Explore topic-wise InterviewSolutions in .

Hey all.
I have DECIDED after reading all the intelligent comments on this FORUM to use the AGV Free AntiVirus.
My PC is quite new and has a trial version of Norton which I'm having trouble removing....
It doesn't show in the normail add/remove programs section and when I go into my HARDDRIVE to delete the Norton folder it says that a ccEmlflt.dll file is in use (I have disabled Norton before trying to delete the folder).
I was just wondering if ANYONE knows how I can get rid of Norton?? There is no 'uninstall' program in the Norton folder. (I'm running XP Home Ed if that helps.)

Thanx in advance - CarlosI believe there is an uninstall program available at the Norton Website.
Before looking for it I suggest you find out exactly which Norton product you have.
When you find out, POST it here for further help if you need it.

*Edit*

Perhaps this link will help you.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002031914291648?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=&seg=
It is indeed like a virus.is it a beta, because it is very hard to uninstall symantec's betasIt doesn't have to be beta for Symantec to be hard to uninstall.

Ok guys I'm not sure if this is a virus or not, but it just scared the s**t out of me!    I was installing the new Macromedia Flash 8 (from the macromedia) website, and when I was installing it, things went a bit weird. My computer started acting like it was going to shut-down by closing out all programs excpet my firewall, and select other programs. Then, here's the freaky part... You know how sometimes it says when you GO to shut down that a program is still running, and it wants you to end the task? Well, I looked to see what file it was, and I didn't see a .exe file or anything, but all I saw was   Should not see me   and then the window closed out. I'm running HijackThis now, along with an online and system virus scan. Please help!      (For those who might be wondering, the products I downloaded from Macromedia came from the OFFICIAL website, and are tiral versions. They are not pirated, so I don't think it's from that)  Please respond!

EDIT: HijackThis SHOWS all processes are OK. Will run scan...

FlameRelax Flame, how bad can it be?Could be a hacker, could be a keylogger, could be anything!     It;s too late! I'm freaked! lol

FlameYou know the drill.

Online Virus Scan and Spyware Scan
http://www.pandasoftware.com/products/activescan.htm

Highly recommended second Online Malware Scan
http://www.ewido.net/en/Thanks Fed!    I'm running a scan now. Might take a while. I'll do what I can tonight. I tried installing Flash again, and I didn't have any porblems. By looking at what the scan shows so far, it looks like it has found one Spyware. I'll find out what that is later. Maybe that's the problem... I'll be back soon  :-/  Thanks again!  

FlameIt's easy to keep a cool head when it's someone else's computer.  8-)You're TELLING me    What scares me is that I have protection! lol   Most of the people who come here seem to either (1) Not have any protection or (2) have protection that was never updated. I check for updates twice daily for EVERYTHING. I run ALL my scans EVERY WEEK. Whe something like that happens, its scary lol  I thought the computer was shutting down, and wasn't going to turn back on lol   (It didn't shut down, but it did close out programs and flash Windows just like it does wheny ou go to shut down or restart. I chose to restart after seeing this)

FlameOK, didn't get to finish last night. Scan went for an hour and was only 1/2 way done. Will resume sometime today.

Flame Quote

What scares me is that I have protection!

I have 2 harddrives. One for my programs, software and etc and the other one is strictly a music folder with mpegs and mp3's.
I had Incredimail (an email program) which kept opening up on it's own.
I thought it was a software issue so I uninstalled and reinstalled it again.
It was still happening. So I uninstalled it completely.

Soon after, Outlook Express started doing the same thing, along with AOL Instant Messenger. At this time I've decided I must have a virus/adware/spyware so I ran Norton, Ad-Aware and Spybot.
Still didn't solve the problem.
Then, it became worse and every 5 seconds it will take over my screen, not allowing me to work on anything because it's blocking my access.

I have succumbed to reformatting my PC at this time by deleting my existing partition. Guess what? It's still happening.

I've searched Google to see if anyone has had this similiar problem and I've gotten nothing.

Can anyone here help me?
EDIT : HERE'S MY HIJACKTHIS LOG :

Logfile of HijackThis v1.99.1
Scan saved at 11:11:27 PM, on 1/1/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Chanel\My Documents\Software\wmffix_hexblog13.exe
C:\DOCUME~1\Chanel\LOCALS~1\Temp\is-0915U.tmp\is-S2SAQ.tmp
C:\Documents and Settings\Chanel\My Documents\Software\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - TOOLBAR: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136151632255
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136151615901
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

chanel........ your hijack log file looks ok ....however it indicates there are many XP updates that you don't have installed .....in fact I dont think you even have SP1 ........ the browser you are using is an old version .........
Is there some reason you dont have the current updates ?

let us know

dl65   Quote

chanel........ your hijack log file looks ok ....however it indicates there are many XP updates that you don't have installed .....in fact I dont think you even have SP1 ........ the browser you are using is an old version .........
Is there some reason you dont have the current updates ?

let us know

dl65  

chanel.....Well your latest hijacklthis log is clean ......as far as I can see ......However , programs dont just start by themselves .......Are you using a dialup service or are you on broadband ?  
Now that you have SP2 , I would suggest the following ......
D/L .....antispyware BETA ..... http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

and ....Ewido .....  It's a fully functional 14 day trial
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html

Run these apps and remove anything it finds and then let us know if you still have the issue .

dl65  

I have succumbed to reformatting my PC at this time by deleting my existing partition. Guess what? It's still happening.

chanel ...... If your on Cable ...... then possibly this entry ..( while not a bad one is causing this issue )   run hijackthis and  mark it for removal ......

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

Quote

I have succumbed to reformatting my PC at this time by deleting my existing partition. Guess what? It's still happening.

  Did you do a clean install or just a repair ?

When you ran your Ewido scan...did you do it with the system restore turned off ?

let us know

dl65  

2- When the install was finished, I did not install any programs for about an hour and Outlook Express was STILL launching on it's own.

Quote

2- When the install was finished, I did not install any programs for about an hour and Outlook Express was STILL launching on it's own.

Were you connected to the net during this time?

i have this virus in my MediaAccess.exe FILE and i cant do anything with it.  If i scan for it and try to remove it it runs some ms dos window overtop of itself hundreds of times.  I tried to uninstall media access and my computer says it has already been uninstalled.  Everytime anything messes with the file MS Dos windows and i have to restore my SYSTEM to make it stop
O/S: Windows XP
CPU: P4 3.0
Sound Blaster Audigy 2ZS
MSI GE FORCE FX 5600
1G DDR400
40G HD
80G HDScan in safe mode.

Use AVG Free, nothing else.What Anti-virus utility are you using? Like Raptor said, run it in Safe Mode (keep tapping F8 after rebooting).

This is what symantec has to say... http://securityresponse.symantec.com/avcenter/venc/data/adware.mediapass.html

with regardstry the link tip from Champion_Munchdownload hijack this, u can set it to remove files UPON reboot before they get a chance to run. i had a similar SORT of problem.

I've searched around the WEB and this forum and haven't found a solution.

Its a spyware attack. The screen froze. Multiple signs saying 'your computer is infected with spyware' came up.

I work on a XP hp pavillion laptop.

I removed the battery breaking the ciruit. Booted up the system only to find that at clicking on my account at login a sign comes up saying

'the application has failed to START because WININET.dll was not found'

Then my desktop loads but all I see my wallpaper enlarged. NO icons are displayed. The screen is frozen at this state.

I take the battery out again. Reboot in safe mode with command prompt.

I try system restore. A blank window comes up. Can't access it.

This is where I'm stuck. There have beem all these explanations on how I should reinstall WININET.dll and how I should INSTALL Hijack this.

Can I do this at command prompt. What shall I do???try these programs to remove the crap

ad-aware     (lavasoft)  
spy sweeper   (webroot)  
CWshredder    (trend micro)  
spybot   (Safer Networking Limited )  
spyware doctor     (PC Tools Pty. Ltd.)  
spyware BLASTER    (Javaco cool Software LLC)  
ccleaner (no company name found)I just want to stress that

I cannot access windows (anything in windows)
unless I use the command prompt.

I have to run in safe mode WITH command prompt to GET ANYWHERE.

Therefore, installing an application has to be through the command prompt (if this is possible).

Any more suggestions.ok what is your OS, do you have system restore, otherwise try to use that oneDo you have a Windows or restore CD's if you need to totally reinstall?

IMy SPY ware picks it up and I deleate it but it STILL comes backDownload, install, update & run 'Ewido' in Safe MODE with System Restore turned off.
Then REBOOT and turn System Restore back on.http://securityresponse.symantec.com/avcenter/tools.list.html

search a removal tip/tool for it
and download and run

ewido
norton
nod32

Hi,
My friend recently had her computer wiped clean because of a nasty virus she picked up and i was just wondering what you guys think is the best antivirus program? My friend doesnt mind paying 40 or 50 pounds. I have heard about the free ones (avg, avast) but it made me think wether they are as competent as the ones you pay for?
Thanks AVG and Avast are both fine products and both offer a free version.
I run AVG.

patio.  AVG is what you want.

Click here and then click on the file at the bottom of the page (avg71free).

Doesn't cost a penny.  

ok cheers for the info + opinion guys
Bah, I disagree.. I've run AVG a lot at work, and it sometimes is a major pain.. and you can't install in SAFE.. which to most people might not seem like an issue, but when you see 50+ possibly infected computers/day.. those reboots add up... Personally, for home use, I love http://Http://www.ewido.org.. very nice, good free version, highly effective and works well with HiJackThis...

Just my 2 centsi don't think there is one best antivirus program, i think each program have his good and bad points, i'm using NORTON antivirus 2005 and i'm HAPPY with it Quote

Bah, I disagree.. I've run AVG a lot at work, and it sometimes is a major pain.. and you can't install in SAFE.. which to most people might not seem like an issue, but when you see 50+ possibly infected computers/day.. those reboots add up... Personally, for home use, I love http://Http://www.ewido.org.. very nice, good free version, highly effective and works well with HiJackThis...

Just my 2 cents

Bah, I disagree.. I've run AVG a lot at work, and it sometimes is a major pain.. and you can't install in SAFE.. which to most people might not seem like an issue, but when you see 50+ possibly infected computers/day.. those reboots add up... Personally, for home use, I love http://Http://www.ewido.org.. very nice, good free version, highly effective and works well with HiJackThis...

A friend has the following:

Intel Pentium III, 800 mhz, 512 ram
Windows XP
10 gb hard drive

Her COMPUTER has started reporting shrinking hard drive space over the last 2 weeks...she had 4 gb free a month ago...three days ago had only 200mb free and now has only 98MB free...something is very very wrong here.

Any suggestions for me to forward to her?
My thoughts are: SPYWARE, virus, etc....

Has Norton, but no anti spyware...Norton is out of date and not updated for almost a year...I've already scolded her about that snafu...inexcusable IMHO...anyone ever had this particular problem occur?  As always, thanks much in advance...this FORUM is the best!  Because of you folks, I've kept my system running flawlessly:)))
First delete something off that hard drive so it will continue to run. 15% free is a safe minimum.

Start by running Disk Cleanup, and empty the recycle bin.

There are several free things to download (just google for them):

AdAware
Spybot
AVG Free
CCleaner
Ewido

Make sure they are up to date, then run the programs in safe mode.

Do this and we will go from there. After there is space, download all of the Windows updates and SP2, if not done yet.

Is there a Windows CD present if things need to be reloaded (just in case)?
Update all of these and then run in safe modeI was thinking along those lines as well...yes, there is a Windows XP OS disk in case a REINSTALL becomes necessary.  I've run XP on my old Pent.II machine and have been able to keep it free of problems, though it is slow at times...have never had the problems this other computer is reporting though.  Will follow those steps and then let you know where things stand.  Thank you for the prompt reply GX1_Man!!! And suggest to her to get another HDD for some storage space...an 80G is only 30 bucks or so.And while your at it, make Indexing service is disabled.Nice catch 2K...Hm, it might possibly be a backdoor trojan, etc. Try downloading the trial version of 'The Cleaner', and run that. It scans hidden files, too, so it's pretty nifty. Alerted me to many-a-threat!

( I had this same problem a while back, It's very important to keep firewalled, antivirused etc these days. )

Ok, I'm using Microsoft Office with Microsoft Word 2003.  I downloaded some soccer clips off the internet the other day and now, Word will only open when I am not connected to the internet.  Occasionally, when on the internet, I can open Word but only in safe mode.  When TRYING to open word, it only gets the a certain point and then stops LOADING.  CTRL ALT DEL shows that under processes, WINWORD.exe is there but it is not under APPLICATIONS.  Excel and all other parts of Office work fine.  If anybody can shed any light on this problem, please do.  ThanksSpyware/adware/antivirus in place and being used? Has anything else changed?everything is in place, norton antivirus checked through with no results ie no viruses, spyware, etc.  Ran Symantec and it showed nothing as well.  Nothing else has changed.Have you attempted a repair install of Office 2003 ? ?No, not yet.  I've been searching the internet finding related problems but nothing quite the same as mine and most have complained that installing office again does not HELP the problem.  I changed the TEMPLATE of word from Normal.dot to normal.old and that allows me to bring up word now but my computer is still slow.No, not yet.  I've been searching the internet finding related problems but nothing quite the same as mine and most have complained that installing office again does not help the problem.  I changed the template of word from Normal.dot to normal.old and that allows me to bring up word now but my computer is still slow.Pavel Rosicky... When you D/L the soccer vid clip .....what did you save it as ...and where did you save it ........ ( have you tried deleting it and see if the issue goes away ?) It almost sounds like the vid clip might have been infected with something .  Have you scanned for viruses and or trojans ? ....if not I would be inclined to do so now.


dl65

Anyone have an opinion about some of the Firewalls that are freeware?

I have seen ZoneAlarm and a few others on www.filehippo.com and www.spychecker.com

I am going to install this on a COMPUTER running Windows ME.

It seems my local IP provider is letting to much crap through anymore to rely on just an anti virus and spyware programs. I just had an instance a couple weeks ago where adware took me over in a matter of minutes. I have Avast, which as going crazy, Spybot, Ad-Aware, Spyware Blaster, they are all tweaked tight and the adware still got me. I am still puzzled how this happened.  No hint of problems prior or since, but I am spooked BIG time.

Is the firewall a better route? I'm thinking yes.

Thanks.zone alarm has an extremley good firewall i use the bought version and have never had a problem so i persume the freeware version would be quite good toKerio also has a FREE PERSONAL version....

Sygate had one til' Symantec bought them out and ended support for their free firewall...

patio.   Quote

the adware still got me

SpyBot Resident.

Running the Resident?
Using IE tweaks to lock the host file too?

I take it you are talking about another version or different setting of it?

Fordtruckmaniac

no ,he's refering to SpyBot V1.4RC ..........when you open it up , down at the bottom on the left side you will see ....3 + signs .......Settings,tools,info & license....... click tools  then when the new window opens ...look on the left side and you will see a shield (Resident ).....click it ......then in the center part make sure you tick the 2 boxes , if you want both active.

dl65

What is Activex
http://www.active-x.com/articles/whatis.htmWhats the problem pal.Thanks for the link - I read the article, but truthfully I am not much the wiser.  It seems to be technology for web producers and developers.  I thought it might be a program for the ordinary surfer, but when I checked the web there were warnings about the dangers of outside control of my pc!
Any other advice?It is a Microft feature that unfortunately makes our computer susceptible to all SORTS of web attacks. Unfortunately, you have to have it to go to Microsoft Update sites, and others. Many people don't enable it, or use a more secure browser or operating system.Yes switch to FireFox and only use IE for your Win updates.Who said you had to use firefox  . I don't like it much, so i PREFER to use opera. Does the job!Agreed. I was just trying to wean him off of IEOr... if you're like me and you're stuck to IE, you can lock it down to make it as safe as / safer than alternative browsers.

with regardsThanks for all replies -
I've SWITCHED to Firefox to see how I get on with that.  So far so good - it seems to have more to offer than IE.
The instructions for customising the security on IE are a BIT beyond my present experience, so I'll keep on looking in on these forums to see what I can pick up.ActiveX is crappy VIRUS allowing software used by the fascist company Microsoft to dominate your web browsing

USE MOZILLA FIREFOX!



I agree about IE Being crap, and Firefox being better. Though, Opera is the same.. And i don't get why Firefox can get so much more popular

Can anyone help me get rid of the MorwillSearch hijack?  My wife's laptop has the problem that every time she does a search (doesn't matter what search engine), when clicks on the HIT, it takes her to either Morwillsearch.com or an absolutely DISGUSTING porn site.  She is running Windows XP.  I've already run the microsoft antispyware detector, spybot, and ad-aware and it is still there.  Any help here?Scan with Hijackthis http://www.hijackthis.de/index.php?langselect=english and post a logfile here.The site is telling me that my message is too long.Here is part ONE of the report generated by Hijack this.

Logfile of HijackThis v1.99.1
Scan saved at 10:11:33 AM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Duke VPN\Duke Client\cvpnd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1d0a00c3-27b1-4fef-a4e4-1365f46a0449} - C:\WINDOWS\system32\hbspodvb.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
And here is part two of the report:

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Duke University Duke VPN Client.lnk = C:\Program Files\Duke VPN\Duke Client\vpngui.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows GENUINE Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105134752387
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Duke VPN\Duke Client\cvpnd.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Re-run Hijackthis & mark for removal

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
(Unless you know what this is)

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {1d0a00c3-27b1-4fef-a4e4-1365f46a0449} - C:\WINDOWS\system32\hbspodvb.dllThat seemed to do the trick.  Thank-you very much.Cleanup time?

Online Virus Scan and Spyware Scan
http://housecall.trendmicro.com/

Highly recommended second Online MALWARE Scan
http://www.ewido.net/en/

Then download Microsoft Antispyware and install it for some realtime protection.

hi guys, i have a HUGE problem, when i use start => RUN and i TYPE cmd, it opens c:/windows/system32/cmd.COM not cmd.exe . CMD.exe still exist, but it can't be opened within the start => run method. If i open cmd.com in notepad is just see the letters MZ... i have tried to delete it, but it can't be deleted (not even in save modus). I have run all the spyware  scans (spybot, ad-aware, spywaredoctor, spywareblaster, spysweeper,...) and all the antivirus scans (nod32, ewido, norton)

[glb]can somebody help me[/glb]

p.s. my os is windows xp professionalFirst off, make sure you're not running both Norton and Nod32 at the same time, as having two anti-virus utilities running at once can cause conflicts.

It sounds like you have a worm that creates .com files under system folders which are launched before the .exe counterparts.

It is likely you have one of the following:

Picrate
Alcra

Read up on those links and see if you can locate the offender files. Make sure to have the "show hidden files and folders" in folder options CHECKED.

with regardsGoogle for Killbox.exe and delete it with that.thanks, your links helped, thanks for you responses! i appreciated it

ok i have a computer and it runs WIN xp prof.

anyway everything is running fine and IM playing quake4.

then that crashes. then i am about to burn a cd with some work for SCHOOL. NERO won't open.

i open the task manager to see if there's an instance already open. each time i click on the process or networking tab in the task manager it shuts it down. so i go to run norton to do a scan. norton won't open.

i go to spybot, it opens but finishes the scan in 2 seconds and says there is nothing wrong. now it won't open either.

i run Hijack this. it doesn't turn up anything suspicious.
now i can't open that either.

then the internet explorers go. both IE and firefox. so now the computer is just a shell basically that lets me browse through my files but not open them.

please help and tell me there is another way than formatting.

would safe-mode work and if so what is the interupt key??


ok it opened in safe-mode and everthing is working. so im scanning in norton.

i'll let u know if anything turns up or not. i really hope something does turn up. cause its even worse if u don't know whats wrong.If you can't get it clean, follow these steps.

Download, install & update...
CLEANUP
Ccleaner
ANTI SPYWARE
Ad-Aware
Spybot S&D
Microsoft Antispyware (W2k & XP)
ANTI VIRUS
AVG Free (Set options to 'scan all files')
ANTI TROJAN
EWIDO (W2k & XP)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run Microsoft Antispyware
Run AVG Free
Run Ewido

Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)will do if norton doesn't pick up anything. its taking a long time to scan. but its got over 100GB to scan so it will.

thanks for the response anyway.  

edit:   ok well norton turned up nothing. so im trying the programs u suggested now. i'll tell u how it goes. just a quick question though. is anyone sure its a virus? i haven't downloaded anything for a couple of weeks now except for 3DMark05 from the official site and the computer is scanned regularly. COULD it have been some sort of failure with windows because its all working fine in normal mode now as well.well the other scans picked up some trojans and adware. and now its running fine thx for the help.  Make sure you have a Firewall running, an Antivirus running and 2 Antispyware programs running all in real time.
Don't open email  or messenger attachments unless you are 100% positive they are safe.
Happy computing  wiil do. thx

I got a tojan pkcjq.dll that changes my home page to BLANK.  IVE ran everything.  i DELETED it with avg.  but as soon as i load up my explorer 2 times it comes back.  with the same problem anyone have any ideas on thisDisable system restore, BOOT to safe mode and do the scan. When you are clean you can re-enable system restore.Also not all AV programs handle trojans all that well...take GXMan's advice and also DLoad Ewido, update it and run it also in safemode...when you get the first alarm check both boxes in the popup window and let it do it's majic.

Hi  

I am new to this forum

I am trying to rid my computer (windows XP) of a virus that AVG just won't wipe out.  

I have four of the viruses:
Trojan horse Downloader.Small.18.AH (I have three of these buggers)
and a VBS/Psyme, whatever that is.

My computer doesn't seem to be misbehaving though, I mean it's running ok from what I can gather but I hate the thought of having viruses lurking around!

I did a search of previous threads on the same topic, and someone mentioned SPY SWEEPER, how do I download this?  Do you think this will do the job?

Thanks in advanceGet 'Ewido'.Hi Fed,
Thanks for that, but where do I get them from?  I am only interested in free programs at the moment!!  -as i am skintAgreed !
After installing grab the online update first.
Re-boot to safe MODE and run it.
Then when you get the first alarm check both boxes you see "remove and quarintine" and "perform this for all infections"

BTW your first scan should be a Complete System Scan. Hit Start then go grab a beer or a coffee.

Hi Patio,
Please excuse my ignorance, this is all relatively new to me.  What is safe mode?  How do I get into safe mode?  

I have downloaded Ewido now (I googled it), and it is scanning my system as we speak, though I am expecting it to ask me for money at any step now...  

Do you think it'll nab those viruses with this run or is there something I need to do firstWehn you restart your computer, and itloads RAM and stuff over a black screen. keep pressing F8 until you get to another menu, from there enter safe mode.Spedz is correct ...repeatedly tapping F8 gets you into safemode.
Ewido won't ask for money...although the realtime protection runs out after 14 days but you can still go to the site weekly or so toupdate the definitions...
When it finishes scanning save a log file for me and i'll have a looksee...If the virus is in the restore files, no AV software will get rid of them. Disable system restore, rerun your AV, reenable system restore when finished.You may want to google virus and trojans. Not exactly the same thing. A variety of solutions is REQUIRED on Windows machines.God almighty, it took four hours!!

I don't know YET if it cleared up my viruses.  I will run AVG tomorrow morning to see if they're still there.  


Patio, I don't know how to save a log file for you to see...

Dummy= I don't know where my trojan horses are hiding, how do I find out where are they?  

Also, what do I do with the safe mode thing?

Again, I apologize for my ignorance, this kind of thing is all new to me...

Thanks guysFirst off don't apologise for not knowing something. We all started at the beginning at some point in time.

The important thing is you are at the point now where you want to learn and want to find places that will give you good advice. That's what's important.

As to your questions let's take them one at a time.
Safe Mode is a function of Windows where you choose it upon booting. This is done by hitting the F8 key while it's booting but before Windows starts up.
The advantage to safe mode is it only loads the minimal amount of drivers, services, and background processes for Windows to operate, which is what makes it ideal for troubleshooting and running your malware scans.
So practice tapping F8 on start until you get it , it will be useful down the road.

We don't know where the Trojans are either so that answer is moot. Most malware removal tools might give you that info...i.e. when they show what they've found usually the file is named and it will show a path to the file. This isn't cut in stone however as every tool works differently.

As to the log file when Ewido, AVG, HijackThis and some others i won't list after the program has finished scanning/fixing your machine it will normally ask if you want to save a logfile...in future select yes, give it a filename relevant to the date of the scan and save it in My Documents.

This is your homework assignment for the evening, Fed and Mac will be giving the test tomorrow.... Quote

I have downloaded Ewido now (I googled it)

I UNDERSTAND I have to undo my fire WALL to install my DSL.  How do I do this?WITHOUT knowing your WINDOWS version or what firewall what are we to say?

I'm not a computer person, so I have no idea what to do. First I will explain what happened.

I don't use Internet Explorer much, only Opera. The only time I use IE is when I need to watch something on overdrive, or need to go to certain sites because Opera doesn't work for that. Well last night I was on a REGULAR site for a spade league that I am in. All of a sudden a porn pic popped up. All I did was hit the X and it didnt do anything. So I just continued on my IE and left the page in the back. Then another one popped up, and another and another, and then my pc frozed. I restarted it thinking it was just something weird that happened.

Well I restarted my pc and when I did it had all these new icons (you know like my documents and my computer) appeared. I cant REMEMBER all of them but I know one said something about music and then "free porn" Then I clicked back on IE and it had a tool bar saying free porn and listing examples which i will not say. Anyways to get to the point, it frozed again. I left it off and turned it back on today. I only can use Opera but every time i turn it on it pops up with this Spy sheriff control thing saying I have to scan my pc.

If I do click on IE my homepage does not show. Before it freezes what I could read was something like "computer bots have your ip, they can see sites you go to, to FIX it click here." Of course I didn't click it because it could just be another virus.

Does anyone know what I should do??? PLEASE HELP.

Greatly Appreciated.Kay......You didnt mention which operating system you're using ........But in any event ...heres what I would suggest ..... Open your Internet explorer and click on tools ( up at the top ) ...then Internet Options ...then make sure your on the General page ....... and the click "Delete Cookies" .....when its finished click "Delete files" ....when its finished ...click "Clear History " ...then "Apply" and "OK"   What we just did was remove anything from the Temp Internet folder .

Now If you dont already have it installed ..........get SpyBot V1.4 ....... http://www.majorgeeks.com/download2471.html
Once you have it downloaded ...open it up and click on the "Search for UPDATES" button .......a list of available updates will be shown ...tick them and download them .....when updating is complete click on "Check for problems" it will begin to scan .......when its finished you should remove anything it finds.

Then , if you dont have Ad-Aware SE installed .......Get it at ...... http://www.majorgeeks.com/download506.html
and again after it has D/L open it and click on ...."Check for updates now" ...when the updates have finished click on "Start "  and when the scan is complete ....mark for REMOVAL anything it finds.

If you are using Win XP or XP pro ....you should also D/L
MicroSoft Antispyware Beta ........ http://www.microsoft.com/athome/security/spyware/software/default.mspx
Once you have it installed ....run the scan and remove anything found ......

Now it would probably be a good idea the reboot your machine and see how things are .....

Let us know if the issue has been resolved or if not then we will do other things as well.


dl65  

When you LAST ran your virus /spyware scanner. What was the amount you recieved? After only just downloading Ad-Aware, i manged to get 979 on mine A record...4 or 6 actual Spyware was found when I first installed. That's the most I have EVER had.

[glb]Flame[/glb]On a  Windows box 10-20 every week is not uncommon. (On my Linux box, none ever!)   Spedz...... Ok .......you get the award for having the worst plugged up pc of the day .......
What is it you really want to inquire about .......Malware removers ?  .....Oh yes .......then you have to use them once in a while .............LOL


dl65  

979 is by far the hightest number I've ever heard of.Hehe. Didn't actually have any malware/spyware remover software until Ad-Adware... So it'd been building up. Not that i intented to get that much...I hope AdAware is not the only tool in your arsenal.

If so follow any of Fed's posts for an all inclusive list of tools.Errrm. Spybot and Norton too. I only just got into being an admin on this computer (this being my familes computer) and so yeh. Any good powerful FREEWARE suggestions?Sure. As i said Fed lists the best but i'll give you mine off the top of my head.

Anti Virus;
AVG
Avast

Trojan FIGHTERS:
Ewido
Trojan Hunter
A Squared

Spyware:
Spybot
Spyware Blaster

Adware:
AdAware.

Firewalls:
Kerio.
Zone Alarm
Sygate

And for GETTING those really STUBBORN rust spots off of chrome bumpers Coca Cola.

I think I've got a virus that has completely messed up my computer. I recently got a message while on the internet that the computer was infected, and then before I could run a scan my computer froze (this wasn't to do with the virus, it's an annoying problem that happens regularly to my crappy machine). Since then, whenever I've loaded up I get a message saying 'wmpexe has PERFORMED an illegal operation and must be SHUT down'. So I shut it down, then a new message comes up saying 'explorer has performed an illegal operation and must be shut down'. So I shut it down as well and that's the last I can do. All that's on my desktop is my taskbar, and I can't open the start menu. I can't use 'ctrl-alt-del' either. Nothing works. Does anyone know how I could solve this or is it a problem that I'll NEED to get a professional to sort out?

I am running Windows 98 (second edition I think) by the way.Have you got any idea where you came across the virus...? and have you not got any anti-virus programs...?Start in safe mode and run the scans.Try safe mode, and back up.

Then REFORMAT your disk and install fresh OS.

Hi

Please can some kind soul advise me.

I run Norton Antivirus (& use LiveUpdate) and my subscription to Norton is up to date.   Under 'System Status'  Auto Protect is disabled (and it will not LET me Enable) and Email Scanning comes up with ERROR. I also keep getting a message up at start up which says something along the lines of.....attacker or virus has disabled protection......  Also when I click on My Computer the search light comes on and when I go to shutdown, it won't - I have to pull the plug out! I also have two broadband icons now on my tool bar!

Please can someone tell me if this sounds like a virus & if so, what have I got?!! ...............and any tips for getting rid of it.

Many thanks in anticipation

Gill H

I would suggest uninstalling and reinstalling Norton, if that's what you want for our antivirus. In the meantime, go to Trend Online virus scanner (free at trendmicro.com) to test. You ma also want to try Spybot, AdAware, and Ewido (free, just google for them) for added safety.This sounds like an EXTRA nasty nasty so here's my 2 cents worth...

Download, install & update...
CLEANUP
Ccleaner
ANTI SPYWARE
Ad-Aware
Spybot S&D
Microsoft Antispyware (W2k & XP)
ANTI VIRUS
AVG Free (Set options to 'scan all files')
ANTI TROJAN
Ewido (W2k & XP)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run Microsoft Antispyware
Run AVG Free
Run Ewido

Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

PS, can someone with html experience turn the top 6 program recommendations into clickable links & give me the text as I couldn't be bothered figuring it out myself. Quote

PS, can someone with html experience turn the top 6 program recommendations into clickable links & give me the text as I couldn't be bothered figuring it out myself.

Hi, my McAfee has been going crazy with files that end with .pf. I found them in c:windows/prefetch. I would like to know if I can delete them all without CAUSING any DAMAGE to my computer or other files. :-/If Mcafee is going crazy then you probably have a parasite.
Ccleaner will remove the ones that haven't been accessed for a couple of weeks but there has to be a reason for Mcafee complaining.

Online Virus Scan and Spyware Scans
http://housecall.trendmicro.com/

Highly recommended second Online Malware Scan
http://www.ewido.net/en/You can actually dump the entire contents of the prefetch folder (not the folder itself) and WINDOW will rebuild it. The only downside is slower boot time until it is rebuilt. After you do this, boot to safe mode and rerun your AV. You might ALSO want to RUN AdAware and Spybot. I do agree, there's a reason McAfee is complaining.

Norton keeps telling me I have a TROJAN.vundo and gives me the file name, but when I used the remove tool it keeps saying that there is no virus on my system.

I've also tryed to remove it myself taking all the steps they tell me to but it says the file can not be deleted

What can i do to remove this?http://vil.nai.com/vil/content/v_127690.htm  Removal Instructions. Did you tr to remove in safemode? Safemode prevents windows from loading that fileYeah i tried everything in safemode and it STILL tells me the same thing.

Nothing seems to be working any other suggestions?I keep getting this stupid alert that tells me about the same virus but i can't get the alert off my computer.  I keep pressing ok but it wont go away! HELP!!!Same question.........What operating system are you using ?........which anti virus app found this trojan ?

Exactly what is the trojans name ?

dl65  look on the site of symantec (www.symantec.com) for a removal tool, they WORK greatI have the same problem, I'm running windows xp, downloaded the removal tools from symantec, after the removal tool scan and restart of the computer and system restore the warning box keeps POPPING up and will not let you close it. Any suggestions?Did you disable system restore first when you ran the application?yes!Did you try the link for removal tip?for all of you with the problem, run your computer in safe modus, try the removal tool and if it is sugested to remove it manually, remove it manually

Please can you help me with this error message.
Event Type:      Error
Event Source:      ACPI
Event Category:      None
Event ID:      4
Date:            03/12/2005
Time:            13:15:56
User:            N/A
Computer:      MIKE
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could LEAD to system instability. Please contact your system vendor for technical assistance.

I am running windows xp pro. My outlook express icon has CHANGED to the spy sweeper icon. When i try to launch outlook express, i get the start of the installation for spy sweeper instead.Nothing to do with spysweeper........


recheck bioss setup acpi.......options....So i hold down delete on start up to access bios and then what am i looking for? Sorry, never had anything like this before.So it sounds like you did not make any BIOS adjustments prior to this. Was it working fine for a while, or has this always been a problem with spysweeper installed?

Sometimes the easiest thing to do is UNINSTALL and then reboot to reinstall the program.never touched the bios before. This problem has just happened all of a sudden. My outlook express icon has come back ONTO my desktop now but still whenever i click on it, it begins the spy sweeper set-up.never had a problem with either before.
Scans for virus/spyware etc came back ok aswell.If you haven't played with the BIOS,don't start now. Can you uninstall spy sweeper? Quote

Scans for virus/spyware etc came back ok aswell.

A toolbar called Mirar that I did not download appears on my Internet Explorer browser. I have looked in "Install/Uninstall Programs" in my control panel, but it is not listed there. How can  I DELETE this? Thanks.This is a BHO (Browser Helper Object), you can get rid of it with HIJACKTHIS, Spybot, WinPatrol,... the list GOES on & on.

To stop it, go to EI>Tools>Internet Options>Advanced
& uncheck the box that SAYS 'Enable 3rd Part Browser Extensions'.

I have found something called a HKLock.dll on my computer.   Is this dangerous and if so how do I get rid of it?
glenaftonDo you have any Norton PRODUCTS installed on that MACHINE ? ?No.  I GOT rid of Norton and installed AGV free
glenafton

W32.Kelvir.BA, Anyone HEARD of it lately? It's a worm that speras through msn. So, just as a warning, if you use msn, and come across someone SAYING ; 'Is this you...:' or 'You'll LIKE this:' Don't open it.

Although it's not the worst virus ever. it can still cause some damage. For more info see Symantec.

Hi, I keep getting these messages on my McAfee,

Application Has Been Modified
"This program has changed since you first gave it access to the Internet. Do you still want to let it access the Internet?"

these are the programs:
C:\WINDOWS\system32\debspmsg.exe and
C:\Program Files\leatpage\ds33dmod.exe

does ANYONE know what these are? I've tried deleting them, I've run SPYWARE, adware, nothing WORKS and the little McAfee window is constantly POPPING up over and over. I hit block all access and it just keeps popping up.

If anyone knows anything I would really appreciate the help.
Try the 2 'trend' online scanners and try Ewido too.

some time ago i had an issue with my work LAPTOP (xp pro and office xp) where the norton outgoing EMAIL scanner would show that 1 email more than i sent is being scanned and presumably sent.  it went away after some time but i NEVER did know if it was directly related to anything i did.

but it seems to be back.  i'm going to run ms anti spyware and ccleaner and norton av.

but this seems sort of common since i've had it twice and i'm not that special so if there is anything specific (besides the "don't open WIERD emails"; was an accident, really) it would be great

thanksONLINE Virus Scan and Spyware Scans
http://housecall.trendmicro.com/

Highly recommended second Online Malware Scan
http://www.ewido.net/en/

On start up, a message is flashed on the screen that the computer is infected with spyware and that I should run an anti-virus program.  I have Norton loaded but this situation makes access to the desktop impossible.  Any suggestions?Download, install & update...
CLEANUP
Ccleaner
ANTI SPYWARE
Ad-Aware
Spybot S&D
Microsoft Antispyware (W2k & XP)
ANTI VIRUS
AVG Free (Set options to 'scan all files')
ANTI TROJAN
EWIDO (W2k & XP)

Turn off System Restore if APPLICABLE. (ME & XP USERS)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run Microsoft Antispyware
Run AVG Free
Run Ewido

Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users) bettysparkle   When you SAY ..... Quote

I have Norton loaded but this situation makes access to the desktop impossible.

After access to internet (without install SPY ware), my desktop or wallpaper was overwrite by a spyware advertisement & it cannot be DELETED or changed using the control panel.
Can someone pls help me!!

download lavasofts adaware there is a FREE VERSION and it GETS rid of most adware and spyware

I have been going thru the threads for the last 2 days but COULD not find answers & hence I created a new thread. I'm really sorry if its already answered

First the system started with random REBOOT. Later I ran virus scan using Computer Associates EZ Armor.There was no virus detected. Then during subsequent scans, the system would shutdown. Now the system does not boot at all....not even in safe mode. When I try to run in safe mode, I get errors like
"Following file is missing or corrupted: C:\ESSOLO.SYS"
Error in CONFIG.SYS on line 1
"Following file is missing or corrupted: C:\WINDOWS\HIMEM.SYS"
"Following file is missing or corrupted: C:\WINDOWS\DBLBUFF.SYS"
"Following file is missing or corrupted: C:\WINDOWS\IFSHLP.SYS"

It later asks me to specify the location of the command interpreter COMMAND.COM

I started the system with a boot disk & it looks like there is no "windows" FOLDER under c: at all. I'm not able to access D:

I have windows XP PROFESSIONAL. Please help me & I dont want to reformat since I have lot of photos on the systemAre you sure you are running XP ? ?
Did you leave an old Win install on this machine perhaps ? ?

patio. Well, I'm running xp for sure. However I do get options to choose xp or win98 at startup.I thought so...Can you boot into Safe Mode and or Win98? ?
If so copy your boot.ini file and post it here...

patio.
No I cannot get the os running. Any option such as safe mode, safe mode with command prompt, safe mode with networking etc does not work. After the initial check & I think just before the os loads, the sytem restarts.

I tried changing the RAM. Could it be because of this?If so is there any way to fix this?You might have put RAM in ther which is not matched for your MBoard...return to the original RAM chips and try again.

patio.  Yes, I did put the original ram immediately. These problems are with the original ram in place :'(If you cannot boot either OS as is you're best bet would be to hook it up as the only drive as master on IDE2 of a working machine and copy the data you need.
Reason for this is that a repair installation of both 98 and XP have no guarantees that your other data will be intact.

patio.  Format and reinstall is the ultimate solution. You have two buggered operating systemz and booting the only somewhat functional one from the D drive......Thanks everyone for your advise. I'l hook up the hard-drive to another working laptop & copy the data. Can anyone point me to instructions on how to do this:-) I'm really dumb with this & every instruction will help.

WOW. I HAD THE EXACT SAME THING HAPPEN. My Norton will NOT enable, no matter how much I clik. It displays the ERROR message. Even my Norton icons on the bottom toolbar have disappeared! But here's the worst thing. I CANNOT LOG IN TO ANY ACCOUNT. I can navigate the web to any page, but if I try to login to email, or ebay or whatever, it will not allow me to . All I get is the 'cannot find server' error page when I try logging in to any account.  
Does this sound LIKE a virus?  
Here is my only clue. I downloaded SCREENSAVERS yesterday....haven't been able to look at my email since. Today, i have UNINSTALLED EVERY SCREENSAVER that I downloaded, & rebooted, but doesn't fix my problem. I was thinking that there must be a specific function that is corrupted that ALLOWS me to login to everything. What should I do?
Online Virus Scan and Spyware Scans
http://housecall.trendmicro.com/

Highly recommended second Online Malware Scan
http://www.ewido.net/en/Thank you! Quote

Here is my only clue. I downloaded screensavers yesterday....haven't been able to look at my email since. Today, i have UNINSTALLED EVERY SCREENSAVER that I downloaded, & rebooted, but doesn't fix my problem. ?

I am using internet explorer 6.0
Windows xp professional and on dial up.

quite frequently when surfing the internet I get a "You are not authorized to view this page"  Http 403 error forbidden.  Below is an exact copy/paste of the page.

[b] You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.


If you believe you should be able to view this directory or page, please TRY to CONTACT the Web site by using any e-mail address or phone number that may be listed on the www.foxitsoftware.com home page.

You can click  Search to look for information on the Internet.

HTTP Error 403 - Forbidden
Internet Explorer [/b]
Check your SECURITY settings in both IE and Internet Options in Control Panel.

patio.     I'm SORRY, but what am I looking for specifically.  I have checked the security settings a few times, looking for something that it might be, but i must be missing something.

prarie1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Security tab
6. Reset all security zones to Default

And/or

1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Advanced
6. Restore Defaults button.

You may need to do the following as well
 
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. General tab
6. Remove cookies, temporary files and history

Kudos to Raptor.Thanks Fed

I had already gone ahead and reset the defaults this afternoon.  So far I think that may have fixed my problem.  

Prarie

Hi,

I have recently been getting porn pop ups on my pc, i have had it before and know that sometimes its due to spyware WITHIN my pc. I have searched for the obvious things within my files and folders, such as porn, sex, xxx etc and the only things that i can find are "sexy blondes" dialers and folder.

i have deleted everything i can, but some of them say i cant delete them coz access denied. Either i have the file open, or they are write protected or i have a full disk. I have changed each of the files from being read only to normal, but they somehow change back before i am able to delete them!

What do i do!?

I am running on XP professional.

Thanks!!

SarahSo you have Ran a virus, Adware and spyware scanners?

Well what Spyware scanner are you using?

R0SSHi

Its the Ad-Aware SE Personal by Lavasoft, hope that helps!

Also the virus scanner i use is the one i get provided through uni which is Sophoa Anti Virus.

I have scanned using both and dont know where to go from there!

Thanks

SarahRight well if your using windows XP, why not get a download of Microsoft Anti-Spware. It is the best out there and I'm confident it will clear up your problem.

here is a link.


http://www.microsoft.com/athome/security/spyware/software/default.mspx


Hope that helps you.

R0SS Quote

Hi,
I have searched for the obvious things within my files and folders, such as porn, sex, xxx etc and the only things that i can find are "sexy blondes" dialers and folder.

porn companys paid ad-aware to skip some of there ad/spy software because a lot of users use ad-aware. So ad aware skips some things

Could it be a country thing? Going to research that idea.

It is a country thing, Changed from usa to munch's area and bam it worked.

Im moving down under.  

I been getting odd phone calls from weird AREA codes, and the caller NEVER says anything.. could it STEM from my cousin looking at the wrong sites {like porn}? i have great virus protection on the computer and windows firewall and i used to have zonealarm installed also.. can those sites get my number or something? PLEASE help me...Most likely it would be a automatic DIALER for a telemarketing company. If all the sales reps are on the other line, then all you get is silence or clicking.

At least, that's my guess!I had one of those a few weeks ago on my mobile. Didnt answer it the first time, they rang again the next day and I did answer. But no one spoke. Dont know if thats any help like.

I've only ever used AVG, but I've heard and read so much about Avast that I finally have to check it out.

Any known issues running the two of them SIDE by side?You should NEVER have more than one anti-virus program running at once (HOWEVER you can run SEVERAL anti-spyware programs, as they usually do not have compatibility issues).

If you're going to test out Avast!, make sure you disable every AVG component. If you're not happy, you can simply uninstall Avast! and switch back to AVG.

with regardsMy pal Dennis prefers Avast over AVG but he runs them both...Avast daily and AVG once a week.
champion's advice is correct make sure one is disabled when running the other...they like to bang heads.

patio.

My granddaughter downloaded a children's software program on my laptop and it evidently had a virus as my device MANAGER SCREEN is empty and modem is not being recognized for dial-up.  Does anyone have any ideas on what I need to do to regain my dial-up etc.Kind of hard to advise without knowing the operating system, but Spybot,  and Ad Aware are free downloads. Just google for them. That is a good place to start.I have an IBM ThinkPad running MICROSOFT 2000.  The problem is I can't get to the internet to download any software that might take CARE of the problem.  I installed Norton and it has identified the following:  C:\\winnt\nem220.dll is infected with the Bloodhound Packed virus.  Is this why my Device Manager properties is blank?Yes according to Norton that is just one of the common symptoms caused by that payload...
Are there people using that machine for a lot of P2P downloads ? ?
Most likely where it came from...
Norton's Removal Instructions:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

patio.   Quote

The problem is I can't get to the internet to download any software that might take care of the problem.

Hi,

I've heard that Spy Sweeper is one of the better spyware removal/detection software.  Any opinions?  I've downloaded the trial, but am hesitant to buy until a get some feedback.  

Thanks,

MaryIt often GETS many rave reviews from EXPERTS, however I have only trailed it once, in which time it did little to convince me of it's supposed abilities.

Plenty of freeware anti-spyware applications available, I don't think there's really much point.

with regardsI agree. The free ones are just as good, and much cheaper.i don't agree, i don't know another program that is better than spysweeper to remove spyware, buth... if you USE a combination of other programs, it might be better than only one program (example spysweeper) i bought it, and i am really happy with it, it made my computer clean and it protected it wellYes, having more than one anti-spyware program is a good idea... I was just disappointed with SpySweeper's performance when I used it.

I prefer to use a combination of free anti-spyware applications, while others may feel more "SECURE" with commercial products.

with regardsThanks.  I also have others...Spyware Dr., Pest Patrol, Spybot.  I even used the Microsoft beta spyware blocker for a while.  I had heard Spy Sweeper was the best lately, and I just wondered if it was worth it to actually break down and pay for software for a change.  

MaryNo need for spyware programs if you have a decent firewall.

And disable remote acccess/and any p_2P programs. Quote

No need for spyware programs if you have a decent firewall.

I deleted the worm VB.AS but I still have problems.  Internet sites that require a password will not open the login page ie. email, school sites etc.  It just says web page unavailable.   Also my Norton will not ENGAGE autoprotect.  does anyone have any suggestions, I would really rather not reboot. I have removed the worm with Trend micros online scanner and removal instructions.Clean out your temporary and temporary internet files, then follow the removal instructions on this site: http://www.k7computing.com/virusinfo/WormVBAS.htm

with regardsI have done that.......... now I think I will reboot.  It is only the websites that require a little more security to enter that will not open.  Maybe the settings need to be adjusted back to normal, not sure what they would be.try to use some other programs to for deleting the other pieces:

ad-aware     (lavasoft)
spy sweeper             (WEBROOT)
CWshredder              (trend micro)
SPYBOT                  (Safer Networking Limited )
spyware doctor          (PC Tools Pty. Ltd.)
spyware BLASTER         (Javaco cool Software LLC)
ccleaner                (no company name found)




greetz


blackberry

I have some viruses/adware that will not delete. I've tried deleting them in safe mode but that didn't work either. I used MICROSOFT Antispyware and ADware programs. It says that I have Virtumondo and Trojan.Startup.Nameshifter.HN that will not delete. What should I do?Try Ewido for free, ALSO run in safe mode.

http://www.ewido.net/en/download/

You might also try the free ONLINE scanner at www.trendmicro.comtry to use this army of bots on your computer, some are free, for some you have to pay, but, you can always download a free trail (and AL programs are safe. Don't forget one to run, download them all, there safe:


ad-aware     (lavasoft)
spy sweeper             (webroot)
CWshredder              (trend micro)
spybot                  (Safer Networking Limited )
spyware doctor          (PC Tools Pty. Ltd.)
spyware blaster         (Javaco cool SOFTWARE LLC)
ccleaner                (no company name found)




greetz


blackberry  After running adaware, spybot, trendmicro, ewido and spy sweeper, my viruses are finally deleted. I ran them all in safe mode and it seems that spy sweeper was the winner. So far everything looks good. Thank you for your help.

How does AOL anti-virus compare to other anti-viruses?Do yourself a favor and DLoad either AVG and or Avast...both have free versions that do quite nicely...
If AOL were the last ISP choice i had i would GIVE up surfing before i would install their crud on my machine.

patio.   Quote

How does AOL anti-virus compare to other anti-viruses?

How does AOL anti-virus compare to other anti-viruses?

I was using my laptop last night when norton popped up with a virus called Da Boys Droppers. I dont know how I got it, I wasn't online at the time and I haven't downloaded anything on the machine since I got it, APART from AdAware Anti spyware and Zone Alarm fire wall. Also I haven't opened any Emails from unknown sources so how I contracted it is a mystery.

The problem is I can't ge rid of it. Norton is unable t fix the corrupted dll files so they are currently in quarantine. I can't do a Live Update (although I done one only 5 days before) from norton or download AVG because it wont let me online.

I have AVG currently running on my pc so i copied it to my flash drive and uploaded it onto my laptop, but when i try to install it, it keeps asking me for the licence number. I tried to use the licence number that my pc version is using but it just tells me it is invalid.

I'm stumped on how to get rid of it, if anyone can help I would be very grateful.BTW:

The corrupted files are:

MSAPSSPC.DLL
MSNSSPC.DLL
NETDETECTCONTROLLER-2-6.DLL
UNIMDM.TSP
WAN.TSP

I thought about taking the files out of quarantine to try and go online but am worried this will only make things worse.WAN.TSP wireless......<admin tools!I dont use wireless. Where can I find Admin tools?

Sorry if this is a stupid question.Assuming you are using Windows XP, follow these instructions... Click on Start -> Control Panel. Click on Performance and Maintenance. Next, click on Administrative Tools... This should help you  

[glb]Flame[/glb]Sorry! using 98se.Have you installed any software via cdrom disks/or floppies! do you have remote access enabled!

And flame is correct where the events log lies.

Maybe if you pay for  norton then i would use it !and dump avg!?as some anti viri throw up messages that are not any threat to the pc user and  its called  license to print money?

Did this viri contain anything else l;ie a code/etc !maybe a friend has loaded this on to your pc for joke,as there are joke viruses!I have used two things.  Firstly I downloaded a driver for my new flash stick, but i downloaded it to my home pc opened it there then copied it to floppy. I have since copied it to my laptop and my wifes laptop, but none of these MACHINES have any problems.

The second thing was a cd rom that my sister gave me about 1 year ago. It contains a sega genisis emulator and over 100 games. but i have used this on my pc many times over the past year and never suffered a problem.

I tried the following:
Click on Start -> Control Panel. Click on Performance and Maintenance. Next, click on Administrative Tools... This should help you

But  instead of performance and maintenance i have to go to system and then performance, (no performance and maintenance option).The only options in performance are: File system, Graphics and Virtual Memory.  

Also I have checked with search files and folders and it would appear that i have more than 500 corrupted files.download spysweeper......disconect from the net>>> norton says this>http://www.sarc.com/avcenter/venc/data/da_boys_dropper.htmlTHANKS Just one question.

I can't get online with my laptop. If i download tis to my pc and then copy it my laptop will is work? I tried this with avg and it wanted a Licence number.another problem, Spy sweeper requires 128mb of RAM. I am only running 64mb, so it probably won't work.This may be easier for you.
http://vil.nai.com/vil/content/v_1442.htmhttp://housecall60.trendmicro.com/en/start_corp.asp?id=scan


Then connect the laptop to the net,And  re -run it again!Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Use both a hardware and software firewall.
Be advised as dual software firewalls may cause problems

ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.Thanks for your help guys. Not really sure what happened, couldnt get anything to work so decided to to take virus out of quarantine.

Had to shut down and restart, when i did the virus was gone and EVERYTHING worked fine???

Thanks for your help anyway.

Ps. If anyone knows what might have caused this I would be INTERESTED in hearing it.

Hi- need some advice ....I had trouble with my internet pages loading up (was just getting error message)  so i  scanned with AVG  and I noticed  that it stated i had a kernels32.exe  in my windows/system and it scanned it and stated OK no infection.Is this file a trojan? I noticed that the kernels32.exe was running as i put up my close programme box and i panicked and did end task on it.What id like to know is that Ive ran trendmicro and it said i have no infection ,but what is it doing on my system  and can I just GO into the windows/system and manually delete it?Michelle........ I think this is what your talking about.
kernels32 - kernels32.exe - PROCESS Information
Process File: kernels32 or kernels32.exe
Process Name: DLOADER-FC Trojan
 
Description:
kernels32.exe is a process associated with the DLOADER-FC Trojan. This program is a registered security risk and should be removed immediately. If FOUND on your system make sure that you have DOWNLOADED the latest update for your antivirus application.

you might try D/L Ewido ........updating it and then run it .

dl65  


My AVG is up to date ,Is it safe to delete  it from the windows/system?  As Trendmicro and AVG are not detecting it  as infectedTake dL's excellent advice and DLoad and run EWIDO...
That should do the trick.

patio.  normaly it isn't i virus, but it may be possible that it is infected...

somehow i got hit with this goofy ad for razespyware that takes over the wallpaper after bootup.  everthing seems to work ok but the "new" wallpaper is highly annoying.  i FOLLOWED some of the advices i read here. d/l spybot, spysweeper, antispyware, avg, ccleaner. already had spyhunter and norton av.  have run them all.  spybot, spysweeper, ewido and spyware found all kinds of crap but not the raze thing.  even with restore off and in safe MODE.  did a search files for razespyware and found "install_razespyware.exe-1fa91ede" in the windows/prefetch directory and razespyware.pkg in c/windows.  what i don't know is if i can just DELETE these files since none of the spyware, cleaners, or av did anything..any help....Did you use Microsoft Anti-spyware? It scans the registrys more thouroly. Did you also run a registry scan to clean up some errors.

Did you install anything before these pop up happen?
How long has it been happening?thanks for the response.  yes i did use the micro anit spyware..  it must be in the registry but i'm not sure where...i hadn't installed anything the day it occured  ..problem only started on saturday and i've been WRESTLING with it..it doesn't seem to affect anything but still don't like it.  i've installed and downloaded av and antispy sw since this began.  my last sw install was acrobat 4 weeks ago.  since my last post i went ahead and deleted the "install_razespyware file in c/window/prefecth but it didn't change anything.  Copied from another site but it seems to have done the job.

"go to control panel
click appearance and themes
click desktop background or display
click desktop tab,
click customize desktop
click web tab
delete security
Job done"well, Fed, that did the trick. even stayed away when i restarted.  thanks bunches.Just a note, SpyHunter (assuming it's by enigmasoftware) is a dodgy anti-spyware program, and should be uninstalled. Although it's been delisted from SpywareWarrior's list of rogue/suspect anti-spyware software, it still isn't recommendable. There are many more better freeware substitutes for it.

with regardsappreciate that ... since spybot ewido and microsft anti spyware seem to work nicely i'll do just thatTrojan Hunter WOULD be another good one to add to your arsenal as well...

patio.

How do I get rid of WINFIXER 2005 on my computer? I am so tired of the popup and telling me that I have to install it. I've tried installing microsoft antispyware and pest control spyware. Each have detected it and said they removed it, but it is still popping up. It says I have not completed the scan for errors. I am so tired of this! I am not computer savvy. Is there an easy way to get rid of it? ThanksTry removing it in safe mode (F8 at boot). Is system restore active?I'm not sure what that means, can you put it into computer idiot language?Turn off system restore, press F1 on desktop and search for how. (This is a learning experience.)Then reboot in safe mode by PRESSING F8 a few times when the computer starts, before the Windows logo. Run your scans from there. After removed, reboot and turn system restore back on.Since Winfixer is considered SCUMWARE it is particularly hard to get rid of.
First thing i WOULD do is DLoad and update Ewido which is a trojan scanning program.
Make sure you update it first and when you run it let it remove/fix everything it finds that it doesn't like.

Then we can move on to the next steps if it's still there...

patio.

recently I was spoofed with my own email address - the strange thing was all my OUTLOOK EXPRESS messages cotain a footer - saying it  had been scanned by NOD32 -except this one. If I sent it to myself it was DULY scanned.

Anyone any ideas how it escaped the AV scan?



BillDo you have adware/spyware/trojan scanners in place, updated and being used? Which ones?For AV I use NOD32 which is updated daily.
For FW I use Zone ALARM which is updated daily.
For Spyware I use lavasoft which is updated every 2 weeks.

Bill

I can't change my desktop background it says:

Windows Error
System has detected spyware activity.  Some system functions are blocked out.
Windows recommends you to clean your PC with a spyware removal tool. This has to be done as SOON as possible to prevent loss of data.

I have run spyware and virus scans, and they can't find anything.

I also can't access TASK manager.  When i PRESS Crtl+Alt+Delete a message comes up saying:

Task Manager has been disabled by your administrator.

But i the administrator and the only one who uses the computer.

Mel Quote

I have run spyware and virus scans, and they can't find anything.  

Windows Error
System has detected spyware activity.  Some system functions are blocked out.
Windows recommends you to clean your PC with a spyware removal tool. This has to be done as soon as possible to prevent loss of data.

I used Norton, Microsoft AntiSpyware, and a couple of free ones that i downloaded.

The message is my background.  It won't let me change it

Yes, I was that stupid! Got that Virus on my notebook, that sends itself via msn messenger and now my pc can´t do exe files anymore. Hoe do I get rid of it? It´s drivin`me insane. If anyone can help?! THANKS! miriam.......Have a read .......this should help you.
http://www.happy-messaging.com/messenger/virus/

What full time virus protection are you using ?


dl65    yeah, exactly... none at all. That´s me I´m just stupid like that.   Anyway, thanks for the help, I´ll try that. PS: Can u recommend a GOOD anti-v software?AVG Antivirus is free at:

http://free.grisoft.com/doc/2/lng/us/tpl/v5Mariam, please read this thread.

Everyone's OPINIONS are VARIED on the subject, however.

Also, what is the message it's sending?

with regards