[dowsp]

Hi Sal,

Just a quick update,

I did a AV scan with Dr Web but for my initial scan, I have done a custom scan, which is
an option that allows me to pick out the program folders/ files that I decide to select to
be checked... I like this as an option as often there are folders that I dont think need
to be scanned, such as my documents folder.... or this has often been the case in my past experience.

I have often found viruses within certain programs... one particular
folder being in Windows systems folders and windows 32 files.

I have scanned several of the main folders / files that I have found viruses in and so far nothing has been found.

I will consider doing a full scan in the next day or so if you still think that I should.


I am still getting my curser flickering and having problems closing pages..

It does seem like it is either a keylogging issue / bug / virus, or some one or something
from higher powers has somehow put a virus on my computer that is not at all easy to detect.

Can I ask do you think that there are viruses that are almost impossible to detect ?
that can be put on ones computer by someone who may want to monitor my computer...
such as CIA or MI5.. those type of Goverment security services..

Thank you
Dowsp

[Advertisements]

Hi dowsp,

Though an infection has been identified and can be killed, sometimes malware creates backdoor functionality (which will be very hard to detect),. I feel your PC is very likely compromised and there is no way to be sure your computer can be trusted. The best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Please let me know if you want to go this direction.

[Salagubang]

Hi dowsp,

Though an infection has been identified and can be killed, sometimes malware creates backdoor functionality (which will be very hard to detect),. I feel your PC is very likely compromised and there is no way to be sure your computer can be trusted. The best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Please let me know if you want to go this direction.

[dowsp]

Hi Sal,

I was trying to avoid having to reformatt and reinstall my OS..

I may as well buy a new computer rather than go that direction as either
way it will be very time consuming to have to reload all my programs etc
and loose a lot of my files etc..

I may try repeating some of your instructions again on this thread..such as using
the initial AV program that you suggested as that did seem to resolve my problem
for a while.. maybe when I used msconfig and my programs were turned off.. I may
have recaught a virus..I think it is worth a 2nd try.

But I do know what you mean about malware creating backdoor functionality.

Its very hard to know what is best to do..

I will try somethings again and if It doesnt resolve.. I will have to consider my options

Thank you

Dowsp

[Salagubang]

Hi dowsp,

I understand.

I'll review the logs. In the meanwhile, continue monitoring the system and keep me posted of any unusual activity.

[dowsp]

Hi Sal,

I ran Malwarebytes and Eset Online scanner again.
and it found no threats.

I also just ran Spybot...

and this found several spyware, BUT it only ran so far and then came up with
a message saying user abort..I tried running it again and it happened again.
I tried to quarantine the 11 threats that it found so far.
I suspect if I could run it all the way that it would had found many more.

I am not sure if Its found all these due to msconfig maybe turning off any firewalls
that I have..

Anyway after trying to rerun spybot, now it seems not to want to run or even close.

I am not sure but Maybe it can be run in safemode after I had updated it.

I just wondered if you were familiar with Spybot ? or if you maybe could suggest
any other similar progam if I am unable to get spybot to complete its scan in full .

Thank you

Dowsp

----------------------
Malwarebytes' Anti-Malware

Please run a free online scan with the ESET Online Scanner

[Salagubang]

Anti SpywareSpywareBlaster: prevents spyware from installing in the first place.
SpywareGuard: catch and block spyware before it can execute.
IESpy-Ad block access to malicious websites so you cannot be redirected to them from an infected site or email.
SUPERAntispyware a powerful tool which can "search and destroy" spywares that infected your system.
Malwarebyte's MBAM also another very powerful tool which searches and kills nasties that infect your system.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

[dowsp]

Hi Sal,

I ran another in depth Antivirus scan using Dr Web ....I selected most of the files
on my C drive other than "My Documents" ( I may do this seperately later), and initially It found
one virus.

It found it in my OTL file that you have had me use earlier..

It said... Trojon.siggen2 25631 found in OTL.exe

I was not able to remove it and it said that is was incurrable and made me an offer to move
it.. I didnt really know what to do, or what if any benifit would do for me if I moved it,

BUT in the end I did select move.

I cannot recall exactly what happened after that, but somehow the scan stopped and I reselcted
folders again to scan again ( without closing Dr web to start again from scratch)

It continued to scan further and found the same virus again...
only this time it was in c:/system volume information under AO241251.exe


It again said it was incurrable and gave me an option to move it.

I selected move again...

The scan ended showing up as two viruses having been in different files.

I then had to restart..

I just wondered if this is any concern, or if it has found a virus that was detected by another
AV program that say may had been quarantined and now moved it after me selecting to do so.

I surpose I could do the same scan again, but I am doubtful it would help other than maybe find the
same virus now in another file/folder..

I will try and complete the scan for my Documents files.

I will also consider running some of those other spyware prorgams you sent me links to.

cheers

Dowsp

[Salagubang]

Hi dowsp,

Don't worry about DrWeb detecting OTL (due to its nature and function) as Trojan.siggen2 25631 and can assure you that it is a false positive.

[dowsp]

Hi Sal,

I am assuming that you mean that its no threat ?

But I dont fully understand why or what has actually happened... ie was it a
quarantined virus that it found / referred to..

I did a search on google for that virus, but didnt have much look finding info for

for that specific one... BUT it did refer to a similar one and said it was a
bad virus ..

I also found a link that referred to the virus I found on Dr web and also to this site and surprisingly It was you who was dealing with the thread... BUT when I looked there was only a mention of it in a log file
posted by the poster

Cheers Dowsp

Edited by dowsp, 04 May 2011 - 07:23 PM.

[Salagubang]

I am assuming that you mean that its no threat ?

But I dont fully understand why or what has actually happened... ie was it a
quarantined virus that it found / referred to..

Yes, it is not a threat. What was the scanner found was most likely copy of the file saved in the system restore points.

I also found a link that referred to that virus and to this site and surprisingly It was you who
was dealing with the thread... BUT when I looked there was only a mention of it in a log file
posted by the poster

I'll pass on the information to OTL's author (Oldtimer).

Heres a link to Jotti's Online results re OTL.

[dowsp]

Hi Sal,

I think that I follow what you are suggesting, ie the OTL finds viruses that majority
of other programs often dont... and yes Bravo to the author Old timer !

It was also Dr Web that indicated OTLs find if I am right in my assumption.
So both programs seem possibly better than the majority of others.

I just had a bit of a surprise.

I was looking at some of my websites on one of my host sites which I did set up
after my previous host site was attacked by a really bad virus and infected all
my sites as well as my own computer... that was over 18 months ago and it took me
a long time to try and resolve all my problems.. geekstogo helped me resolve them.

I thought Id deleted all the virus code from certain sites that were still in tact.
and I deleted the html code for the viruses after I detected the code on my site pages
using edit in control panel... where I was able to delete the bad part of the coding..

some of these once cleaned ( or at least as clean as I was able to check) were
later placed on my new host site.. and I thought the websites were ok and virus free.
The majority I was able to find back up copies..



Last week I tried again to install Avira antivirus as I had used it in the past and
initially had found it very good... but after my Computer has been infected..18 months ago

Avira never worked properly since even after id tried to delete and reinstall it a few times.

When I reinstalled it again last week, It still is not working correctly.

For some reason It just wont scan...

BUT It has detected Malware with a popup... and It detected something when I opened one of my new hosts websites.

I have looked at the coding for this and I cannot see any sign of virus code in the html.
so I dont know How any virus may be on the file or in the html, unless somehow it can be
on an image..BUT Its ONLY found ONE so far out of numeros pages I had opened.

It has also detected viruses that are in quarantine from other programs.

one that I just dont seem to be able to get rid off similar to the one I indicated yesterday. ie they are incurable or unable to be deleted...

some findings say that it is just a virus or unwanted program.. but doesnt say
specifically which.

findings had included Webpage Gen, TR patched Gen...

I still have to finish of the Dr web scan on my document files...

Thank you

Dowsp

[Salagubang]

Hi dowsp,

We're you able to finish the scan?

I would like to review your computer's log.

Step One

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Standard Output at the top
• Under the Extra Registry sectionm ensure that Safelist is selected
• Select All Users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the
  Quick Scan
  button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

StepTwo

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[dowsp]

Hi Sal,

Sorry for not completing the scan sooner,

I had some unexpected things occurr that has distratced me.

I hope that I can complete the scan in the next day or two and follow you last instructions.

Hope to post back soon.

Dowsp

[dowsp]

Hi Sal,

Just a quick update,

I just managed to complete the final Dr Web AV scan on the remaining
folder/files that was " my documents" and it did not find anything.

I will do the OTL scan over the next few days when I find time..

I may be away over the weekend.

Have a good one !

Cheers

Dowsp

[Salagubang]