Solve : Can you check this for me??

1.	Solve : Can you check this for me??
Answer» This is from my family's PC, running XP X64 edition SP2, fully updated. I only just read the guideline post, so I don't have as many logs as asked for, I can get some more if necessary tomorrow, or maybe Monday. The issue was that my sister called me through to see a popup that had appeared, from xpantivirus.com (anyone reading - do not go to that site!). She was on myspace.com at the time. I recognized it as a malware site straight away, and ran AVG and Spybot scans. Neither found anything, and the FILES associated with the xpantivirus malware are nowhere to be seen. The HJT log is attached, and I can't see anything at a glance which seems out of place. I don't have time to CHECK it all out right now, so don't scold me if I've missed something. Please tell me it's clean, a malware infection is something I don't need right now. Thanks in advance. Calum. [file cleanup - saving space - attachment deleted by admin]Log looks OK, you can have Hijackthis fix this one "dead" entry though. O4 - Startup: RMClock.lnk = ? There is a tool you can run that specifically looks for XP Antivirus. It only takes about two seconds to run, but trust me it does it's job well. It is free and a great addition to any malware prevention arsenal. RogueRemover Detection List Please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista) Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the prompts. During installation an icon will automatically be created on your Desktop. If the program does not open after installation, double-click on the RogueRemover icon to launch. Select Check for Updates and click Download if any are found. Wait for the updates to finish downloading, then Close the update window. Select Scan and follow the onscreen directions to remove anything found. Vista users be sure to Run As Administrator. If nothing is found, exit RogueRemover. If RogueRemover finds something, it will present a list of detected items. Click on Save log, then Ok at the prompt. Click Remove selected, then Yes at the prompt. Wait for the removal to complete and then close RogueRemover. A file will be created and saved at C:\Program Files\RogueRemover\RRLog**.txt Post the contents of the RRLog file in your next reply. . I would suggest running SuperAntispyware when you get a chance to ensure nothing else is hiding.RogueRemover found nothing. SuperAntispyware ALSO found nothing. And the "dead entry" isn't dead, it's used to start RMClock at startup. Thanks for the help, looks like it's clean then.Quote from: Calum on March 02, 2008, 12:43:12 PM And the "dead entry" isn't dead, it's used to start RMClock at startup. Thanks, I will stash that away in the notes.... Yes I think you are in the clear. If the COMPUTER doesn't already have it I would suggest using SpywareBlaster. It is an awesome tool and uses zero resources. You just have to open it and manually check for updates from time to time with the free version. http://www.javacoolsoftware.com/spywareblaster.htmlQuote Thanks, I will stash that away in the notes.... RMClock can be started via a Registry key or the startup folder, in this case it was using the startup folder. Strange that it had a ? next to it, but maybe it's just a peculiarity of XP X64, I know some entries are not detected and files are shown missing using HJT and that OS. Quote Yes I think you are in the clear. Great, thanks. Quote If the computer doesn't already have it I would suggest using SpywareBlaster. What do you take me for? This may not be my PC, but I didn't abandon it to my family without at least basic security in place. AVG, Spybot and Spyware Blaster have been installed from day 1, updated at least once a week. Spyware Blaster has been part of my arsenal for years now, as have most of the tools I use.Yea the = ? is what had me thinking it was an empty startup entry. Have you upgraded SpywareBlaster to the 4.0 version which was released a few days ago? It got a new GUI along with some bug FIXES, seems to load faster when opened also. New in this version: -Full Vista support -Protection for Netscape -Protection for Seamonkey -Protection for Flock -A brand-new user interface -Various feature and protection enhancements -Further optimizations to every part of the program -And lots of other bug fixes and requested tweaks Of course, everything is always updated by either my family or me whenever I use their PC. I don't particularly like the new UI of Spyware Blaster though.

Answer»

This is from my family's PC, running XP X64 edition SP2, fully updated.
I only just read the guideline post, so I don't have as many logs as asked for, I can get some more if necessary tomorrow, or maybe Monday.
The issue was that my sister called me through to see a popup that had appeared, from xpantivirus.com (anyone reading - do not go to that site!). She was on myspace.com at the time.
I recognized it as a malware site straight away, and ran AVG and Spybot scans. Neither found anything, and the FILES associated with the xpantivirus malware are nowhere to be seen.
The HJT log is attached, and I can't see anything at a glance which seems out of place. I don't have time to CHECK it all out right now, so don't scold me if I've missed something.
Please tell me it's clean, a malware infection is something I don't need right now.

Thanks in advance.
Calum.

[file cleanup - saving space - attachment deleted by admin]Log looks OK, you can have Hijackthis fix this one "dead" entry though. O4 - Startup: RMClock.lnk = ?

There is a tool you can run that specifically looks for XP Antivirus. It only takes about two seconds to run, but trust me it does it's job well. It is free and a great addition to any malware prevention arsenal. RogueRemover Detection List

Please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)

Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the prompts.
During installation an icon will automatically be created on your Desktop.
If the program does not open after installation, double-click on the RogueRemover icon to launch.
Select Check for Updates and click Download if any are found.
Wait for the updates to finish downloading, then Close the update window.
Select Scan and follow the onscreen directions to remove anything found.
Vista users be sure to Run As Administrator.
If nothing is found, exit RogueRemover.
If RogueRemover finds something, it will present a list of detected items.
Click on Save log, then Ok at the prompt.
Click Remove selected, then Yes at the prompt.
Wait for the removal to complete and then close RogueRemover.
A file will be created and saved at C:\Program Files\RogueRemover\RRLog******.txt
Post the contents of the RRLog file in your next reply.

.
I would suggest running SuperAntispyware when you get a chance to ensure nothing else is hiding.RogueRemover found nothing.
SuperAntispyware ALSO found nothing.
And the "dead entry" isn't dead, it's used to start RMClock at startup.
Thanks for the help, looks like it's clean then.Quote from: Calum on March 02, 2008, 12:43:12 PM

And the "dead entry" isn't dead, it's used to start RMClock at startup.

Thanks, I will stash that away in the notes....

Yes I think you are in the clear. If the COMPUTER doesn't already have it I would suggest using SpywareBlaster. It is an awesome tool and uses zero resources. You just have to open it and manually check for updates from time to time with the free version. http://www.javacoolsoftware.com/spywareblaster.htmlQuote

Thanks, I will stash that away in the notes....

RMClock can be started via a Registry key or the startup folder, in this case it was using the startup folder. Strange that it had a ? next to it, but maybe it's just a peculiarity of XP X64, I know some entries are not detected and files are shown missing using HJT and that OS.
Quote

Yes I think you are in the clear.

Great, thanks.
Quote

If the computer doesn't already have it I would suggest using SpywareBlaster.

What do you take me for?
This may not be my PC, but I didn't abandon it to my family without at least basic security in place.
AVG, Spybot and Spyware Blaster have been installed from day 1, updated at least once a week.
Spyware Blaster has been part of my arsenal for years now, as have most of the tools I use.Yea the = ? is what had me thinking it was an empty startup entry.

Have you upgraded SpywareBlaster to the 4.0 version which was released a few days ago? It got a new GUI along with some bug FIXES, seems to load faster when opened also.

New in this version:
-Full Vista support
-Protection for Netscape
-Protection for Seamonkey
-Protection for Flock
-A brand-new user interface
-Various feature and protection enhancements
-Further optimizations to every part of the program
-And lots of other bug fixes and requested tweaks Of course, everything is always updated by either my family or me whenever I use their PC.
I don't particularly like the new UI of Spyware Blaster though.

Solve : Can you check this for me??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment