[kelkay]

I downloaded IE-Spyad... I am wondering if this is what Zone Alarm Pro saw as a trojan. I cannot tell if it is working right at all. If I look at programs, it does not even show. I also believe the MVPHosts program is not working , even though I downloaded it. It is not showing on my programs either when I go to start, programs... Also if I go to add/remove programs, I see neither. I know they were installed. On the MVPHosts file, if you look at the length of restricted sites, it is not that long...just several sites mentioned, not a long list.

[Advertisements]

I did a scan with Ad Aware 2007, and Dr. Web, both showed no infection. I also used this program. I still think my computer has trouble since I am still showing hidden files, and also because Zone Alarm found the trojan.

Malwarebytes' Anti-Malware 1.15
Database version: 839

9:41:48 PM 6/7/2008
mbam-log-6-7-2008 (21-41-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237803
Time elapsed: 1 hour(s), 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[kelkay]

I did a scan with Ad Aware 2007, and Dr. Web, both showed no infection. I also used this program. I still think my computer has trouble since I am still showing hidden files, and also because Zone Alarm found the trojan.

Malwarebytes' Anti-Malware 1.15
Database version: 839

9:41:48 PM 6/7/2008
mbam-log-6-7-2008 (21-41-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237803
Time elapsed: 1 hour(s), 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Rorschach112]

Sorry I've been away

You have nothing to worry about, your PC is clean from malware

All you have to do is double click the MVPS bat file to run it

Any other questions ?

[kelkay]

First of all I have another question about the Zone Alarm Pro that found the Win32.trojan.yspy Do you think it is a real trojan or part of the IE Spyad I downloaded? It is in quarantine. It said it recommends deletion, but I am afraid to in case it is a false positive.

[kelkay]

Second I clicked on the host's bat file...but like I said, there are very few restricted sites listed, so I don't think it is working right. Also my computer is still running slow. I can take the slow browsing to another area for help....I just thought it was connected to the infections the computer had. You have helped me tremendously, and I admire your knowledge and willingness to help others with very limited knowledge in comparison!

[kelkay]

I re-checked also Sophos anti-root kit and it is showing 52 hidden files, in the same location

Area: Local hard drives
Description: Unknown hidden file
Location: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP438\change.log.6
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

I guess you are saying this was all a false positive then. I have never seen anything before show up in Sophos for over a year, so this makes me uneasy. I read and did all of the things you said, and I cannot thank you enough. I set my browser from Sea Monkey to Firefox for default. But since I use Sea Monkey email, it will go to the Sea Monkey browser when I click on a url from an email. I am not sure how to fix that. I tried to find a way to just use email from it, but so far I have not been able to. I do go to a lot of trouble to keep my machine clean, and this is upsetting that I feel like my computer may be infected and I am not even aware of it. I read the part about How Did My Computer Get Infected... before I ever posted on here.

Also Napster is giving my kids a problem because Java is not allowed for that when you click on it. I do not know how to fix that without opening up myself to problems with infection in Java pages. What do you recommend for me to do about that, or should I take this to another part for this question?

[Rorschach112]

ZoneAlarm gave you a FP

You got MVPS running fine

Ignore what Sophos is finding, it is nothing to worry about

Go to Add or Remove Programs and remove Napster

Anything else ?

[kelkay]

I guess that is it. We pay monthly for Napster, so I will have to figure out something for that. (Napster to Go) Anyway thank you very much!!! Consider this thread now closed and taken care of!

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.