Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NAV Spyware.Perfect [resolved]


  • This topic is locked This topic is locked

#46
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Great, let's have a small party :tazz: .

Let's see what that file is.

Please find the file on your computer. Click right on the file to see its properties. Can you see who made it or to what program it belongs to? Maybe the folder can give us a clue.

Let's first find out what it is, before getting ride of it. If it's essential we don't want to kill it.

Edited by g2i2r4, 20 March 2005 - 01:37 PM.

  • 0

Advertisements


#47
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

Great, let's have a small party :tazz: .

Let's see what that file is.

Please find the file on your computer. Click right on the file to see its properties. Can you see who made it or to what program it belongs to? Maybe the folder can give us a clue.

Let's first find out what it is, before getting ride of it. If it's essential we don't want to kill it.

View Post



Uhmm,.. I dont know where it's at.
How can I locate it??
  • 0

#48
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Do you want me to just do a search on my pc??
  • 0

#49
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
try to find it:
go to start - 'search'
  • 0

#50
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

try to find it:
go to start - 'search'

View Post

No results were displayed,... couldn't find it.
  • 0

#51
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Put a check in the boxes next to the button ‘generate start up log’
Then press the button itself. It will open a notepad file.
Copy and past the content of that file here in your answer.

Let’s see if it’s still somewhere around.
  • 0

#52
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Put a check in the boxes next to the button ‘generate start up log’
Then press the button itself. It will open a notepad file.
Copy and past the content of that file here in your answer.

Let’s see if it’s still somewhere around.

View Post


When you say " put a check next to the button 'generate start up log'"

The only thing next to the button gen start up log is " list also minor sections" and "list empty sections"
Nonetheless, I left them checked off and pressed the buton anyway. Here's the log...

StartupList report, 3/21/2005, 3:54:48 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Chaze\Desktop\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chaze\Desktop\Downloads\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

dla = C:\WINDOWS\system32\dla\tfswctrl.exe
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AGRSMMSG = AGRSMMSG.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
THotkey = C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
TPSMain = TPSMain.exe
PadTouch = C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
SmoothView = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Pinger = c:\toshiba\ivp\ism\pinger.exe /run
Notebook Maximizer = C:\Program Files\Notebook Maximizer\maximizer_startup.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
AWMON = "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
LimeShop = C:\Program Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
CFSServ.exe = CFSServ.exe -NoClient

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - Chaze.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 6,206 bytes
Report generated in 0.109 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#53
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Looking at the log,..I was able to locate the file. IMHO,.. it doesnt seem like I threat cause I think it came with Lap top.
Should we try to get rid of it??
  • 0

#54
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
I found out what it is. I believe it searches for wireless networks in my area. Some sort of a "radar" Looking window comes up when I click on it. I'm glad I did what you said and didnt get rid of it.:tazz:
  • 0

#55
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
This could be it's location
C:\Program Files\TOSHIBA\ConfigFree\

indead, don't get ride of the file. You seem to need it :tazz:

That mean's you now have a clean log (and some additional knowledge).
  • 0

Advertisements


#56
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
  • 0

#57
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.  This alone can save you a lot of trouble with malware in the future. 

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is succeptible to being hacked and taken over.  I am very serious about this and see it happen almost every day with my clients.  Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.  This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.  You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware,  & Hijackers from Your Computer
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically. 

Glad I was able to help.

View Post



You are the best.
You were very efficient, effective, and PATIENT. :tazz:
Thanks a bunch!!

By the way I have the paid version of adaware with ad watch, and the latest version of NAV, doI need more than this??
  • 0

#58
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I use NAV, ZoneAlarm daily.
I have AdAware and Spybot running twice a week.
Spybot hosts are added.
IESpyadd and spywareblaster to prohibit visits to wrong sites.
A router and a hardware firewall.
Maybe I'm overprotected.....

The underlined text points you to tutorials. Read and learn and then decide what you think is usefull.

Thank you for your trust and your cooperation! It was a please working with you.
  • 0

#59
Chaze

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

I use NAV, ZoneAlarm daily.
I have AdAware and Spybot running twice a week.
Spybot hosts are added.
IESpyadd and spywareblaster to prohibit visits to wrong sites.
A router and a hardware firewall.
Maybe I'm overprotected.....

The underlined text points you to tutorials. Read and learn and then decide what you think is usefull.

Thank you for your trust and your cooperation! It was a please working with you.

View Post



I just read your sig.... so I sent you some beer money ;)
Hope you drink.. :tazz:
  • 0

#60
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I'll put it to good use, that's for sure!

Thanks in advance!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP