Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spy Sheriff [RESOLVED]


  • This topic is locked This topic is locked

#46
jacey32

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found :tazz:"
________________________________________________

2,090 items found: 2,090 files, 0 directories.
Total of file sizes: 407,184,146 bytes 388.32 M

Administrator Account = True

--------------------End log---------------------
  • 0

Advertisements


#47
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Well it's definitely not there! :tazz: Do you think there could be something in Norton quarantine somehow? I would go into Norton quarantine folder to see if anything is in there and if anything is, delete it.

It may also be finding it in system restore. Here is how to clear viruses out of system restore:

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

That should cover it! ;)
  • 0

#48
jacey32

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Well, it wasn't in Norton quarantine, and system restore was already off (so I turned it on, then off, then on again - just for the heck of it!), and the message keeps appearing. I just don't get it. I may just have to learn to live with it!
  • 0

#49
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Ewido, click on the "Quarantine" tab and delete the files Ewido has quarantined.

Then, please click the "Update" button,
then click "Start update"

After the new updates are installed, reboot into Safe Mode and run a full system scan with Ewido. Save the log and post it for me :tazz:
  • 0

#50
jacey32

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the report - thanks for being so committed to getting rid of this thing!


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:14:58 PM, 7/3/2005
+ Report-Checksum: 75F55B0D

+ Date of database: 7/3/2005
+ Version of scan engine: v3.0

+ Duration: 126 min
+ Scanned Files: 35584
+ Speed: 4.68 Files/Second
+ Infected files: 2
+ Removed files: 2
+ Files put in quarantine: 2
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@html[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End
  • 0

#51
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ewido didn't find the file so I haven't any idea why it keeps "finding" a file that isn't there.

So, one more scan I would like you to do!

MWav eScan

Download it, double-click mwav.exe, then unzip it to the pre-determined directory. On the main page, leave everything checked and put a check next to "drive", then click "scan clean". While the scan is in progress, there will be a window at the bottom listing infected items. When it's done, please highlight the items in that window, then press CTRL+C to copy it then paste it here. The whole log will be way too big, I just need to see the infected items that are in that window (if any are found).
  • 0

#52
jacey32

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Since I emptied the Ewido quarantine, I stopped getting the alert. Which is great! I hope it's not just because it's been 2 weeks since I downloaded Ewido though. What do you think? Should I still do the scan you suggested?
  • 0

#53
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
If it stopped giving the alert, that's excellent! I would still run MWav eScan just to make sure. But that's totally up to you :tazz:
  • 0

#54
jacey32

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's what the MWav scan found:

File C:\Documents and Settings\Owner\Local Settings\Temp\5030.exe infected by "Trojan-Downloader.Win32.Small.bat" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Owner\Local Settings\Temp\7.exe tagged as not-a-virus:Dialer.Win32.PlayGames. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP1\A0000002.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP2\A0000039.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP4\A0000108.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
File C:\System Volume Information\_restore{0EB5FCA4-EBF3-4BFA-AD94-D4FEC9F90D89}\RP5\A0000125.dll tagged as not-a-virus:[bleep]-Dialer.Win32.InstantAccess. No Action Taken.
  • 0

#55
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It looks like MWav found that dialer, finally!

Do me a favor and turn System Restore back off, reboot then turn it back on ;)

And let's use killbox on the dialer found by MWav.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting all of them then press CTRL + C

C:\Documents and Settings\Owner\Local Settings\Temp\7.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt. If your computer does not restart automatically, please restart it manually.

And we're finally done - I don't know why you kept getting warned of that dialer, but it didn't know the location? At any rate, after running killbox it will finally be gone!! :tazz:

Edited by bananafanafo, 04 July 2005 - 08:06 PM.

  • 0

Advertisements


#56
jacey32

jacey32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hooray!

Thanks you (once again!!) for all your help.

Cheers!
  • 0

#57
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You're very welcome! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP