Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Anti-Virus Gold final cleanup [RESOLVED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi

Can you try to download Firefox Mozilla Browser and install it ??

Please run a scan at http://uk.trendmicro...call_launch.php
  • 0

Advertisements


#17
archamboli

archamboli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, I already have Firefox, that's what I have to use to write on this board. I did run a House Call Active Scan and it found nothing. I'll run another one and keep you posted though.

Olivier
  • 0

#18
archamboli

archamboli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ran another scan and it still didn't find anything. It congratulated me for my clean system... :tazz:

Olivier
  • 0

#19
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi archamboli,


On the advice of my expert colleagues, I have a few more things I can suggest -

1. Remove one of your AV programs

You have two Anti-Virus programs running - Norton and Kaspersky. I am not sure which one you are subscribed to (or are you subscribed to both of them???). Please uninstall one of them If you have subscribed to Kaspersky, then retain it.

2. Clean Up registry
*Please dowload: RegSeeker.
*Click on "Clean The Registry" in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
*Click "Quit RegSeeker".
Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. It may have to be run several times, but you want it finding none to very few items. *Make sure to reboot between each use of the program.

3. Use Webroot SpySweeper

Please download WebRoot SpySweeper from here:
http://www.webroot.c...6d6f87b866d2848
(It's a 2 week trial)

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.

Let me know how it goes
  • 0

#20
archamboli

archamboli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yahooo!!!!! And it's finally fixed!!! It was definitely a software conflict problem although I couldn't tell you which ones because I erased both anti-viruses and all my malware, adware removal softwares and put internet explorer as a my main browser again. Then when I restarted, everything pretty much fixed except for windows media player that said internal error but all I had to do was reinstall the latest version and now it works. I am reinstalling Kaspersky and most of my spyware protection programs and I definitely needed that regustry cleaning software because it found tons of stuff that were useless. Thanks a lot for all the help, I must say I'm tempted to join the crew...

Later

Olivier
  • 0

#21
archamboli

archamboli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Well, I spoke too soon, there are still some problems. The search window is still empty, and all of a sudden, windows media player decided to come back with the internal error issue. Java script in IE also seems to create problems because while Explorer does not close anymore, it will not open an email (for example) in hotmail when Java script is used. I click and nothing happens, it just says done.

Olivier
  • 0

#22
archamboli

archamboli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay, Spysweeper found some stuff after all this and removed it:

********
11:05 PM: |··· Start of Session, July 12, 2005 ···|
11:05 PM: Spy Sweeper started
11:05 PM: Sweep initiated using definitions version 504
11:05 PM: Starting Memory Sweep
11:08 PM: Memory Sweep Complete, Elapsed Time: 00:02:25
11:08 PM: Starting Registry Sweep
11:08 PM: Found Trojan Horse: antivirus gold
11:08 PM: HKCR\appid\cerberus.exe\ (1 subtraces) (ID = 4269958)
11:08 PM: HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 4269959)
11:08 PM: HKLM\software\classes\appid\cerberus.exe\ (1 subtraces) (ID = 4269997)
11:08 PM: HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 4269998)
11:08 PM: Found Adware: fastlook hijacker
11:08 PM: HKLM\software\microsoft\windows\currentversion\run\ || iexplore.exe (ID = 4292950)
11:08 PM: Found Trojan Horse: trojan_downloader_tibser
11:08 PM: HKCR\clsid\{e4c72eda-8bdb-7d77-0f8c-37f041df909d}\ (4 subtraces) (ID = 4312255)
11:08 PM: HKLM\software\classes\clsid\{e4c72eda-8bdb-7d77-0f8c-37f041df909d}\ (4 subtraces) (ID = 4312272)
11:08 PM: Found Adware: websearch toolbar
11:08 PM: HKU\S-1-5-21-1844237615-1303643608-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 4313703)
11:08 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 4313765)
11:08 PM: Found Adware: winad
11:08 PM: HKLM\software\winad client\ (5 subtraces) (ID = 4314496)
11:08 PM: Registry Sweep Complete, Elapsed Time:00:00:08
11:08 PM: Starting Cookie Sweep
11:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:08 PM: Starting File Sweep
11:09 PM: c:\program files\winad client (ID = 4039416)
11:18 PM: Found Adware: 180search assistant
11:18 PM: saap.log (ID = 4017561)
11:18 PM: winadx.inf (ID = 4039391)
11:18 PM: Found Adware: abetterinternet
11:18 PM: susp.inf (ID = 4032218)
11:19 PM: File Sweep Complete, Elapsed Time: 00:10:58
11:19 PM: Full Sweep has completed. Elapsed time 00:13:34
11:19 PM: Traces Found: 39
11:20 PM: Removal process initiated
11:20 PM: Quarantining All Traces: antivirus gold
11:20 PM: Quarantining All Traces: fastlook hijacker
11:20 PM: Quarantining All Traces: trojan_downloader_tibser
11:20 PM: Quarantining All Traces: websearch toolbar
11:20 PM: Quarantining All Traces: winad
11:20 PM: Quarantining All Traces: 180search assistant
11:20 PM: Quarantining All Traces: abetterinternet
11:20 PM: Removal process completed. Elapsed time 00:00:03
********
11:05 PM: |··· Start of Session, July 12, 2005 ···|
11:05 PM: Spy Sweeper started
11:05 PM: |··· End of Session, July 12, 2005 ···|

I then ran scripten.exe for my search window problem and that was fixed. My windows media player also seems ok. I ran another spysweeper and it said there was nothing left. I'll still send an hijack this log just in case there are leftovers.

Logfile of HijackThis v1.99.1
Scan saved at 11:56:56 PM, on 12/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Olivier
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Olivier,

Your log looks clean, just a couple of small issues!!!!


Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Are you having any continuing issues with your PC ?????

Edited by tampabelle, 13 July 2005 - 07:49 AM.

  • 0

#24
archamboli

archamboli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Allrighty, I did just that and nope, my computer seems fine.

Thanks for everything

Olivier
  • 0

#25
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Olivier,


CONGRATULATIONS !!!!!!!!!! Your PC is clean :tazz:


I would recommend the following steps to keep your PC clean (especially Step 8 now that your PC is clean) –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


System Restore Points
8. Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

Advertisements


#26
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP