Solve : Re: Spybot Blocked?

1.	Solve : Re: Spybot Blocked?
Answer» You have Viewpoint installed. Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". It is suggested to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar Viewpoint Experience Technology . ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old VERSION(s) Download JavaRa Unzip the file and open the JavaRa.exe Click Remove Older Versions JavaRa will search for and remove any outdated version of Java and remove any that are found. Click Additional Tasks Place a check next to Remove Useless JRE Files and click Go Exit JavaRa Delete the JavaRa files from the Desktop . Additional Note: The Java Quick Starter (JQS.exe) adds a SERVICE to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O23 - Service: AOL Antivirus Update Service (aolavupd) - UNKNOWN owner - C:\Program Files\Common Files\AOL\1125946752\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Open HijackThis, but instead of scanning, click on the Open the MISC tools section button at the bottom of the choices. Copy this red text -> aolavupd In HijackThis select Delete an NT Service Paste the text into the box that opens and then click OK If you receive any error messages just ignore them and continue. Now repeat the above to delete the below Services (if you do not find them or get any errors, just continue): . Now exit HijackThis and reboot when it tells you it needs to. ---------- How is the computer running now? .The computer seems to running better. However, a few things: -- Anything regarding Viewpoint was not found in Add/remove programs -- I ran an Antivir scan last night, and three infections were found: -- Rootkit.gen -- Crypt.XPack.Gen -- A0351077.dll contained a recognition pattern of the (harmful) BDS/TD -- I usually quarantine the infections. Is that the right thing to do? -- Can you recommend a very user friendly firewall? I am doing this (well, you are lol) for a friend's parents, and they arent too computer savvy. Again, thank you for taking the time to help. --I am going to attempt to run Spybot and SAS, just to make sure everything is okay and they can operate again.Download ViewpointKiller.zip Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop. Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the File menu, and select Check to see if you have Viewpoint installed. If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper Kill option in the File menu. Follow the prompts and instructions very carefully, answering Yes or No depending on which option you are most COMFORTABLE with. The MsConfig instructions are very important, so be sure to read them carefully. Note: When done with ViewpointKiller right click and delete all files that were unzipped. , ---------- Disable/Enable the System Restore Utility to flush old infected restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- These are all free. Remember only install ONE firewall 1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 2) Online Armor 3) Sunbelt/Kerio 4) Agnitum 5) PC Tools Firewall Plus ---------- Use the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.I did the "Check to see if you have Viewpoint installed" and Viewpoint Manager was the only one present. After selecting "Kill Viewpoint Manager", a log file appeared. I have pasted it below. However, it still says that Viewpoint Manager is installed. What Msconfig instructions do you SPEAK of? I do not see them. Thank you. I have not proceeded with the other steps you provided me. ViewpointKiller Version 1.30 (beta) The removal process was started on Tue Feb 17 12:03:15 2009 Preparing to remove Viewpoint Manager... ViewpointKiller was not able to close "viewmgr.exe"! Searching for all known Viewpoint Manager registry values and keys... Found and removed: Software\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Finished searching for and removing all known Viewpoint Manager registry values and keys. Searching for all known Viewpoint Manager files and folders... Could not delete: C:\Program Files\Viewpoint\Viewpoint Manager Could not delete: C:\Program Files\Viewpoint Finished searching for and removing all known Viewpoint Manager files and folders.Looks like it worked. Viewpoint isn't malware just a nuisance. It's installed with AOL/AIM but serves no real purpose.I downloaded and am running Online Armor. After installing, I restarted the computer, and AntiVir Guard is no longer present in the system tray. Also, I attempted to run the ESET scan, but it gets hung up on C:\dell\MEDIAEXE\ONDRVMED.zip Edit: I take that back. The scan has progressed past that file.You might try reinstalling AntiVir. I have not seen any issues with the two working together but who knows. Software updates sometimes don't go as planned from day to day.# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3865 (20090218) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=5ac917da29dd34439cbfdffc6d6c56ed # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-02-17 08:38:31 # local_time=2009-02-17 03:38:31 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=323027 # found=4 # scan_time=8254 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5702A24C-178F-4661-97D1-644845A9CBB7} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{71781886-D1CC-45EB-BC62-87BC19A8EE6E} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C3A44FE1-4BA1-46B3-9021-943039993BB9} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F5619D5D-C2F7-4E2D-ABEF-4050D012CB7D} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . . The above procedure will: Delete: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- How is the computer running now?Am I allowed to run this while my protection is active?Yes, it's just removing ComboFix and resetting a few things to their default settings, as they should be.

Answer»

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Experience Technology

.
----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old VERSION(s)

Download JavaRa

Unzip the file and open the JavaRa.exe
Click Remove Older Versions
JavaRa will search for and remove any outdated version of Java and remove any that are found.
Click Additional Tasks
Place a check next to Remove Useless JRE Files and click Go
Exit JavaRa
Delete the JavaRa files from the Desktop

.
Additional Note: The Java Quick Starter (JQS.exe) adds a SERVICE to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O23 - Service: AOL Antivirus Update Service (aolavupd) - UNKNOWN owner - C:\Program Files\Common Files\AOL\1125946752\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Open HijackThis, but instead of scanning, click on the Open the MISC tools section button at the bottom of the choices.

Copy this red text -> aolavupd

In HijackThis select Delete an NT Service
Paste the text into the box that opens and then click OK
If you receive any error messages just ignore them and continue.
Now repeat the above to delete the below Services (if you do not find them or get any errors, just continue):

.
Now exit HijackThis and reboot when it tells you it needs to.

----------

How is the computer running now?
.The computer seems to running better. However, a few things:

-- Anything regarding Viewpoint was not found in Add/remove programs

-- I ran an Antivir scan last night, and three infections were found:
-- Rootkit.gen
-- Crypt.XPack.Gen
-- A0351077.dll contained a recognition pattern of the (harmful) BDS/TD
-- I usually quarantine the infections. Is that the right thing to do?

-- Can you recommend a very user friendly firewall? I am doing this (well, you are lol) for a friend's parents, and they arent too computer savvy.

Again, thank you for taking the time to help.

--I am going to attempt to run Spybot and SAS, just to make sure everything is okay and they can operate again.Download ViewpointKiller.zip

Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
Double click the ViewpointKiller icon to run ViewpointKiller.exe.
Select the File menu, and select Check to see if you have Viewpoint installed.
If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper Kill option in the File menu.

Follow the prompts and instructions very carefully, answering Yes or No depending on which option you are most COMFORTABLE with.
The MsConfig instructions are very important, so be sure to read them carefully.

Note: When done with ViewpointKiller right click and delete all files that were unzipped.

,
----------

Disable/Enable the System Restore Utility to flush old infected restore points

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.

----------

These are all free.

Remember only install ONE firewall

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) PC Tools Firewall Plus

----------

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.I did the "Check to see if you have Viewpoint installed" and Viewpoint Manager was the only one present. After selecting "Kill Viewpoint Manager", a log file appeared. I have pasted it below. However, it still says that Viewpoint Manager is installed. What Msconfig instructions do you SPEAK of? I do not see them. Thank you. I have not proceeded with the other steps you provided me.

ViewpointKiller Version 1.30 (beta)

The removal process was started on Tue Feb 17 12:03:15 2009

Preparing to remove Viewpoint Manager...

ViewpointKiller was not able to close "viewmgr.exe"!

Searching for all known Viewpoint Manager registry values and keys...

Found and removed: Software\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Finished searching for and removing all known Viewpoint Manager registry values and keys.

Searching for all known Viewpoint Manager files and folders...

Could not delete: C:\Program Files\Viewpoint\Viewpoint Manager

Could not delete: C:\Program Files\Viewpoint

Finished searching for and removing all known Viewpoint Manager files and folders.Looks like it worked. Viewpoint isn't malware just a nuisance. It's installed with AOL/AIM but serves no real purpose.I downloaded and am running Online Armor. After installing, I restarted the computer, and AntiVir Guard is no longer present in the system tray. Also, I attempted to run the ESET scan, but it gets hung up on C:\dell\MEDIAEXE\ONDRVMED.zip

Edit: I take that back. The scan has progressed past that file.You might try reinstalling AntiVir. I have not seen any issues with the two working together but who knows. Software updates sometimes don't go as planned from day to day.# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3865 (20090218)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=5ac917da29dd34439cbfdffc6d6c56ed
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-17 08:38:31
# local_time=2009-02-17 03:38:31 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=323027
# found=4
# scan_time=8254
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5702A24C-178F-4661-97D1-644845A9CBB7}   Win32/Qhost trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{71781886-D1CC-45EB-BC62-87BC19A8EE6E}   Win32/Qhost trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C3A44FE1-4BA1-46B3-9021-943039993BB9}   Win32/Qhost trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F5619D5D-C2F7-4E2D-ABEF-4050D012CB7D}   Win32/Qhost trojan (unable to clean - deleted)   00000000000000000000000000000000

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.
.
The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

How is the computer running now?Am I allowed to run this while my protection is active?Yes, it's just removing ComboFix and resetting a few things to their default settings, as they should be.

Solve : Re: Spybot Blocked?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment