Explore topic-wise InterviewSolutions in .

I downloaded a keylogger, and went to uninstall it, and it won't let me. It keeps saying that it is running, which it is, on my DESKTOP I can see it. I click on it and nothing happens. I've went to programs and it's not there. I've tried deleting everything that pertains to it, but some of the FILES won't let me delet them saying that an instance of it is running. Any suggestions?trish ducharme.....If you downloaded it .....you should be able to find it ......
Have you tried the search feature ?
Use the word "GOLDENEYE"
I can tell you that Pest Patrol will locate and remove it , but you should be able to remove it manually.

you should also use the search feature in the registry as well.

dl65 I can find it, it just won't let me delet it because it says its running. There's a thing on my desktop that is from goldeneye. I try clicking on it but nothing happens. I was able to delet some of the folders, ect. but like I said, it won't let me delet some. I went into 'search all files and folders' (had it show me the hidden ones too) and GOT all I couls DELETED, but some of it is still there.trish ducharme .....Try booting up insafe mode .....and see if you can delete it that way .

dl65

After I uninstalled NORTON Security, every time I start my puter I get "C:\Progra~1\Norton~2\Norton~1\Savrtpel.vxd Cannot find device file to run windows or an application. System.ini refers to this device file but device file no longer exists. If you deleted this on purpose, try unstalling associated file. " After I hit the spacebar twice, my puter will boot, its just a pain. Any ideas would be greatly appreciated. P.S. I had horrible problems with the Norton Security so I took it back for McAfee,, PHEW,, MUCH betterwhat are you running XP 98 What version of Norton 2004 ect

Norton does not always remove correctly from ADD/REMOVE programs

you can find utility at symantec that should sort it but make sure you choose your version of Norton and your O/S

Take a look at link
http://www.annoyances.org/exec/forum/win98/t1100800639

if you are running XP and it was NORTON 2004 Take a look below
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2004020909040706&nsf=tsgeninfo.nsf&view=docid&dtype=∏=&ver=&osv=&osv_lvl=

Regards PAUL

Does anyone know what this virus might be? I've HOOKED up several monitors to my computer and each time they shut down and won't come back on. They work fine on other computers. I got the monitor to stay on long enough to start a virus scan but could not get it to come back on to finish the scan. Sometimes it will come on for a few minutes & sometimes it IMMEDIATELY shuts the monitor down.chloeboo.......It's possible that if you have a current ANTI virus running .......it's not a virus ......but rather an issure with the vid card ...... Can you try your vid card in another pc ? Have updated any vid card drivers just PRIOR to this issue starting ?


dl65 It's possible that the video card is overheating...

[GLB]Flame[/glb]

My PC frequently "jumps or flashes" on the monitor SCREEN, resulting in skipping down three lines, if for INSTANCE, I'm creating an email or working in Word.

Recently, I began "chatting" on-line and when the flash occurs, the CAPITAL letters "UCL" are automatically entered into my chat message and the message is sent, without my directing so. :-/

Another, possibly related problem is that periodically, a "Supervisor Password" WINDOW spontaneously appears. I do not know if the two things are related or not. Does anyone? Does anyone know whats up with this? Can anyone offer a "fix" for either or preferably both?

I'd appreciate the help, this is quite annoying and distracting when trying to get work done, especially in Word!

Thank You Much, in advance!
Stan HillI would check this link out first>>http://www.jokingaround.com/Downloads.aspx
nwext restart pc in safe mode scan for trojans etc/disconnect from the net/ adsl line/modem....is this pc networked??or shared......is remote access enabled.....are you using P2p programs.this pc is not on a network, regular stand alone home pc. there was Kazaa installed by one of my children, but i've now gone through the formal process of uninstalling it.

I have Spybot, Adaware and i just downloaded Microsoft's new Anti-Spyware program. I run then 3-4 time per week and ADDRESS everything that they identify.

It is STILL happening!

I posted this in the Microsoft section becfore seeing this section.. apologies and I hope one of you can help me out!!

Please help me with my computer.. it's got some odd problems../

I use Windows XP and Mozilla.
Two to three days ago I had some sort of tojan/cirus/somthing. My background had become a hyperlink. It said "Warning You have been infected with Spyware! Click here to remove!" It was solid black with a yellow border. A yellow triangle apeared in my icons at the lower right HAND corner of the screen. It would pop up and tell me my computer had spyware. I removed this.
But I now I have new problems. ANd I don't know what is causing it, I don't know if it's something new or just remnants of the otehr virus that I haven't removed.


So here are the current symptoms:
- A yellowish/green smear at the the lower right hand corner. It's maybe 4/5 inches long and an inch wide and it's speckly in some areas, dark in others. It shows up about half the time when I turn my computer on. If it's there when I turn it on, it stays there, doesn't go away. But if it isn't PRESENT, it doesn't ever appear.
- I can't log-off or shut down properly. I click on Log Off or Shut Down and the START tab closes like it normally would but the computer doesn't do anything else. Just SITS there.
- Also, the inability for any of my icons on the desktop to work. I will double-click on Mozilla and nothing happens. The "think icon" (I don't know the name, the mouse cursor with the sand timer in it) appears beside the pointer and then quickly vanishes. When this happens, I must turn off the computer (the bad way, just clicking and holding the button) and then restart it. Then it works.
- Also, (and this one is the oddest) I have the inability to
save anything. In Microsoft Works, I can click on the diskette icon or go to File, Save and neither of them do anything. Neither does the open file icon.

I have no idea what's going on.
PLEASE HELP ME!
I appreciate any input! I really don't have money to get this looked at professionally and hope it's just something I can fix.

Oh- side note. I have Spybot- Search and Destroy, Ad-Aware SE Personal, and also Trojan Remover on my computer and have run all three to no avail.

Thank you!!Also- I can't delete anything!
Nothing!
I highlight, click delete and nothing happens.
I right click, dete, and nothing happens.
I drag into recycle bin and click empty recycle bin and nothing happens.
the onyl way I get ANY response is if it's on my desktop and I right click dete it. But it doesn't delete; it just pops up with

"Cannot delete (filename). The operation COMPLETED successfully."

I don't understand!!
Please help!!K. Livingston......I don't know whats going on except to say your pc is infected with something ........
First off , which operating system are you using?
Next ......which anti-virus are you using and .....is it current as far as subscription and updates........?

Here's what I would do for openers.....
1.... reboot into safe mode .
2.... Run a scan with your Anti virus program ......and remove anything it finds........
3.....Scan with Trojan remover

If anything is found ......record what it is and let us know .


dl65

I use Windows XP and Norton Antivirus. (And yes, it's updated)

You'll have to help with with this "Safe Mode" business. How do I put it into that?

(I'm not very computer-savvy...)Nevermind.. I Googled and found out how to do it.

(F8, then option 3 while restarting correct?)

The problem is, following those directions ^, I can'r get into Safe Mode.
It just ignores it and continues loading.

Am I not doing it correctly?After you select Safe Mode, the system will continue to boot. Once you're up and running, it should have "Safe Mode" in all four corners and your desktop will probably not be the color you set it at. Safe mode loads a stripped down system allowing you to run virus/trojan/spyware scanners in a clean environment.

If you are in fact in safe mode, just follow dl65's instructions.

Hope this helps. K. Livingston.......It's possible you waited too long before hitting the F8 key.........Try it again only this time.......as soon as you reboot , then before it starts to load ......repeatedly tap the F8 key until you see the various options ....and then chose ....SAFE mode.......

dl65 Quote

Warning You have been infected with Spyware! Click here to remove!" It was solid black with a yellow border. A yellow triangle apeared in my icons at the lower right hand corner of the screen. It would pop up and tell me my computer had spyware. I removed this.

Is it possible to INSTALL Norton ANTIVIRUS 2004 on multiple computers but share the virus definition updates ect to save me having to update every machine?

If not is there a better way to do this on a small HOME NETWORK?

SteveIf you purchase the Enterprise edition you could have a central update server but I SUSPECT you don't want to spend that much money on this concern.

Other than that, just set them to auto-update from the web and check them once a week or so to make sure they are still auto-updating.

Quote

If you purchase the Enterprise edition you could have a central update server but I suspect you don't want to spend that much money on this concern.

aclambert....Ok , I been through your log again .....and several questions occur to me .
Are you using Dialup service or Hispeed ........? The reason I ask is that I see indications that you are using various tweaking apps for some reason ........Is this because of some problem you have been having ?

I also see that you seem to be using AOL as well as Compuserve ...and am wondering why ?

What ISP are you using ?

I also note you are using search assistants .........Why ?

I also notice you are using realplayer .......Do you really use it or is it just something you D/L ?

I also notice that you seem to be using Giant antispyware as well as M/S antispyware Beta .....( If you purchased Giant and its still current .......keep it ......if not uninstall it ...........M/S has recently purchased Giant software ) M/S Antispyware is PRETTY much the same and will remain free ( according to M/S) .

Do you have a good registry cleaner ?........I dont see one . If you don't have one ....Email me and I'll send you a decent one. ( I dont know if you know it , but when ever you install proggys .......and remove them ......little bits are still left in the registry . )

Now then ........lets get started again.......
close up everything that open ......so your just at the desktop.
Now .......click....start/All programs /accessories/system tools /system restore ..........now when system restore comes up ...click on system restore setttings.......when that window opens .......put a tick in shut off system restore on all drives ....click apply and ok ...... Close up that window and go back to desktop.

Next ........reboot into Safe mode ........( press F8 key repeatedly as its rebooting and then select SAFE mode .....when in safe mode ......go to control panel /Add/Remove programs and carefully look at each program listed there . If there's any you no longer use or any odd looking toolbars listed .......remove them .

Next .......while still in safe mode ....run Norton Antivirus ( delete anything it finds )
Next run spybot search and destroy ......remove anything it finds.
Next run Antispyware Beta .....remove anything it finds.
Now reboot again back into SAFE mode again ........
open the task manager, Ctrl/Alt/Delete and shut down ....... C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Next run hijackthis and mark for removal the following ......

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

**Note there are 2 entries of surfsidekick 2 ****

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://remote.ebglaw.com/dana-cached/setup/NeoterisSetup.cab

Ok ....now click fix marked ........

Now reboot back into normal mode and go to my computer C drive programs ........Delete the folder SurfSidekick 2 .....
Delete the folder ....... Viewpoint
Empty the recycle bin

Go to Windows update and D/L and install any critical updates.
Don't turn system restore back on until you are rid of the pests.

It might be a good idea to print this list out and use it as a checklist so you don't overlook something .

Let us know

dl65








Wow! First I am switching over from compuserve dial up to sbcyahoo dsl w/in the past two weeks. I plan on keeping CS until I get all my e-mails straightened out. I don't know what "tweaking apps" you are referring to but I also have a citrix connection I use for work. that connection is ebglaw related. I use to have a separate dial up but know access thru my isp. I see some reference to aol in the HIJACK file but don't know where to get rid of it. I have no need for aol at all.
Also, pardon my ignorance but I don't know what a search assistant is?

I got rid of real player as I use windows media primarily.

I don't know where Giant antispyware is and have never used it but it does not show up on the programs to uninstall.

I used to have a registry cleaner on my old machine. Is CCleaner not a registry cleaner?
I deleted Viewpoint manager and viewpoint media player from my computer. I haven't done the other things but I will this evening.
aclambert....This is what CCleaner is supposed to do ......
CCleaner (Crap Cleaner) is a freeware system optimization tool. That removes unused and temporary files from your system - allowing Windows to run faster, more efficiently and giving you more hard disk space. The best part is that it's fast! (normally taking less that a second to run) and Free.
I would suggest a dedicated registry cleaner as opposed to what you are using ........It may deal with a lot .....but it doesnt home in on the registry .......

AOL .......
run hijackthis and mark for removal .......
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - AMERICA Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Now lets do a manual cleaning of the registry for AOL .

Click start / run ...in the run box ... type regedit and then click enter
When the registry editor opens .....click on edit , then click find ...... in the find box type AOL and press find.
if there are entries ...you will be taken to them and the entry will be hi lited ......( make sure its aol and then right click and delete.) now go back and repeat the search again and keep deleting the entries until you get the message that there are no matching entries in the registry....... now just exit and carry on .
Be sure and backup the registry ...just in case you delete the wrong item .
If you want a good registry cleaner let me know and I'll send you one .

Let us know

dl65





I did everything except the regedit stuff ( i don't know how to back up and it made me nervous) but I still get the 010 lines in my hijack logfile (which hijack cannot fix) and the same adware when I run spybot. aclambert.....This issue is becoming a real challenge .....
Here is info on SurfSideKick ....with detailed manual removal instructions ........ http://www.scanspyware.net/info/SurfSideKick.htm ......
the removal info is down the page .

According to what I read it is residing in the registry .

Are you sure that you are displaying the hidden files and folders ?

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Click OK.

Qoolaid manual removal .....


The following instructions pertain to all Symantec antivirus products that support Security Risk detection.


Update the definitions.
Restart the computer in Safe mode.
Run a full system scan and delete all the files detected as Adware.QoolAid.

For specific DETAILS on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To restart the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. For instructions, read the document, "How to start the computer in Safe Mode."

3. To scan for and delete the files
Start your Symantec antivirus program, and then run a full system scan.
If any files are detected as Adware.EnergyPlugin, click Delete.


--------------------------------------------------------------------------------
Note: If your Symantec antivirus product reports that it cannot delete a detected file, note the path and file name. Then use Windows Explorer to locate and delete the file.
--------------------------------------------------------------------------------


Let us know if you have any success.....

dl65
I have done all of this stuff, even the rgistry stuff ( I would like a registry cleaner though. I believe I now have too much protection on my puter. The dsl has slowed to a crawl. However, I have gotten rid of the surfsidekick - Thanks. The winup2date.dll cannot be fixed by Norton nor can it be deleted in Explorer (the first thing I tried). A message appears re: it is in use etc and cannot be deleted.aclambert ......Progress .....thats good .......If your on DSL now have you tested your D/L speed ? Heres a link to a test site ..... http://bandwidthplace.com/speedtest/
This one is good ....... free up to 3 TIMES per month .....
Check you instant message re registry cleaner.

dl65

My computer has contracted a virus that creates pornographic desktop icons. Whenever I try to delete them they just come BACK again. I've used all the antivirus and SPYWARE I can find online but the virus keeps coming back. Please HELP me.michael greenman What anti virus do you have installed on this pc ?
Do these "viruses " have a name ? Are these icons ASSOCIATED with some program?

let us KNOW

dl65

HI - My homepage (google) has been hijacked, and in properties the URL address of the page that appears is C:\WINDOWS\System32\spnxf.dll/blank.html

The page is an e-search page, with links to all sorts of adult / affiliate types of things e.g. *censored*, insurance, sex sites, prescriptions etc.

I also get pop ups for adult poker, sex etc at odd times. The files keep getting added to my favourites even though I delete them.

I have been into spnxf.dll in notepad, and I can see all of the links contained within the junk (I have enclosed a *small part* of it at the bottom of the message so you can see what I mean).

I have copied all of the text into another notepad file in case I ever needed it, but when I tried to delete the info in this file and save it, it wouldn't let me save.

My question is How can I alter this file (safely) as I am sure that by doing so my computer will be rid of the junk.

Thanks
Kate


keywords();


*censored* [/url] |xanax[/url]|
phentermine[/url] |online
pharmacy[/url]| carisoprodol[/url]
|hydrocodone[/url]| valium[/url]
|*censored*[/url]| fioricet[/url]

texas holdem[/url] |party
poker[/url]| roulette[/url] |online
gambling[/url]| blackjack[/url] |slots[/url]| casino[/url] | adult games [/url]

webhosting[/url] |domain
registration[/url]| bonus server [/url]| voice
mail[/url] | work at home[/url]

adult movies[/url] |personal
photos[/url]| sex dating[/url] |free
online dating[/url]| xxx dvd[/url] |asian
sex[/url]| fetish[/url]

rv finance[/url] |visa
platinum[/url]| merchant account[/url]
|
mortgage[/url]

spyware[/url] |adware[/url]|
popup blocker[/url] |firewall[/url]|
soft[/url]

I keep havind a screen COME up so that I can block or give access to raba.exe I have deleted this file but it keeps coming back up. Where is raba.exe comming from and do I let it open up my computer?I searched all over for this and FOUND nothing. Can you give us some more INFORMATION?

Get back to us. Ok Guys this raba.exe is a file that is used by windows. It is located in the prefetch folder. The Prefetch folder is used by Windows XP to speed the boot process. Windows XP records information about each program that launches at boot and uses that information to boot faster the next time. Because multiple files might have the same name, it appends a "hash" of the file's LOCATION. That's the odd string of numbers and letters between the filename and the .pf extension.


This folder may accumulate useless junk, especially if you change your configuration a lot. There's no harm in emptying it. Simply delete all the files in that folder; Windows will REBUILD it as needed.

Hope that answers you questions! Good luck TiffanyCare to share where you found this raba.exe info Tiffany?

Hi. Whenver i open any WEB browser including IE, Netscape, Mozilla and Opera, cheesy classical music starts playing. It happens after about ten minutes of browsing...doesnt matter what site im on or anything.

There are no extra proccesses in the process window and the music STOPS when i exit the browser. its about a 20 second loop that just keeps playing and playing.

Its kinda low volume, but you can definitly hear it.

Thanks for any help!!Aphasia....Scan for adware , spyware , torjans and viruses .
Sounds LIKE someones playing a prank on you .

dl65 I agree... Also, do you have a firewall installed? (I've seen hackers/crackers play such pranks by HACKING)

[glb]Flame[/glb]

when i boot up my computer i get lauch der biz.com icon on my desk top plus it ALSO then it appears as my homepage address in ie properties another problem i have is my TOOL bar is different on some SITES i visit i have a bt yahoo toolbar which i have customised but on some site when the page loads up i have a different tool bar i am using win xp sp2 loadedDo you have Spyware protection? If not, then get Microsoft ANTISPYWARE for FREE... Link: http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en ...

[glb]Flame[/glb]

hello i want to know if my operative system has anything of spyware only for sure there you have my hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 14:12:11, on 27/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\Archivos de programa\Winamp\winamp.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\federico\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CamMonitor] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O8 - Extra context menu item: &Google SEARCH - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter CLASS) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47A77843-CA87-47EA-B41D-66EA9F5A55FE}: NameServer = 216.244.192.2,216.244.192.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{47A77843-CA87-47EA-B41D-66EA9F5A55FE}: NameServer = 216.244.192.2,216.244.192.3
O23 - Service: AVG7 Alert MANAGER Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
thank youfederico33.....Well I see several items which you should remove .......

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

If you don't know this site .....remove it ....
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

No as far as any other spyware .......go to ........
http://www.microsoft.com/athome/security/spyware/software/default.mspx D/L Antispyware Beta.......it's very good .....one of the better ones .......

OOPS .....I just looked at your log again and I see you are using Antispyware ....... ( thats good )

let us know how you make out .

dl65

well thank you to response dl65 and yes i am using microsoft antispyware is a very good program well goodbyeDid you install this? It seems strange to want to run it at startup?

O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
Nasty Passwort CRACKING
Hit rate: 92 %

If you're not sure, search for ares.exe in google. federico33 ..... FED is correct......I completely overlooked this entry ........
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h

Definately not good .....unless you put it there as a result of using some P2P program.....


dl65

ok i am erasing that bye

Hey, all!

Sorry for the corny Wizard of Oz subject line.

Recently, i was talking to a friend whose computer i repaired. She said she has an antivirus program but insisted that she does not need to install it because she has a firewall. Whoa boy!

It got me thinking that there is much ignorance regarding even the basics of personal computer security. So, i'd like to ask those in the know to share what you know about some of the best (and easiest) ways for a novice user to protect the files and personal information on her computer.

I'm hoping i might learn something new too.

Regards,
Doc
Short of never plugging the computer into the Internet and not accepting disks from other people?

A1. Put a strong password on your personal account, no blanks, not words, no phone numbers, etc.
1. Put a strong password on the Administrator account.
2. Rename the Administrator account.
3. Disable the guest account.
4. Lock the HOSTS file.
5. Install antivirus software.
6. Keep it updated.
7. Run (or schedule) a full system scan twice per week.
8. Install Anti-Spyware software.
9. Keep it updated.
10. Run (or schedule) a full system scan twice per week.
11. Install a software firewall.
12. Keep it updated.
13. Install a hardware firewall (No, this is not redundant).
14. Keep it updated.
15. If you are "surfing" the web, and a message box appears, do not answer it, close it. (Preferably using CTRL + ALT + DEL)
16. Use email forwarding (e.g. get a gmail account and have it forward to your regular account. Use the gmail account as your email address. That way the email goes through 2 services to clean up spam and viruses before you ever see it.)


How many more do you need? I can type all day
Gussery:

Good suggestions, those!

I've done all but #4 and #16.

I'm going to try #16 (as i have a new gmail account). I don't know how to accomplish #4, however.

I know the purpose of the HOSTS file and how to edit it, but will you explain how to lock this file? It sounds like it involves something more than just adding the read-only attribute to the file.

Regards,
DocNope, just add the attribute.

There is also a big list of items that you could put in the hosts files that keep know ad items(like doubleclick.net, really bad sites, etc from even being seen on your computer. For instance if you go to www.msn.com there is always an Ad in the upper right hand corner. But with these additions to the file, I don't see the Ad and it doesn't place a cookie on my computer.

See.....
http://www.mvps.org/winhelp2002/hosts.htm

Lots of other interesting things on that site too.

pcdoc4christ......Wow ......I guess there are STILL trusting people out there .........Unfortunately those who are on line these days dont harbour the same morals ...........
Viruses ........It's not a matter of "if" she ends up with one , but rather "when"......... Please , please ...get her to install it ...and show her how to set it up and run it ..
Firewall ....... Again an essential ........but it must be set up properly to be effective .
E mail........if using Outlook Express .......make sure that the message preview pane is disabled .
And then apply the advice offered by Gussery .........It depends how paranoid one is .........when it comes to security .


dl65
Quote

...Viruses ........It's not a matter of "if" she ends up with one , but rather "when"......... E mail........if using Outlook Express .......make sure that the message preview pane is disabled ....

I'm having a wierd problem, and haven't been able to find any info on it. I built a new computer for my mother-in-law 2 wks AGO. Everything on it works great, EXCEPT her POP email and WebCT account login. First the email: When I type her name into the user display field, it all looks correct. Same with the signature option. When sent, the receiver sees that the email is from MFEMF MFEMF (replacing her first and last name) and the signature is the same problem. When I apply her settings to MY email software, it sends as it should. When she uses the net version of her account, it works fine. When I go into her email program and change the user display to anything ELSE, it sends as it should. If I add her name to it, her name, and her name only, comes out as MFEMF MFEMF, everytime, and everything else is correct. Does this make sense? The secondary problem is that she can't log onto WebCT for her online school. WebCT says "invalid user name" . I "think" her user name is her first and last name. Does anyone have any earthly idea what is causing this? Virus? HARDWARE? Thank you for any suggestions...

End of my rope,
jjw3I can't help with issue number ONE, but for issue number two... Try contacting the online school for a username/password reset... They can help you with that... It COULD be viruses/spyware, but if you have protection, then that is not very likely...

[glb]Flame[/glb]Flame,

Thanks for your response. But problem 2 is interconnected with problem 1. It's her NAME (first and last) and it is somehow only on her computer. She is able to log on to WebCT as well as send email from my computer and her work computer. Changing her username for WebCT would only go around the problem vice correcting it. And you are right about the spyware/virus protection. I have scanned this thing over and over and installed virus-finders but found nothing. Thanks for the input.
jjw3

Norton AV found Trojan.Vundo.B on my system. (I run Windows XP Home, Adaware & SpyBot. and IE 6.0.2800. ) I downloaded the NAV FxVundo.B removal tool, and it says it fixed 4 registry entries, but 1 will be fixed upon reboot. I reboot, and the silly thing is BACK! I know WHERE it is in the registry, but it says it can't DELETE it, and that access is denied. It says it might be in use. It's hiding in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run directory. Any ideas on how to get rid of it for good? According to the Symantec site, removal was supposed to be EASY! It's just an adwrae trojan, but I don't want to spread it to anyone, and I want that darn meesage to go away.
HELP!Found some help here:
http://www.sysopt.com/forum/showthread.php?threadid=180438Thanks - LOTS of options there. I'll check them out & see if anything helps. :-/
Will let you know!
E

I recently downloaded a video that came w/a codecs.exe file to play said video. After I double clicked on the file, it extracted the files and then restarted my computer. However, after booting up, I keep getting a pop up in my system tray saying that no firewall is turned on and despite enabling it over and over, it keeps turning off w/the same pop up bubble. Also, when looking @ my norton antivirus, the auto protect is off and the "enable" button does not respond. Also, the email scanning OPTION of norton has "error" next to it. Did I DOWNLOAD a virus? PLEASE help.


omarvelous......Doesn't sound good .....it certainly SOUNDS as if you may have a virus........Before you push the panic button ......try this ( I'm assuming your Norton is up to date) Reboot into Safe mode......once in safe mode see if you can enable Nortons auto protect and run a full scan ........Let us know

dl65

I have an older COMPUTER and crashed it the other day I have nortons antivirus 4.0 for it but I can't do a live update I get a ERROR message saying that the internet connection was lost but when I had it up and running before it would update with no problem on the internet I'm using aol 7.0.could some ONE TELL me if I have it set up wrong I know it is an old program but.Thanks...... Which operating system are you using?

[glb]Flame[/glb]I'm also using windows 95is your subscription up to date......why not visit majorgeeks .COM for a free anti-virus program......in which should be a standard issue.....in operating systems..[rant ends]

I am currently having a problem opening my files, everytime I click on one of my folders my computer freezes up. To unlock my computer I have to go into task manager and end the process named drwtsn.exe. I believe a virus may be the cause of this problem but I wanted to see if anyone knew a remedy without loading any anti spyware software. Also can someone explain to me what that file does. I am currently using Windows XP.

Thanksdragondog........Well....just to set the record straight .....antispyware software isn't anti-virus software ...they deal with differant issues .

Dr. Watson is a software utility included with Microsoft Windows that is used to help detect, decode and log errors that are encountered while windows or windows programs are running.

A user can run Dr. Watson by clicking Start / Run and typing "drwatson" and clicking ok. The Windows NT and 2000 Version of Dr. Watson can be ran by click Start / Run and typing "drwtsn32". When running Dr. Watson you should see either a new task on your toolbar or on your systray indicating that Dr. Watson is running in the background. If errors are frequently occurring run Dr. Watson to help get additional information about the error.

Do you have a current anti-virus program installed ?
I would suggest you run a scan .

As far as a remedy for not ending up with spyware and adware ........ABSOLUTELY ............Turn off your computer and step away from the keyboard .......
or ........Download and install a decent antispyware scanner .....


let us know

dl65

Thank you for responding and your right, I guess all that stuff comes with the territory when using a computer. I will give it a try and let you know how I fare.

Thanks again. Dl65 I tried your suggestion and it came up with no errors. I think I will try to install antivirus software and anti spyware, do you have any recommendations? And do you also know of anything I can try for free that would work.

Thanks again. dragondog....Ok .....give these a try ......
Anti virus ...... AVG ( free ) ........
http://free.grisoft.com/doc/1 d/l the NEW AVG ANTI-VIRUS FREE EDITION NOW AVAILABLE!

Antispyware ......
Antispyware Beta ( free ) .....
http://www.microsoft.com/athome/security/spyware/software/default.mspx it's very good ......

Antispyware ......... Ad-Aware SE personel ( free)
http://www.majorgeeks.com/download506.html ( not as good as Antispyware but not bad ) .

If your pc is infected with some virus ...now ......you should probably d/l STINGER ........ but use a differant pc and save it to a floppy disc and then run it on yours .
http://vil.nai.com/vil/stinger/ .......This is not a full time virus scanner , but rather a cleaning tool if your pc is currently infected .......the virus may not let you d/l from M/S .

let us know
dl65

dl65.

I did what you suggested and used microsoft anti spyware, ran a check and I was ideed infected. The scan read something like unclassisfied.Spyware.65., so I tried to remove it at first but it came right back on so i quarantined it and lo and behold I could access my files.

Can this file be removed completely or do I just need to keep it in quarantine? Is this something I should be concerned about as far as ALLOWING other spyware on my computer.

You are truly a god send, thank you for your time and response. Well it seems that I may have spoke to soon. As soon as I wrote this to you I went to My computer and the same problem came up. I know I am on the right track as far as the problem so I'll try AVG next to see if it will help.

I'll give you an update as soon as I try it. Thanks dl Nothing better than a good Bug Hunt. dragondog......Ok .......here's what to try .....
First........turn off system restore . To do this ......close up everthing .......now ...click start/All programs/accessories/system tools/ then system restore......when restore window opens click on system restore settings .........when that opens put a ckeck mark in Turn off system restore in all drives . Click apply and ok .......
Next .......click start /control panel / folder options/ click the view TAB ........no scroll down to show hidden files and folders and put a mark in the circle .......click apply and ok .....
Now reboot into safe Mode ( repeatedly tap F8 key as soon as the pc starts to boot ) and select SAFE Mode .
Once it loads in safe mode ( it will LOOK differant than normal) Now rescan again with Antispyware .....MAKE sure you do a deep scan......try and delete the pest from quarantine folder .......If it wont ..........leave it in quarantine. Now run AVG anti virus and delete anything it finds ......

When your finished .......reboot back into normal mode .


Let us know

dl65


That sounds like a plan to me. I'll try it and let you know as soon as I finish. It probably won't be until later tomorrow, my eyes are killing me and I need to get away from this computer, maybe a few drinks would help.

Thanks DL.

info on dr watson>>>http://groups.msn.com/WindowsSupport/articles.msnw?action=get_message&mview=0&ID_Message=2903&LastModified=4675518550419730421Thanks Merlin.
Now as far as my problem I still can't get it to work. I ran a scan with Microsoft's software and it scanned spyware in the form of Unclassified.spyware.65. I ran a scan in safe mode as you suggested dl and no luck. After being able to access my files it locks me out again. the location of the file reads as c\windowswinfc32.dll and another scan resulted it being in a file named c\windows\winxe32.dll.
In the words of the famous Beatles, "Help"

Thanks.

i use stinger and ad aware to remove the IRC-Sdbot trojan but it still comes back when i reboot. plz help
Is this a virus, or spyware? ALSO, which OPERATING system are you using?

[glb]Flame[/glb]Stinger calls it a Trojan (wincheck16.exe) winxpYou could try the microsoft anti-spyware beta.yea! it worked with MICRO's spyware remover.
it was a trojan inside spy sweeper.So I TAKE it that Fed fixed your problem, right?

[glb]Flame[/glb]If you are removing a virus you need to disable the system restore or the virus will activate itself and RETURN

I am running XP and run Ad-aware, Spybot, and AVG and they are clean. When I type, there is a DELAY between my keystokes and the monitor. I ran maintenance Wizard to clean up files, run SCANDISK, and run defrag but nothing helps. Any Suggestions?cojack.....Is this something which has just started ? Did you download something which may have caused this ?
Is you Hard drive in need of a defrag ? Are you perhaps running short of space ?
does it do it all the time ?
Have you tried rebooting to see if that will correct the issue ?

let us know

dl65
How much RAM do you have?

[glb]Flame[/glb]I have 385Mb RAM, plenty of free space, have rebooted every NIGHT. Ran degrag. This PROBLEM started about a month ago. Recovered to 3/30. Looks better. will let you know if it is fixed. Thanks for the fast reply!

Cojack,

Have you tried the accessibility options in control panel, check the sticky key, filterkeys and togglekeys, they contribute to your problem

OK my daughter was online one night and she was in a chat room and someone ask if she wanted his pics and she said yes of course.......grrrrrrr WELL the attachment was NAMED mypictures.exe and her not knowing she d/led it......At the same time , the sender told her Restart her computer......grrrrrrrr well it wont restart. This is what I get.
The file is missing are corrupted C/windows/ IFSHLP.SYS
The file is missing are corrupted C/windows/System.vmm32.vxd
The the name of the windows loader (e.g. c/windows/ system/vmm32.vxd)

I have NO IDEA what is a windows loader.....and IF I cant get to my harddrive .....how do I KNOW anything. grrr

No matter what I type .....NOTHING WORKS..... the screen keeps TELLING me The file is missing are corrupted C/windows/System.vmm32.vxd
The the name of the windows loader (e.g. c/windows/ system/vmm32.vxd)

I have even tried making a start up disk from another pc and copying files and everything......NOTHING WORKS
Could the virus have ERASED my entire harddrive? I think it did

Any help would be greatly appreiciated.
HolliYes, it could have......(but it didn't erase everything because you are getting messages related to Windows components)

Now lets see if it did and if there is something we can do to help you out.

What Operating System are you running?
What Anti-Virus program are you running?
Tell us a bit about the computer itself.

Please, please HELP. AOL Spware PROTECTOR uncovered SpyBuddy, Guardian Monitor, and Start Now on my laptop. I deleted them, and then....

I did the following:

a. Updated my definitions,
b. Turned off System Restore,
c. Restarted in Safe Mode,
d. Rescanned.
e. Found same (above listed 2 keyloggers and 1 adware.)
f. Deleted them.
g. Restarted computer in normal mode,
h. Turned System Restore back on,
i. Recanned..

Result? They're baaaaack. (and I'm not sure they ever even LEFT.)

Did I do something wrong? What can I do to get rid of these?I am not at all up to speed when it comes to computers, so any advice should be given assuming I have no idea what you mean, lol.

Some additional info:
I have a Gateway M305CRV laptop
Use Firefox browser (still have to uninstall IE)
WINDOWS XP Home Version (with SP1)
Mobile Intel Celeron, CPU: 2.40GHz
RAM 768MB
Disc C (free: 16.00GB)

ANTISPYWARE/ANTIVIRUS:

Ad-Aware SE, AOL Spyware Protection, SpyBot S&D, SpywareDoctor, SpySweeper, MICROSOFT AntiSpyware.
Anti-Virus/Firewall: Norton Internet SECURITY 2004

Would so appreciate your help!!
Thanks in advance,
PaulaQuote

Windows XP Home Version (with SP1)

ANTISPYWARE/ANTIVIRUS:

Ad-Aware SE, AOL Spyware Protection, SpyBot S&D, SpywareDoctor, SpySweeper, Microsoft AntiSpyware.
Anti-Virus/Firewall: Norton Internet Security 2004

Immediately perform Windows Update.
First install WinXP-SP2 from Windows Update and then all the Critical Updates (about 19 of them).

HOW CAN I GET RID OF IT?Do you have antivirus or antispyware software that can remove it for you? Also, PLEASE stop using all CAPS... In our computer world TODAY, all CAPS MEANS that you are yelling at us, and is seen as "rude".

[glb]Flame[/glb]hmsam .........Everything you NEED to KNOW to remove it .

http://www.spy-bot.net/MarketScore.asp


dl65

i want to know that few weeks back my sis friend got FAKE mail from her yahoo messenger id.i dont know what type of virus it was and how can we get rid of it.she is still using that yahoo id but with changed password.what type of virus it was?is there any way to proof that, that mail was not from her side?and what are the precautions to get rid of such virus.she didnt send that mail but the friend told my sis that it was really a bad mail and so the friend dont want to talk my sis further.
ONE more thing is that a friend from my yahoo messenger id is also not responding.so iam afraid that may be the same thing has happened.
let me tell u we have cable net connection.is there any way to find who has done this.i will be very thankfull if u can help us out.
searcher....Well , first of all , which operating system are we using on our pc ?
What kind of anti-virus are we using on the pc ?
Is the anti-virus up to date as far as subscription and UPDATED ......... ( if it hasnt been updated , it wont protect against the newer viruses )

Simply getting another Yahoo id hasnt fixed ANYTHING the pc is still infected .........

As to finding out who sent it ........ you know that .........
"got fake mail from her yahoo messenger id."

Don't waste time trying to find out who harvested her Yahoo ID...... Spend the time cleaning out the infected pc.

let us know the answers to the questioned asked above .

dl65 searcher.....It may be this .......have a read .

A new phishing attack has been launched against Yahoo Messenger users, according to security firms Akonix and IMlogic. For now, the scheme appears to be limited to the Yahoo's IM network.

The attack starts with an IM message from a user's buddy list. The message directs the users to a site where they log in and reveal their Yahoo identity and password. The phisher then gains access to all of the users personal ID stored as part of the individual's Yahoo account.

Akonix said most examples it's seen of this phishing attack come by way of unsolicited IM addresses. But IM security vendor IMlogic has seen the Yahoo Messenger phishing attack use existing buddy lists.

Thers is also another one called W32/Hello worm which does similar things on msn messenger .......

"now let me explain u again that my sis's friend got a mail from my sis which she didnt send.
my brother has already cleaned the comp but i would like to know ur expert views abt what virus was that.bcoz my sis wants to explain it was not her who sent that mail.so the question is how can she prove that as it is creating a wrong impression of her. "

Let me try to explain this again....... Your Sister clicked on something sent to her by someone ....this sent username and password back ..........once you have this ANYONE can log in as her and have access to any info in her Yahoo contacts list ........

What can be done ......
Format the pc .
Delete the offending username and password with Yahoo

Create a differant username and password with Yahoo .

Do not reveal the password to anyone ......( it could be a friend that was pissed off at her and knew her password)

Dont ever use the save or remember password option
when logging on to any IM services.

Use caution when clicking on things ....even from friends.

Install a good firewall ......one that looks at whats going out as well as whats comming in ........ Zone Alarm is not bad .


hope this helps

dl65



hi,
u r very very helpful.thanks alot for ur precious guidance.that will certainly help us.i wish u get all the best in this world and hereafter.
thanks again!
take care

...I was told that I should keep using the router as it provided a degree of security.... Is this so.....

i'm having some problems .... i've run antiVir, ad-aware, hijack this and spyware search and destroy HOWEVER i havn't posted my hijack list. and antivir found a number of viruses which have been deleted. now ONE of the problems i've been having is that my norton antivirus will no longer work second any java or activeX programs on the internet will not load. i cannot add any new hardware drivers such as a digital camera and at startup no programs will run for about 5 minutes. anyhelp will be greatly appreciated.listoparacristo ......Well first off.......which operating system are you using ?

Which version of Norton are you using .......and more important ....one of the viruses may have disabled it ....are you sure it's enabled ......... ?

Is Nortons subscription and updates current ?

Have you checked to see if "Java" is STILL loaded ?

let US know

dl65 i'm running windows XP... norton is the 2003 antivirus... and it's disabled and no java is not running either.listoparacristo.......... Is Nortons subscription and updates current ? or has it expired ?
You say its disabled ....cant you turn it back on ?

Have you tried to uninstall Java and then D/L it and installing it again ?

Let us know

dl65 If you can no longer install drivers, I suggest you reformat and take precautionary measures before or directly after connecting to the Internet.listoparacristo....Could you please explain what you mean by ......
"and at startup no programs will run for about 5 minutes."

are you saying that after this time lapse everything is ok ?

let us know

dl65 no cannot start norton and yes it was up to date before it went down.... but i cannot up date it or start it anymore.... there is a lag period at start up where i cannot open any programs ie. explorer, Word. after that i can get programs to open but java and ActiveX still do not run.listoparacristo...... How about posting your hijackthis log ...it may hold the key to whats going on with your pc ....


dl65 here it is:

Logfile of HijackThis v1.99.0
Scan saved at 11:39:21 PM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\RSNet\RSEDNClient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50016
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.ca/
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Albert Elliott\dp-b23011805.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} - http://www.spyblast.com/download/SBFull.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSVCCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file missing)

listoparacristo..... Ok I see a few which should be removed .......So mark for removal the following :

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\incfin~1.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Albert Elliott\dp-b23011805.exe

O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\Winlogon.exe -stealth

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\ebatesmoemoneymaker0.exe"

O4 - HKCU\..\Run: [AutoUpdater]
C:\WINDOWS\System32\aupdate.exe

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C

O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file missing)

Ok ........click fix marked ............and then reboot and see how things are ......

OOPS ....one more thing ........go to ......Sun Systems and D/L java ........ It seems to be missing from your system .

dl65

here is my hijack this log now:

Logfile of HijackThis v1.99.0
Scan saved at 6:21:15 PM, on 5/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSVCCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

my computer is running much better now... however.... i'm still having problems with some programs on the internet.....O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

What are these?

Hello ,i recently checked my personal e-mail while in the office and noticed that i had a lot more than usual in my bulk mail. when i opened my bulk mail box i was supprised to see all my business contacts from the office in my personal e-mail account , with a foreign language ,(looks like French) in the subject field,.. Does anyone know what mught of happen
Sure its not German? I've been getting a few of the German ones myself... So have many others...

[glb]Flame[/glb]Check where the email came from, it's probably Flame's mother. ... Thanks Fed! Actually, you NEVER know... Maybe I'm sending all these MESSAGES out... Maybe not... Maybe it's Fed... Maybe Joleen... Who knows... lol

[glb]Flame[/glb]Don't worry Flame, it is not you. I am getting a bunch of those on one of my email accounts and you don't have the address............. Or my mom's for that MATTER!!!!!!

[glb]Flame[/glb]John_m....... Don't open any of that Email ....it could WELL contain the Sober worm ........It may be in English or German and may referance free world cup TICKETS.......
The Sober Torojan disables Norton anti virus .
The latest Sober worm showed up about the middle of this month .
dl65 Thanks....i will be in touch.Have a great day Thanks ..I'll keep in touch. Have a Great Day

I noticed an icon in the tray next to the clock that is labeled "safely remove hardware". Right click revealed nothing about the item and I won't left click on it. I use AVG for virus protection and run daily scans. There was no recent reports of infection. I then installed Avast and Ad Aware. Both reported different items to remove. The icon remains. My os is XP Pro. Any ideas as to what this icon is,( I suspect it might be an auto format routine), and how I can remove it.

Thanks,
Tin_EarIt's ok. You can release your breath now Do you have any USB devices PLUGGED into your computer? That's all its telling you is that you have the safety feature... Nothing to fuss over

[glb]Flame[/glb]That is indeed a relief! I had never noticed that icon before and became very suspicous after being hit with a virus\trojan assualt recently. Thanks for the assist.

Tin_Ear

P.S. I'm a newbie in posting to forums, what's up with these YABBC TAGS and can they be modified. I seem to have one attached to my nic.Tin_Ear.....So that icon was never there prior to being INFECTED ..........Sounds a bit odd . Usually if you right click on the icon you should be able to see what its associated with ......... Check it out and let us know .......it MAY not be harmless.

What is your concern about the comment attached to your nick ?

dl65 That is your quote. That is the default, becuase YABB is the forum host, so of course, they are advertising for themselves. lol You can very easily change it however...

[glb]Flame[/glb]dl65
I never noticed this icon before. In true, this machine is a spare from my brother-in-law with his os and basic software, my hard drive added as a slave. After being hit by auto dialers and other pests I stumbled across this item and became concerned, if it is a virus\trojan then AVG, Avast and Ad Aware have not detected it.

My main concern is the fact I do not recall seeing this item before. On first boot I looked to see what the brother-in-law had running on this machine and I just don't recall seeing that there, he doesn't either.

Tin_Ear

Tin_Ear...... Ok , then left click on it and let it open ........then we will know what it is ..........
If it turns out to be nasty , we can deal with it ......but we need to know what it is . One more thing....be off-line when you try it ...just in case .


dl65Wait a sec..... I'm not ready to just open something that may dump 70+ Gbytes if this turns out to be a deadly item. You say you can deal with it. If this kills my drive(re-formats or other such problems), I will have to re-install the os and assorted software just to get back here to say things went down the crapper!

I see from your profile you are a senior poster and I do indeed value your opinion...but is this really a step that should be taken. Yes, others could learn from this. However I don't need to practice Russian roulette to know that it can have adverse results

Tin_Eardl65

For the benifit of the forum here are replies from online help sites that mirror Flame's response.

"Nothing to worry about that icon bcz its a windows xp's components.It
appears only when u attach a usb device to ur system.
So that Whenever u want to unplug your usb device u can safely first
stop the device working and then unplug it instead of DIRECT unpluging it."

"This icon normally appears when you plug in a USB device like a pen drive or something.
See a description here:
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdh_dmt_cgwi.asp"

Thanks to all for your assistance and comments.

Tin_EarOk, well come back and see us if you have any more questions!

[glb]Flame[/glb]

What next ONE WONDERS>>http://news.bbc.co.uk/1/hi/technology/4580389.stmQuote

It EXPLOITS a known VULNERABILITY in Microsoft's Internet Explorer (IE).

Hi!!

Ive got a HUGE problem that I just do not know how to help, and since I don't know much about it I dont know if I should take my computer somewhere to get if fixed or what. I just thought I'd give this a go first.

I became aware that it had been affected with a virus or a spyware thingy or trojan or whatever it was, so I bought "Trend Micro Internet security 2005", which the people said was a good ONE.

Anyway, I ran it through the computer and it found 24 virus thingies and apparently cleaned them or whatever, and after that I couldn't do anything on my computer!

I can't open word, internet explorer, run any program, I even cant get into properties when I right-click on the desktop! My computer is dead!! A box pops up saying that it cannot find the files to run whatever it is I've tried to run!

Please, tell me if I do need to take it somewhere or even if this is fixable!

Im using windows XP if that means anything.

Thankyou for listening!!Fixing this may take a while, so I'll provide an easier, and more time efficient answer... I think it's time to reformat your hard disk, and start over... Which operating system is this?

[glb]FLAME[/glb]Start over? *Gulp* That doesnt sound too good...

Which operating system? Ermm... as you can probably guess Im not all that swish with terms and such... Im aware of windows XP, my compy is a HP... um... ??

Thankyou for replying though, I really appreciate it!!!! ^_^Ok... Windows XP... Good... That will make it a BIT easier... This is your call... Would you rather try to solved the problem by trying to install certain files, etc. Or would you rather just reformat?

[glb]Flame[/glb]Im assuming that reformatting erases everything on the computer... so that would be my files and stuff yeah? Oh that would be terrible!! I do a fair amout of writing you see, stories and such, although I suppose I could possibly save them onto floppy's... but them Im also guessin' they'll probably get infected too yeah?

If there is another way I would be very greatful!!Yes... Formatting would delete all files... Also, it COULD happen (the files on floppy be infected), but if they are Word files, then probably not... They would have to be scanned for a definite answer though... So... What's your choice?

[glb]Flame[/glb]Well... someone just quoted me almost $200 to fix it, and I kinda can't affort that right now since I'm going overseas in a couple of months... so it looks LIKE I'll just have to do that. The files on floppy aren't ms word, they're wordpad because they're easier to post on the net, which is beside the point but...

I would be very pleased if you would tell me how to reformat my computer thank you!Read this article for practical steps and information on (re)formatting your Hard Disk Drive.

Caution advised: All data will will be erased on the partition you decide to format.Heheh!! I FIXED it! Witout reformatting! Woo hoo!! There was nother accont on my computer, although it was only limited, and from there I was able to run the virus scan and clean up the dirty mongrels! Then I deleted all that *censored* spyware crap too, and now my computer is almost back to normal again, but atleast everything is functioning properly!

Thanks again for your help though, you guys do a great JOB! ^_^

I was checking my activity log in Norton ANTIVIRUS and found the following entry under "System":

"Internet Worm Protection setting "Port Block Allow NetBIOS change. Old value: 1"

This appears every day. What does that mean? Is it something bad and, if so, how can it be corrected?

Thanks. I see that too in my Nortons log,
I would like to know also
is something in there
CJudging from what is stated there, it seems LOGICAL that Norton is blocking the NetBIOS ports in ORDER to MAKE certain that no harmful malware can connect to them.

Quote

NetBIOS commonly communicates on ports 137, 138 and 139. If your network or computer has a firewall setup that blocks any of these ports it is likely warning messages will be received when your computer communicates with another computer that utilizes NetBIOS (for example Microsoft Windows). To prevent these errors or warnings you must PROVIDE access on these ports.

seriously, I've read alot of your post (Q&A's) and because of your wit and knowledge, I decided to post my own problem.

I have the beta verson of microsoft-antispy. I also have v-com 's Systems Suite (which is the ONLY program that found this virus. I also run microsofts malicious spyware remover from their site. I also (until a few days ago) has SpySweeper (which is good but did not detect this virus!!....ok, I am getting to the bug...just telling what is on the system.

The virus found is :
Troj_BDI.A

I looked it up ONLINE and found it POSES 'medium' damage (my pc just runs a bit slow but I notice when it is idle suddenly the hard drive kicks in and runs on its own at which time, I promptly shut it off). Anyway the problem is this:

V-com anti-virus finds it but can't remove it. It refers me to housecalls which also finds it but can't delete it. I want to know how to delete it out.

Here is where it is at on my system (which I haven't been able to get to:

c:/system volume information/_ restore/fd5555ceo-od66-48fl-9600-ea54fda1927b/rp57/a0021603.exe

any help would be highly appreciated.I don't like to brag but will if forced to. We are great.

When you say v-com can't get rid of this virus do you mean it tries but the virus comes back or do you mean it doesn't know how to start getting rid of it? Turn off your System Restore and boot to safe mode then try again.

I tried the trojan name in Symantecs site and they didn't have any info which makes me think it doesn't really exist.

Try running your msconfig and see what's scheduled for start up, you might be able to prevent it from running.No listing in McAfee, either.

Trend Micro has a listing:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BDI.A

Since it appears to be located in the System Restore area, try scanning and deleting in Safe Mode.O, its real alright but apparently not well known and stubborn as *censored* to get rid of.

Trendmicro suggested 'Housecalls" to remove it. Housecalls did find it but couldn't remove it.

I will try removing in safe mode and keep ya posted.By the way...when I say can't remove it...well the program detects it, asks should it try to remove it or isolate it. But then returns the message that :

"Virus could not be removed. File is still infected."AV SOFTWARE cannot remove a virus in the resore files. Simply turn off system restore, reboot, run the AV - it should be gone. Re-enable system restore.Hope this helps you
FIRST I Agree these pple are Great and are so helpful

now on to your problem

About 2 months ago i would scan with my nortons and it would
tell me it found 1 threat but could not delete
I did not know what threat was.
I scanned with Beta, and adaware SE, and Spybot all found nothing.

My computer began freezing and dying , so I went on line to
the Spyware-doctor site I downloaded the FREE test version and it found 129 virus's on my computer.
I then had to purchase it (only 29.00) and it then wiped them all out)

I am very please with this spyware software and it has lots of protection .
Maybe you can try to do the same it may find your little PESTY but and kill it

Oh mine was Ezula, hijack , virtual bouncer, all kinds of wacko virus and spyware that Nortons dont get,
Good luck
ladytechie.... Have a read and then follow the manual removal instructions ........
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FBDI%2EA&VSect=Sn
Make sure you turn off your system restore feature and be sure to do the registry removal as well .

Let us know how you make out .

dl65

Help! One of our users opened a virus laden email and now that MACHINE can't open either the registry or the taskmanager! I'm running AD Aware and CWShredder but am otherwise in the DARK. Also, Symantec Antivirus Corporate has been disabled and I can't VISIT the Symantec web site.

How do I get out of this? I've got Win XP Pro SP2.

Any help appreciated!

tim nugentPost in one section only.

I WENT out of town this weekend and turned my computer off before I LEFT. Everything was working fine then. Tonight I turned it on and I get a chkdsk configuration page before my computer loaded up. Said Windows XP was checking my configuration and such. Then I noticed it said it was deleting some corrupt files. Well, it did all of this, and then it automatically went to reboot, and now NOTHING is loading up on my computer. I just get the Compaq page then the Windows XP boot page with logo and then NOTHING. I tried loading in safe mode and i just get a blank black screen that says safe mode as usual but nothing else is on there (meaning my files and desktop icons). I noticed last week that my keyboard was acting up - certain letters wouldn't type and then nothing would work. It was also typing a bunch of gibberish before that by itself. I fugured my keyboard was broken so I hooked up another one and then it worked fine. Everything else has been working fine, too. My computer has not been slow or anything. I am not sure what just happened tonight. But my computer is now just a dead black screen. I hope someone can HELP!!!!

THANKS IN ADVANCE!!Michelle........If you try to start and repeatedly tap the F8 key .......are you able to choose ........Last Good Configuration instead of Safe ?

Let us know

dl65 OH, yes I did do that, too - sorry I didn't mention that in my initial post. No, it will not load when I select last good configuration.

Also, I have AVG as my antivirus. I just updated midweek last week and ran a scan when my keyboard was acting funny, but it did not detect any viruses then. I don't see how i got a virus since then, but it seems something is up.Michelle......Have you tried to do a Restore/Repair using your Win XP cd ?
http://www.michaelstevenstech.com/XPrepairinstall.htm

let us know

dl65 also, i don't know what this means but i just tried restarting again. i KEPT pressing the F8 key while the Compaq boot page was up. Above the Compaq logo, while I'm hitting F8, it showed all of these MB numbers scrolling - they just kept getting higher in number. It then stopped at 191MB and then I got an error message and it said "the following configuration options were automatically updated" and then it said "191MB memory". It's never done that before. Then it took me to the Windows Advanced Options Menu.no, i haven't tried that as i do NOT have a win xp cd. a friend of mine upgraded my computer a couple of years ago using his win xp cd and i do not have my own cd of it.Michelle......That was the memory check that you saw running...... What where the option listed in ....Windows Advanced Options Menu ?

let us know

dl65 all of the ones that are always there........

safe mode
safe mode with networking
safe mode with command prompt

enable boot logging
enable vga mode
last known good cofiguration
directory services restore mode
debugging mode

start windows normally
reboot
return to os choices menu


Michelle......What about borrowing a Win XP cd from a friend and try doing the repair/restore ?
You pc won't start normally , wont start in safe and wont start in Last known good configuration .......I dont think you have any other options.

dl65 my friend is having the exact same problem right now....exact same.....have you had any LUCK yet old post ........jan 11 2005!

I ran hijackthis and I can't get rid of some of these files that I think are viruses. After I "fix" them they come back either with different name or same name. How do I permently get rid of them? I am using AVG Antivirus which comes back no virus found. I also ran Yahoo Anti-Spy and removed all items. I want to get rid of whatever it is cause I keep getting an error message Windows Explorer has encountered problem and needs to close.Mandy....Sound like a trojan.....( partcularly if it comes back with a differant name )
Usully hijackthis is very good at removing trojans .......Are you sure you didnt miss removing all the bad entries ?

Run your hijack again and post it here ......

Cheers

dl65 Logfile of HijackThis v1.99.1
Scan saved at 4:01:46 PM, on 6/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: INTERNET Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\sttfrrm.exe
C:\Documents and Settings\Amanda\My Documents\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ncdvzgr] c:\windows\system32\sttfrrm.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: BACKWARD Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c282.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2918.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Mandy ......First turn off your system restore ........
Then delete cookies , temp internet files and history ....


Then ...... Mark for removal ......

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c282.cab

These are not necessary ...I would remove them ...

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN


Give this a try and let us know ......

dl65




It didn't work. I'm wondering aren't some of these items a virus? And how do I delete them?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE

Also what is this c:\windows\system32\covdwp.exeEverytime I delete a different one comes back in the list.
Now says O4 - HKLM\..\Run: [rvvpwuq] c:\windows\system32\kplvzp.exeMandy..... Lets try this and see what it finds
http://www.softpedia.com/get/Antivirus/Ewido-Security-Suite.shtml

This is a 14 day trial ......... Give it a try ...its very good at finding and removing trojans .

BTW ...what happened ...your pc was running ok after the last go round ...what did you download ?


let us know the result ,

dl65 Well I think I SOLVED the problem. I ran my computer in safe mode and then ran my antivirus and it found 7 viruses in my yahoo parogram! For some reason the antivirus didn't catch it in normal mode cause I ran it several time and it came back clean. Anyways, since doing that earlier I haven't had the problems. So FAR so good! Thanks for you help.You may wish to look into the following programs as well:

AVG Free
-- Anti virus scanner
Adaware SE Personal
-- Anti spyware scanner
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Yep, its me again... GRR... anyway!

When I disconnect from the net (Yes, Im still on flamin' dial-up) and then attemtp to reconnect, somehow the number im dialing to CHANGES to an international number and it changes my username and password!

Can anyone explain that to me? Its really beginning to get annoying when I have to manually recreate the the connection thingy.

Thanks, Mu xxx Yes, it looks like you have a trojan dialer.
Try here for a start
http://www.pandasoftware.com/activescan/Thanks for that, Im giving it a go now. Ive tried scanning my compy with my virius checker, but it comes up with nothing! And I just got it too, so its fresh... and not something I DOWNLOADED for free, I paid $100 for it, so I kinda expect it to work!I'd expect Spybot S&D WOULD get rid of it for you too, I remember watching it scan and seeing 'dialer' go through.Use the following scanners:

AVG Free
Microsoft Anti-spyware
-- Assuming you are using Windows XP Home or Professional.

Optional.

Very important to have a function firewall in order to prevent Trojan Horses and/or Viruses from connecting to the Internet once present and installed on your system.

Zone Alarm Free

It is of utter importance that you install and use these tools. Either refer to the documentation or ask us for support when installing/configuring the software.
OMG please tell me you didnt spend $100.00 for spyware software
I have Counter spy $20.00 and it is absolutely great!!
I also have Spyware Doctor which is great $29.00

I have 2 because PC Magazine said both are good
and what one may miss the other can pick up

I am a spyware magnet i think lol I seem toalways get it
so now Im very careful and scan regular.

You may want to get one of these and get the free Beta from Microsoft also
Good luck
I agree.. Hopefully that kind of money was not spent on ANY PC utility for Spyware and Viruses... (You can get both for free)

[glb]Flame[/glb]Wow, thanks for those, Ive downloaded one already and its HELPED heaps!! It cleaned a tojan in like 40 seconds!

And I was so desperate to help my poor computer I paid that much. Mind you, its in aussie dollars so if you're thinking in terms of american dollars then that is not so!

But anyway, thanks heaps!!! I am very appreciative!

I have a problem with spyware and I was wondering if the anti-spyware programs Im looking at like Sunbelt SOFTWARES CounterSpy 1.0 are able to find and delete the spyware on your computer?Jack Johnson.......If you have Win Xp installed , I would D/L Antispyware Beta.......... get it at .........
http://www.microsoft.com/athome/security/spyware/software/default.mspx .....It's free but even more important it does a very good JOB ...........
Have you TRIED ..... CounterSpy 1.0 ? I am just going to check it and will let you know .

dl65 Jack Johnson.......Well , I just installed it did a scan.......It appears to be almost identical to ..........
Antispyware Beta ..........In fact the two apps look like they were designed by the same people ..........What I did notice though is that it will work with Win 98 SE and up .......where Antispyware Beta will only work with Win 2K and XP .
I am going to stick with Antispyware Beta ........
Oh , yes when I ran it .....it found 2 cookies .......I told the app to ignore .......then I ran Antispyware .....and it found the same 2 cookies ......


dl65 Thanks a bunch man. I do have a question then about Microsofts beta program. I know its free now, but when this is a finalized product, is it supposed to cost money or do you know anything about what the future of this software is to be? Thanks again, youve been a great help.Jack Johnson......According to the report which was released several weeks ago ........( I can't find it RIGHT now ) but what it said was that M/S had re-evaluated their thinking and the product would remain FREE .

dl65 dl65, thanks again. I think Ill try M/S. You are correct MS has decided to keep it free.... But what impact does that have on the small specialists who are specialised in this area and do a very good job. I evaluated the beta version,, very basic and not as advanced, half hearted product I guess. Could start a war!! like the Netscape saga???bcigarman......"But what impact does that have on the small specialists who are specialised in this area and do a very good job."
I don't think it would impact the specialists ..., certainly not in the longterm .
Out of interest ,which antispyware scanner is your favourite?
Let us know

dl65

I have Counterspy and its great.
Beta from M/s is good too

I recently read in PC world its good to have couple diff
spyware programs because not all get updates at same time and some may be missed by one program and found by another

one is not enough
I too have spyware programs
I have more Computer-condums than I care to think about lol
(no offense anyone)Run spysweeper .........trial version from webroot.....if you have a good firewall.it will tll you more check LOGS......and clean your pc after using the net.......when closing down the pc after usage.Like disk cleanup....delete intenet files etc.

What a boxer he was !

Hi there cyber gurus - need your help! I am RUNNING windows xp HOME and I recently connected to a new broadband server without any undated antispyware on my computer (dumb I know :-/) Consequently I received a flood of spyware which would cause my computer to freeze up everytime I was connected to the net. I downloaded Adaware, Spybot and Windows antispy as well as another free antivirus program (ASL?) and ran them on my computer. They picked up a lot of spyware and I was able to clean it - but it would keep reappearing whenever I connected to the net. My PC works fine when I'm not on the net but FREEZES up whenever I connect. I've tried about five of the latest antivirus/spyware programs but nothing seems to work. Any solutions? (short of wiping the whole drive and starting again)best option.......scan in safe mode f8 key on boot...disconnect from the net......and disable system restore.....And just to answer your question in the subject line, YES. Spyware CAN block internet access if that's what it was designed to do.

[glb]Flame[/glb]However, it would no longer be spyware as spyware was designed to relay through your personal information. It can not do this when your Internet connection is malfunctioning.

However, large amounts of spyware may still cause your Internet connection to become unusable.

I advise you to install the following applications:

AVG Free
-- Anti virus scanner
Adaware SE Personal
-- Anti spyware scanner
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
ZoneAlarm Free
-- Free FIREWALL - more user friendly
Sygate Personal
-- Free firewall - more configuration options
Thanks will give it a try and let u know how i go...Be sure to disable any other anti viruses you have (Such as Norton), if you decide to use AVG's resident shield..
I just deleted my Norton... It's a piece of crap.I agree ..........nav/nsw.......kills pcs......ghost is ok......Microsoft Antispyware works on W2K too.
Mock LOL!

My homepage is being CHANGED. it is being changed to blank which has a search for stuff like *censored*. Download spyware protection... May I suggest Spybot earch and Destroy? (Microoft ANTISPYWARE is better if you have Windows XP)

[glb]Flame[/glb]LMAO!! Well anyways.. switch to Firefox if you have not done so.. I've heard of other great browsers like one named "Opera?"
Well give those a try!Ahem... MSN all the way!

[glb]Flame[/glb]Quote

My homepage is being changed. it is being changed to blank which has a search for stuff like *censored*.

Ahem... MSN all the way!

[glb]Flame[/glb]

Has anyone outthere heard of this
http://www.0x90-team.com/diablo
Everytime we start up our server this starts running.
It can be closed but will re-open on next startup.
We were hit with a virus lastweek called (gaobot) but has since been cleaned except for this diablo web page.
Can anybody GIVE me some info on this or tell me how to get rid of it?

Thank you.% Information related to '62.193.192.0 - 62.193.207.255'

inetnum: 62.193.192.0 - 62.193.207.255
netname: AMEN-FR-NETWORK
descr: AMEN France Network
descr: For Spam/Abuse COMPLAIN please send mail to [emailprotected]
country: FR
admin-c: AN1108-RIPE
tech-c: AN910-RIPE
status: ASSIGNED PA
mnt-by: AMEN-MNT
mnt-lower: AMEN-MNT
mnt-routes: AMEN-MNT
rev-srv: ns1.amenworld.com
rev-srv: ns2.amenworld.com
source: RIPE # Filtered

role: AMEN NOC
address: AMEN - Agence des Medias NumeriquesWhat does all that mean???Is this nothing more than a simple browser hijack?
CWshredder, Hijackthis.either send them an email>descr: For Spam/Abuse complain please send mail to [emailprotected]
or have a spam filter program.....installed//mailwasher

or block the isp ports>>62.193.192.0 - 62.193.207.255
in your firewall......or ie6 tools/internet options/security/restricted sites.......click the sites tab and copy and paste the above WEBSITES into it....

SOMEONE maybe port scanning.....check your LOGS....Thanks, I'll try it in the A.M. Merlin_2,
You are a wizard!!!!

Thanks alot!
WRWSS

AMLI: ACPI BIOS is attempting to read from an illegal IO port address (Ox71), which lies in the Ox70-Ox71 protected address range. This could lead to system instability.



Does anybody know what this message MEANS, or how to FIX it?You MAY have to UPDATE your BIOS. Check out:

HTTP://support.microsoft.com/?kbid=283649

Good luck.

I need help to completely REMOVE kazaa and help to remove other programs. I did PUT remove programs but it doesn't work. Does anyone know any programs that could help me and that are free? Also my task manger won't open cause it says that my task manger has been disable by adminstrator?Jeffboi..... What operating system are you using ?
Are you the system administrator ?

let us know

dl65 You will need to be the Administrator account for anothing of the sort to work... Probably why the uninstall did not work... You need the administrator to do that...

[glb]Flame[/glb]Yes I am but it didn't work. I want to uninstall all the things that has to do with kazaa and can you tell me any programs that could help me that I can download?Well, ACTUALLY.... Just go into My Computer -> C: -> Program Files ... Next, just delete the Kazaa folder...

[glb]Flame[/glb]Use a registry scanner to complement the task.Also, many spyware removers and other malware removers will see the residuals and remove them. Spybot S&D, MS Spyware Reoval, etc.

I have/had viruses and can't find anything on them. Hoping you can help:
Proxy.12K
Proxy.16Z
Worm/Agobot.53.Z
Java/ByteVerify

They are embedded or in archives. Not sure what that means. These are from previous scans. Current one says no viruses. Am I alright or do I need to do something? Thanksguiness ...... Here's what I found .
Worm/Agobot.53.Z
http://translate.google.com/translate?hl=en&sl=es&u=http://vsantivirus.com/agobot-atd.htm&prev=/search%3Fq%3DWorm/Agobot.53%26hl%3Den%26lr%3D%26sa%3DG

Java/ByteVerify
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453089160

It might help to do a scan with hijackthis and post it here for us to look at......If you dont have it ....get it at
http://www.majorgeeks.com/download3155.html

let us know

dl65
Logfile of HijackThis v1.99.1
Scan saved at 11:15:25 AM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\GRISOFT\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.829\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %SYSTEMROOT%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Windows] system.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\Shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094660909415
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
guiness..... Ok ....I see a few things which should be marked for removal ............

ok close up everything and run hijackthis again .......

mark for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp


O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaengine0400.dll",cdaEngineMain

O4 - HKLM\..\RunServices: [Windows] system.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\Shdocvw.dll (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab


O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

ok .....now click fix marked ....reboot and see if things are ok .

let us know

dl65
Turn off system restore, and turn it back on again. Your restore points that were infected will be gone.

ok I got these trojans but I DUNNO where from or what the are HOOKED to I got windows XP sp2 with messed up .exe AND . LINK files * maybe to the trojans Exploit Byteverify-Exploit Byteverify Jv/Sheil BackdoorAVW http://housecall.trendmicro.com/www.download.com and GET AVG.

I use Norton Corp v8.1.0.825 and i opened my email client yesterday and it immediately detected [emailprotected]!enc and quarentined my whole INBOX. I use Mozilla Thunderbird. There are some very important emails in there that somehow i have to salvage. Anyone have any idea at all how i can get my emails from my inbox back?

Thank you for any help,
WayneYou should remove the virus and OPEN Norton. From there you can control the Quarantine section.Well when I try to have it remove it I am told it can't clean it because I am trying to clean files that are in an email message.Straight from Norton...

Quote

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


Disable SYSTEM Restore (Windows Me/XP).
Update the virus definitions.
Run a FULL system scan and delete all the files detected as [emailprotected]!enc.

please help!!
I am running Windows 98 and since LOADING and updating Norton Security/Antivirus programme, I can log on to the internet, but cannot open EMAILS or access any sites on the net.
If I disable Noton, I am then able to, but of course then I have no protection.
What am I doing wrong???
Thanks

Is this just Standard Norton Anitvirus or Security Edition, etc.?

[glb]FLAME[/glb]Yes, it is. I have it up to date with liveupdates.Ok... You weren't very specific... Is it AntiVirus or Internet Security? Also, do you have a firewall installed? Have you scanned for spyware/viruses?

[glb]Flame[/glb]Sorry, I'll try to be more helpful

It is Norton Internet Security and I have the security,personal firewall, intrusion detection,norton antivirus, privacy control,ad blocking,spam alert, and parental control all turned on.

I also have Spybot Search and Destroy, and PEST parol and I have run both of these successfully ( with norton security disabled) in an attempt to fix the problem

I have also run Scan Disk and done a defrag.

I have only had this problem since I uninstalled Norton Internet Security and reinstalled it because I was having a problem with my comnputer freezing all the time when I first started it up. It is not freezing anymore, but SEEMS like I may have eliminated one problem and gained another.

ThanksI would remove all traces of Norton & start again.
There may be removal instructions at the Norton website and possibly a removal tool.

everytime i tried to view history
the lil side bar opens nd instead of showing my browser history it SAYS:

xml parsing error: unclosed token
location: chrome://broswer/ceontent/history/history-panel.xul
line number 61, column 9:

is it because i have a virus??
nd EVER since yesterday when my son went on my computer
a bunch of ad pop ups came up
nd everytime i scan it with spyware its still there

how do i fix it?Please only post them same question once... Your last one was on the IE board...

[GLB]Flame[/glb]o IM srycan you help me?

Hey Flame,
Have you ever heard of the Elvis song "Suspicious Minds". Hmmm.... put out a virus and then see if "your" program catches it...cha-ching $$$$$Quote

Well, AVG sounds great but it doesn't come with a firewall. That would be an added cost. dl65 & hywaydave, please keep us POSTED on how AVG works out for you.
Thanks to you all!