Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware


  • Please log in to reply

#16
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
run the panda scan again and post the results here. I'm having trouble finding a fix and that may be able to help me.

Also, what is your anti-viral program. There are some norton remnants on there but it doesn't appear they are active.

If you don't have an anti-viral, please install one. There are some free ones out there. Grisoft has one. :tazz:
  • 0

Advertisements


#17
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I had Norton AV at one time and removed it with RAV2004 - then searched for components and got most (I thought all) of them....

I use the Cox Communications Security Software package that they provide free of charge. It includes AV, Anti-Spyware, Pop-Up Blocker, Parental Controls and a Firewall at no cost. I know the Anti-Spyware uses the Pest Patrol engine....not sure about the 'core' of the AV. You seriously think my log would look this good if I didn't have AV protection? :tazz:

Anyway, I'm having trouble finding the Free AV Scan on Pandaware. When I select the "Free Download - Shareware" I am sent to the Evaluation Software page. I don't really want to download their software -- just want to do a scan. I'll keep trying to find this, but I've spent some time. I have some of the A+ training so I'm not clueless about these things......but the page is confusing to me as stated above.
  • 0

#18
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
P.S. About the Norton 'remnants'.....I still have Norton SYstemworks installed - just not the AV module. Maybe that explains the remnants you said you are seeing.
  • 0

#19
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
http://www.pandasoft...n_principal.htm

Try this. And use IE to download it. ;)

I didn't know Cox did that now. I used to use Cox and I got nothing! :tazz:

Do they update it for you and everything or just block potentially harmful e-mails?
  • 0

#20
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts

About the Norton 'remnants'.....I still have Norton SYstemworks installed


I just read that that's a major resource hog. :tazz:
  • 0

#21
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It is actually a console (my term...) that includes those items. THe product set is developed by Authentium - branded as "Cox Security Software." It has resident/active protection, and you can run scans where appropriate. It warns you when a virus tries to enter and is blocked. Updates are simple -- a dialogue box appears that says "Critical Updates for Cox Security Software" with "Install" or "Remind me Later" options. Piece of cake, and it does quite well - not perfect - none of it is as you know....and, yes, it is currently provided at no cost (no telling what the future holds with these clowns....). Thanks for the link -- the previous page had a link and, like a dummy, I printed out your note and tried to navigate to the page...shame on me!
  • 0

#22
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
sorry about my A.D.D.....

I meant to tell you that the Cox stuff doesn't just work on behalf of e-mail. It is system software, so no more Norton/McAfee and the like. DUe to ADD I'll probably forget something else....sorry.
  • 0

#23
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Systemworks may be a resource hog, but it is worth it since I don't know of all the freeware/shareware stuff that is its equal.....maybe in the next life, as a full-fledged, card-carrying Geek, I'll go out on my own. But for now Systemworks and Cox are a sound package and easy to deal with when issues arise. I'll leave you alone to use your Menses-sized brain to help fellow members of the Galaxy.
  • 0

#24
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Did you run the panda scan?
  • 0

#25
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It's just like the other day -- I select "Scan my Computer" and it just sits there. Yes, I've tried disabling my firewall -- made no difference. If I hit the "Hard Drives" option it does the same thing....don't know what the problem it.

When making one of those selections, the link makes that little 'web clicking sound'; so I select it -- the sound is hear -- and I can select it 100 more times and it still clicks...which would seem to indicate that it isn't executing.

Maybe I am not being patient enough, but I would think it would do a scan in 15-30 minutes.....never has completed so far and never has left a log with comments or notification of error(s). Don't know how to proceed at this point...
  • 0

Advertisements


#26
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
BRB. Working on someone else's now.
  • 0

#27
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
THanks for the update. I am leaving for a meeting and won't be back for a couple of hourse. Hopefully (though I'm not optimistic) the scan will actually happen but, as of now, it is just sitting there -- no progress bar, no sign that the scan has started...I'll drop a line when I return. Thanks!!!!
  • 0

#28
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
are you using internet explorer to download it? Also, it requires the downloading of some plug-ins.
  • 0

#29
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
OK. Make sure system restore is off. I need you to disable some things that may be interfering with the fixes.

Right click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Also, does your cox security suite have antispyware prevention tools on it. It would prevent you from changing items, etc. If so, please disable that. These two may be preventing us from changing things. The site won't let me access it. See if you can disable it also.

C:\Program Files\Cox\Applications\app\AuthBHO.dll

I see you used to have teatimer and winpatrol. I no longer see them. But they would prevent you from fixing things.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Click on Fix Checked when finished and exit HijackThis.

Reboot into safe mode and find this file and delete it.

C:\WINDOWS\system32\AUserInit.exe

Run adaware according to previous instructions.

Please run ccleaner. It will clean out all your temp. files, cookies, etc. If you want to save your cookies, configure the steps so it doesn't clean them out.

Reboot and post a new log. :tazz:
  • 0

#30
glcarteraz

glcarteraz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:50:07 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AuthBHO.cBlockerBar - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AuthConsoleStart] C:\Program Files\Cox\Applications\app\cox.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\AcpControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP