Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spy Sheriff [RESOLVED]

Started by jacey32 , Jun 13 2005 10:19 PM

  • This topic is locked This topic is locked

#46
jacey32
Posted 29 June 2005 - 09:30 AM

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found :tazz:"
________________________________________________

2,090 items found: 2,090 files, 0 directories.
Total of file sizes: 407,184,146 bytes 388.32 M

Administrator Account = True

--------------------End log---------------------
  • 0

Advertisements

#47
Michelle
Posted 29 June 2005 - 09:49 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Well it's definitely not there! :tazz: Do you think there could be something in Norton quarantine somehow? I would go into Norton quarantine folder to see if anything is in there and if anything is, delete it.

It may also be finding it in system restore. Here is how to clear viruses out of system restore:

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

That should cover it! ;)
  • 0

#48
jacey32
Posted 02 July 2005 - 08:58 AM

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Well, it wasn't in Norton quarantine, and system restore was already off (so I turned it on, then off, then on again - just for the heck of it!), and the message keeps appearing. I just don't get it. I may just have to learn to live with it!
  • 0

#49
Michelle
Posted 02 July 2005 - 10:43 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Ewido, click on the "Quarantine" tab and delete the files Ewido has quarantined.

Then, please click the "Update" button,
then click "Start update"

After the new updates are installed, reboot into Safe Mode and run a full system scan with Ewido. Save the log and post it for me :tazz:
  • 0

#50
jacey32
Posted 03 July 2005 - 12:42 PM

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the report - thanks for being so committed to getting rid of this thing!


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:14:58 PM, 7/3/2005
+ Report-Checksum: 75F55B0D

+ Date of database: 7/3/2005
+ Version of scan engine: v3.0

+ Duration: 126 min
+ Scanned Files: 35584
+ Speed: 4.68 Files/Second
+ Infected files: 2
+ Removed files: 2
+ Files put in quarantine: 2
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@html[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End
  • 0

#51
Michelle
Posted 03 July 2005 - 01:00 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ewido didn't find the file so I haven't any idea why it keeps "finding" a file that isn't there.

So, one more scan I would like you to do!

MWav eScan

Download it, double-click mwav.exe, then unzip it to the pre-determined directory. On the main page, leave everything checked and put a check next to "drive", then click "scan clean". While the scan is in progress, there will be a window at the bottom listing infected items. When it's done, please highlight the items in that window, then press CTRL+C to copy it then paste it here. The whole log will be way too big, I just need to see the infected items that are in that window (if any are found).
  • 0

#52
jacey32
Posted 04 July 2005 - 01:11 PM

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Since I emptied the Ewido quarantine, I stopped getting the alert. Which is great! I hope it's not just because it's been 2 weeks since I downloaded Ewido though. What do you think? Should I still do the scan you suggested?
  • 0

#53
Michelle
Posted 04 July 2005 - 02:23 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
If it stopped giving the alert, that's excellent! I would still run MWav eScan just to make sure. But that's totally up to you :tazz:
  • 0

#54
jacey32
Posted 04 July 2005 - 05:00 PM

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's what the MWav scan found:

File C:\Documents and Settings\Owner\Local Settings\Temp\5030.exe infected by "Trojan-Downloader.Win32.Small.bat" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Owner\Local Settings\Temp\7.exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP1\A0000002.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP2\A0000039.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP4\A0000108.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP5\A0000125.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
  • 0

#55
Michelle
Posted 04 July 2005 - 08:03 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It looks like MWav found that dialer, finally!

Do me a favor and turn System Restore back off, reboot then turn it back on ;)

And let's use killbox on the dialer found by MWav.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting all of them then press CTRL + C

C:\Documents and Settings\Owner\Local Settings\Temp\7.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt. If your computer does not restart automatically, please restart it manually.

And we're finally done - I don't know why you kept getting warned of that dialer, but it didn't know the location? At any rate, after running killbox it will finally be gone!! :tazz:

Edited by bananafanafo, 04 July 2005 - 08:06 PM.

  • 0

Advertisements

#56
jacey32
Posted 04 July 2005 - 11:18 PM

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hooray!

Thanks you (once again!!) for all your help.

Cheers!
  • 0

#57
Michelle
Posted 04 July 2005 - 11:34 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You're very welcome! :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP