Explore topic-wise InterviewSolutions in .

I am sick of it...literally.

When I am WRITING a long message, it pops up, when I click back I have to start again, it just comes up on my net screen.

I dont no much about it. Its called "Windows Fixer" and it says its found so many problems on my pc. Do I trust it, nope, so I click X on it, but it keeps popping up.

Is there anyway to make it go away...LIKE forever? I am sick of it. Literally.


Thank You AllIf it is winfixer2006 you will need to scan and remove the Vundo virus first.  There is a program that is called Vundofix.exe, works great freeware/donations.  Then scan with Spybot Search & Destroy to remove winfixer.

Make sure you clean out all of the vundo virus, it usually has 3 or 4 backup FILES.  The FILE names are spelled backwords with the extensions .bak  .ini  .tmp.

other suggustions would be to clean out BROWSER cache/system temp and prefetch and turn offsystem restore to purge it from coming back later.

I need to KNOW how to clean confidential INFO, website info, and/or any other things off my hard drive without needing to reinstall Windows, etc.  I made the mistake of signing up for "surveys" about 10 days AGO, and I don't know if I've left myself vulnerable or not--but I do know I'm getting some emails from places that I, personally, did NOT go...can you recommend SOFTWARE for cleaning all that up?  Also, any recommended way to remove software for things like Quick Time player and/or other things that I never use?Download CCleaner and use this guide to configure it.
That will clean internet history, cookies etc as you want.
It also includes an uninstall tool, which you can use instead of the Windows one if you like to remove software you don't want.
If you are getting emails you don't want, chances are you may have picked up some malware too, what protection do you have?My computer has Webroot Spysweeper, and Trend Anti-Virus.  I don't think anything on your computer is at risk.  To me, it sounds like you're probably getting e-mails from the survey site's affiliates.  You should unsubscribe from the site's mailing list, as well as the mailing lists of any of these other sites.  Also try out Calum's suggestion and let us know how everything goes.If you're getting emails from places that you didn't subscribe to then chances are that unsubscribing will result in even more emails.
You are better off blocking them with your email program via the email header or keywords within the email text. Quote from: Fed on September 13, 2007, 02:10:53 PM

If you're getting emails from places that you didn't subscribe to then chances are that unsubscribing will result in even more emails.
You are better off blocking them with your email program via the email header or keywords within the email text.

Hey,
I recently got rid of some spyware, but I think there is some left over. I've tried Spybot S&D, Ad-Aware, Ez Anti-Virus, and Norton, and nothing can remove this paticular problem. I've taken some screens of this thing and posted them below.


(red arrows point to the two icons)

The virus/spyware has put these two icons on my system tray, and I can't remove them. Every 30 seconds or so, I get a little yellow bubble appear near the icons and tells me that "Your system is infected! Please click here for special offers on SpyWare removal software". It then adds a desktop icon, shown below.


(I put a red box AROUND newly added icon)

So far no anti-viral or anti-spyware software can remove this thing. Any tips on manual or other means of removal would be much appreciated.

Also, I have a hunch that the problem might be "wupdmgr.exe", because I cannot end the process (It keeps reappearing) or delete the exe, but I don't KNOW much about this stuff, so I COULD be wrong. Thanks for any help.

OS: WIN XP Service Pack 2

It should be easy enough to find. Could you please download HijackThis, run it on the infected PC, save the logfile, zip it with WinZip, and attach the zip file to your next post? We'll be able to take a look and suggest fixes from there.Thanks, Here's the log file.Look and see if you have a program RUNNING called MSSearchnet.exe in your windows/system32 directory.  you will need to use your windows install CD and go into recovery and delete this file if it is present.File Name:   osaupd.exe  

--------------------------------------------------------------------------------
 
Description:
 osaupd.exe is related to a variant of [highlight]SpyFalcon[/highlight] rogue anti-spyware which displays false messages that your system is under control of remote computer. You should remove this file and related infections from your computer immediately.
 

Carry out the steps listed at the following site then return here with a fresh Hijackthis logfile.
http://www.bleepingcomputer.com/forums/topic43659.htmlIn addition to what Fed has outlined .........
[highlight]wupdmgr.exe [/highlight]..........
C:\WINDOWS\wupdmgr.exe    
running process. (wupdmgr.exe)
Added as a result of a Troj/Soromo-A trojan infection ....... This must be removed as well .


dl65  
Okay, had to reboot in safe mode to delete wupdmgr.exe, and so far so good. Thanks for all the help guys.

Here is some interesting info. It hasn't been posted in a while, so ENJOY!

http://www.spywarewarrior.com/rogue_anti-spyware.htm#productsI find this infomration, although old, HIGHLY disturbing. The list is much longer since the LAST time I was there a while BACK.

I was in the school's computer lab doing some research for English I. (The PC is the exact one in GX1_Man's avatar) I had to use IE 6 SP1 and of course it was going slowly. I wanted to get Email, so I could get a link I Emailed myself. I try to go to hotmail.com. That's exactly what I type. However, it takes me to http://hotmail.com.org, which is NOT what I wanted. I think to myself, "browser hijacker". So, I pull out my binder and extract my HJT diskette* (yeah, floppies have a use), pop it in, and scan. I don't see anything out of the ordinary. In fact, I've never seen a cleaner log:

Quote

C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
A:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization MANAGER] mobsync.exe /logon
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126832105875
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amity.k12.or.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amity.k12.or.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amity.k12.or.us
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: IM Detector (imdetector) - Unknown owner - C:\Program Files\IMLogic\IM Detector\detector.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Symantec AntiVirus Client (NORTON AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

The PC is the exact one in GX1_Man's avatar

Helllo chappys,
                       Ok well got a video off the internet the other DAY and well, tbh as soon as i opened it it said the  one or more CODES are needed to play this letter, fair enough i thought to my self. So i deleated it, but ever since i opened it strange things started to happen, although my scanner pict up NOTHING. So obviously it was a coinsidence. But it got me thinking is it possible to get viruses or spyware and all that rubbish with Mp3's and Videos?

Just a question.
C}{r1$its not related buddy dont worry.

R0SS Quote

But it got me thinking is it possible to get viruses or spyware and all that rubbish with Mp3's and Videos?

So, my antivirus software Symantec DETECTED through "Auto Protect Scan" that a threat has been found and it so happens to be indentified as the "Trojan Horse". It was located in a .dll area of my Cdrive, but was already quarantined. But I wanted to make sure by running a scan through all my drives and such. OBVIOUSLY it found it and took the necessary steps to delete it following the scan.
But why does it still pop-up a window about detecting the "Trojan Horse" again..was it not deleted the way it should have been? Did I not delete it correctly?

I've also noticed that when my computer starts up and loads my icons onto my taskbar that it will pause for about 2mins before resuming (maybe just a slow processor to begin with) but also has had an affect on my internet surfing...been DRAGGING..does this have something to do  with Trojan or is it that time for my old computer to get an upgrade?

so confused on what to think of this..
fyi: comp specs...still running on a compaq presario mv520 back in 2000!!! probably a 16-bit at that..(sad, i know..) jbm808.... Norton ,may have quarintined the trojan but it may not have been able to remove it ....so the first thing to check is ...... open Norton , go to the quarinte file  ....reports ..... then click on activity threats and see if the threat that was detected was removed or it the removal failed ....... Norton , while very good in dealing with vires , doesn,t do so well with trojans ........
If you see the trojan in the quarintined file ...... delete the etry there and then do this ......
1   Turn off system restore on all drives.
2   Go into the control panel .... folder options/view ........ and tick show hidden files and folders ..... then click apply and ok
3 Go to ... http://www.filehippo.com/download_ewido/   and d/l Ewido v3.5
4 reboot into Safe mode ......
5 Scan your system with Ewido ...and remove anything it finds .
6 RUN a full system scan with Norton ....... just to be sure things are clean....
If things are clean , reboot back into normal mode and turn system restore back on .......

dl65

hi everybody!!!

i'm in need of some serious help here  

i've got this virus (edlm.exe if u wanna Google it), which my anti virus program never fixed for me. so i read in this forum that you have to try and rename its 3 FILES. so i did that, and restarted.  But after logging in to my USER account on windows XP as usual and my desktop loads, after a few seconds i get a black screen  

now what i'm really asking for is how to access MS DOS without having to log in to windows??  :-?  i want to access DOS to rename the virus files back to their original state.

PLEASE HELP   :-/in XP there is no way to BOOT into MS-DOS.
however, if XP is not installed in a NTFS partition you can try booting the machine with a boot disk for win95 or win98abz....  I believe that you are infected with a trojan ....not a virus and that is PROBABLY why your AV didnt catch it .........
I would be inclined to do this ....... D/L Ewido V3.5      http://www.filehippo.com/download_ewido/    .... once installed , get the latest updates ...and then ..........Reboot into Safe mode , and run Ewido ...it should find and remove the trojan ........

let us know how you make out .

dl65  ok i managed to start windows in safe mode during those 20 seconds hehehe

so now i did a system restore, but the trojan is still in its original state.

i'm downloading Ewido rite now (thanks dl65  ).... i have Ad-Aware... shouldnt THAT have removed the trojan:-?

thanks again  abz  ....... Several things , First Ad-Aware is not designed to remove trojans .
Second , Never use System restore to attempt to remove trojans or viruses ....all that happens is the infection is in the restore files and everything just comes back ......
If you suspect you have either a trojan or a virus ...the first thing to do is turn off the system restore feature on all drives ....... and then go into safe mode and run your scans .......  Then once the system is clean ...it's safe to turn system restore back on .

dl65  you misunderstood me....

I did the system restore to go back to the original state of the virus, before i tried to fix it and ended up making it even worse.  

I'm formatting my pc now anyway... cant seem to get rid of this trojan (i wanted to FORMAT anyway.... but i go crazy thinking about all the backups i gotta do hehehe   )

I tried loads of stuff that i read on the internet about it but it always results in that black screen after loggin in to window  :-/

thanks anyway for your help... much appreciated  

I once had a nasty that Panda Online Scan picked up, Panda didn't remove it, only reported it to me.
For the life of me I couldn't find it, I even emailed Panda but received no reply.
Eventually I was able to find it by using a dos prompt and removing all the file attributes via dos from the files that were supposed to be in the directory.
I have no idea why it allowed me to see stuff that windows would not show?
I even found some leftover norton virus files in there too..... a bonus!

Anyway, try using the dos attrib -R -A -S -H command on the file & directory followed by the dir & del commands.

If you are shaky with dos as I am and you need some help, just ASK as there are a few people in here who could easily lead you through it.What should I do about this hijacker? UnknownUser..... What is the current status of your machine ....... The last hijack log I saw was taken on May1 ...thats 3 days ago ........

How about a new one .....

dl65  Further up this thread you put a LINK to [highlight]'a screen'[/highlight], you need to double click on the [highlight]'My Documents'[/highlight] folder to see what's in there because that's where this [highlight]\??sks\c?rss.exe[/highlight] directory & file are supposed to be.

If you see them, delete them along with the startup entry using Hijackthis.
O4 - HKCU\..\Run: [Zwhzglwr] C:\Documents and Settings\Compaq_Administrator\My Documents\??sks\c?rss.exe  

If you can't see them, tell us & I will guide you through the previously mentioned DOS process unless someone else volunteers,..... c'mon guys.

As DL65 said, give us a fresh Hijackthis log too.When I ran Hijackthis I deleted everything it found. The site no longer comes up as my homepage. Heres a log just incase you guys still need it.

 UnknownUser....  Ok , your logfile looks fine now ...... WELL DONE .
If you had your system RESTORE turned off , you can SAFELY turn it back on now ,

dl65  Cool, thanks for all the help guys. How did you manage to delete c?rss.exe?
Hijackthis won't delete it for you, it will only delete the startup entry.

I work as a PC tech, I got a computer in that keeps generating tmp files in the windows/temp folder that are DETECTED by Norton AV as having the W32.IRCBot VIRUS.  Norton deletes the infection but they keep coming one after the other.  

I have ran AV scans with Norton, trend Micro and Sophos, Spyware scans with Spybot S&D and Ad-aware.  I have ran HJT, XP_procexp, TcpView.  I also ran a program by McAfee/Avert called stng260.exe.  Everything comes back clean, but I am still getting these infected tmp files.  Has anyone dealt with the W32.IRCBot virus and successfully cleaned it?  All the AV sites out there just give generic worm removal instructions that do not work.
lex.....  From what my research has turned up ..... "W32.IRCBot virus" isn't a virus , but rather a trojan. If it was my machine , this is what I would try .....
Run CCleaner ...... delete all entries it brings up . Then run the "Issues" function as well. ( be sure to backup registry when prompted ) fix anything issues FINDS .  THEN
1.... D/l   Ewido ....... from  http://www.filehippo.com/download_ewido/   make sure you have the latest version .......
2.... Make sure that if there are more than 1 user accounts setup that you sign in with the Admin account .
3.... Go into control panel , folder options and click the view tab ..... scroll down and make sure that "Show hidden files and folders" is ticked . then apply and ok
4....While in control panel ...... click system , then when system properties opens ...click the system restore tab and turn off system restore on all drives .
5....Reboot into SAFE mode ....... Now run Ewido .........
record anything it finds ....... then remove what is found .
6....Run Norton again in safe mode and see if it picks up the nasty ...... ( it wont fix it if its still there ,but it will detect it . ( also check Norton quarintine FILE and see if it has quarintined it but failed to delete it......)
7 ... Then if Ewido found anything ( from what you recorded ) manually check the registry and see if any entries are still present .......( use the "find" function in the EDIT portion of regedit .)

Hopefully it will have been removed .......
If for some reason its still there , post a hijackthis log here .......

dl65  


Your right, I should not have called it a virus, it is actually a back door Trojan horse.  I have a hard time separating virus/Trojan/worm, my users get confused so I always just say virus, lol

I will try your solution, I hope it finds it.  Some how those temp files are being created or downloaded from somewhere.  It is a little disconcerting that the scanner finds the infected tmp files and has a name for them in their LIBRARY but can not find the infection  responsible for putting them there.

OK, well I'll be making a fresh start with my laptop soon, and I want to get everything right first time, when I first got it I went a bit crazy installing things and I've never really got rid of it all, there's always something left.
Security software is obviously a major consideration, so I'm looking for opinions.
I'm thinking of using Spyware Blaster, Spybot Search & Destroy, and of course an antivirus program.
But which one?
I've tried Norton (urgh), Avast!, Avira Antivir PE and AVG Free.
AVG was the only one I liked out of those, but does anyone else have a program they really like?
It needs to be effective, customizable, include real-time scanning, and it must be light on resources.  I don't need anti-spam, firewall or anything like that, just AV.  And it doesn't have to be free either, although I would prefer it.
I've been looking at AOL Virus Shield (yes, AOL, the spawn of Satan.  But, it's based on Kaspersky 6 and is apparently very effective - and free), Kaspersky Antivirus 7 or Steganos (based on Kaspersky, but cheaper), NOD32, and F-Secure.
If anyone has any other recommendations I'd like to hear them.
Anyone with any of the mentioned AV programs, or one they want to suggest to me, can you please tell me what you think of it as regards resources, customizability and so on?
Thanks in advance.
Calum.F-Secure got on of the best AV engines available and is on the forefront of rootkit detection. Unfortunately it has a rumor as a resource hog (which was still true last time I tried it) and slow scan speeds.

I think I've mentioned this a couple of times but I use NOD32 on my main machine and I really like. It is light on memory, has a high detection rate, doesn't have a lot of unnecessary features, fast at file scanning and it doesn't bother you every time it does something. You know it's important if it pops up with a warning. And it also got rootkit detection.
Only negative thing I can say about it is that its spyware detection could be better. But you'd probably be better of using a dedicated anti spyware solution no matter what AV software you end up with.

Kaspersky is also a good choice. Good engine, fast, rootkit detection. And as far as I remember it also monitors suspicious activities in the registry. Only negative thing I can say about it is that it has some compatibility issues. It doesn't WORK with the Comodo firewall for example.

Well that was just my two cents... but I think you'd be PRETTY well protected no matter which one you end up choosing.You got any figures on memory usage and scan times for the programs you've used?Sorry no, the above post is a mix of my personal experiences with the programs, AV-Comparatives, and my interest for security related IT news.AVG Antivirus and SpyBot S&D Resident are still doing it for me Calum.
What firewall are you going for? Quote from: FED on September 14, 2007, 08:15:47 PM

AVG Antivirus and SpyBot S&D Resident are still doing it for me Calum.

Sorry no, the above post is a mix of my personal experiences with the programs, AV-Comparatives, and my interest for security related IT news.

AVG Antivirus and SpyBot S&D Resident are still doing it for me Calum.
What firewall are you going for?

BTW the last report i read documented that AVG had the smallest footprint/memory usage of the top 15 A/V apps...i'll dig out the article for you.

my VIDEOS only go to like 30 secouds then STOP im not sure if it is a virus but can u helpmore specification plz?
what player did you use?have you try different player?WINAMP,real player?windows media player?power DVD?
check you video setting

Maester....   Quote

Those two I cant get rid of. The computer I used, is shared- basically, there are more than one password. I am not the admin on it, maybe that will help. If I have to, I will go onto the admin settings on the computer.

sorry, didnt think it mattered, why give more information then you need to give.

I will try and get it up soon the log that is...I am however...in "busy week"  

Darren....  If you are CONVINCED that your copy of XP is a non pirated ONE , I would phone MicroSoft ...... ( in the USA )  at 716,871-2781 or 888-352-7140
They should be abe to assist you.  ( make sure you have the product registration code handy when you call.

Good luck,

dl65  For a while there Micro$OFT was giving a free copy of XP if you could identify the SOURCE for a pirated copy you ended up with.  

Are we really to that point in software?The problems started around a week ago and now the comp is just really slow, usually TAKING a long time to do what I do eg right click. Would it be easier if I deleted this account and transferred my documents etc to a new one, as I have had to in the past when the comp froze while I was on Windows Media Player?

It's been so long since I used Win 98 ....I cant remember .....

Ok ...... try and BOOT it up in NORMAL mode ......dont be connected to the internet .........  If it loads up ... OPEN up the cd drive and install AVG FIRST .......
then go back into safe and run the system scan

dl65  Well, I tried LOADING the cd in safe mode and normal mode but...no luck. thanks anyway DL.

Help!

I have Windows XP using Microsoft Outlook 2000 and have Norton's Internet Security which I turn off so email can go through.  Today, I came in and I am getting email but can't get email out of the outbox.  I get this error:

The TCP/IP connection was unexpectedly terminated by the server.  (ACCOUNT: gives NAME, SMTP server:"smtpout.secureserver.net", Error Number: 0x800ccc0F

I have internet access and access to my server and I don't understand what the problem is, why it CHANGED and more importantly what to do about it.  Can anyone help me?  Many THANKS in advance.That mail server is currently online and responding to connections.  Are you still exeriencing the problem?  If so, it may be that you have been temporarily tarpitted (blocked) by the mail server for some reason.  Best taking that up with your ISP.

I bought Symantec Internet Security 2004, and each year after I have bought the renewal online.

I want to format my computer and reinstall it, but I can't find the installation files and the updated files.

Also, I'm wondering if I just backup the folders onto disc and then move them back into the c drive, will that be the same as being installed?

The Symantec web chat support is terrible.  Very slow typing and couldn't answer this question.  Also said he was only trained for the 2005,2006 editions.  

(by the WAY, this is a Japanese version of the program, but the file names are in English and I assume everything is pretty much the same as English versions)
Unfortunately, I would suggest you contact Symantec directly about GETTING a current copy of the program SINCE you have paid for it and are a regular customer.  buy the newest version of it. its cheap and my scan times were cut by 35-40% with the new one. i was in the same position as you are and its so much easier, and saves a *censored* LOAD of timeIf I was you (I've been renewing my symantec online for 5 years) I would copy all your files to CD and then re-install them where ever and attempt to go online and renew your subscription. You wanna find the files, pain in the arse but your gunna have to kick your little 'search files' buddy into gear. They shouldn't be too far spread (the FILS I mean), as long as you get the main application, you don't need all your 'update' files cos when you re-apply it should update automatically. Is this too easy or am I missing the point?...Thanks for the replies.
I kept renewing my 2004 version simply because it is cheaper that way and it works.
I renewed it only a few months ago (for a year) so I'd really rather avoid formatting the computer and then losing my 9 months of remaining subscription and paying again.
  
Actually, I found the original installation file, but I can't find the update file that I downloaded after paying for it.  Since it doesn't seem as easy as I thought, I guess I'll have to contact Symantec Japan, which I would have rather avoided.  
My brother had the same problem. Called Symantec and problem solved in 10 minutes.

Specs:
Windows XP home edition
cersion 2002 service pack 2

Packard bell computer/ intel R
Celeron (R) CPU 2.93ghz
192 mb Ram
Physical address extension

I'll list a few of the things that have been to my pc and internet, I don't know anything about viruses so maybe somone can get something from them. I run Spybot S&D and Adaware alot, and I also use Norton But these don't help.

1. Explorer will suddenly stop working, giving me a page not found for everything.
2. Explorer will stop working and my internet connection will completely switch off - the usb light on my router also goes off - forcing me to reset the cpu and my internet connection.
3. Downloads will suddenly stop, mostly with limewire - all the downloads would just fail and SOMETIMES my save folder is erased.
4. PC will go really slow when anything else is open, this only started to happen recently.
5. An end program now message about something called ccAp often appears when I turn off the cpu. I don't know what that is, so I imagine it is a virus.
6. Often, there is a program in the task bar called active movie window I can't get rid of it, nor can I click on it to open it.
7. PC will go slow for no reason.
8. Computer would sometimes reset itself for no reason.
9. Sometimes I get an update message from windows telling me it will reset the pc in 60 seconds to install some files. Even after letting it go through it has come up again.
10. Some file are highlighted with blue writing.
11. Sometimes when I rename files I get a message saying something like: changing the name or LOCATION of this file will stop it from working. When I do the file turns into one of those files that lead you to a selection list of programs. I forget what they're called.
12. Often when I'm browsing the internet my cpu will just go really slow and a blank JPEG image will open up on screen. I know this is a virus but what kind of damage can it do? And can I use the usual programs to get rid of it?

These are a few I can remember. Sorry if it's too much.

Thanks in advance A clean install of Windows will fix everything for you.Well CCAPP is an startup item that is associated with the Norton antivirus and Internet Security suite.  So ccAPP is not a virus but a part of Norton's security software. For the rest of the problems, I would have to say EITHER try restoring to a previous point by using the restore console for XP or I would recommend doing a total reformat.Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options>Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Ad-Aware
Spybot S&D
ANTI VIRUS
AVG Free (After install, set Options to 'scan all files')
ANTI TROJAN
EWIDO (W2k & XP Only)
      and/or
a-squared (a² Winall)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido and/or a-squared (a²)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)Another good antivirus solution that is good to install especially to prevent future occurances like this would be Avast Home Edition, free and include several nifty shields such as resident shield, mail shield, p2p and 4 other shields. The only negative is the scanning rate is a little low than others in what is found regarding trojans and some viruses.

I just PURCHASED a laptop (fujitsu lifebook Nseries)  about a week ago and I don't know whether to use spybot or COUNTERSPY.  Maybe SOMEONE can help me decide which one I should GET or if anyone has a better suggestion i would gladly appreciate it.OS?
What other protection are you considering, AV, Firewall? roba_ent.....Well for openers , Spybot will do a decent job and its free ........Counterspy , also will do a decent job , but I think its only free for 15 days and then you pay ........ I tested it on 2 of my machines and it did a decent job ........
I suppose it all depends what your looking for these apps to do ......

dl65  If you use Spybot, use the Immunize feature.  It HELPS prevent a lot a spyware from getting into your computer in the first place, rather than detect and remove it after the fact.

Since tuesday, my computer has been acting strange.  Whenever I hit the E, U, L, M keys on the keyboard OR on the windows On-Screen Keyboard, it does certain functions which I have never chosen.  Hitting E would bring out the My Computer with folder options, U would bring out the Util Manager, L would bring me to the Windows Log-In screen, and M would minimize the program I am currently in.  It's impossible to type in ANY program without having the binds being used.  Games, chatting, MSWord, WordPad, IE will always have these things appear when I press those certain keys.  When I close the things that appear, the letter is not typed.  I have to type in websites by highlighting letters and pasting them.  I have not downloaded anything unsafe and I mostly use my computer for online gaming and AIM chatting.

I have scanned with Ewido, AVG Free, Spybot, CCleaner, and Trend's Internet Housecall with system restore off.  So far, only the Internet Housecall had reported 3 trojans, 2 of which I am sure is now DELETED but the troubles are still there with the keys popping out random stuff.  It was working quite nicely on Thursday from 3pm-12am but the things popped out again.  I tried this afternoon to use the Housecall again but it won't load.

So, any ideas? yihkun  ..... You SAY you removed 2 of the 3 ........ the one you havent removed is whats causing the trouble ..........
I would be inclined to make sure system restore is off , then reboot into SAFE mode and run Ewido again ....... and then your AVG ...as well ....
If the trojan is located ....write down exactly where it is .........
If you are unable to find it ..... D/L  hijackthis and post a logfile here for us to look at ......
Do you have your file and folder options set to show hidden FILES and folders ? If you don't please do so .

dl65  Scanned again and found nothing.  Posted hijackthis log into the first post.yihkun..... Your log reveals SEVERAL things .......
You do not appear to be using the most recent version of IE ..........You should update it .
Also you appear top be using a accelerator program ......... I would be very surprised to hear it actually increswed your D/L speed ...I would be uninstalling it .......

Now then in your hijackthis log ....... Mark for removal the following :

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs    ...... Dont think you really need this ....

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe    

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)    ..... for some reason this entry is in here twice....... mark both to remove .

Ok , when you have marked them click fix marked .

let us know how things are .

dl65  I have uninstalled the download accelerator and have removed the items you have told me.  The keys still go to the things I described in the first post.  However, I have found out that if I hold shift and type the key, it will not have something happen.  That should help me out.  Any more suggestions?  Could this have something to do with keyboard binding in which i can unbind the keys?

And ya, the accelerator program.  It increased my speed by 20% and really organized my downloaded files.  Been using it for 5 MONTHS but I uninstalled it like you asked.  And what is the recent version of IE?

Thanks. yihkun ...... Ok ....if you really think the accelerator is speeding up your system ( which I doubt) ...put it back in ........ but as a test , go to ..... http://www.bandwidthplace.com/speedtest/   and do a free speed test ...... one without the accelerator and one with it ...... and see if there is any differance.


 The version [highlight](6.00.2900.2096) is out of date. [/highlight] this is what you have installed
Check Windowsupdate to update the Internet Explorer.

 Newest Version is: 6.00.2900.2180

dl65  
  This happened to me several times. In windows 98, whenever I hit E I ran the windows explorer, R would bring up the Run prompt, etc. What happened, at least to me, was that because of some problem, the "windows" key (the one with the windows logo on it) had gotten "stuck", like it was constantly being pressed. Try pressing and letting go each one of your "windows" keys (if you keyboard has them), and see what happens. If not, I'm clueless.

TheCount

I was looking up my PROCESSES in a directory and I found that the LSASS.EXE process is a trojan and should be terminated. I tried to, but I got an error MESSAGE saying it was a critical process and COULD not be terminated.

Was the website I was using wrong or is it so bad that it won't let me remove it? If it really is a trojan, what can I do to get rid of it?

Thanks for the help in advance.Have a read Armando:

http://www.google.com/search?hl=en&lr=&q=lsass.exe


<-----------------Well half of them say it's a virus/trojan and half of them say it's a legitimate process, so I don't know which it is.

I'm assuming since I can't remove it that I don't have the bad one.Sorry if I replied a little late. One THING I have found out is this: lsass.exe, is a legitimate process, while lssas.exe is a virus. Hope it helps.

TheCount

I just DOWNLOADED avg free (free.grisoft.com) & installed, because a lot of people told me it was good, but is it? I downloaded some viruses (like psp downgrader) and none of the files were detected! Does anyone has good expierences with avg free, or know a test virus because I don't think avg stops a virus :sGoogle for eicar.
Is psp downgrader a virus? Quote

Google for eicar.
Is psp downgrader a virus?

That's strange, I just tried to download eicar & AVG stopped it straight away?
Are you sure you have the AVG Resident Shield turned on?

Keep using Norton if it makes you happy.

If you DOWNLOADED and ran the Process Scanner on your computer as well as running full SYSTEM scans with you MALWARE protection and CAME up clean, you can pretty much rest assured your system is clean.

However, you may want to wait for our RESIDENT malware guru to show up to read your HiJack This log...so, just hang in there.

Hey anyone KNOW some known methods for curring viruses and maybe Making a comp run quicker here

here Thx welcomeCb MAT can refer you to some great info on hi JACK UNDERSTAND hi jack this logs

After removing the virus (Spyware Doctor and Norton) my husband downloaded, I can't change my wallpaper.  I go to the properties, then desktop, and the box is shaded, as in inactive.  The little picture of the monitor shows a blue screen - the same blue that was there when the virus was active.  Everything else works fine, but I can't change my wallpaper.  Any ideas?  I tried system restore and refresh driver, it didn't work.  Thanks for the help.

ASlater

My specs:

    Operating System             Microsoft WINDOWS XP Professional
      OS Service Pack             Service Pack 2
      DirectX                           4.09.00.0904 (DirectX 9.0c)
      CPU Type                       Intel Pentium 4, 3200 MHz (16 x 200)
      Motherboard Name          Dell Dimension XPS Gen 2
      Motherboard Chipset        Intel Canterwood i875P/E7210
      System Memory              1024 MB  (PC3200 DDR SDRAM)
      BIOS Type                      Phoenix (02/19/04)
      Video Adapter                 256MB DDR ATI Radeon 9800 XT Sec
      Video Adapter                 256MB DDR ATI Radeon 9800 XT
      3D Accelerator                ATI Radeon 9800 XT (R360)
      Monitor                           Dell 1901FP (Analog)  [19" LCD]
      Audio Adapter                 Creative EMU10K2 Audigy / Audigy 2 Audio Processor
Download and run Hijack This and post the log file here for analysis. (You can zip it up, or use several posts to include it all!)

http://www.majorgeeks.com/download3155.html

Your system may still have issues.  Logfile of HijackThis v1.99.1
Scan saved at 10:29:47 AM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Adriana\Desktop\Adriana\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slaterhome.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
Continue...O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094088646531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124301311875
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
I feel very exposed...  But thanks for the help!

And the last...

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeI see one PROBLEM file:

O4 - HKLM\..\Run: [funk] funk.exe

Are there more?  I saw some that had the dreaded "unknown" along with it.  Again, thanks for your help.

ASlater aslater........  Here's what I would be removing ........

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [funk] funk.exe

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)  


Just out of curiousity , what was your machine doing that prompted you to post the hijackthis log file ?


dl65  

It had a false virus warning/trojan ALERT, and now it keeps me from changing my "wallpaper."  Let me try removing those things and I'll post the results.  Thanks for the help.
ASlater Quote

aslater........  Here's what I would be removing ........

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [funk] funk.exe

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)  

Is PORT Scanning Illegal? If so what are the consequences. BTW I live in Australia.

Thanks in advance.Port scanning is like ringing the doorbell to see whether someone’s at home. The POLICE usually can’t do anything about it. They have to wait until a crime is committed. The police might give it more consideration if the doorbell is repeatedly rang causing the homeowner to complain of harassment. Sometimes, if a computer SYSTEM is affected too much by a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an offense.
With many ISPs port scanning is a violation of their terms of service. So if they receive complaints about port scanning they might choose to boot you off their network. Quote from: jjbtcp on September 10, 2007, 06:56:56 AM

Is Port Scanning Illegal? If so what are the consequences. BTW I live in Australia.

Thanks in advance.

My System Idle Process sits on 99.

Firefox is using 3x what my IE is using with 3 screens open but I did read somewhere that Firefox had memory leak problems.

What is CCAPP.EXE?
My svchost.exe (I have 2) seem to run about 5000K each.

My explorer.exe runs at 4392 K.

What is your overall memory usage, read it from the bottom of your taskmanager.
Mine is 176524K / 1341172 K. Quote

What is CCAPP.EXE?

more like
Norton>AVG>Kaspersky
Firefox>Firefox
Windows>Linux

I have mine set at  4 GB and I never have to worry about programs slowing me down.

[size=16]hi, yesterday I got my problem solved with all the popups and crap, but a new problem has arisen...

Every time I start my puter I get a nortons warning box saying it has stopped a virus, always the same virus, everytime it starts up.. it hasn't even had time to log on to the net..[/size]

message Im getting is,
C:\WINDOWS\system23\ld1B72.tmp"
Virus, "Download.Trojan

How do I get rid of this new annoying LITTLE brother? ....dreamweaver_73.....  Here's what I would try .......
I am assuming you downloaded all the apps Fed SUGGESTED ....... and in particular Ewido .......
Boot up in safe mode .
Go into control panel/system ....and turn off system restore .
while still in control panel ...... go to folder options/view tab ........ then scroll down until you see show hidden files and FOLDERS .....put a tick in the box in front of it ....click apply and ok .
Now go BACK out to the safe mode desktop and run ....Ewido ..........
Once its finished and anything found has been removed ....... go to ........
C:\WINDOWS\system23\ld1B72.tmp  .......  Should be [HIGHLIGHT]C:\WINDOWS\system32\ld1B72.tmp[/highlight]
If for some reason its still there delete it ..... ( [highlight]ld1B72.tmp [/highlight])  just that part .

Now reboot and see if you are still getting the message from Norton.

dl65

Verify here
http://www.washingtonpost.com/wp-dyn/content/article/2006/05/25/AR2006052501081. html
 
Researchers: Antivirus Software Has Flaw
By TED BRIDIS
The Associated Press
Thursday, May 25, 2006; 3:06 PM
 
WASHINGTON -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.
 
Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used, and because no action is required by VICTIMS using the latest VERSIONS of Norton Antivirus to suffer a crippling attack over the Internet.
 
Symantec has boasted its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."
 
Researchers from eEye Digital Security Inc. of Aliso Viejo, Calif., discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press.
 
Maiffret's company _ which has discovered hundreds of similar flaws in other software products _ ALSO produces intrusion-protection software, called "Blink," that he said already blocks such attacks and can operate alongside Symantec's antivirus products.
 
Maiffret PUBLISHED a note about the company's discovery on its Web site but pledged not to reveal details publicly that would help hackers attack Internet users until after Symantec repairs its antivirus software. eEye said it intends to describe the problem in detail privately for some of its largest customers.
 
"People shouldn't panic," Maiffret said. "There shouldn't be any exploits until a patch is produced."
 
The reported flaw comes at an awkward time for Symantec. Its chief executive, John Thompson, has campaigned in recent months to convince consumers they should trust Symantec _ not Microsoft Corp. _ to protect their personal information.
 
Maiffret said eEye's testing showed the problem affects Norton Antivirus Version 10, including its corporate editions. He said Symantec's current security suite _ which includes both antivirus and firewall features _ did not appear to be vulnerable.[QUOTE[ The reported flaw comes at an awkward time for Symantec. Its chief executive, John Thompson, has campaigned in recent months to convince consumers they should trust Symantec _ not Microsoft Corp. _ to protect their personal information. [/quote]

Frankly I would trust neither. Ever.

This is funny. Guess what? NIS wanted to let me know a program was trying to connect to a remote server. It was Setup.exe, and in my TEMP folder. Naturally, I was worried. However, it gave me the IP, so I looked it up. It was my ISP. Below is the message and the WhoIs info I got. Heh heh... I was laughing when I saw this:



NORTON WANTS PERMISSION TO ACCESS THE INTERNET! Ha ha ha ha ha ha *cough cough hack* HA ha haha....

Quote

OrgName:    Verizon Internet Services Inc.
OrgID:      VRIS
Address:    1880 Campus Commons Dr
City:       Reston
StateProv:  VA

PostalCode: 20191
Country:    US

NetRange:   68.236.0.0 - 68.239.255.255
CIDR:       68.236.0.0/14
NetName:    VIS-68-236
NetHandle:  NET-68-236-0-0-1
Parent:     NET-68-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.BELLATLANTIC.NET
NameServer: NS2.BELLATLANTIC.NET
NameServer: NS2.VERIZON.NET
NameServer: NS4.VERIZON.NET
Comment:    Please send all abuse reports to [email protected]
Comment:    DO NOT send e-mail to [email protected] as it will not be answered.
RegDate:    2003-07-18
Updated:    2005-04-21

RNOCHandle: ZV20-ARIN
RNOCName:   Verizon Internet Services
RNOCPhone:  +1-703-295-4583
RNOCEmail:  [email protected]

OrgAbuseHandle: VISAB-ARIN
OrgAbuseName:   VIS Abuse
OrgAbusePhone:  +1-214-513-6711
OrgAbuseEmail:  [email protected]

OrgTechHandle: ZV20-ARIN
OrgTechName:   Verizon Internet Services
OrgTechPhone:  +1-703-295-4583
OrgTechEmail:  [email protected]

It was my ISP.

Well, Dilbert, it looks to me like normal firewall behavior.  Am I missing the point?

Quote

Well, Dilbert, it looks to me like normal firewall behavior.  Am I missing the point?

Norton Internet Security wants permission for Symantec (the maker of Norton) to access the internet.

What is a legit Symantec setup.exe file doing in your temp directory?
Not the sort of place for a permanent file to reside. :-?

What is a legit Symantec setup.exe file doing in your temp directory?
Not the sort of place for a permanent file to reside. :-?

Norton Internet Security wants permission for Symantec (the maker of Norton) to access the internet.

It wasn't a Symantec setup, it was a WAV editor. Third-party.

ok i was browsing through my task manager and i saw missmurder.exe i have no clue it said it was being run bye the system anyone know anything about it?

Gibberish.

Please FIND the Open Source Windows Anti-Virus http://www.clamwin.com/

And

Windows Open Source Anti-spyware http://winpooch.free.fr/home/index.php

Note:

If ur to install them, 1st install clamwin anti-virus then install winpooch kwebihaf....... Why would you use either of these products when there are many proven alternatives .........   How long have you been using them ........

The latest version of Clamwin Free ANTIVIRUS is 0.88.2.3
Please note that [highlight]ClamWin Free Antivirus does not include an on-access real-[/highlight][highlight]time scanner.[/highlight] You need to manually scan a file in order to detect a virus or spyware.

Why ClamWin Free Antivirus is not recognised by Windows Security Centre?    
ClamWin Free Antivirus does not scan files automatically (that is when you access or open a file), you need to scan a suspicious file manually before opening it. Hence ClamWin does not offer fully automatic virus protection and does not integrate with Windows XP SP2 Security Centre.

This will change once the on-access scanning component is released and ClamWin team is working on it.

Please note that if you use [highlight]MS Outlook email client (not MS Outlook Express)[/highlight] then all emails are scanned automatically when you open them.

Reading comments from users indicate that it works , but just how well doesnt seem to be documented ....nor have I seen any comparisons to some of the more established AV scanners .   If you have that info , please post it as it may be useful.

dl65  
 

I'm good with AVG free and spybotdl65 ...

About Clamwin, [highlight]ClamWin Free Antivirus does not include an on-access real-time scanner[/highlight], this true but when Winpooch is installed, it  (Winpooch) acts as the on-access real time scanner. if you visit the winpooch site http://winpooch.free.fr/home/index.php you will see that when Winpooch is combined with Clamwin, the combination makes a powerful security tool..

More on Winpooch, it uses API hooking to detect spywares, which an effective method to detect spywares and viruses.

So i say install both Winpooch and  Clamwin and you will realise you ave got  Powerful security tools that r  free..

Abou how long iave used it, its not so for long about 1 month, but i ave realised the difference btn them and other anti-virus and anti-spyware programs.

The choice is yours.
With better solutions readily available, why would you EVEN consider this? Just curious.GX1_Man... just to answer your QUESTION
Quote

With better solutions readily available, why would you even consider this? Just curious.

Hi guys i recently recieved a file through msn which i believed to be from a friend as it was his name sending it. but when i contacted him to see what it was he said it was not him! how is that possibe

The file in  question is DO NOT CLICK THIS LINK:-



www.G038_jpg-msn
i was at the friends in question when i was remotley connected to home and saw that he wz\sw sending me the same file again but i know he couldn't because i was using his pc to connect to mine
the wife acidently accepted it and i am now a little weary of what it has done to my pc as she opened it and she said that nothing had happened when she did

please please help am i in trouble
Kind regards Matt
You should run a scan with Kaspersky's Online Scanner and post the log here.  When that is done, also post a HijackThis log for us to take a look at.Why post a link that shouldn't be clicked ? ?

I don't get it.The first thing I did was click on the link (wet paint syndrom) and got exactly what I expected. Do not click on that linkThankfully, it's not a proper link, so none of us have anything to worry about.This is an MSN worm. These can pretend to be from a friend whose machine is infected. Also this one exploits the fact that nobody under about 25 knows about the old MS-DOS .com file extension for executable files. They think .com means a web site so they click on it.

Backdoor.Win32.IRCBot.aex (Kaspersky Lab) is also known as: W32.Esbot.B (Symantec),   BackDoor.IRC.Sdbot.126 (Doctor Web),   Win32.Worm.EsBot.B (SOFTWIN),   Worm.ESBot.B (ClamAV),   Bck/IRCbot.KG (Panda),   Win32/IRCBot.OO (ESET)

    * The following behaviors have been observed for this OBJECT:
    * Installs programs.
    * Deletes programs.
    * Invokes dll COMPONENTS.
    * Creates Run Keys.
    * Runs other programs.
    * Communicates with web sites using httpout protocols.
    * Has outbound communications.
    * Creates known malware.
    * Creates copies of itself.Due to lack of feedback, I am closing this topic.  If you are the original poster and you would LIKE this topic to be re-opened for any REASON, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

According to PC World, this is the scanner chart... HTTP://www.pcworld.com/reviews/article/0,aid,124475,00.asp ... Now, setting that aside, which would you prefer on your computer? Which do you trust? Don't think about the ratings when you do this.

FlamePC World historically is a *censored* for advertising dollars. Also, any study that rates Mcafee second (or even in the top 5) is suspect by definition.

Could we have a third selection of "Anything Else"?Oops, forgot about that option    Yes, the option has been created, however please specify which scanner you prefer then. I'm getting tired of Norton taking up all my resources lol  Wasn't a problem until I started gaming some more... Never should have done it...

FlameAVG free 'till I fall. If I WANT a really good scanner, I'd get a trial version of NOD32.AVG- with Kaspersky (at the back)

this link
http://www.pcworld.com/reviews/article/0,aid,124475,00.asp

is not far from here
http://anti-virus-software-review.toptenreviews.com/
Looks like Kaspersky is the best one... All the REST totally switched places really... Bit Defender getting Gold? Hard to believe, but maybe...

FlamePut me in the AVG column for a windows installation, ALTHOUGH I do use PC-Cillin on one box (because I got it for free).I voted Another, but I'm really not sure at this point what I'll do when my subscription to Norton AV expires in Sept.  I'm still using NAV 2002, with multiple annual renewals due to the length of time I've used it.

However, I think I may be looking at one I don't often see mentioned in forums, or so it seems.  I'm talking about EZ Trust Antivirus from Computer Associates.  AVG Free because it's free & offers unlimited realtime protection.
Prevx1 looks like a good thing too.

When I s topped scanning w/ Windows Defender (Beta 2) today I got the following error message:
Windows Defender encountered an error:  0x8050800d
Anyone know what this error is or how to fix?

Also does anyone know if Windows Defender (Beta 2) also automatically updates Norton Antivirus Corporate Edition on the PC & if not, if it is POSSIBLE to INCLUDE it in the same update?  Than ks, Dede

uninstalling and reinstalling may solve the problem.

Not sure I understand you second question; it does not make sense to me.  Defender and Norton are two separate programs.  Why would one update the other?can anyone help me w/ the following:

When I s topped scanning w/ Windows Defender (Beta 2) today I got the following error message:
Windows Defender encountered an error:  0x8050800d
Anyone know what this error is or how to fix? Is it anything to worry about?  thanks, dede Quote

can anyone help me w/ the following:

When I s topped scanning w/ Windows Defender (Beta 2) today I got the following error message:
Windows Defender encountered an error:  0x8050800d
Anyone know what this error is or how to fix? Is it anything to worry about?  thanks, dede

 How can i insstall Windows Defender w/out installing active x control?  

As some of you know i have just
posted here for HELP and everything
was fine, Then i went to login to my email accounts
but when i pressed shift to get .  these " 2
little marks appeared instead then it happend
for other keys not showing what was pressed??
i hope you understand what i mean the keys pressed
do not corrospond to what is on screen??
Is this virus behaviour???
Once agian thanks for your time.........

Is this problem STILL happening?  Have you tried a different keyboard?
This sort of thing can be caused by a virus, but it can be caused by a lot of other things as well.  It could also be no more than a fluke.
You should try another keyboard; if the problem persists, then we'll brainstorm and come up with other possible solutions.Hi,CBMatt. i have just tried another keyboard
 off mums gateway pc and it was still happening
 dell help site had me checking that, regions was in
 english usa, and it was, other keys affected are the
 pound sign comes up as HASH,hash comes up as
 forward slash ill run all my spy and virus programs
 and get back to you i wont list them all as ive got
 all the wons u recomend..cheers..P...As you know it takes sometime to scan and
 i still havent finished in normal mode avg-anti virus
 and spy found nothing,xoftspy,spybot search destroy,
 spyware detector,spyware doctor.havnt found anything
 ill try in safe mode and get back dont know how LONG
 it will TAKE please give me time i still have to scan with
 avast virus..RESULT!!!! Hi,CBMatt i dont know what was
wrong but just to let you know before i spent
the night scaning in safe mode i tried system restore
 it went back to 24 aug,and everything is fine so far,
 i dont know if any KB updates were released that
 might of been bad but im just glad its working agian
 Once again thank for your time fella..
 cheers..P...It's hard to say what the cause might've been, but it's entirely possible that a hotfix was causing problems.  I would more prone to suspect some third-party program, but System Restore would've uninstalled whatever it was.  In any case, I'm glad your issue is resolved, and I hope it stays that way.Thanks so do i..As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I will try to make a long story short:
Computer originally kept restarting with no BSOD. Just would shut off and turn back on. (Sometimes during boot up and maybe 10-15 times in a row... like maybe a few seconds after the last had hit). Tried a bunch of the stuff in one forum about restarts, but didn't really do anything (other free online scanners I could never finish because it would reboot before finishing). Finally it just got out of hand, brought it to my school's computerplace, they scaned it and said it was fine. Took it home, upon turning it on it immediately started restarting again. This time I noticed it was with slightly less frequency. Then I decided to format my computer. I did the whole "erase to factory settings" thing and it STILL rebooted. Then I went on spring break and when I came back my computer miraculously stopped rebooting, BUT now it has a myriad of other problems.

(Also I must add the restarting may have come from a download 3 days before. I tried to dl an onscreen keyboard without knowing that the computer already had one. -- My roommate is a b**** when it comes to complete and utter silence for her studying and sleep. )

I must note when I erased my computer I noted a lot of things I had added on (software) before weren't erased... Why is that?

Current Problems include:
- Occasional freezing
- My DVD-RW drive sometimes doesn't work. It starts beeping like crazy. Also sometimes If I have a DVD or CD in there when starting the computer up it keeps beeping loudly with a black screen. I need to take out the disc for it to work.
- major one: The computer won't let me update some of its software... esp. back to Windows XP (the 2 pack or whatever it is). I need to update it so I can reinstall my school's virus remover and their computer monitoring software. But when I try to dl the 2nd pack from their site it always gets to the very END of installation and it gets an error. Then it erases everything it added.
- Also I'm having a problem retrieving movies (we're not talking bootleg, we're talking videocamera burned onto computer, then onto disc--I'm the VIDEO editor for one of my clubs) from dvd-r's. Some of them work, but some don't. (I get the beeping noise with some of burned dvds/cds. I also get halted whirring "duuuuuuck... duck duck duuuuuck" and "squeeeee" noises. After the non working ones... don't work... either the computer freezes or nothing happens.)

I know I have had other problems I've encountered but I can't remember them at the moment...

I'm in an HP Media Center... Windows XP (Assuming Service Pack 1 as the updating thingie says I need SP 2).Oh yeah I forgot to mention that my TV Tuner is also no longer working...

And at the moment I am scanning with Housecall. We shall see if that does anything. (I am noticing too at the bottom of the screen w/ the files scanned flashing by... every now and then it goes "ERROR.")

Okay I'll be back... need to go to class.cookiemunstahh....... Usually , HP provides 3 cds ( I believe ) with their machines .......  the 1st on will have the operating system on it with the service pack ..... for example Win XP Media Centre  SP1 or perhaps Win XP Media Centre  SP2 .
In your case you probably have the first one .
Then ...there should be a second cd ....CALLED Application and Driver Recovery DVD.
Then the 3rd cd ...is called Application Recovery CD ..... ( this one is for doing a system restore back to as shipped condition )

The odd thing is that you say you did a format and clean install , but it didnt remove some programs ...... that suggests that you only did a repair ....... as opposed to a complete format .......

Perhaps you could describe how you did "your format" and which cds you used .
I ask this because I just did a format and a reinstall on a HP laptop and it formatted the whole hard drive ....not just part of it ........ or did you have partitions set and the programs which were not removed were stored in those partitions ?

dl65  Well I asked the HP ppl on the site (I chatted with them). I told them I wanted to do the erasing to "factory settings" because I did that a long time ago on a different computer.  They gave me a set of instructions... (Let me find them because this was a few weeks ago and I forgot exactly what it said)

So this one doesn't have CDs. (I only have CDs for the original software I bought at the same time as the computer, old virus scan stuff and Microsoft Office... I don't think I threw it away cuz I always keep all my computer stuff in one box... Also, this is a bummer too, this comp is relatively NEW... maybe a year and half old. So I remember wondering where the other CDs were...) I think because it has that extra drive we don't need it. It was like during the boot or something we pressed f8 or something and you come to a series of screens they have choices like "completely format" and "format to original factory settings."

Oh sorry... it's "System Recovery" (I must add, I never changed the recovery settings... like I never saved the "new" settings after dling software.  Never bothered to.)

OK Found the site... here's what it says:
NOTE:  HP PCs that ship with Microsoft Windows XP do not come with recovery CDs. Instead, they use a hidden space (partition) on the hard drive to store the recovery information. The use of a hidden partition provides a convenient process that eliminates the use of recovery discs that may be lost or scratched. Recovery discs for Windows XP are available from HP for a minimal cost. Go to the section " Related support " for ordering information. Your PC may also CONTAIN Recovery Creation software.  

So yeah I just used the partition thingie... Well some of the things I noticed that didn't change were updated drivers (I updated drivers recently before formatting because I thought that might be the problem... but I dunno).

Other things that weren't deleted were like remnants of programs... like a LOT of icons were left on my desktop but most of them didn't work... like you click em and either an error shows up or nothing happens.

Also, wierdly, the internet was already set up. (When I originally came to school I needed to go through this whole process to set up the internet.)

Do you think I should order these disks and just completely erase it? Or is there another way to clean up the problems on here?OH wait, I think I must have read this wrong... I tihnk I did a system recovery... I thought I remembered the destructive one as totally erasing EVERYTHING. But it says here not... is this true?

"CAUTION:  Performing a Destructive Recovery will format the hard drive. This will delete all the information on the hard drive and reinstall Windows XP and the original software that came with the PC.Performing a System Recovery replaces system files and original software with the files that originally came with the PC. This process may move or remove certain files, like those stored in My Documents. Before performing a System Recovery backup important files and the files stored in the My Documents folder.In either case, be prepared to reinstall software that was not originally included with the PC. You will also need to reconfigure an Internet Connection and obtain all critical Windows Updates, Virus definition updates, and anti-spyware updates.  "If you use the full restore ALL of the things you added yourself will be gone, along with the problems hopefully. If there is any important data you need to back up do so.So really the "destructive" one is the one I want to do right... "Back to Factory Settings" was on my old computer... yeah I don't mind that reg. files/progs will be lost... I understand that I need to reupdate everything right?

Just making sure LOL.That is correct.

I'm still not sure if the problem is a virus, hardware, or software:

while i was browsing the net, my COMPUTER suddenly froze then the monitor suddenly showed a screen with vertical rainbow colored lines.
that in the WORLD did just happen to my PC??I think this means your HARD drive has corrupt !?  I would wait for a SECOND opinion thofind the make of your harddrive go to the manufacture's website and dl the diagnosic tool and run it

i downloaded some programme that had some spyware in it, the spyware puts up an icon at the very bottom right END of my com screen (where the norton antivirus is etc) and keeps having pop ups about my com being affected by some virus (which cant be true cuz i have scanned with zonealarm)!!!

it also keeps changing my homepage, thus i cant change it BACK!!!there are also alot of random popups

i used my spyware detector and scan through my WHOLE computer and destroyed all the files my spyware detector says that is a spyware but that icon and the problems above are still there...

if u need more info pls tell meforevayoung......  Download hijackthis from  http://www.majorgeeks.com/download3155.html    create a folder on your desktop and save it there........ Then once it's downloaded , open it and click on run scan and save log...... save the log to desktop and then post the log here and we HOPEFULLY can assist you .

dl65  ok here it is...pls help me...


Logfile of HijackThis v1.99.1
Scan saved at 5:08:10 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SOUNDMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\3DNA\Resources\3dnasys.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\antispy\hijackthis_1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp102.tmp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\LEEYAN~1\LOCALS~1\Temp\200663163655_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\LEEYAN~1\LOCALS~1\Temp\200663163647_mcinfo.exe /insfin
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: 3DNA Auto-Update.lnk = C:\Program Files\3DNA\WiseUpdt.exe
O4 - Startup: 3DNA Desktop.lnk = C:\Program Files\3DNA\Resources\3dnasys.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.moreatonce.com
O15 - Trusted Zone: http://schdnavdo.schooldna.com
O15 - Trusted Zone: http://schdnaweb.schooldna.com
O15 - Trusted Zone: http://schdnaweb1.schooldna.com
O15 - Trusted Zone: http://schdnaweb2.schooldna.com
O15 - Trusted Zone: http://www.schooldna.com
O15 - Trusted Zone: http://*.schooldna.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2885EE05-A26B-11D1-B49B-00C04F98EFE0} (In Fusio, Exen Simulator) - http://www.ageofempires2-mobile.com/site/Activex/simulator.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8C4A2492-3FED-41F2-BBAB-34E802844F8D} (IESettings Class) - http://schdnaweb.schooldna.com/schooldna/login/dnaClientIE.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

K.... I have a toshiba satilte and they enable you to create a master password that activates as soon as the computer BOOTS up (after it tells you to push f1 and F12 for some otha stuff) The problem is... the password got changed some how and I cannot even access a profile or anything. It won't even allow me to push f1 or f12 to try and set up. before that, the computer wouldn't power up when i PUSHED the button with the battery pack fully charge and or plugged into a socket... I need some HELP!!!!!!!
thanx Which OS are you running?  Can you boot into safe mode?  I know in Windows XP there is a guest account that shows up in safe mode.  If you could use that you can use the command prompt to run this command

net users (your user name goes here) "password"

Whatever you put in the quotes will be the new password.  So for example:

net users Sally "newpass"

That would change Sally's password to newpass.  However we will still need more info on your current SYSTEM so we can make sure you have the correct answer.  Also one more thing....this master password you are talking about.  Is this for an account in windows?  Or for the cmos?  If it's for the cmos the above recommendation won't work.This is a laptop...and it's not a Windows password it's a BIOS password.
Call a local Toshiba service center and get your wallet out... :-\Yeah... it's the bios password and not being able to TYPE in my password cuts me out from everything!   thanx a bunchYup, you're going to have to do what Patio said.....unfortunately.

I got an issue here. I was at a site a few weeks ago, and I wanted to download a utility. However, Norton swooped in and cancelled the download. Too late, however. I got at least one instance of Trojan.Nebuler. I'm having a devil of a time getting rid of it, because every time it fires, Norton quarantines and deletes the throwaway .exe file (giving me a popup to tell me).

I've already closed about 25 popups, let's SEE how many more I get:

....................................... ................................

Each dot represents a popup from Norton. Each .exe file destroyed is a series of random numbers, occasionally letters. I can't find a trace of it since the throwaway .exe files get erased. Now, this HAPPENS every few days, fluctuating INTERVALS of time. No noticeable pattern, other than if I try to d/l again I get slammed again (I only tried it once more to see if it was indeed that PROGRAM; it was).

HELP!Dilbert.......  Post a copy of your hijackthis log file please .

dl65  Dilly, do you remember what you were trying to downlaod & where from?
I'd like to replicate your dilema.Unfortunately, the site was one of many I looked up in a google search, and FF's weekly cleaning of cache, history, etc. has occured since. I Googled so many different keywords I wouldn't recognize the site unless I saw the particular page that had the download.

But, anyways:

EDIT: I've been hit again! I've closed 100+ popups from Norton about the matter and counting!

Hi all!
I am using AVG free 7.5.
I downloaded a zipped file from a WEB site last night, and as usual, I scanned it with my AVG before opening it. Then AVG REPORTED to me that a virus was found:


Still, my AVG didn't provide me any tool or next step to kill the viruses found.
I am totally new to AVG and need some help from experienced AVG users

Please help if you could!DELETE the zip file to recycle bin then delete it from there. Then run a manual scan to check for viruses.Yes, basically that report means there is a virus inside the compressed file (.zip / .rar).
Locate that zipped file, select it and hold SHIFT down while pressing DELETE. This will get rid of it from your system.

Then do as Mektek suggests and run another scan.I this person want to keep the file but delete the virus can this be done ?According to the information we currently know, the file is the virus...Spero - It's not worth the risk trying to clean infected files IMHO. Better to get rid of completely. Understood ! Thank you all so so ... much!

---

I really wanna see the contents inside the zipped file, but just couldn't act bravely...when thinking it may be a very strong virus and would trigger off crisis to my PC.
Is it a strong virus actually?

BTW, what do you think of AVG?
Is it a good anit-virus software ever?

I think it is one of the best ! A lot of the folk on here prefer AVG as their anti-virus protection.

Personally I love it after years of putting up with Norton hogging my resources.

They do a great anti spyware as well. Would also go for this if you don't already have it, or at least add it to your anti spyware arsenal  Quote from: GX44 on September 03, 2007, 09:39:47 AM

A lot of the folk on here prefer AVG as their anti-virus protection.

Personally I love it after years of putting up with Norton hogging my resources.

They do a great anti spyware as well. Would also go for this if you don't already have it, or at least add it to your anti spyware arsenal 

....They do a great anti spyware as well. Would also go for this if you don't already have it, or at least add it to your anti spyware arsenal 

...
Is this service free or paid?   ...

Hello Forum: WindowsXP SP2 ,IE6.0.29, 2.39 GHZ, 512MB RAM .  Question: When I get my AVG Virus scan test results, one line in test results shows the Object  " C\windows\system32\shell32.dll"  . The next column says Result  "Change".  The last column says Status "Changed".  This occurs on every Virus Scan. Is this something to be concerned about. Is AVG finding a problem every time and correcting it. AVG test runs every day. Also use AD-AwareSE, SpywareBlaster and SPYWAREGUARD, Windows Firewall. All are UPDATED continually.   Any help would be appreciated.  ThanksNot to worry in the absence of any threats being found.  Thanks for your help. I TRY to keep the MACHINE clean and am always on the lookout for anything out of the ORDINARY.

I recently bought a new wireless laptop along with a basic wireless router. But the salesman scared me when he quickly discussed with me the inherent security problems with a wireless computer. He said that if there are any neighbors of mine within a 600 sq. ft. distance, they could conceivably read and/or pick-up what I am typing on my computer (ie. credit card information, emails, etc.). And he added that I should encrypt my wireless (whatever that means?). When I did first turn my new laptop on, it gave me a listing of about 6 wireless networks which apparently my laptop was picking up, which I assume means these were signals coming from neighbors? Should I be concerned about this? And if so, how do I set up my wireless laptop so no neighbor might pick up what I am doing on my computer? Thank you.  Do a GOOGLE search for WEP. That's what you need to setup (wireless encryption). Quote

Do a google search for WEP. That's what you need to setup (wireless encryption).

I have run anti-spyware as well as anti-virus software, and have files quarantined with both issues. My question is this-what do I do to remove them? If I remove the files containing these things, does it impact my COMPUTER?

Do I simply leave them quarantined and not delete them?

I`m completely confused and lost about what to do about these issues.

I have a Dell 8400 Dimension desk top computer, with Windows XP HOME Edition.

Can someone PLEASE help?What software are you using? Where are the files stored? What are rhey called?Software? I have a Dell 8400 which is running Windows XP. The anti-virus software I run is Symantec. The quarantine says the file is NjlDekRVVXl0Sm9BQURmb0Bhb0FBQU9I[1].wmf, and it says the ORIGINAL location was C:\Documents and settings\greg russell\local settings\temp

The second one says the file is jar.jar-2ad522e1-7123a023.zip and it`s original location was C:\Documents and settings\greg russell\Application Data

Both original locations have more to them, but I can`t see it all.

The virus software has these files quarantined, so do I delete these files? The virus software says it can`t clean them. Does it hurt to simply leave these in quarantine?

I have NO IDEA what to do.Files in quarentine can't run anyway. If you have not experienced any problems with the computer or any apps, there is no reason you can't delete them. It won't hurt to leave them there, but they are just occupying disk space.

HELP!! lately my computer has been running super sloooow and I'm getting these annoying popups on the bottom corner righ of my screen saying "security alert" and that I need to download protection. My homepage has also been changed to a page saying I download protection plus im getting a load of explicit ads. what should I do?! and btw, im a total computer moron i don't much about computers... Please Help!

windows xp home edition, 1.53GHzYou are the victim of spyware/adware (which is collectively known as malware), at least one homepage hijacker, and probably a few viruses. First, read this article to acquaint yourself with the problem: http://www.bleepingcomputer.com/tutorials/tutorial41.html

Next, run Ad-Aware. What's Ad-Aware? Please read this thoroughly: http://www.bleepingcomputer.com/tutorials/tutorial48.html

Then run SpyBot. What's SpyBot? Please read this thoroughly: http://www.bleepingcomputer.com/tutorials/tutorial43.html Note: I've had to run SpyBot several times in a row to completely remove some of the more STUBBORN varieties of malware. Also, remember to immunize your computer. Read the article and you'll understand.

Now run HijackThis. What's Hijack this? Please read this thoroughly: http://www.bleepingcomputer.com/tutorials/tutorial42.html Note: It is possible to do significant damage to your computer with HiJack This! Because of this, when you create a log file (Read the article and you will understand what a log file is) post it as an attachment to this message board. We'll help you through it. Also, the above article is rather lengthy. You really don't need to read it all, just the first five "chapters".

Next run Panda Software's free online virus scan: http://www.pandasoftware.com/products/activescanpro/ Note: The link for the free scan is rather hard to see. Its in the upper right corner just underneath the red rectangle that says "Buy ActiveScan Pro". The link says "Free Online Virus Scan". Click the word "Online". It *REQUIRES* Internet Explorer 5.0 or higher to run. It supposedly removes any viruses it finds, but you need to upgrade to the Pro version to remove spyware/adware. Don't worry, Ad-Aware, SpyBot, and HiJack This do just fine (and their free!!).

Then, just for good measure, run Ad-Aware and Spybot once more.

Finally, Get Spyware Blaster. What's SpywareBlaster? Please read this thoroughly: http://www.bleepingcomputer.com/tutorials/tutorial49.html

If you really want to be thorough, use SpywareGuard. What's... Okay I'll stop. Just read this: http://www.bleepingcomputer.com/tutorials/tutorial50.html Note: I've never used it myself, but it looks like a good idea.

You've got enough tasks ahead of you to burn through a few evenings.   Keep us up to DATE with your progress.


--Oober NooberJust out of curiosity were you using ANYTHING for spyware/virus protection?A well researched post Oober  [smiley=thumbup.gif] but you forget that Fiery is a self confessed total computer moron   and I doubt his ABILITY to carry out your suggestions.  :-?
Added to this, whatever is causing his problem may not NECESSARILY be classed as malware so all the scans will do nothing for him.
He may even be able to remove the offender via Add/Remove Programs in the Control Panel.
Perhaps he should give us a Hijackthis log to see what's going on first. Quote

A well researched post Oober  [smiley=thumbup.gif] but you forget that Fiery is a self confessed total computer moron   and I doubt his ability to carry out your suggestions.  :-?

Added to this, whatever is causing his problem may not necessarily be classed as malware so all the scans will do nothing for him. He may even be able to remove the offender via Add/Remove Programs in the Control Panel. Perhaps he should give us a Hijackthis log to see what's going on first.

how do you know if you have spyware and adware? :-?

BTW Fiery is a GIRL

DAVE9999....Well the 2 files I was refering to are just questionable .........thats all.
Quote

Now that those nasties have been enprisened in the "Avenger" zip file.

DAVE9999....Well the 2 files I was refering to are just questionable .........thats all.
Quote

Now that those nasties have been enprisened in the "Avenger" zip file.

    why dont you delete the quarantined files ?

Now as far as the files on D: drive ....... If in fact some of them are corrupted or infected  , then whats the point of having them on your machine ...... the contents of that drive is useless . I would wipe D: clean . ........  the fact that there are infected files on that drive are a potential threat .

dl65  

We all just bumble allong, not having any school training like they do nowerdays, doing the best we can.

about 30 mins ago, someone did a port scan on my computer. that is usually not a good thing. I instantly cranked up my firewall to the max setting. (my avs was updated yesterday) I was also monitoring my PORTS. I saw nothing for a a while, but when I clicked on my firefox shortcut, my computer restarted with out prompting my to SAVE my work in anything. so I logged back in, and right clicked my firefox icon, and the target was "%windir%\system32\shutdown.exe -r -F -t 00" which I did not set the target to, because the would be stupid for me to do. I scanned my computer with AVG, and found hundreds of trogans and such, whick were all deleted. but I'm sure my cmd file is infected with something, I'm guessing a polymorphetic virus, because my antivirus didn't find anything on it, yet it's not working properly, also, the file size grew by 2 MBs, it's usually about 379kb. I can't run any commands in it, not even cd\ I was wondering if any one can help me attempt to trace the person that did this, I'd like to find out who did this, i do realize that they most likely covered their tracks nicely, I'd still like to attempt.


right now I'm running P.H.L.A.K, Professional Hackers LINUX Assult Kit, for an OPERATING system, I'm running it off of the cd
Ok, I replaced the cmd file from phlak with a backup a made a while ago. I'm back in windows and angry. I'm still wondering ways to track the person that hacked my tower, he(or she) will PAYAm sorry but you cant doing nothing but either report hacker IP address
http://www.reportahacker.com/reporting/reportahacker/index.phpYeah, that figures...I suggest you get some real time protection for that computer.Like a firewall to start.

Hey there.
Recently I was foolish enough to download what I thought was a legitimate installer, only to discover it brought with it a good BUNDLE of viruses and adware. My first move was to disable my INTERNET connection to prevent it spreading or downloading more things onto my computer. Next I ran Spybot Search and Destroy, AdAware-SE and my Norton Antivirus SEARCHES to cleanse my computer. I also installed Avast virus protection and had it run its system startup scan and a completly thorough scan for viruses. When I thought everything was removed I enabled my internet connection again, and was given numerate popups from Avast telling me I had viruses and adware found. I followed the "suggested action" of moving everything to the "chest". Now what move shall I take next? What has "moving to chest" actually done? Are all threats now dealt with and I can have piece of mind? Presumably my computer is still infected, what shall I do next to get it sorted out?

Also I can no longer open Windows Task Manager with CTR + ALT + DEL and opening it with run taskmgr.exe tells me the file is already in use, despite it not being open. Also I have a new program installed on my computer called toolbar888 which I cannot remove without closing internet explorer first. However internet explorer is not even open at the time. Any ideas with these two problems at all?

Any help appreciated, I know I've been a silly boy  
Brom Bromley-UK.......  The first thing you should do , is turn off your system restore ( if you have that option available to you........ ( you DIDNT mention the O/S )  . Next reboot into safe MODE and run your Anti virus from safe mode ...... Once you are finished , reboot back into normal and see how things are .

dl65  Sorry, I'm on Windows. Thanks, ill give this a shot.