitimate) way to do it without?

Lexus45

United States2 Posts

February 11 2011 20:11 GMT

#153

My Vote is for Z Free Antivirus Free Antivirus Zone Alarm and ZenOK the other made my computer slow

billy5000

United States865 Posts

May 04 2011 23:58 GMT

#154

So my university's IT notifies me that I have a corrupted program on my computer, and they shut down my ethernet network. Specifically, what they want me to do is do a complete factory setting restore and change my passwords, which I think is ridiculous (factory restore part). I now just used microsoft forefront to see what exactly caused this situation, and I found 3 variations of Exploit:Java/CVE-2008-5353. I immediately chose to remove them. Do you think I can get away with telling them I have "successfully restored the computer in that my computer will not harm the school's network?"

From what I've heard, they verify that a student restored his computer through a phone call; they don't necessarily need direct evidence. But still, I'm a bit weary whether I should alter the truth or not..Will removing such malicious code by a program be enough to avoid restoring the computer its factory settings?

KingDime

Canada750 Posts

May 09 2011 17:43 GMT

#155

So yesterday I was doing some starcraft related things such as the final year end tournament for my uni, the IPL qualifiers + the craftcup. I had won my first match in craftcup and as I remember at the time was logged into the US craftcup site, team liquid and sc2. Around when I was looking into my second match for CC where I had clicked back into SC2 I hit a large lag spike for around a minute and then was hit with a fake antivirus called Vista Anti-spyware.

Basically, i've had to do a full system reset on my computer and pretty much restore everything because even without installing the virus (clicking the bs comments which say you should install it), it rerouted all of the executables and made it impossible to get into any files which was not a shortcut to begin with.

It's not so much removing the virus, though I do know there was most likely a better method to do so, the frustrating part is getting such a nasty virus without seeming to have done anything obvious to get it in the first place. Aside from adding an antispyware such as malwarebytes is there anything else I can do in the future to prevent this? I'm almost hesitant at this point to sign up for tourneys at the moment even though i'm sure it was mostly just bad luck.

CaffeineFree-_-

United States712 Posts

May 13 2011 23:30 GMT

#156

Just wanted to express my thanks; thread saved me from yet another reformat. Thanks again!

divito

Canada1213 Posts

May 13 2011 23:46 GMT

#157

On May 05 2011 08:58 billy5000 wrote:
Do you think I can get away with telling them I have "successfully restored the computer in that my computer will not harm the school's network?"

If the issue is recurring, they'll be notified again and know that you didn't tell the truth.

On May 05 2011 08:58 billy5000 wrote:
From what I've heard, they verify that a student restored his computer through a phone call; they don't necessarily need direct evidence. But still, I'm a bit weary whether I should alter the truth or not..Will removing such malicious code by a program be enough to avoid restoring the computer its factory settings?

It depends on the specific exploit and its characteristics. I've had customers with compromised machines that even after system restores, or formatting and re-installing Windows, there are still issues and it requires further investigation. Some are solved simply by deleting the affected files.

What are your reservations about restoring?

On May 10 2011 02:43 KingDime wrote:
Aside from adding an antispyware such as malwarebytes is there anything else I can do in the future to prevent this? I'm almost hesitant at this point to sign up for tourneys at the moment even though i'm sure it was mostly just bad luck.

Experience around the web mostly. The biggest thing comes from knowledge of what you're associated with and what you're visiting. Something as simple as alt-tabbing from a game and accidentally clicking some ad on a website could be an issue that most people wouldn't think twice about; then 2 weeks later, they've been compromised and don't know what's going on.

A lot of people mistakenly believe that there are hackers out there that are just going to pick your computer out of the millions. It doesn't work that way, and people get really paranoid over something that's generally their fault for lack of experience and ignorance.

I've been running 5+ years without an anti-virus or spyware protection and I've had no issues, and the customers that come to me with problems are always confused how that is. It's getting to the point where the calls I'm getting, it's going to be worth setting up a class just to teach people safe habits.

Pure.Calm

United Kingdom196 Posts

June 28 2011 18:08 GMT

#158

Hey, Im worried i may have a virus on my computer, its running much slower than usual and things like my iphone wont be noticed by my computer or itunes ect. I was wandering how much of the stuff on the first page is still considered to be good and what the best course of action for someone in my situation. I used to have Kaspersky intalled by the subscription recently ran out but i had just assumed it was still fine and i didnt need to upgrade, so i had been scanning all the files i use before opening with them assuming it would be fine but having read around now i think i might be in trouble =S, Any advice guys?

Candide

456 Posts

June 28 2011 18:40 GMT

#159

On June 29 2011 03:08 Pure.Calm wrote:
Hey, Im worried i may have a virus on my computer, its running much slower than usual and things like my iphone wont be noticed by my computer or itunes ect. I was wandering how much of the stuff on the first page is still considered to be good and what the best course of action for someone in my situation. I used to have Kaspersky intalled by the subscription recently ran out but i had just assumed it was still fine and i didnt need to upgrade, so i had been scanning all the files i use before opening with them assuming it would be fine but having read around now i think i might be in trouble =S, Any advice guys?

malware is still pretty strong spybot search and destroy works as well. if you don't have malware bytes you might want to try running that as long as something like spybot.

Pure.Calm

United Kingdom196 Posts

June 28 2011 22:18 GMT

#160

I just ran malware bytes and it said it found something in the registrar directory is it? Anyway i clicked fix it and my computer appears to be working better now

Karliath

United States2214 Posts

July 05 2011 19:22 GMT

#161

If I install one of these firewall programs, should I still keep my Windows firewall running?

JiYan

United States3668 Posts

July 19 2011 21:47 GMT

#162

On July 06 2011 04:22 Karliath wrote:
If I install one of these firewall programs, should I still keep my Windows firewall running?

i have the same question

semantics

10040 Posts

July 19 2011 22:13 GMT

#163

No one firewall is enough 2 is like putting a door next to a door if you have to make a doggy door you need to make 2 and frankly on vista and windows 7 the default firewall is plenty, in reality the firewall that you should care about is the one on the router, you shouldn't disable that just because it messes with games but manually enter in ports that you want open when you run into issues.

dcemuser

United States3248 Posts

July 19 2011 23:01 GMT

#164

On July 20 2011 06:47 JiYan wrote:

Show nested quote +

i have the same question

No, but it shouldn't be an issue. Almost all of the installers will disable your Windows Firewall automatically. You shouldn't run two firewalls, just like you shouldn't run two of the same type of anti-virus. They cause all kinds of annoying conflicts.

I strongly recommend Comodo's free firewall - it is much better than Windows Firewall (and ZoneAlarm).

I have the feeling the OP has not been updated recently because Microsoft Security Essentials is not on that list, and by almost all standard tests it is better than Avast.

Khalum

Austria831 Posts

September 20 2011 22:52 GMT

#165

I decided to necro this thread because after searching the internets I hadn't found a definite answer to an urgent issue - and I know tl.net has members who can and will help me out:

Is it completely safe and OK to plug in a (most likely) infected usb stick, cancel any autorun hokey pokey that might appear and format it? Data loss is not an issue.

+ Show Spoiler [Info about the stick.] +

StorrZerg

United States13919 Posts

November 26 2011 20:20 GMT

#166

Giving this a little bump, attempting to fix a computer whose problem is (blue screens upon trying to get on the internet)

So that sucks.

Just going to be following the suggestions on scanning and removing of viruses, etc. If anyone has some updated information on a programs out there that would be great.

Boblhead

United States2577 Posts

November 26 2011 20:21 GMT

#167

On November 27 2011 05:20 StorrZerg wrote:
Giving this a little bump, attempting to fix a computer whose problem is (blue screens upon trying to get on the internet)

So that sucks.

Just going to be following the suggestions on scanning and removing of viruses, etc. If anyone has some updated information on a programs out there that would be great.

whats the blue screen error code?

StorrZerg

United States13919 Posts

November 26 2011 20:27 GMT

#168

On November 27 2011 05:21 Boblhead wrote:

Show nested quote +

whats the blue screen error code?

where can i find that? the screen pops up, and is gone within seconds.

Also, booting in safe mode with networking (still same problems)

I ran malwarbytes and it is 90 days overdue for an update, is there a latter version listed some where? (or can i update it and just copy it on my flash drive and then run it?)

Boblhead

United States2577 Posts

November 26 2011 20:29 GMT

#169

http://www.nirsoft.net/utils/blue_screen_view.html

just run it, and it will come up with the logs of when bluescreens occured, and it has the codes as well.

StorrZerg

United States13919 Posts

November 26 2011 20:41 GMT

#170

All righty, first time using this, i have the "logs now"

2 files are "red"

ntkrnlpa.exe
raspptp.sys

what am i looking for now? I still don't see a "error" code.

Boblhead

United States2577 Posts

November 26 2011 20:50 GMT

#171

On November 27 2011 05:41 StorrZerg wrote:
All righty, first time using this, i have the "logs now"

2 files are "red"

ntkrnlpa.exe
raspptp.sys

what am i looking for now? I still don't see a "error" code.

The website I linked goto it and look at those 2 pictures, it will show you the actual BSOD and then the Bluescreenview, you will see that Bug Check Code is what your looking for. Same with the Bug Check String

StorrZerg

United States13919 Posts

November 26 2011 20:58 GMT

#172

ok Bug check string is
IRQL_NOT_LESS_OR_EQUAL
Bug check code is
0x0000000a

running ccleaner now :/

Normal

Please or register to reply.

The Giant anti-spyware/anti-virus thread.

Completed

Ongoing

Upcoming