Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Malware: Virtumonde, CoolWebSearch, other "unknown troja


  • This topic is locked This topic is locked

#16
humdngr

humdngr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.11
Database version: 610

Scan type: Full Scan (C:\|L:\|)
Objects scanned: 239133
Time elapsed: 2 hour(s), 21 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.bbvf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stfngdvw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.bbvf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\bohodmde.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gvepczor.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\luhexmfo.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ruhglkvi.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tgpupmla.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urcfwbuf.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP975\A0153585.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP985\A0156729.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP992\A0159001.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP992\A0159002.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\A0159196.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\A0159197.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\A0159198.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\A0159199.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\A0159200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\A0159201.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jevufapg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
================================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as an html document button:
  • Save the file to your desktop.
  • Attach that information in your next post.

  • 0

#18
humdngr

humdngr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 10, 2008 11:20:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 696566


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan Statistics
Total number of scanned objects 195625
Number of viruses found 6
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 02:55:04

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba904c2547d12d721c8df8d22da5ea01_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d951c05be4a425528da1c475168859c9_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04022008-140348.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1214734789_414056448_6315 Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1214734789_579600384_8836 Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{025F513A-B46E-482E-AA42-CEC30B29DE42}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{0A2E01B3-4186-4048-87C6-37258E202766}.TmpSBE Object is locked skipped

C:\Documents and Settings\Julie Daly\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{709D46D7-966C-4AB4-89C3-E8F0E026DB24} Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Temp\~DFA0F1.tmp Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Temp\~DFA103.tmp Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Julie Daly\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Julie Daly\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8C8.tmp Infected: EICAR-Test-File skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP971\A0153448.dll Infected: not-a-virus:FraudTool.Win32.UltimateDefender.fi skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP971\A0153449.exe Object is locked skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP985\A0156726.dll Infected: not-a-virus:AdWare.Win32.Vapsup.djq skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP985\A0156727.dll Infected: not-a-virus:AdWare.Win32.Vapsup.djs skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP985\A0156728.dll Infected: not-a-virus:AdWare.Win32.Vapsup.djt skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D8E78667-D493-45FE-A72A-20226B1BB409}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

L:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP994\change.log Object is locked skipped

Scan process completed.
  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Also delete\uninstall anything that we used that is left over.
=============================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#20
humdngr

humdngr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you kahdah, for all your help. Before I delete all that stuff, I do have a couple other questions though...

1) I noticed kaspersky found 6 infections...did it remove these, or are they not important?

2) Pc-cillin just started poppin up yesterday that it was detecting "ADW_PCCleaner", which it has popped up with 2 times since. What is unusual is that Pc-cillin's scan action result says "access denied" instead of quarantined (what it is supposed to do). I cannot delete this. What do you think?

3) One more thing on PC-cillin, recent development. We just went wireless about 2 months ago. I had forgotten that Pc-cillin has a wi-fi detection setting, so it will tell you if any "unknowns" are in your network, I guess. What is annoying is that even your router can be listed as an unknown, but at least it will tell you (when you click on properties) that the device type is a router, or what. So here's my problem. Since I just realized Pc-cillin had this setting for Wi-fi, I enabled it just the other day, while we've been working on my other issues. It came back with 2 unknowns, one was listed as a router, so I figure this must be our router. The other one, next to device type, it says not available or something. Also, this particular unknown isn't always there. Don't know if you can help me with this, or what you think. Could this be my modem? I dunno what to think and Pc-cillin's website was of no help. Should I post another thread somewhere?

4) Ok, last question. I have 2 paid programs, Spysweeper and Pc-cillin, so I'm stuck with those. I was also using Ad-aware and Spybot, but kept forgetting to scan with these. What programs do you think would best compliment Spysweeper and Pc-cillin? One issue I have with Spybot is honestly when it pops up with these Tea-timer things, I don't know whether it's safe or not, even if I look up info on the item, I just have NOOOO idea what to do, so it just ends up annoying me. Is there anything I can use instead, or should I deal with the annoyance?

Thanks again for all your help!!
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

I noticed kaspersky found 6 infections...did it remove these, or are they not important

The infections it found will be taken care of when we uninstall Combofix.

Pc-cillin just started poppin up yesterday that it was detecting "ADW_PCCleaner", which it has popped up with 2 times since. What is unusual is that Pc-cillin's scan action result says "access denied" instead of quarantined (what it is supposed to do). I cannot delete this. What do you think?

This is probably in the System volume information or System Restore.
Do the combofix uninstall and see if it is still present.

One more thing on PC-cillin, recent development. We just went wireless about 2 months ago. I had forgotten that Pc-cillin has a wi-fi detection setting, so it will tell you if any "unknowns" are in your network, I guess. What is annoying is that even your router can be listed as an unknown, but at least it will tell you (when you click on properties) that the device type is a router, or what. So here's my problem. Since I just realized Pc-cillin had this setting for Wi-fi, I enabled it just the other day, while we've been working on my other issues. It came back with 2 unknowns, one was listed as a router, so I figure this must be our router. The other one, next to device type, it says not available or something. Also, this particular unknown isn't always there. Don't know if you can help me with this, or what you think. Could this be my modem? I dunno what to think and Pc-cillin's website was of no help. Should I post another thread somewhere?

This could be because it is picking up someone elses router.
That would explain why it is not always present as it might not always be in range.
You have to set rules for it to identify a network.

Ok, last question. I have 2 paid programs, Spysweeper and Pc-cillin, so I'm stuck with those. I was also using Ad-aware and Spybot, but kept forgetting to scan with these. What programs do you think would best compliment Spysweeper and Pc-cillin? One issue I have with Spybot is honestly when it pops up with these Tea-timer things, I don't know whether it's safe or not, even if I look up info on the item, I just have NOOOO idea what to do, so it just ends up annoying me. Is there anything I can use instead, or should I deal with the annoyance?

Actually since you have Spysweeper and a security suite I would not add any other protection.
I would uninstall Spybot and adaware.
This will get rid of the tea timer which detects any change within your registry and in my opinion is less helpful than more.
  • 0

#22
humdngr

humdngr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, kahdah, I uninstalled Combofix as instructed. I did a scan with Pc-cillin and it didn't find anything (and you were right, the affected file was System volume information).
Yahoo!!

Do I have to uninstall dss.exe, and ATF Cleaner, or can I just delete the icons on the desktop? I couldn't find them in the programs list, etc.

Thanks for your input regarding my spyware and antivirus programs. I'm excited to be rid of Spybot even though I think it's a great program, it's just that the Tea Timer drives me nuts.

Edited by humdngr, 11 April 2008 - 03:18 PM.

  • 0

#23
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes you can delete the icons as they do not install but run only.
That is why they aren't in the Control Panel.


You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#24
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP