Explore topic-wise InterviewSolutions in .

hi,

i have a question about virus deifintions for Norton Anti-
Virus....i have UPDATED the definitions yestereday but i had to reinstall the programme due to a message brought to me by the programme itself telling me that its integriety
is corrupted...so i had to reinstall it,,,my question is :

is there a specific folder that i can backup which contains the LATEST virus definitions that i have downlaoded??shortey.....If you have reinstalled Norton AV then SIMPLY open Norton and click on "Live updates" it will connect to Norton and D/l and install all the latest updates including all the virus definitions. You may have to run live UPDATE several times to get all the latest updates .

Hope this HELPS you

dl65

after doin a scan with AVG it said 3 viruses cannot be cleaned i located the infected files but it SAYS cannot be deleted cos it being used by windows what can i do??? Boot into safemode and run the virus scanner from there.
how do i boot into safe modes?
Press F8 on boot up and select Safe Mode from the LIST.

Related article:

Safe mode;Dthankyou guys u were really helpfull with ur advice an i now have a clean comp yay!!!!!! Not a problem. Come back if you have more questions.

If you want to keep your computer clean, install the programs recommended in the Please Read This First - Viruses & Spyware sticky thread. there are so many programmes there which ones do i really needYou can test Spysweeper, Adaware and Spybot Search & Destroy.

Keep the one you like most. I myself use Adaware SE Pro.

I have never tried SpywareBlaster and HijackThis is only to solve issues manually and check to see if any spyware has been missed by a spyware scanner should there still be problems occuring.thanks for ur help i have downloaded adware SE same as u really glad i found this site :DxxBe certain to properly configure Adaware SE (Or use the default SCANNERS).

If you see SOMETHING that you think should not be removed and/or you are not certain what it is, post a message or search Google. i just removed em all!!! i dont know what they were :-/Well considering the fact that your system still allows you to post, nothing went wrong. oh good!! as u can tell i am not the best with computers lol thanks again

Let us know what you find out.

Have you considered using a firmware Firewall?Hey Raptor

I'll certainly let you know here if I find the answer. That is my GOAL. Have an UNDERSTANDING and solution to this hacker crap and let it be known to all that need it. A free solution is also the goal. I think I personally can 'buy' a solution for $120 a year. That doesn't help anyone ELSE visiting my website.

Thanks for the help
Danport scanner...?...msn messager etc sub 7 is illegal and you should report it..to your isp...download sygate firewall...or try a program called ghost server...Quote

I think I personally can 'buy' a solution for $120 a year

Hello....my computer has been running or I should say barely running, actually, I can't even use it. I keep rebooting and still nothing. When I opened the task bar, I saw inetxml.exe using 80 percent of my computer and climbing. I tried deleting this and nothing. It doesn't show up run a search and nothing unusual is in the add and removes. Does anyone know what this is, where it came from and how to get rid of it. Thank you all so MUCH.

JoyceBoot into safe mode and see if you can scan for viruses, spyware and trojans from there.

What operating system are you using?XP...did a scan for viruses and it doesn't do anything to fix it...thank youWhoa...... I ran searches for it and found a page explaining it..... only problem.... It's not in english or any language that I know

http://i2n.222.pl/?akcja=traderthat is all I got when I did a search and have no idea how or why it is on my computer. hmmm....... It's a bit risky, but here is what I WOULD do.

http://i2n.222.pl/?akcja=download

Download it from the site....... pobierz is the word you are LOOKING for.... click on that and it should download....... it should come with an uninstaller..... maybe it will recognize that file and take it off as PART of it's uninstalling process.......

If it doesn't come with an uninstaller.....

Control Panel-> Add or Remove Programs and locate it through there

try that

Quote

Whoa...... I ran searches for it and found a page explaining it..... only problem.... It's not in english or any language that I know

http://i2n.222.pl/?akcja=trader

Hi!

There are 2 IEXPLORER tasks in windows task manager (OS: windows xp pro) which I can't end it using End Process. I already try reboot my PC, but when my PC is booted up the 2 tasks already active, even THOUGH I didn't open internet explorer. I already try using spybot & spysweeper but still the same. Below is a log from hijackthis, which one can be REMOVE using hijackthis? Is there anyone who can help me? thanks!

Logfile of HijackThis v1.97.7
Scan SAVED at 8:09:18 PM, on 10/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
D:\Download\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.decctwvrck.com/gXEufSwn0IGE4FVDUd0uQDAyoCTBhrmKwzDiOJTqGxWJGg795bwSgSN5PzAZgCW1.php
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07DCE5EA-8DA5-DF46-9A63-8B157E44BC98} - C:\DOCUME~1\WINDOW~1\APPLIC~1\STARTS~1\BalmHtm.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Axis joy bib eq] C:\Documents and Settings\All Users\Application Data\Team meal axis joy\corn meta.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DENT INSIDE] C:\DOCUME~1\WINDOW~1\APPLIC~1\ANTITE~1\DartPopCorn.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Research (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095479084363
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave FLASH Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Repair Internet Explorer.How to repair internet explorer? Thanks!Uninstalling it from the Add/Remove softwaremenu should offer you that option.

Howdy!

Some sort of malware disconnected the NOTEPAD PROGRAM's ability to be called into service by numerous programs. I'm not sure whether the malware KILLED the program or what, but I downloaded another and overwrote the old just in case. The Merijn site has an oversimplistic DESCRIPTION of how to "reconnect". The program is there in my Windows ME accessories file but when a program wants to access notepad the "cannot find notepad.exe" message appears.

Can someone please provide step by step instructions on how to reestablish whatever path is necessary to "reconnect"?

Much Appreciation,

Bradjust download it>http://www.spywareinfo.com/~merijn/winfiles.html#notepad cool gems removed it....and download shredder to clean up any other nasties...merlin_2,

This is the 4th time to Merijn.org in dealing with this glitch and today for some reason it worked... OBVIOUSLY it was your mystical mind and magical touch.

Thank You!

Bradtry spysweeper and have a clean up....

Help! I downloaded and paid for a program this morning, THINKING it was Adaware. Now realize it is SOMETHING called Spy Assassin. Is this a legitimate program? Should I remove it? Does anyone know anything about this? I FEEL like a total idiot! I never download strange things into my COMPUTER!Remove it from the add/remove software menu if you donot WANT to use it.

I suggest you use an IP SCANNER to see where all the IP entries are from.

NeoTrace Express 3.25 is a FREEWARE version.

My system is very slow. It is Windows XP on an IBM notebook. Task manager shows several files I do not know what they do. How do I clean my system and find the files.
mcwin.exe, dbun.exe, oleimg.exe, and imgvb.exe
thanks,George Jallo....If you don't already have it ...download and run... Ad-Aware SE from the link below.
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
SpyBot search and destroy....from.........
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10289035.html

Both of these utilities do a PRETTY good job of cleaning out pests. If you run these apps on a regular basis in conjunction with a good up to date anti virus your pc should run a lot smoother and noticably faster.

Hope this helps
dl65
there is a NEW anti-virus on the block it strungles the virus...catching them by the neck.....
its a beautiful antivirus by www.mwti.net try it....if you are on the internet try the CORPORATE version......
its escan and its very reliable i use it .....it deletes files fixes viruses and has a well monitored log.

there is an evaluation copy for most programs of escan.
mcwin.exe is something to do with a program called "Mod Calc", which is a part of what APPEARS to be some business tool by a company called "Smart-Comp". I RECKON you would have either installed yourself or, if it's a company computer, the system admins would have.

The other three do not return anything in a Google search, which is very strange. Get a virus scanner as well as the two products dl65 mentioned and scan. I suspect you'll get a clean(ish) bill of health from them but you'd best be safe...

My Norton anti-virus found this virus call:
Bloodhound.Packedand i can SEEM to deleted, Please help
Also computer is very slow.

Plumbersee if norton removes it in safe mode f8 key on boot..or try norton again but disable system restore if you have it info on bloodhound>http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.htmlOk let'me try that real quick.I Scaned in safe mode with NETWORKING, and the test did not found anithing.and PRIOR to that i desable the restore point.
i forgot to MENTION at the bigining that i have the virus in quarentine.http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000040709092648?Open&src=ent_hot&docid=2002091210045148&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

Hey everyone. I wanna thank you in advance for any help that you may be able to give me here. First off I have the latest version of norton internet security. Over the course of the last week I have TRIED to do a virus scan, and a full systen scan at least 15 times. My computer completely freezes about 5-10 minutes into the scan each time. The only way that i can EVEN shut it off is for me to unplug it. I am pretty sure i have a virus of some type and i'd like to get it off my computer but i have no idea how to do this if my virus scan keeps freezing. If anyone thinks they KNOW a way for me to remedy this problem I'd really appreciate it if you could drop me an EMAIL. Thanks alot everyone [emailprotected]As I have said before, and will continue to do so; We're not a dating service. If you're lookin for E-mail contact, you're on the wrong forum.

Scan for viruses, Trojan horses and Spyware in safe mode.

Also be certain to download the latest Microsoft (Security) UpdatesDo an online virus scan from:

www.symantec.com

This will not scan compressed files but will indicate any viruses by name. You can ven download the relevant removal tool.

Also try running stinger from the McAfee Web Site.

Scan for spyware like Raptor has said. Here are some spyware removal programmes

http://www.rcmillar.netfirms.com/subpages/Links.htm#Spyware_do u have on the ctrl alt delete screen msi.exe if so get rid of it my bastered brother in law had that prolbem?

i keep getting a toolbar downloadind on my comp.its called elite and when i remove it it comes back. also the same with bargin buddy and navi search. how can i remove it without it coming back? i run adaware by lavasoft and spysweeper. it removes it but always comes back. thanksUse the spyware scanners in safe mode.

Advanced Uninstaller Pro 2004 is capable of removing toolbars from Internet Explorer.Have you downloaded any software or installed any...some spyware maybe embeded in it...jms...What operating system are you using ?
Reboot your pc into safe mode. If you go up to the top of the page with IE6 open ......click on view and then choose toolbars....see if any of the tool bars you listed are SHOWN there and ticked ...( remove the tick marks) . Next ....click start / search .......and make sure that your search is set to look in hidden files(click on the more advanced options ) tick ...system folders , Hidden folders and subfolders. Now do a search for each of the items.....and note where they are and delete them.
When you have that complete.......go into control panel ....Add/remove programs and see if there are any entries there refering to any of those items......( if there are remove them) . When you finish the above , run Ad-aware and spy sweeper ( again while in safe mode )

Now , do you have any kind of a registry cleaner ?
If you don't I WOULD suggest you click start /run / regedit
now when registry editor OPENS ......go up and click edit...and scroll down and click on "Find" ......again enter the name .....ie bargin buddy and let it search for it ...if its there it will take you right to its location .( delete it ) and so on until you have checked for all three .....Just a word of CAUTION .....if you are not comfortable deleting registry items .....have someone that is do it for you and be sure to back up the registry before you make any changes just in case .

let us know how you make out

dl65 thanks for the help everyone. i was able to GET rid of it by using advanced uninstaller pro. then i went to the registry and searched for it and it was all gone. thanks again. jmsYou can also Advanced Uninstaller Pro 2004 to clean your registry. The registry scanner is not as thorough as other (more recommended) scanners but it is adequate.IM TRYING TO FIND OUT FOR MY BROTHER IN LAW IF HE TRIES TO RESTORE HIS COMPUTER WILL IT KILL ANY SPYWEAR HE HAS CONTACTED? TY MARK
Very doubtful, Use a spyware scanner instead..

I have a problem with an address that CONTINUALLY comes up even when I'm not online. It's popuppers.com. How do I GET rid if it??? This is ALWAYS showing up on my bottom toolbar.Scan for spyware.I have run spybot, my office scan, and spyblaster with no results.See ONE of my favorite software programs helps you>http://www.download.com/3120-20_4-0.html?qt=secretmaker&tg=dl-2001I downloaded the whole thing and still popuppers are coming. Now what do I do??Quote

my office scan, and spyblaster with no results.

billiusthemook....check your instant message .....

dl65 for some reason i can't get the symantec website to load. My guess is it's down, i dunno.

i was wondering if i should download microsoft xp sp2? would it cause more harm? it says it provides top of the line protection software.billiusthemook....There's nothing wrong with the symantec site .....I think its possible that you still have viruses on your pc........
How about running another log of hijackthis and let me have a look at it .
When you tried to go theredid you get any error messages ?
Have you ran Ad-Aware since you had hijackthis remove some items ?

dl65 Logfile of HijackThis v1.98.2
Scan saved at 7:52:22 PM, on 10/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\msawindows.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\WinMsrv32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Billius Cello\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\RunServices: [WinMsrv32] WinMsrv32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

i have not run adaware since i last fixed with hijackthis. i did not SEE any error messages when i opened up the symantec site.billiusthemook.....ok , that looks better.....
Now we MUST do something about the ANTI-virus thing ...... I would like you to paste this LINK into your browser and download it ......It's AVG anti virus....
http://download.grisoft.cz/softw/70/full/avg70f_280a377.exe

look in your private message.....box right up at the top where you log in ........there are instructions there for you

dl65 billiusthemook......once you have run AVG.....I think it would be a great idea to go to the MS update site and D/L service Pack2 .........you may have to D/ L several old updates before can D/L SP2 ........But please dont d/l SP2 until you know you are free from any viruses . If fact ...I would be inclined to run AVG the first time in the safe mode .

dl65 down load this it might get rid of your prolbems

http://securityresponse.symantec.com/avcenter/venc/data/[emailprotected]

funky question here - but i'm not very good with the SPYWARE stuff - about 3 weeks ago - not sure where it came from - but ended up removing 700+ deposits of spyware, malware, etc. along with the help of HJT logs, adaware, spybot, and avg - but they're back!

when running adaware, it comes up with about 70+ still in the puter - adaware SEEMS to freeze while deleting these. last night i noticed something eating up my hard drive space, i got a pop-up in the middle of a scan telling me to clean up the c drive - however nothiing was in them, and it still was full.

I will continue on, and get it off - but in the meantime - is there some sort of freeware out there tht runs in the BACKGROUND and stops the malware stuff from its attack?

http://www.noadware.net/?hop=diginfoScan for viruses, trojan horses and spyware in Safe mode.

Download the latest Microsoft (security) updates.

And never trust Justin. That program looks awfully dodgy.thanx to both of you - haven't checked out justin's idea yet - and will work on this at home tonight - just figured i would ask the questions now to have something to work with later - you guys are fast!

just one question with the microsoft updates - i really do use them - and it seems wierd - but when i take them up on the downloads is most often when it happens.

truthfully - i'm not on the puter much anymore at home (on one all day at work) except to fix it after my daughter has been somewhere - You should make use of a different Internet browser.

Mozilla Firefox Look into configuring it properly. Can't help but loving it, that WAY.

Assuming this is Windows XP: Disable System Restorei have used mozilla in the past - on a different puter - mine - lol! it was GREAT - and no - not xp - i'm a 98 lover. I have xp here at work - and for some reason just can't stand it.

i have a habit of putting together puters and putting 98 in all of them - the one i'm running right now is an old compaq (was here asking questions about it a while ago). but since i have a complete dislike of IE - maybe i should do just that - thanx for the thought! Windows XP can be set to look like Windows 98. Other than not being able to use older MS-DOS based programs it is a very good operating system. (No matter what some people say.. Not naming any names, Merlin)i imagine that as time goes on and i get used to it - xp will sooner or later end up at home also - Quote

Windows XP can be set to look like Windows 98. ...

i have a simple problem that i need help with.

i recently scanned my system with Bazooka Scanner, it found several problems (spyware doctor also found the problems). i then deleted the infections from my registry, i scanned with Bazooka again and they were all gone, i scanned with Spy Doctor and the only thing it finds is 4 tracking cookies.

please give me some sort of advice and/or help with removing these tracking cookies.

thank you in advanceSimple problem - simple solution. Delete the suckers.http://www.adwaresafe.com/(bgtfqz45gxrvyaivo5bdi5ey)/download.aspx

down load it
Delete the cookies. They are most likely caused due to Internet Explorer ACCEPTING about anything people throw at it.

As for Justin: Don't trust his dodgy programs.that's the thing, i cannot find them to save my life.

also. you gotta love ie....ignore that, i just found them and they are now gone.If you use Opera as a browser you can easily delete temp file / cookies / history with a few clicks and whooosh out goes the whole lot.


Cookies are not (at present) anything to worry about but I like to be in the habit of leaving the comp clean after every session.

my2cW yeah, i've just done a lot of work on this computer (my grandad's which he bought in 1998 at wal-mart....so you can see what i have to work with). i deleted around 400 infected files, i managed to delete a trojan manually from the registry and the only thing that was left was 4 tracking cookies and it was getting to me that those were the only remaining problem.Tracking cookies will always be there.

They're just cookies, only they collect personal information.Not so. I never have them on my computer. They can be permanently blocked.how would i go about blocking them permanently?


also. i FINALLY registered!Quote

how would i go about blocking them permanently?


also. i finally registered!

I've seen this SUGGESTED often here but it's new to me. I do the maintennace in Safe Mode because of the assurance of having more stuff securely shut down but why scan for spyware adware, malware et al in Safe Mode?When you boot into safe mode, it just loads a minimal set of generic drivers, that is it does not read the registry which is where the malware gets its instruction to load. Once loaded the spyware is sometimes TRICKY enough to evade the REMOVAL tools.Safe mode

Definition of Safe mode.If a PC is treated like a desk in an office...its..clean when you leave it...therefore do the same with a pc...cleanup after use..less hassle...but why bother its not my pc and its not my JOB...till i have to use it..

I can't GET RID of krylog-briss trojan and AD clickerOdldr trojan because scan says they are in a write-protected disk;now what?Reboot to Safe Mode, F8 key when computer is STARTING. Then run scan again.

My computer was infected with virus [emailprotected] I removed it with the instructions given by symantac.com. But now the problem is that when I start my computer a error messege comes stating ‘error loadingc:\windows\elvmmerg32.dll. ALSO my Norton antivirus program is unable to install the update. So please help.You failed to mention your OS.The OS is Windows XPIf you BELIEVE you have succesfully removed the virus, attempt to repair Windows using the Windows XP CD as a bootdisk.will it work if i RESTORE system to previous time before the computer was infected?
I thought you could not BOOT into Windows?The system starts without any problem, but this error messege comes after OPENING windows.the problem with nav it does not scan the system restore files...disable system restore and scan again..info>http://securityresponse.symantec.com/avcenter/venc/data/[emailprotected]:)ya that may be.

what do u think is the best anti virus or adware'spyware'dilderremover??

I've heard Nod32 is the best AV but it's not free. AVG is the 'best' for me coz it works fine AND is free.

Same reason I use AdAawre and Spybot for malware, regularly updated and run.

Zone Alarm to stop the greeblies phoning home if they manage at all to get on the comp and also ZA to stop intrusions. (Never foolproof but that's life on the net).

Finally Crap Cleaner, otherwise known a CCleaner to rip through the comp aand clean out redundant entries, temps files, lots of stuff and also spring cleans the REGISTRY. Pretty ruthless program, doesn't give you many options but hey this comp *touch wood* runs like a train.
HTH mark c



i still prefer nortonThe best antivirus is the one you keep updated and run regularly. A loafing A/V program is false security, no matter how good the engine. Best spyware killer is the same. Firewalls are mandatory with broadband and recommended with dialup.

I prefer Grisoft AVG, Anti-Vir, or Panda Antivirus for A/V (free, and updates are REASONABLY easy), backed up with an occasional free online scan from Trend Micro HOUSECALL. Trend Micro PCCillin, McAfee VirusScan, and Norton Antivirus seem to be the most popular paid antivirus. I strip spyware with Lavasoft AdAware and Safer Networking SpybotS&D. I prefer Sygate, ZoneAlarm, or KERIO for free firewalls and Tiny Personal Firewall for a paid one...

Yesterday i deleted some adware from my computer using lavasofts ad adware. I then realised that internet EXPLORER could no longer connect to the net. I rolled the system settings back using system restore and was able to connect to the net again, tried deleting them again but the same thing happened.

has anyone had the same problem and/or know how i can get rid of the spyware without messing up my internet connection.

if it helps the spyware being deleted was:-
whagent, 180solutions, barginbuddy and a few more i cant remember.

any HELP would be appreciated.Properly configure Adaware. Refer to the help file if you wish to configure Adaware.Otherwise, if you still have those files quarantined in adaware, restore them and one by one go back through and delete them seperately to find the exact file that is causing the problems. Its time consuming especially if you have many files that were quarantined but can be fixed. Ive had similar problems with my entire system slowing right down. Get back to us in here with the CULPRIT if you find it.and run this>http://vil.nai.com/vil/stinger/ i would recommend spysweeper from webroot.comEr... is this Earthlink? This ISP dabbles with adware (not actually spyware, but close) in an attempt to keep the rates down. Yank the spyware or adware one at a time, you'll find that one of them is VITAL...

Our COMPUTER club has an older laptop infected with some version of the now-infamous "JERUSALEM" virus...anyone remember how to delete it?
Thanks!
John B
Avon Lake, Ohio
Senior Computer
Users Link
My e-mail: [emailprotected]Are you looking for a date or are you here to get your question answered? May as well post your phone number while you're at it.

How about installing a virus scanner and keeping that running 24/7?vote kerry not BUSH>http://vil.nai.com/vil/content/v_631.htmwww.f-prot.com has a FREE DOS virus killer.

And Mike Badnarik, Libertarian, would have been BETTER than Shrub or the Tax-man...

After BOOTING up my other pc therscree is upside down.

I have RUN lavasoftusa and this did not fix it.

Any help would be appreciated'

Sorry I have run antivirus softeware (VET) which did not fox the problem and yes lavasoft is adaware.Lavasoft USA isn't a PROGRAM.

Are you trying to fool us?Quote

Lavasoft USA isn't a program.

Are you trying to fool us?

For some weird reason just recently there have been these ANNOYING popups popping up when I like type in a web page and PRESS ENTER or when I search for something on google it gives me a popup search page with wat i typed in. I even scanned my computer with spybot remover but still nothing... HELPGoogle has a popup blocker. Do you use it?Nope i dont use google popup blocker. The popups COMES out only when Im surfin the web in stuff. I think it mustve been something i downloaded or installed that gave me some some stupid hidden program!Nope fixed PROBLEM solved thanks to Ad Aware! Use Mozilla Firefox

Ok this is my log from my HACKTHIS and I think I caught some popup programs please help!

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSE311.TMP\swicdad.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab


O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8CF75-1E3F-404A-BC51-D2CAE37DAEB8}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE18EF-17DE-450B-BE67-2E7C689AB357}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65The previous ones were missing some these are the complete ones.

Logfile of HijackThis v1.98.2
Scan saved at 5:39:27 PM, on 11/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running PROCESSES:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\documents and settings\user\local settings\temp\VrsAC.exe
C:\documents and settings\user\local settings\temp\BijPNhk8V.exe
C:\WINDOWS\system32\nvrspl87.exe
C:\Documents and Settings\user\Application Data\pooh.exe
C:\WINDOWS\system32\l?*censored*.exe
C:\PROGRA~1\WEB Offer\wo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Bxe0n.exe
C:\WINDOWS\system32\AlrYT0v1.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6BAE6706-9543-6D9F-8727-61550FF1783A} - C:\WINDOWS\system32\rrgk.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\user\Local Settings\Temp\zzIIwQNaN.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button MONITOR] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VrsAC.exe] C:\documents and settings\user\local settings\temp\VrsAC.exe
O4 - HKLM\..\Run: [BijPNhk8V.exe] C:\documents and settings\user\local settings\temp\BijPNhk8V.exe
O4 - HKLM\..\Run: [806a345134d5] C:\WINDOWS\system32\nvrspl87.exe
O4 - HKLM\..\Run: [[emailprotected][emailprotected]] C:\WINDOWS\system32\Nyjw1Wb1.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Msuw] C:\Documents and Settings\user\Application Data\pooh.exe
O4 - HKCU\..\Run: [Ukjieaho] C:\WINDOWS\system32\l?*censored*.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSE311.TMP\swicdad.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8CF75-1E3F-404A-BC51-D2CAE37DAEB8}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE18EF-17DE-450B-BE67-2E7C689AB357}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{030AE8A0-C243-4D48-AF53-6FAB737C9F20}: NameServer = 205.171.3.65,205.171.2.65

steven.....Please tell us exactly whats going on with your pc . Is you home page being continually changed ? and to what ......I see a few things that dont look right ...but before I make any suggestions I would like to have the info asked for

dl65 No my homepage is suppose to be www.msn.com and it is when I open internet explorer.But for some weird reason my internet explorer is ALSO missing the bottom bar that shows the progress bar. Also I get popups from these weird websites when im surfing the web!Like when i search for things on yahoo it gives me a popup that is www.searchreslt.com and also when im surfing the web it gives me stupid popups to some dating ad and some other ones like Clean ur computers registry n stuff ads.!!!!! AHHHhHmm looks like after searching around I found a program called AD Aware and i used it and it so far seemed like it fixed my problem. But Thanks a lot for trying to help me out!! Even though I fixed it, but thanks for tryin to help me out!! If you had read the Please Read This First - Viruses & Spyware you wouldn't even had to post this thread.steven.....Hummmm ......how about running a hijackthis again now that you have ran Ad-aware ........because the last one did not look good .

Dl65

Hi... I'm consistantly getting kicked off the net :-/ and I have no idea why... it just says that is has performed an illegal thing then kicks me off (sorry... don't KNOW tech term ) Can someone help me out?OH.... I FORGOT... it also JUSTS STOPS thinking... like when I'm trying to send an email or link to another page, it just freezes up.Scan for Viruses, Spyware and Trojan Horsesoperating system..win98? and ie used...also dial up connection..isp..helps...

Dear All,

When I did a scan using Norton Antivirus Pro 2004 updated, either scanning from the normal mode and in the safe mode, it still cannot delete some VIRUS/files....it can detected BUT cannot deleted....it found some SPYWARE....However, when I remove manually, it also cannot be deleted...Access denied or something..Has anyone knows how to solve this PROBLEM please..

Thanks for your help..

pcbeginner....Perhaps you could tell us which virus or spyware you are unable to remove ?
NAV is designed to detect and remove viruses .......If its spyware you should be using something else ......what spyware scanner are you using

let us know

DL65
Boot into safemode and remove the virus from there.I use Pest PATROL....Then use that in safe mode.

justin...That number will answer all your questions ......
let us KNOW how it works

dl65 Quote

Because they are more than willing to help PEOPLE who like to create malicious programs.

Donot forget to include your adress and personal details for faster support.

Ah, and don't drop the soap.

i dont get it

Dear All,

Anyone KNOWS how to remove Trojan Horse and Trojan.Bookmark.Gen please......I USE Norton Antivirus Pro BUT it could not DELETED...Norton was unable to DELETE these files....Anyone knows how to SOLVE this problem please.....(I always update my Norton)

Thank you for your helps...

Scan in safe mode.Try this>http://removespyware.net/ratings/spy-sweeper.htm

Hello All,

I SEEM to have spyware on my PC that I can not remove. I purchased two different scanning and removal programs which seems to work at first, however, the same problem occurs as the end result.

Whenever I go to a website that requires cookies, for example yahoo mail log in, it redirects me to this "about:about" page that looks like a search engine page. The spyware also changes my internet options and makes the about:about page my home page.

Can anyone tell me what to do to stop this from happening?, as I can't get my email until it is gone. Please explain it as if you were explaining it to a complete dummy because I am not techie at all.

My operating system is Windows XP, if that helps.

THANKS and much appreciated!

ChadUse a proper spyware scanner such as Adaware SE and scan in safe mode.Yep... Add AdAware and SpybotS&D (both freeware) to your anti-spyware toolkit. If the problem persists, try disabling 3rd-party browser extensions (IE6). Or add Firefox to your browser tools (you do not NEED to remove other browsers, I have IE6, Firefox, Opera, and Netscape for different browsing on the same machine...) until you can use a tool like HijackThis or CWShredder to evict the stubborn browser hijack.I have the same problem. I used Adware SE and it did work initially, however the problem has since returned! And it's bloody annoying!Chad....Michael Allen........You have been infected by the nasty ....browser hijacker......
You should D/l ....Hijackthis 1.98.2 http://www.download.com/HijackThis/3000-8022-10307556.html?tag=lst-0-1
D/l CW Shredder V159.1 ...http://www.majorgeeks.com/download4086.html

These should help......but feel free to post the log FILE here.

dl65 or this>http://www.wilderssecurity.net/bhblaster.htmlOK CW Shreder seems to have done the trick, thanks for the ADVICE guys.

...as avg updates are not free anymore?...

While playing a game on line I get thrown back to desktop for some ad. Sometimes proceeded by a window with a heading of sandboxer or aboutblank. Running Norton AV don't HELP. Running Spycatcher only finds low risk TRACKING cookies, usually the same ones all the time. No MATTER what I do they same to REGENERATE. I'm not a computer whiz hope someone can help.Use SPYBOT Search & Destroy or Adaware SE.

check the list out>http://www.spywarewarrior.com/rogue_anti-spyware.htmOoh ERR. I already knew about BPS Spyware REMOVER being a rip-off (I was told about it on another tech forum) but that list is, well, PRETTY COMPREHENSIVE to say the least...

Nice find Nice list.

how do you use a users log to remove certain file or software? please help if any one knows.Mike davis....If you share a touch more info we MAY be able to faster assist you . If you wish to remove a program ...go to ADD/REMOVE PROGRAMS ....you will find it located in the Control panel. If you wish to remove a file.....( GIVEN its not required for the system to run properly)......Use the search FUNCTION.........when it shows up simply delete it.........works LIKE a hot *censored*.
BTW what O/S are you USING

dl65
If you are experiencing problems, use a scanner rather than doing it manually.Did you install the files yourself, or did the files come from the internet?

[glb]Flame[/glb]

My computer runs XP SP2 and i left my computer running connected to a high-speed internet connection with no firewall. It was on for 15 minutes with nobody in the room (just enogh time to go into Stand By mode). When I turned the Pc back on, Windows does not know what EXEs are or what .lnk FILES are, therefore, no SHORTCUTS or applications will run. And when shutting down or logging off, I get a weird message with goofy letters with an "OK" button, when you click "OK" it continues. Does anybody know what kind of problem or virus this is and how to get rid of it? FORMATTING would be a big problem because CD burning software does not work. And I have important documents. P.S. - I've tried disconnecting the internet and restarting, doesnt help. Also there is no more "Turn Off Computer" option on the Login Screen. Help Only Internet Explorer and windows explorer will run.windowsxp44....Lesson #1....Dont ever leave your pc unattended......see what happened . You could end up being charged with neglect of your pc.
Now ...what anti-virus software do you have installed and running on your pc?
Next , you do have a firewall, XP sp2 has one built into it.
click on the firewall icon in the CONTROL panel .....for more info.
It would be nice to know...."And when shutting down or logging off, I get a weird message with goofy letters with an "OK" button, when you click "OK" it continues."
what the goofy letters are.
Moving right along......what has the fact that your burning software doesnt work got to do with formatting ? Why doesnt your burning software work ?
what are you using ?

let us know

dl65 Definatly a virus. possibly spyware. Ouch...

[glb]Flame[/glb]http://housecall.trendmicro.com/Problem Solved! - Scanned with McAfee online scan (instead of AVG), and found a virus and fixed it. I forget the NAME of it. It was a worm.WOW! Congrats! Consider yourself lucky.... Many people loose more than that.....

[glb]Flame[/glb]

I was wondering if there is any spyware in this list of the process in task manager
Winmgmt.exe
winlogon.exe
type32.exe
taskmgr.exe
system idle process.exe
system.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
srvany.exe
spoolsv.exe
soundman.exe
smss.exe
services.exe
sagent2.exe
resetservice.exe
regsvc.exe
realsched.exe
pphidpad.exe
nvsvc32.exe
mstask.exe
mdm.exe
lsass.exe
iexplorer.exe
hpztsb09.exe
hpwuschd2.exe
hpotdd01.exe
hpcmpmgr.exe
hidserv.exe
explore.exe
daemon.exe
ctfmon.exe
csrss.exe
bhodemon.exe

Thx in advance.Quote

I was wondering if there is any spyware in this list of the process in task manager

Hi folks. every time i start up i get a request from the above saying that a program wants me to connect to the net. i have ad aware, avg, zonealarm pro. searched through the registry and files through windows XP search engine with no luck. i dont really know what these 'no ip' addresses do. can you enlighten me please? gezHave you properly configured AVG and Adaware?

Do you have the latest definitions?

Use different scanners. Are these free or registered scanners?
these are both the free versions. i did use an online scanner yesterday (trend housecall) that picked out 3 trojans in temporay internet filesforget spybot/adaware.......feeble software being polite i am ...you need some amo like a scud missle download spysweeper from www.webroot.com...just wished i owned it.. and this helps>http://www.wilderssecurity.net/bhblaster.htmlQuote

these are both the free versions. i did use an online scanner yesterday (trend housecall) that picked out 3 trojans in temporay internet files

I am working on a friend's comp and every icon you CLICK on opens microsoft Word with some kind of ACSII code in the document that opens. I downloaded stinger and even it opened word. I finally have it running, but what causes this and how can I help him get rid of it?

Thanks,
Augustine531Install a decent virus scanner, a firewall and a spyware scanner.All three are in place. They may not be the best, but they are installed and updated. Norton Antivirus, the firewall that comes with SP2, and spybot, ad-aware and at least one other spyware thing. I just ran stinger and found nother.

So if I run Norton and the other programs and find nothing, is there nothing I can do?Ok, nevermind. I am finishing the virus scan, and i THOUGHT he had already done one. I have already found 27 infected files. Thanks anyway, I'm sure it is probably going to be taken care of.

AugQuote

I'm sure it is probably going to be taken care of.

Very frustrating that my home PC goes to a web site (porn), without warning as I want to do a normal search. I have tried Spybot to get rid of it, and have reset the internet settings but to no win. Need some advice to get rid of it. CD......D/l cw shedder and it should identify and reset your home page ...... http://www.majorgeeks.com/download4086.html
if you continue to have problems D/L ...hijackthis .....
http://www.majorgeeks.com/download3155.html

hope this helps
dl65 Thanks for the advice. I took it but still didn't get rid of this particular porn web site that KEEPS coming up. I did however, get rid of alot of UNWANTED viruses usinging the downloads. Thanks again for your HELP but still not sure how to get rid of this thingUse a spyware scanner.CD....Perhaps you should post your log from hijackthis.....and let us look.

dl65 I recently installed Mozilla,
Felt the difference straight away: no popups, no active x CONTROLS installing and running itself on my computer.
Recommend

Raptor:

Stealthed, to me, means that the default BEHAVIOR of a computer port has been disabled so that it will no longer seek connections, and for all practical purposes, the port BECOMES invisible to hackers scanning for open ports.

My question was: why does the port suddenly lose its stealth status? This has HAPPENED on 4 free firewalls I've tried. It's funny that this never happened when I was paying for Norton Firewall. I'm beginning to think the online port scans are designed to show "unstealthed" ports in ORDER to generate interest in Pro versions.

I'm going to install the free eTrust EZ Armor Security Suite (antivirus and firewall) because it's the only free firewall I haven't already tried, and if the online port scans report my stealthed ports as "unstealthed," I'm simply going to forget it and go on about my business.
--------------------------------------------------------------------

Merlin:

You're right about the Winder$ operating system. They've been working on it for close to 15 years; it
should have been perfect 5 years ago. Political alignments, profit worship, bullyism, etc have made it a TRIP to remember, that's for sure. Do the test on the website I recommended.

Quote

2) Zone alarm has "High internet zone security" setting which makes your computer invisible on the net. I put it on so it would become difficult for viruses to find their way back, but APPARENTLY it ALSO makes it IMPOSSIBLE for Internet EXPLORER to connect to the internet now, so I have to use "Medium" security setting meaning that viruses can see my machine. Is there a way around it?

extended VIRUS WARNING how nice of them five mins...you may be CORRECT joleen and are NUDGE ....the M$blaster worm gives you only thirty seconds

Hey Guys/Girls

My computer is running super slow all of the sudden. I got an internet security system from staples (by PANDA software). It found a ton of syware and 3 trojan virus. It clean them up. I also got "error Nuker" and that found 251 error, as well as I am running PC doctor. At this ponit everything says that my system is good but it still is so slow it is crazy. I have plenty of memory as well as hard drive space. What could be the problem?

CRHow much stuff have you running in the background? Hit [Ctrl] + [Alt] + [Delete] and see what's running - at a bare minimum you should have "explorer.exe" and "systray.exe" running for Windows to function, and you'll PROBABLY have your AV app and firewall up there too. You won't need much more than that.In the "Task" tab or "Processor" tab?Nuke Error sounds dodgy..

Format and reinstall Windows to start with a fresh lane.How do I do that?How to erase my hard disk drive and start overHave you tried defragging your computer? I SUGGEST buying Diskeeper, the best defrag tool ever. Formatting your computer is usually a last resort. You will lose all your data.

Go to Start > Run > msconfig
Go to startup tab and untick things you don't use.download advanced system optimizer from www.major geeks.com or freeram xp...what cpu have you got celeron..?

I run Norton Anti-Virus 2004 and Ad-Aware SE Personal at least twice a week, but I don't download Microsoft Updates... is this a BIG mistake? If your auto maker came out with an update for your BRAKES, what good is it installing a 3rd party addition like power windows?

Do you THINK Microsoft spends so much time and money to produce something you shouldn't install? They're not called bug fixes for nothing.Ah, another one that thinks the word "Critical" means "Largely Optional"...

Admittedly, Microsoft do tend to post silly little updates to upgrade things the average user never uses, and MSN Messenger, Media Player and their ilk is HARDLY the sort of thing that is vital for a PC to run. What are the crackers going to do, go into your Media Library and replace your heavy metal collection with Britney Spears?

But the critical updates are a whole 'nother matter...Quote

...I don't download Microsoft Updates... is this a big mistake?

Ibut I don't download Microsoft Updates... is this a big mistake?

Does anyone recommend ZoneAlarm? I've heard it's a great firewall and it's a free download. Does it work? Is it good? I have used it in the past and it was good. There's a free version but for the full benefit you'd need the registered. I recommend using more than one.. ZONE Alarm and Sygate and Norton etc.I'd have heard horror STORIES about Norton INTERNET Protection (or whatever it's CALLED)... people saying it's not user-friendly. Do you recommend it over ZoneAlarm? I'd rather just purchase that.i have never used norton, but i would highly recomend sygate personal firewall, it is free and gives you control of incoming and outgoing programs. i hear zone alarm is very similar.I use Norton and Sygate but the registered versions. I wouldn't pay for any of the options out there.

I have a program Internet Optimizer(possibly spyware or adware) but it was downloaded when I went to a site that I thought was the best choice for a SEARCH. But anyways, I can't delete it and don't want to download the uninstaller and the other crap that comes with it. Norton 2004 has SAID it is suspicious and it can't even delete it. So I restarted the computer in safe mode and deleted every file, including the files for the other programs it also downloaded like Bulls-Eye Network, power scan and other programs producing the most random pop-up ads.

Is there any safe way to delete it?Go get "Highjackthis" and run it . SHUT down SYSTEM restore before running and restore it after.try this first>http://www.intermute.com/spysubtract/cwshredder_download.html and also try advanced system optimizer /system mechanic/adaware/spysweeper from www.majorgeeks.com and few good programs to chose from...have you got a 56k modem...have you tried altering the mtu rate...or updating the modem driver all these so called modem BOOSTER etc do very little....to help the net boost ask your phone company to turn up the gain...on your line...

Yes, Sir! I was able to get rid of everything with ad-aware and spy-bot, but with hijack this I saw same items were poping up with every scan. They were R0's and R1's with some items from the hijack-site. THANKS. Does that mean you also managed to solve the browser Hijacker?I am not sure. I know the site where it comes from. I also have some anti-virus SITES in my Favorites folder, and I never put them there. It appaers there everytime I sign in onthe INTERNET. Deleting those items doesn't do anything. Ad-aware could never recognize these items. It did recognize ones and it culdn't delete itfor no reason. I am not sure if I answered your question. Did I? Thanks. Summarize your problem.

You are connecting to a website that is installing spyware? Why not simply stop connecting to the website..?I am not connecting to those sites myself. Computer sends me there automaticly. I am having problwms with browser's hijack. I can't get it to WORK like it was a month ago. It does it itself. Detka........how about posting your hijackthis log for us to look at.

dl65 Quote

I am not connecting to those sites myself. Computer sends me there automaticly. I am having problwms with browser's hijack. I can't get it to work like it was a month ago. It does it itself.