InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3351. |
Solve : Help! I seem to have an email worm? |
|
Answer» It is now AVG Anti-Spyware... |
|
| 3352. |
Solve : Major computer problems, spyware, trojans the works? |
|
Answer» As you are new, you should browse the forums and see that AVG Free, SPYBOT, AdAware and CCleaner are frequently recommended. They are all free.This is an EXAMPLE of someone posting a question to a thread UNrelated to the original issues. |
|
| 3353. |
Solve : Help!What`s going on?? |
|
Answer» I received email from someone I don`t know telling me to "stop sending them this crap". I never sent them anything. This was through my yahoo mail.Is someone using my yahoo ID (and password)? Am I a part of a SPAM-bot network? How can I tell? |
|
| 3354. |
Solve : Need help recovering from Smitfraud.C? |
|
Answer» Hello, I'm NEW to the board, so please forgive me if I'm posting erroneous information, while leaving out the important stuff. I don't think more spyware removers are going to help. Spybot and Windows Defender already failed, in both safe and normal modes. Since I didn't get a recovery disc with this computer, I don't have any option now but to format the C drive and buy a new copy of XP. I just hope that the malware hasn't infected the BIOS or will otherwise survive the reformat, or I'll be wasting more money. My machine's pretty much an expensive boat anchor as is, and that's pretty depressing.Smitfraud is not your average infection, it requires specially made tools to remove. http://www.spywareremove.com/removeSmitfraud.html Download that program and FOLLOW its instructions. Do not ignor this post like you did my last one or your problem will NEVER be solved. No regular spyware remover program can completely remove smitfraud. smitfruad will get it just google it.. make sure you dl it from a good site http://www.google.com/search?hl=en&q=smitfraud&btnG=Google+SearchThanks for the help. everyone! I tried Smitfraudfix, and that seemed to work on that one. However, I had several other INFECTIONS I couldn't get rid of. I couldn't run Panda AV, install ANY programs, or burn any discs. Yikes! My computer was custom built, with no recovery/installation disc. So, tonight I made a bootable disk on an uninfected computer and ran FDISK on my infected one. I bought a new copy of XP at BestBuy and am installing that now. So far, so good. I lost some data and programs, but no biggie. That's a good tip about POSTING THE COMPLETE HIJACK LOGS. I hadn't noticed that mine were getting the ends clipped off! D'Oh! Cheers. |
|
| 3355. |
Solve : PWS- LSP Trojan? |
|
Answer» I've searched for how to get rid of this. McAfee can't clean/quarantine or delete it. And it doesn't allow me to access the internet. |
|
| 3356. |
Solve : Spam- Xarvester? |
|
Answer» I have a virus named Spam- Xarvester. McAfee can't do a thing about it and AVG can't find it. It keeps trying to send an email and McAfee blocks it, but it just keeps trying over and over. McAfee was also messed up somehow, whenever I boot, a window pops up saying that components of ActiveShield are missing. |
|
| 3357. |
Solve : Icesword 1.20 ?? |
|
Answer» I saw ICESWORD 1.20 on Major Geeks. They say, "IceSword is an effective tool against rootkits". Does anyone have an OPINION about it? Is it worth downloading? |
|
| 3358. |
Solve : logex problem? |
|
Answer» i have this logex text document that CREATE itself in my c: after i surf any websites. |
|
| 3359. |
Solve : X-HIV Infects Internet!!!? |
|
Answer» Ya guys have you ever heard about the SoBig virus? |
|
| 3361. |
Solve : HELP! I don't know what this is!? |
|
Answer» I keep getting a pop up message (actually 2 similiar mssg.) - it says Messenger Service in the top corner and in the box it says: I found the Shoot the Messenger website and I tried to download it and I am unable to. What site was this?Quote from: srksrk on April 23, 2007, 11:00:38 PM I found the Shoot the Messenger website and I tried to download it and I am unable to. The downloading screen comes up, but the progress meter doesn't show anything and then after a while I get an error saying it was unable to download and it timed out. ? It's a tiny DLoad and probably finished before you blinked...where do your downloads go to ? ?if your using xp you should be able to go to control panel -> administrative tools -> services a list of services will open in a window then find Messenger right click on it select properties and then a box will open up in the drop down list startup type: in the middle of the box select disabled click apply and these messages should go away THIS WORKED! Thank you, Thank you, Thank you! to everyone for there advice. This is a great site. |
|
| 3362. |
Solve : About:Blank virus web windows close automatically? |
|
Answer» Hello, |
|
| 3363. |
Solve : trojan removal? |
|
Answer» Hi. |
|
| 3364. |
Solve : tracking blog guests? |
|
Answer» is it POSSIBLE to track people who visit your blog (any way at all)? And how dangerous can those sorts of viruses be? |
|
| 3365. |
Solve : Malware wiped 5.3 and spydare? |
|
Answer» Help me. I have two computers that is infected with spyware. The first one has malware wiped 5.3 and spydare. I think they are the same program. Spydare flashs a circle with a red line through it over a question mark. Click on the flashing question mark and it take you to a site that wants to scan your computer and pay to buy the program. Yet can not uninstall either program. I know it is a scam/id theft program. I ran pest patrol. The spyware prevents pest patrol to update its files and scan the computer. I have Windows XP home and I.E. Explorer 7 on the computer. Thanks. I suggest you print this out to help you follow my advice. *********************** Make sure you have exposed all Hidden Files & Folders. To enable the viewing of Hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the CHECKBOX labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and close My Computer. *********************** Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from TIME to time]. ******************* Rehide protected system files & folders by doing the reverse operation to that listed at the start of this post. ******************* Lastly, download a self-extracting copy of HijackThis from here ……. http://downloads.malwareremoval.com/hijackthis_sfx.exe Save it to your Desktop. Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder …… C:\Program Files\HijackThis Go to this folder and run the hijackthis.exe file. From the menu click on "Do a system scan and save a logfile". Copy and PASTE both the AVG AS scan report and the HJT logfile to this thread. More specific removal instructions will follow. OJ Info on the program you mentioned... MalWare Wiped: AGGRESSIVE, deceptive advertising; uses flawed, inadequate detection scheme; same app as AdwareDelete, AntiVirus Gold, SpyAxe, SpyFalcon, SpyLocked, Spyware Sheriff, SpywareStrike, TitanShield AntiSpyware, & VirusBlast [A: 12-28-05 / U: 12-26-06] I would certainly STAY away. And keep the issues in the same thread so those helping do not get confused... |
|
| 3366. |
Solve : has encountered a problem?? |
|
Answer» when i try to open a program, ill GET errors mostly saying something has encountered a problem and needs to close, if i try to open it 2-3 times it'll keep saying that. then the 4th time it'll finally open. i also get alot of those dwtson.exe errors. i tried to get rid of watson, but it keeps coming back. any suggestions on how to resolve this?cgts18...... Wow with all the info you have provided , it's hard to know where to START ......... How about this ........... |
|
| 3367. |
Solve : Big problem with 'generic.dk'? |
|
Answer» Recently I've been getting notices by my Macafee that I my 'C:\windows\system32\crunner' file is infected with a 'generic.dk' Trojan. I try to delete/quarantine/clean it but apparently its 'write protected'. I specifically scanned the 'crunner' file with Lavasoft adware se and it revealed 6 viruses and I cleaned them all, but I still receive the notices about the Trojan. Is there anyway to GET rid of this WITHOUT completely reformatting my hard drive?Download Trojanhunter 4 from here ... |
|
| 3368. |
Solve : can't delete virus... please help!? |
|
Answer» i have a virus (TROJ_CONHOOK.AA) located in C:\WINDOWS\system32.icwiew.dll, and security program (trend micro pc-cillin) says that it needs to be manually deleted. I don't know very MUCH about things like this, and I'm not sure if the file it's located in (icwiew.dll) is important or not, but each time i attempt to delete it, it says that it is being used by another program or person. even when i close all the PROGRAMS on my computer, halt internet traffic, ect. the message still comes up. i need to know how to delete icwiew.dll, or clean out the virus if this file is too important to delete. please help! thank you. echinococcosis...... First of all , it's a trojan ....... So if your using win XP , the first thing to do is to turn off system restore on all drives. Go to the control panel and click on the [highlight]system icon [/highlight] ( make sure you have the control panel set to display the classic view ....... When the system properties BOX opens ....click the [highlight]System restore tab [/highlight]( up top ) when the new window opens , put a check mark in the box in front of "turn off system restore on all drives" then click apply and ok and close up the control panel and exit . Now reboot your machine into "SAFE mode" ..... Once it shuts down ,and just as it starts to reboot, repeatedly tap the F8 key until you are offered various options to start ....select SAFE mode ......... DLoad, update and run the following: I'm somewhat suprised these tools didn't handle your issue...Those tools can't remove pebcak errors. Gotcha... |
|
| 3369. |
Solve : Possible Downloader time bomb problem? |
|
Answer» Hi everyone, I am new to this forum so hello. I think I have the Downloader.Trojan on my computer and have run both Norton and AVG to try and seek it out, no luck. I got this message in AVG Can you list any other protection programs you have ? ?thisthe log will go to 23 itll take two or more post..I think the virus has done something to the original POSTER. At least it wasn't the aliens this time... Maybe due to the use of an out of date version of HJT and the fact that it's in a temporary location, hmm...?? OJ |
|
| 3370. |
Solve : Ran AVG and this is what I got...? |
|
Answer» Hello, obviously I'm new here..Hello. Ok, so here is my prob. |
|
| 3371. |
Solve : Unregistered Version of Softdefender? |
|
Answer» Help! |
|
| 3372. |
Solve : Hijack This Entries? |
|
Answer» i did a Hijack This scan, and i came up with a few entries that were previously not there. they are as follows... |
|
| 3373. |
Solve : cpvfeed popups? |
|
Answer» I'm having trouble with lots of irritating IE popups (though I use Mozilla), most of them being sourced to url.cpvfeed.com |
|
| 3374. |
Solve : Web Browser Hijack? |
|
Answer» Logfile of HijackThis v1.99.1 Scan saved at 3:07:54 PM, on 07/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Ray\zoftwares\comphope\hijackthis_sfx\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to MICROSOFT Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://66.35.195.125/webcomp/ver5.4.4.0/wbaxuiph544.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab55708.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O23 - Service: ACU Configuration Service (ACS) - UNKNOWN owner - C:\WINDOWS\system32\acs.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe I asked you to give us an update on how the computer is operating now. You don't say but I guess it's OK now. Right? OJThe computer is running fine except that I notice the boot time has increased. Well, i guess its because I have installed many anti-virus stuffs. I tried to find "Softomate" entries in the Registry but couldn't find any. The Ad-Aware ALWAYS finds this Softomate thing & MRU Lists. Here is the log file of Ad-Aware: MRU List Object Recognized! Location: : C:\Documents and Settings\SZR\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\SZR\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Softomate Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 9 Category : Data Miner Comment : "{01E69986-A054-4C52-ABE8-EF63DF1C5211}" Rootkey : HKEY_USERS Object : S-1-5-21-2575881574-1178726471-879617933-1005\software\microsoft\internet explorer\toolbar\webbrowser Value : {01E69986-A054-4C52-ABE8-EF63DF1C5211} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 18 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 18 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [emailprotected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:[emailprotected]/ Expires : 02-04-2008 2:03:30 PM LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 19 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 19 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 149 entries scanned. New critical objects:0 Objects found so far: 19Clean your system out with Ccleaner then run AdAware again. Post the AdAware new log. OJDone the CcCleaner & scanned again with Ad-Aware, pls find the log below: Ad-Aware SE Build 1.06r1 Logfile Created on:April 7, 2007 6:16:12 PM Using definitions file:SE1R164 02.04.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 07-04-2007 6:16:13 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-2575881574-1178726471-879617933-500\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 149 entries scanned. New critical objects:0 Objects found so far: 2 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 6:31:28 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:15:15.196 Objects scanned:155431 Objects identified:0 Objects ignored:0 New critical objects:0 Sorry for the delay. Looking better. How are things now? Are you OK? Got any ongoing problems? Let us KNOW and give details on lingering issues. OJ |
|
| 3375. |
Solve : prob with viruses? |
|
Answer» I have AVG anti virus, and it found 3 viruses and 2 trojans, but it only got rid of 2 of them. why DIDNT it do anything to the othersScan in safe mode with system restore turned off.Get AVG Anti-Spyware too.You probably have AVG CONFIGURED to move virii to the virus vault...have you CHECKED the vault ? ?how do you turn of SYSTEM RESTORE anyway?GOOGLE found this in .84 seconds: |
|
| 3376. |
Solve : Strange Sounds? |
|
Answer» My Girlfriends Laptop got some viruses that i CANT remove, one of them is a "Drivecleaner" virus, that Popps up now and then telling her to registrer cause her computer is under a risk. Your AV software won't pickup drivecleaner because it's not a virus, use RogueRemover from[highlight]RogueRemover will fix errorsafe too.[/highlight]Cheers m8, ill check it out, but still need some help with the strange sound tracks. Seems to be 3-4 diferent sound tracks that comes, all running in IE. Anyone at least know what folders this file must be in and what cinda file it must be? its no visual program running, the tasklist just say Iexplorer. and it comes when nothing is running tooWell, Rogueremover 1.09 dident find the errorsafe program :-/ :-?That's strange, errorsafe is on the rogueremover target list. Are you sure you have got errorsafe, how do you know?yeah, i SAW it on the list. She got errorsafe cause the massage tells her to download errorsafe, and it opens a window with the errorsafe download site.I was hoping RogueRemover would be the 'easy' button for you... I guess not. It looks like ErrorSafe is a Vundo variant so you will have to run vundo fix. http://www.bleepingcomputer.com/forums/topic18610.html Let US know how it goes. havent tried it yet... but found something about the strange sounds, i were looking for some drum tabs on my computer when i heard one of the same sounds that she has. i was on http://www.911tabs.com/tabs/k/kiss/guitar_tabs/strutter_guitar_tab.htm and then i heard it. and i found out it was some short movie down on the site that plays a girl that dances some dating site or somthing. and when i use the taskist to exit iexplorer the sound stops on my girlfriends computer. i culd not find the link of the site cause smart me had to click away and when i tried again some times later i only get a smilie window down there, followed that to http://smiley.smileycentral.com/download/index.jhtml?partner=ZNxmk142&nsrc=az2&click_hash=115sNHl&ref=http%3A//www.911tabs.com/bands/m/index4.html ill see if i can dig something else uphere's a tip... minimize your volume or disable your sound system first while fixing the problem so that you won't get irritated with the sound. What program does the soundtrack use to play itself? whatever program it is (Winamp,Musicmatch, etc.) remove that program and re-install it. If you don't have the isntaller for it then remove all the sound tracks from list and reboot, then scan the drive where you stored your playable tracks. This happened to my cousin's PC, he just removed the player and re-installed it, quick and easy.Well, the sounds play from iexplorer (internett explorer) so theres no playlist, and it comes when it wants too, no mather if your doing somthing or not. dont need to click somthing, it just comes. Dont mather if you dont run any programs (itunes, IE, firefox etc). |
|
| 3377. |
Solve : Storm Worm hits computers around the world? |
|
Answer» [highlight]** f..y...i... **[/highlight] |
|
| 3378. |
Solve : spyware that i can get rid of? |
|
Answer» hi everyone i posted a question in the windows xp topic hols??? its nice to see you backDitto. I've been wondering when you'd FINALLY come back, oddjob.Quote from: unlovedwarrior on April 20, 2007, 09:28:24 AM hols??? its nice to see you back Holidays. my bad raptorThanks everyone. Meanwhile ... back at the ranch .... how's it going, 2jzlux? Any improvement in the last three DAYS? OJQuote from: unlovedwarrior on April 22, 2007, 09:50:30 PM my bad raptor Don't worry about it. |
|
| 3379. |
Solve : Physically Installed Keylogger?? |
|
Answer» There's always the option of starting to re-write a resume'...i wouldn't stay in an uncomfortable situation for long myself. So I understand you have no interest in giving me guidance, GX1, because you would RATHER jump to conclusions about how people are only trying to get around the fortress that IT has created... I thought we were trying to look at this in DIFFERENT lights to fully explore the situation, and I was telling you how it worked in my corporation. Yours may or may not be different. I think you were the one that jumped to conclusions about me. |
|
| 3380. |
Solve : f virus is this?What virus is this?? |
|
Answer» What kind oI don't exactly know...can't SEE it from here.I can't understand the QUESTION from here. It COULD be the 1/2 sentence virus...a nasty ONE !He should rem |
|
| 3381. |
Solve : viruses - found on webpages? |
|
Answer» Has anyone gone to a site that gives you a virus when you go on it (one of the pictures or something has a virus in it, and is automatically downloaded into Temporary Internet Files)? a site that gives you a virus when you go on it I don't think it affected my computer.....Well, it did on mine. Do you have AVG (7.5 Free) on your PC?No I've got Norton, works for me.As I've said in numerous posts, AVG is way better than Norton. But I suppose if that does it for you... Well, you probably have a Trojan Horse on your computer now, because with AVG, it shows a pop-up as soon as you have a virus. With Norton, you'll probably have to search.With norton, it pops up too.I haven't used it for so long, I've forgotten. Maybe AVG is more up to date?What was the name of this virus/trojan/bug/dream?Trojan Horse Downloader. Small. 58. AW It's in my AVG Virus Vault. I'm goin offline now, so I won't reply until late tomorow.Quote from: Fed on April 19, 2007, 04:23:56 AM What was the name of this virus/trojan/bug/dream?Dream? I new they could intrude in your dreams......its not uncommon for this form of infectionYes, but I don't like the FACT that a link to this site is in SOMEONE's signature...Quote from: Dark Blade on April 20, 2007, 12:32:58 AM Yes, but I don't like the fact that a link to this site is in someone's signature...That's not good, advertising a virus. |
|
| 3382. |
Solve : I can’t access anything in Windows 98 Normal Mode? |
|
Answer» My friend is using Windows 98 and she opened an email in AOL from 1nc048.com but didn't click on any links. She deleted the email and signed off of the internet. Later, when she went to sign back on to the internet, she realized she couldn’t access anything on her desktop. We restored the registery to an earlier point and that didn't do anything. What can we do to fix this problem :-/ Thanks weyesup..... Are you able to reboot into the safe mode ? If you can , go there and then do a full virus scan and see if anything shows up . |
|
| 3383. |
Solve : Sys32.lsb-unco?? |
|
Answer» RemoveIt when scanning tells me I have the malware Sys32.lsb-unco. But then freezes (Just RemoveIt. Everything else is okay.) and I cannot click on "fix". Or rather do, but nothing happens. I then have to close via TASK Manager. None of the other security below finds this problem and putting it into a search engine did not come up with anything. Is this a false warning or is there something I should do to find and remove this maleware? If so what please? |
|
| 3384. |
Solve : My computer Freezes after i put a 2nd cd in.? |
|
Answer» I just bought a game today but i recently had my happy FEELINGS go down when every TIME it asks me to insert the 2nd CD my COMPUTER hums like its working and continues to hum. |
|
| 3385. |
Solve : open office org 2.2? |
|
Answer» I RECENTLY installed open office org 2.2. Now, every time I open a document, my firewall program tells me that office org is trying to access the internet. Why would that be? Maybe to check for UPDATES, or to register itself. He's pretty quick lately...since Miss Cleo dumped him he has more time.. . . Miss Cleo? Wasn't that in another thread? I don't think I was eve involved, wasn't it CBMatt? I vaguely recall seeing SOMETHING like that anyway . . .I was married to Miss Cleo. And she didn't dump me...I dumped her before she had a chance. Raptor dated her for awhile, but I'm not sure exactly how that one turned out.Sorry Calum...but it seems like everyone has been friends with her ...i just lost track. not me cuz im UNLOVED We're going off-topic again... tekkite07, is your problem solved? If it is, then no-one should REALLY NEED to post anything more here. |
|
| 3386. |
Solve : Internet Connection Trouble? |
|
Answer» I have a SONY VAIO with Pentium 4, 1022.3MB, 3.20GHz... Im using AOL for firewall, virus protection and whatnot. i dunno what else you may need to know about my comp but anyway... |
|
| 3387. |
Solve : Help! Can't get rid of virus...? |
|
Answer» Hi, for some time now I have had a virus called "W32/Downloader.AOKZ" that has infected a file called "ldcore.dll" in system32 of Windows. I am alerted by my virus program but it cannot delete it. I have tried to manually delete it using Windows Explorer but an error message comes up when I try to do so, saying that it is used by another program. I am running a virus program called Freedom. I feel for u Thank you, that helps. Quote Did the online scan detect the 'virus'? The online scan detected the infection and supposedly removed it. When I restarted my computer my current virus program [highlight]Freedom[/highlight] (link below) found it again. http://www.freedom.net/viruscenter/onlineviruscheck.html I did explore all options in KillBox and it still wouldn't delete.stevengerrard..... Would you please post a hijackthis log here for us to see ........ Get it at ..... http://www.majorgeeks.com/download3155.html d/L it and then run a scan and save the log file and post it here . dl65 Ok, this is what I came up with... Logfile of HijackThis v1.99.1 Scan saved at 6:23:15 PM, on 1/22/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\DF206D97847745E7983C822C45EE3038\ringjack.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Documents and Settings\*******\Desktop\HijackThis.exe O1 - Hosts: 104.42.43.68 securityresponse.symantec.com O1 - Hosts: 147.196.204.190 symantec.com O1 - Hosts: 6.99.74.0 www.sophos.com O1 - Hosts: 151.132.211.218 sophos.com O1 - Hosts: 131.167.148.110 www.mcafee.com O1 - Hosts: 181.239.186.187 mcafee.com O1 - Hosts: 221.242.203.31 liveupdate.symantecliveupdate.com O1 - Hosts: 207.50.6.202 www.viruslist.com O1 - Hosts: 234.119.36.14 viruslist.com O1 - Hosts: 13.129.37.131 viruslist.com O1 - Hosts: 220.50.134.116 f-secure.com O1 - Hosts: 240.63.147.10 www.f-secure.com O1 - Hosts: 132.139.154.159 kaspersky.com O1 - Hosts: 213.38.81.70 kaspersky-labs.com O1 - Hosts: 232.26.160.89 www.avp.com O1 - Hosts: 165.140.164.31 www.kaspersky.com O1 - Hosts: 51.93.34.104 avp.com O1 - Hosts: 111.172.48.51 www.networkassociates.com O1 - Hosts: 103.151.107.151 networkassociates.com O1 - Hosts: 194.4.88.180 www.ca.com O1 - Hosts: 104.186.219.78 ca.com O1 - Hosts: 102.200.113.70 mast.mcafee.com O1 - Hosts: 86.86.123.61 my-etrust.com O1 - Hosts: 212.96.206.109 www.my-etrust.com O1 - Hosts: 178.159.238.26 download.mcafee.com O1 - Hosts: 139.113.12.26 dispatch.mcafee.com O1 - Hosts: 218.143.48.103 secure.nai.com O1 - Hosts: 177.129.187.50 nai.com O1 - Hosts: 78.253.155.82 www.nai.com O1 - Hosts: 1.165.210.184 update.symantec.com O1 - Hosts: 75.96.202.153 updates.symantec.com O1 - Hosts: 12.187.245.254 us.mcafee.com O1 - Hosts: 178.13.70.9 liveupdate.symantec.com O1 - Hosts: 201.193.7.105 customer.symantec.com O1 - Hosts: 195.148.252.133 rads.mcafee.com O1 - Hosts: 250.168.9.60 trendmicro.com O1 - Hosts: 165.34.16.39 www.trendmicro.com O1 - Hosts: 215.205.95.2 www.grisoft.com O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O3 - TOOLBAR: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: winsock32 (winsock32.exe) - UNKNOWN owner - C:\WINDOWS\winsock32.exe (file missing) I didn't find a great deal of info on Freedom AV at the security sites i frequent other than it uses the F-Prot engine...have you considered some of the other Free choices such as AVG and or Avast ? ? However post a log as dl65 suggested. There's more than one way to skin a baddie...stevengerrard........ ok ....... Here's what I see from your log........ For some reason,you do not have SP2 installed and as far as I can see you dont have SP1 either ....... If this is the case , your machine is extremely vulnerable to nasty attacks. Do you have all the other applicable windows updates installed ? At the time your hijackthis scan was taken, there didn't appear to be any active anti - virus scanner running ......... I thought you had freedom installed or is it only active when you are online ? Your firewall also seems to be non active as well. Now then on to what must be fixed using hijackthis ........ Mark for removal the following: O1 - Hosts: 104.42.43.68 securityresponse.symantec.com O1 - Hosts: 147.196.204.190 symantec.com O1 - Hosts: 6.99.74.0 www.sophos.com O1 - Hosts: 151.132.211.218 sophos.com O1 - Hosts: 131.167.148.110 www.mcafee.com O1 - Hosts: 181.239.186.187 mcafee.com O1 - Hosts: 221.242.203.31 liveupdate.symantecliveupdate.com O1 - Hosts: 207.50.6.202 www.viruslist.com O1 - Hosts: 234.119.36.14 viruslist.com O1 - Hosts: 13.129.37.131 viruslist.com O1 - Hosts: 220.50.134.116 f-secure.com O1 - Hosts: 240.63.147.10 www.f-secure.com O1 - Hosts: 132.139.154.159 kaspersky.com O1 - Hosts: 213.38.81.70 kaspersky-labs.com O1 - Hosts: 232.26.160.89 www.avp.com O1 - Hosts: 165.140.164.31 www.kaspersky.com O1 - Hosts: 51.93.34.104 avp.com O1 - Hosts: 111.172.48.51 www.networkassociates.com O1 - Hosts: 103.151.107.151 networkassociates.com O1 - Hosts: 194.4.88.180 www.ca.com O1 - Hosts: 104.186.219.78 ca.com O1 - Hosts: 102.200.113.70 mast.mcafee.com O1 - Hosts: 86.86.123.61 my-etrust.com O1 - Hosts: 212.96.206.109 www.my-etrust.com O1 - Hosts: 178.159.238.26 download.mcafee.com O1 - Hosts: 139.113.12.26 dispatch.mcafee.com O1 - Hosts: 218.143.48.103 secure.nai.com O1 - Hosts: 177.129.187.50 nai.com O1 - Hosts: 78.253.155.82 www.nai.com O1 - Hosts: 1.165.210.184 update.symantec.com O1 - Hosts: 75.96.202.153 updates.symantec.com O1 - Hosts: 12.187.245.254 us.mcafee.com O1 - Hosts: 178.13.70.9 liveupdate.symantec.com O1 - Hosts: 201.193.7.105 customer.symantec.com O1 - Hosts: 195.148.252.133 rads.mcafee.com O1 - Hosts: 250.168.9.60 trendmicro.com O1 - Hosts: 165.34.16.39 www.trendmicro.com O1 - Hosts: 215.205.95.2 www.grisoft.com O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll [highlight]there it is.[/highlight] put a check mark in the box in front of each of these entries and then click FIX MARKED Now reboot your machine and post a new hijackthis log. dl65 |
|
| 3388. |
Solve : a virus that mimics my folder? |
|
Answer» What KIND of virus is this? I scan my drives using myIt's quite possible that you can change the option of QUARANTINING to delete in the settings...in Norton. BTW , is your Symantec program new or have you been using it for a while ? Does it have Ghost included ? Please let us know dl65 MEANWHILE he has gone missing...Abducted by ALIENS? That seems to happen a lot around here. Abducted by the "Ghost"... |
|
| 3389. |
Solve : adware in Symantec after scan? |
|
Answer» I ran a full scan of my Norton Anti-virus and found, not a virus, but an Adware. File name: rwhedlwz.exe, threat name: Adware.Hotbar and at risk. I downloaded the removal tool from Norton Symantec " Fxhotbar.exe" I ran the tool, but after a few second, I get an error message. It is also impossible to close the window of the message error by clicking on the off and the X, to close the window. I have to go to the task MANAGER and click on end task. How can I remove the Adware? regards, PS: Here is the error message: Microsoft VisualC++ Runtime Library Runtime Error! Program: C:\Documents and sett... R6034 A application has made an attempt to load the C runtime library incorrectly. Please contact the application's support team for more information. Note: I suppose I would have to contact symantec, but they are very slow to answer, so I didn't. Open up Add/Remove Programs and uninstall Hotbar. Then download CCleaner (install without Yahoo! toolbar) and have it fix your registry entries with the Issues feature. If that doesn't fix the problem, you can go here for more information. For future reference, you may want to do your scans in Safe Mode, as that makes it easier for malware to be detected and removed. As I'm sure many would agree, Norton isn't the best scanner out there, so I would suggest getting AVG Anti-Spyware, updating it, and doing a full scan in Safe Mode. If you decide that you like this program better, we can help you with disabling/removing Norton properly.Another exorcism Chris ? ? Let me know. I've got my holy water...Hi Chris, I went to Add/Remove programs to look for Hotbar, but couldn't fint it. What should I do then? Best Regards,Continue with the rest of the suggestion (CCleaner and AVG). After those scans are COMPLETE, if you still think you're infected, you can download HijackThis (save it in a folder where you can easily find it) and post a log here (which might take a couple of posts). If you're still infected, we can use the log to help you remove the malware manually.You might have to remove Hotbar manually. Use Spybot S&D and Adaware SE to scan in Safe Mode and then just use the Windows search function to search for remaining Hotbar files. You may also need to do the same for the registry, although that is slightly dangerous if you go on a deleting spree. Hi Raptor, How do you scan in Safe Mode?Quote The ignorant person does not know enough to know that he does not know.Tap F8 before Windows boots, choose safe mode from the list. I ran the ZoneAlarm Anti-spyware, the CCleaner, and the Spybot S & D. After all that, I did a full scan with Norton Anti-Virus and...presto...a clean bill of health. The Adware.Hotbar was gone. I like the CCleaner and will keep it on my PC. Thanks Chris. I also like the spybot S & D . Thanks, Raptor. Thank you very much for your help.You're very welcome. If you continue to have any problems, let us know.See you around, Darts. Here Ya Go... DLoad the tool below... Norton Removal Tool Do not run it yet. 1) DLoad and install ERUNT and have it make a backup of your registry... 2) Use Add Remove Programs first and un-install Norton... 3) From Windows Explorer search for any folders named Norton and Symantec and delete them... 4) Open regedit and type Norton in the search bar. Delete all entries it finds. F3 takes you to the next instance of Norton. Continue til you have reached the end of the registry... 5) Repeat the above process using Symantec instead in the search field. Delete any Symantec keys it finds... 6) Now run the Norton Removal tool you DLoaded... 7) Empty the recycle bin... 8.) Go to My Computer and RIGHT clik the C: drive and select Properties and run disk cleanup... 9) Re-boot and run disk defrag.... There you're done ! patio. Chris... a little sprinkle please ? ?*sprinkle* Be gone, Norton, be gone! Leave this poor user alone so they may find better protection! The power of Chris compells you! |
|
| 3390. |
Solve : trojan back door program? |
|
Answer» ok, let take some time to explain from begining,,, sorry for late reply, i take out the xp sp2, use back win 2k ? why would you remove XP/SP2 ? that makes no sense ...... What are you not telling us ? So , does that mean you reformatted the drive and did a clean install of 2K ? dl65 Quote i take out the xp sp2, use back win 2kpcfool ---->pcgenius Quote pcfool........why i take out the xp sp2? because i install xp sp2 purposely for sound blaster X-Fi testing(as i mention in first post, this is another issue). i'm not reformat my hard drive, my original OS is win 2k, i swap the hard disk to slave, put a 20Gb HD as master and install xp.( is not a legal copy so cannot update.) i just remove the 20Gb HD, put back my 40GB HD with win 2k as master.Quote Quotewhy you say like that? :-?cuz win 2k is better in some ways then xp.i take out the xp sp2, use back win 2kpcfool ---->pcgenius unlovedwarriorQuote ( is not a legal copy so cannot update.) This is what free winds up getting you...Only for pirated software though . . . free usually gets you equal or better for other things, like antivirus (think AVG vs. Norton) Or Linux vs. Windows (in some people's opinion) Just my random thoughts.Quote [highlight]cuz win 2k is better in some ways then xp[/highlight]. agree Quote Only for pirated software though . . . free usually gets you equal or better for other things, like antivirus (think AVG vs. Norton) Did you want to discuss semantics...or Symantec's ? ? ? |
|
| 3391. |
Solve : Help - My computer's restarting on its own.? |
|
Answer» Well, tho all of your fans may be working it may still be to much heat. have you checked the temperature? |
|
| 3392. |
Solve : Google Redirect. (hijack)? |
|
Answer» Hey everyone.
Ok thanks for the help guys. i did what you asked and everything seems to be runnig in order now. If i have any further problems i will contact you. thanks.Glad to know all is well. If you are certain you have no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis. More on System Restore ... http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx What may have lead up to your infection and help keep your computer free of malware … http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) … http://www.ccleaner.com/ Also run through this before posting another HijackThis log … http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html Best wishes. OJdivcraft....... Glad to hear that things are running ok......... However you still have no AV running ......... So you know , AVG antispyware 7.5 is not a full time active ...anti virus application. As the name implies, it is designed for spyware ........... Get the AVG free Anti Virus as well and then you will have AV protection. dl65 |
|
| 3393. |
Solve : Reinstall virus.? |
|
Answer» Hello,again. i have cleaned my pc now to factory settings. i have done some SCANS with avg virus,avg spy,spyware terminater+virus,and virgin pc guard. |
|
| 3394. |
Solve : Question about AVG Free? |
|
Answer» Is AVG Free edition a good choice for an older COMPUTER. I have windows ME and use a dial-up modem..Will AVG overwhelm my system and make it slower?? Currently using ETrust INTERNET Security.no it should not it might even speed it up a bit because it is less resource intensive than most other antiviruses out there ulWarrior is correct...i have it running on my testbench machine that has 4 flavors of Windows on it including ME... Is AVG Free edition a good choice for an older computer. I have windows ME and use a dial-up modem..Will AVG overwhelm my system and make it slower?? Currently using ETrust Internet Security. I use it on every Windows system I maintain. It only slows down noticably when it's scanning. Quote from: Raptor on April 14, 2007, 08:30:50 AM Quote from: Alabaster Box on April 12, 2007, 10:09:20 AMIs AVG Free edition a good choice for an older computer. I have windows ME and use a dial-up modem..Will AVG overwhelm my system and make it slower?? Currently using ETrust Internet Security. Although it will take longer, AVG can be set to SCAN without using as many resources. When you do this, you hardly even notice that it's running.I set mine up to update at 4AM and scan at 5AM so i don't notice at all...Psht, those are my peak usage hours.Quote from: CBMatt on April 15, 2007, 02:35:48 AM Psht, those are my peak usage hours. Same here. Quote from: CBMatt on April 14, 2007, 08:39:16 AM Although it will take longer, AVG can be set to scan without using as many resources. When you do this, you hardly even notice that it's running.Can you provide some details on that?Quote from: soybean on April 15, 2007, 07:12:26 AM Quote from: CBMatt on April 14, 2007, 08:39:16 AMAlthough it will take longer, AVG can be set to scan without using as many resources. When you do this, you hardly even notice that it's running.Can you provide some details on that? When you install AVG 7.5 it'll ask you what kind of scanning modus you want. Either LOW system resource usage and slower scanning or the opposite of that. Thank you, Raptor, you saved me about five or ten minutes of trying to remember how to set that up. Heh.Quote from: CBMatt on April 15, 2007, 08:31:53 AM Thank you, Raptor, you saved me about five or ten minutes of trying to remember how to set that up. Heh. I tried to do it from within AVG Free, but couldn't find what I was LOOKING for. |
|
| 3395. |
Solve : unwanted ads!? |
|
Answer» Windows with advertisements telling me to fix my register going to some sites like www.key32.com, www.regupdate.net, www.clean32.com and others, appears every time. I run AVG free, Hijakthis, cCleaner, Ewido, unsuccessfully. Please:is it any way to identifie this "program" and delete it??[size=14][/size]Do your scans in safe mode with system restore turned off and don't play with the fonts and colors. It makes your posts difficult to read. This is not the time for individuality. Can you post a screen SHOT of the ads? Do your scans in safe mode with system restore turned off and don't play with the fonts and colors. It makes your posts difficult to read. This is not the time for individuality.OK. But why have so many OPTIONS?... In case people want to change the colours. It makes some things hard to read, but some colours serve to emphasize things or can be USEFUL in other ways.A good result for you, now go and update your WIndows OS. try hostsercure too to help with future ad problems unlovedwarriorQuote try hostsercure too to help with future ad problems THis COULD have used some color, perhaps.Quote THis could have used some color, perhaps.And a lot of PROOF reading.maybe english never was my strong point in school and it still isnt (yes english is my native language just cant write it very well) |
|
| 3396. |
Solve : Sites popup with login prompts, shouldnt be there? |
|
Answer» Hi |
|
| 3397. |
Solve : 0x7c901010 error? |
|
Answer» I'm FACING a problem while go to i banking website.
NOTE >> to post the log here, without zipping it, just "copy & paste" the scan report in a post to this thread. OJ May I ask, why did you post exactly the same thing twice? EDIT: Oh I see, you DELETED it. 8-)fffreak NOTE >> to post the log here, without zipping it, just "copy & paste" the scan report in a post to this thread. I can't post all the log here, only up to 09..lines... the rest cannot paste due to limitation...5500 Max charactersTry splitting the log report up and post it in sections over several posts. That should work. OJQuote EDIT: Oh I see, you deleted it.YEs ... the first post appeared not to go so I posted again then, as you noticed, deleted the duplicate. Sorry if I confused anyone!! Cheers. OJoh thanks...problem solvedHi only_lonely .... do you mean your original problem is now fixed? Hope so. OJoh yeah..original problem solve.. is java problem...*censored*...i downloaded many anti spy software.This isn't the first nor will it be the last thread that has me confused.Quote This isn't the first nor will it be the last thread that has me confused.Me too for a while. I think the OP is saying they downladed many antispyware programs, in a effort to keep malware at bay, but it didn't work because they were still using an out of date java (which allowed malware in). I think. Maybe.BTW oddjob, Welcome Aboard ! Where did you do your Hijack log studies ? ? Good to have another helping hand... patio. 8-) |
|
| 3398. |
Solve : Malware virus?? |
|
Answer» HI,CAN YOU HELP PLEASE. |
|
| 3399. |
Solve : Safe Browser? |
|
Answer» Quote The biggest risk is just being human - everyone makes mistakes, and some are more prone to make them than others.Indeed. One of the best security tools is common sense .... http://info.org.il/irrelevant/may02-smilepop-soapbox4.swf Thanks Patio. I will GET on to Orange and ask. I am using Firefox now and will see how things go with it.Quote I use QUITE a few of those, and some others. Actually I am not amazed with that. I am amazed at the quantity of programs needed to safely be online with that. I do use some basic programs on my Windows boxes - Spybot, CCleaner, and AVG. I have never had any issues they could not resolve, but I may be more selective in my SITES and habits than others. |
|
| 3400. |
Solve : Is my internet deleting software enough?? |
|
Answer» I am currently running WinClear on my OFFICE computer. We do use a server here but I am not sure whether everything is recorded. |
|