Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stop-Sign Virus software [CLOSED]


  • This topic is locked This topic is locked

#1
hawthorn

hawthorn

    Member

  • Member
  • PipPipPip
  • 203 posts
Hi All.

i did a free scan with Stop-Sign virus software (eAcceleration) and came up with 2 viruses and 4 possible spyware cookie files.

As Follows:

C:\Documents and Settings\Myself !\My Documents\O.E\Virus.dbx:error-mail_info.zip - Fri, 06 May 2005 01:09:57 UTC - Your email was blocked <Win32.HLLM.Generic.355>

C:\Documents and Settings\Myself !\My Documents\O.E\Virus.dbx:account_info.zip - Thu, 05 May 2005 01:27:51 UTC - Your Password <Win32.HLLM.Generic.355>

Possible Spyware Cookie: AvenueA <Possible Spyware Cookie>
Possible Spyware Cookie: BFast <Possible Spyware Cookie>
Possible Spyware Cookie: MediaPlex <Possible Spyware Cookie>
Possible Spyware Cookie: TribalFusion <Possible Spyware Cookie>

I had received lots of infected email, but Norton seemed to be intercepting them, but that is what has shown up now, at any rate.

Then i ran Adaware and it founf 76 critical objects, about 20 of which were related to Stop-Sign... How could this be, is it a bad program?

And why did Norton pick up nothing?

Thanks

KC
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You got that right :tazz:

It's listed as an optional fix (I think) in some places. But eAcceleration is a mandatory fix if I see it. It's not a good program to have. It might be reporting false-positives to you (another words, fake alarms). Just to make sure, run both these scans:

Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here. You may also use Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.
  • 0

#3
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi

Thanks for reply. No luck with trend virus check. I got as far as scanning last night, and it went to 70% of the way then nothing happened for about 6 minutes and finally I cancelled it, then IE just closed as non-responsive. I tried tonight again and the exact same thing.

So now Im going to try Panda.

K
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, I'm not sure if you read this already, but do these now if you haven't done them yet:
Please read this topic and follow the steps outlined there. Hold off on the HijackThis log until you do the Ewido scan (see below for instructions).

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display 'Update successful')
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Finally, restart your computer and post a new HijackThis log, as well as the report log from the Ewido scan.
  • 0

#5
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Thanks for the instructions. Ive been away for a few days so am about to embark on them now! Ive downloaded the new Ad-Aware and on reading the help file I notice they dont suggest deleting eveything it finds. Im sure in the past Ive read here that it was safe to do so. Is this the case, or is this a new scenario with the latest version?

KC
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem, use Ewido is all else fails (assuming you have Windows 2000 and up). Follow all the instructions there and post the HijackThis log when you are ready.

You may fix all Ad-Aware finds if you don't mind deleting any of your cookies (some users want to keep these since it saves their username and password for those sites that they checked to Remember me so they don't need to login manually). Other than that, you may go ahead and fix everything which most users do.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP