Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked by Extremist Militant Malware

Started by Joccobean , Oct 21 2005 07:22 PM

  • This topic is locked This topic is locked

#1
Joccobean
Posted 21 October 2005 - 07:22 PM

Joccobean

    Member

  • Member
  • PipPip
  • 21 posts
Hello y'all

I cleaned a lot of this problem (or so it seems) using the tools outlined in the prerequisite steps. So far, I seem to have gotten my desktop and homepage back, but a few nasty things still remain according to both Hijack This and Ewido security. Plus, I have some strange Bloodhound Virus that keeps causing my Norton to pop-up without actually fixing it.

Here is my Hijack this log, an exact copy of what appears in my Norton pop up regarding Bloodhound, and my Ewido Scan report. Thank you very much to whomever is reading this for helping all us ignorant PC users - we need it.

*******************************************
Logfile of HijackThis v1.99.1
Scan saved at 7:24:43 PM, on 21/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoctrl.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\HijackThis.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\AOL 8.0\aol.exe
C:\Program Files\AOL 8.0\waol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp6F53.tmp (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [THGuard] "C:\Documents and Settings\HEWWO\Desktop\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

***************************************************************************************

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.W32.EP
File: C:\WINNT\system32\wininet.dll
Location: C:\WINNT\system32
Computer: HEWWOPC
User: HEWWO
Action taken: Clean failed : Quarantine failed : Access denied

***************************************************************************************

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:44:19 PM, 18/10/2005
+ Report-Checksum: 47184FF7

+ Scan result:

HKLM\SOFTWARE\ShudderLTD -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\ShudderLTD\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Spyware.PSGuard : Cleaned with backup
[1052] C:\WINNT\system32\msole32.exe -> Not-A-Virus.Hoax.Renos.q : Cleaned with backup
[1172] C:\WINNT\system32\intmon.exe -> Trojan.Puper.bh : Cleaned with backup
[1552] C:\WINNT\system32\hp6F53.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\Documents and Settings\HEWWO\Cookies\hewwo@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\HEWWO\Cookies\hewwo@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\ghgldpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\heehlomd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\lipfgmmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\pebflomd.exe -> Dialer.Generic : Cleaned with backup
C:\WINNT\popuper.exe -> Trojan.Puper.bi : Cleaned with backup
C:\WINNT\sites.ini -> Spyware.PSGuard : Cleaned with backup
C:\WINNT\system32\hp2638.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp2690.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp2BF6.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp4BD4.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp4FBE.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp5332.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp542D.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp59BB.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp5B41.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp6F53.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hpB2BA.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\intmon.exe -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\msole32.exe -> Not-A-Virus.Hoax.Renos.q : Cleaned with backup
C:\WINNT\system32\shnlog.exe -> Trojan.Puper.bh : Cleaned with backup


::Report End
  • 0

Advertisements

#2
g2i2r4
Posted 22 October 2005 - 02:17 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Joccobean to Geeks to Go!

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


Download smitRem.exe version 2.7 and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

***

Launch ewido, there should be an icon on your desktop double-click it.

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Post back to this topic with a fresh HijackThis log, the latest Ewido log and the smitfiles.txt
  • 0

#3
Joccobean
Posted 23 October 2005 - 08:43 PM

Joccobean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I really appreciate you looking into this for me -- I would be completely lost without the help! Here is a fresh Hijack log, an Ewido report, and the smitfiles text in that order. By the way, how would I prevent this stuff from happening again. I'm sure y'all would hate to see me post the same problem again 2 months from now!

Thanks again

*******************************************************
*******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 8:48:45 PM, on 23/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoctrl.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Navnt\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\HijackThis.exe
C:\PROGRA~1\Navnt\vpexrt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Documents and Settings\HEWWO\Desktop\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

*********************************************************
*********************************************************

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:42:45 PM, 23/10/2005
+ Report-Checksum: 4EF0004F

+ Scan result:

No infected objects found.


::Report End

*********************************************************
*********************************************************


smitRem log file
version 2.7

by noahdfear

The current date is: Sun 23/10/2005
The current time is: 20:05:07.83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key present!

Running LTDFix/PSGuard.com fix!

checking for PSGuard.com key


PSGuard.com key not present!



ShudderLTD key was successfully removed! :)


if previously present, PSGuard.com key was successfully removed! :woot:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ole32vbs.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~

ptainfo1
ptainfo2


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


shudder global limited


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :tazz: Starting replacement procedure.


~~~~ Looking for C:\WINNT\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINNT\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINNT\system32\wininet.dll for infection ~~~~


~~~~ C:\WINNT\system32\wininet.dll Clean! :woot: ~~~~
  • 0

#4
g2i2r4
Posted 23 October 2005 - 11:37 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2...earch.php?qq=%1

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Reboot the computer.

***

Run the Free use Panda Active Scan.
You need to use Internet Explorer for this scan.
  • Click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

  • 0

#5
Joccobean
Posted 31 October 2005 - 11:10 AM

Joccobean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry this took so long to reply, haven't been home in a while!

I tried to run the Active Scan, and I got the Active X file downloaded, but the program froze and I had to reboot my computer. Now when I go back to the website, nothing happens after I fill out my information and click Scan Now. My computer just sits like this:


ActiveScan Has Started...




|\
______________________| \
| Check "Yes" to Continue \
|______________________ /
| /
|/

Security information:
blah, blah, blah

Cheesy picture, I know, but couldn't paste a screen shot. Anyway, the box
where I download the file never comes up again, and my computer just sits
there and never makes a sound. I waited thinking maybe it was doing the
scan, but usually something happens to give that away. I have no idea if the
Active X file is still on my PC. I've run a system search for the file and checked
the obvious places myself. Am I missing something totally obvious here??!?
  • 0

#6
g2i2r4
Posted 31 October 2005 - 03:09 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let's check.
Move to Start > Settings > Control Panel
Double click Add/Remove Programs.

Can you see Panda Active Scan in there?

Remove it and reboot the computer.

Let's try again:

You will need to allow the popups for this site!

Run the Free use Panda Active Scan.
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on 1click active scan (top right hand corner) to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP