[SmokyGirl]

ALL THAT TIME & only now is Active Scan ACTUALLY scanning the PC!

B, I'm going to have to get to bed or I'll never make it to work tomorrow. I'll let you know how the scan and reg-edits turn out.

Nite .... Panda has found 1 so far.

[Advertisements]

Make sure to save the log for me

See you later today

[Michelle]

Make sure to save the log for me

See you later today

[SmokyGirl]

I'm finally back Bananafanafo!

First, here is the SymEvent.txt file:

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SymEvnt]
"StaticVxD"="C:\\PROGRA~1\\SYMANTEC\\SYMEVNT.386"

Now for Active Scans' log:


Incident - - - Status - - - Location

1. Adware:adware/comet - - - No disinfected - - - C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
2. Spyware:Spyware/Smitfraud - - - No disinfected - - - C:\WINDOWS\SYSTEM\oleadm.dll
3. Possible Virus. No disinfected C:\Program Files\Utilities\Trial Software\DiamondCS TDS-3\dcsres.exe

[SmokyGirl]

Bananafanafo,

I used Killbox to delete

C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
and
C:\WINDOWS\SYSTEM\oleadm.dll [on this one I selected the option to unregister .dll file before deleting.]

[Michelle]

Copy everything inside the code box below (starting with REGEDIT4) and paste it into notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as symevent.reg on your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SymEvnt]

Double-click symevent.reg on your desktop. When asked if you want to merge with the registry click YES.

It was just as I expected, so this will take care of the Symantec error message. After this I need you reboot, then install AVG again - you shouldn't have problems this time.

It's odd that oleadm.dll file was present but wininet.dll is not infected. So, it may have been infected since the last time we checked, so let 's check it again:

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINDOWS\System\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here along with a new HiJackThis log.

[SmokyGirl]

Do you want AVG installed before I go to Jotti Scan? .... I thought I'd cleaned up wininet.dll earlier, but who knows.

[SmokyGirl]

Jotti Virus Scan Report:

File: Wininet.dll
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 3d3f0083f8c210541884b4625083257d

I'm off to reinstall AVG.

[Michelle]

I thought I'd cleaned up wininet.dll earlier, but who knows

That's almost impossible to do by conventional means But, it's excellent that it is not infected

After AVG is installed, reboot and post a new HijackThis log and of course let me know if you run into any of the problems you had previously.

[SmokyGirl]

AVG scan ran clean; no problems or infections.
Also the pesky Symantec error message is gone.
It looks like you accomplished the impossible and helped me clear up all the problems on my friend's PC!

Here is the latest Hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:06 PM, on 7/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE
C:\WINDOWS\SYSTEM\HPZTSB06.EXE
C:\PROGRAM FILES\UTILITIES\AVG FREE ANTI-VIRUS V7.0\AVGCC.EXE
C:\PROGRAM FILES\UTILITIES\AVG FREE ANTI-VIRUS V7.0\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\UTILITIES\AVG FREE ANTI-VIRUS V7.0\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TIES
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\UTILIT~1\AVGFRE~1.0\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\UTILIT~1\AVGFRE~1.0\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\UTILIT~1\AVGFRE~1.0\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Bananafanafo,
What's your personal opinion, should I install Norton Anti-Virus on here or just leave it with AVG?

[Michelle]

That's great news

My personal opinion is do NOT re-install Norton. I prefer AVG and use it myself.

I do have some recommendations to help keep the system clean

First, and foremost, the system needs a firewall! Two good free versions are Sygate (preferably), and ZoneAlarm.

Then, I highly recommend the Google Toolbar to prevent pop-up windows, which is extremly important.

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

[Michelle]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.