Avast WEBforum
Other => Viruses and worms => Topic started by: !Donovan on April 06, 2009, 04:28:36 PM
-
Type: Trojan.Offiz
Anti-Viruses: Avast, Symantec
Action: Pending Analysis
Risk Type: File
Infecting: Symantec Quarantine, Avast
From: hxxp://www.youareanidiot.org
Why didn't WOT, McAfee, and Avast block it?
Got It From the You are an idiot website. >_>
Avast won't even detect it!
Symantec detected it but it can't delete it!
I tryed updating Symantec. No Good!
The virus is a folder!
Its infecting my quarantine folder and Avast from these directorys:
C:\Windows\Temp\_Avast4_\
C:\Documents And Settings\All Users.Windows\Application Data\Symantec\Quarantine\
I can't delete the folder directly!
It makes hundreds of copys of itself every minute to slow down my PC!
I searched and found that you can stop it redownloading itself
by typing iexplorer -skull.
HELP PLEASE!!!!!
-
Trojan.Offiz - Removal
http://www.symantec.com/security_response/writeup.jsp?docid=2004-051713-3434-99&tabid=3
Program to clean malware from infected computers
http://www.norman.com/Virus/Virus_removal_tools/24789/en
-
The Symedic thing didn't work.
Avast Virus Removal Thingy Log:
avast! Antirootkit, version 0.9.6
Scan started: Monday, April 06, 2009 11:05:05 AM
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection] PlayCDAudioOnArrival="MSRipCDAudioOnArrival" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection] PlayDVDMovieOnArrival="MSPlayDVDMovieOnArrival" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] Local AppData="%userprofile%\Local Settings\Application Data" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership] Count=7 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] Options=0 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] Version=65537 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] DSPath="LocalGPO" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] FileSysPath="C:\WINDOWS\System32\GroupPolicy\User" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] DisplayName="Local Group Policy" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] Extensions="[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] Link="Local" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] GPOName="Local Group Policy" **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] GPOLink=1 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] lParam=0 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] Status=0 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] RsopStatus=0 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] LastPolicyTime=14908392 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] PrevSlowLink=0 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] PrevRsopLogging=1 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] ForceRefreshFG=0 **HIDDEN**
Scan finished: Monday, April 06, 2009 11:17:30 AM
Hidden files found: 0
Hidden registry items found: 25
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
----------
-
(http://i244.photobucket.com/albums/gg12/donovansrb2/AvastPro.jpg)
Avast Pro Detected nothing.
(http://i244.photobucket.com/albums/gg12/donovansrb2/AvastRootKit.jpg)
Avast Root Kit detects lots of hidden icons.
(http://i244.photobucket.com/albums/gg12/donovansrb2/Symantec.jpg)
Symantec detects viruses.
(http://i244.photobucket.com/albums/gg12/donovansrb2/Symantec2.jpg)
Symantec can't delete viruses.
-
Hi Donovansrb10,
When you checked it against a meta scanner like Jotti's or VirusTotal.com what were the findings there, can you serve us up with the link of your upload of the file(s) found,
polonus
-
I download Malwarebytes' Anti-Malware and did a quick scan.
Here is what I found:
Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 3
4/6/2009 2:59:40 PM
mbam-log-2009-04-06 (14-59-40).txt
Scan type: Quick Scan
Objects scanned: 164090
Time elapsed: 30 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\000C3463.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebcypnmkca_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebcypnmkca_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
=====================================
I still want to know why didn't Avast detect it and can they still know everything I typed?
-
Hi Donovansrb10,
For the successful removal of this virus, you have to temporarily disable system restore, how to you can read here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid
/2001111912274039?OpenDocument&src=sec_doc_nam
Then perform a full bootscan with avast,
polonus
-
Hi Donovansrb10,
For the successful removal of this virus, you have to temporarily disable system restore, how to you can read here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid
/2001111912274039?OpenDocument&src=sec_doc_nam
Then perform a full bootscan with avast,
polonus
I had system restore off about a week ago.
How do I do a "Full Bootscan" and will it detect this time because last time, it didn't detect it.
-
How do I do a "Full Bootscan"
Scheduling the Boot Time Scan
Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.
-
How do I do a "Full Bootscan"
Scheduling the Boot Time Scan
Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.
Ok, I'll try that after MBAM does a full scan.
Its going to take a while because my computer has over 75,000 files. :(
-
When I did the Avast! Boot scan, it found nothing.
I downloaded Spybot Search and Destroy and did a scan.
Here is the log of the scan:
FunWebProducts: [SBI $685582A8] Configuration file (File, fixed)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Hotbar: [SBI $95B76932] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\HBTV
Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
Microsoft.WindowsSecurityCenter.FirewallOverride: [SBI $0C94D702] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride
Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe
Microsoft.Windows.AppFirewallBypass: [SBI $9DD943AA] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe
DSSAgent: [SBI $BF58EA32] Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-03-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-03-25 Includes\Malware.sbi (*)
2009-03-31 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2009-03-25 Includes\Tracks.uti
2009-03-30 Includes\Trojans.sbi (*)
2009-03-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
***
Still, no Anti-Virus has detected the folder virus. :(
-
I'm not sure about the Spybot detections... it's strange that it detects what other miss. Maybe false positives. Again, I'm not sure. Just take care.
-
Anti-Viruses I tryed to scan to see if it found the infected folder virus:
Avast! Anti-Virus Professional Edition
Spybot Search and Destroy
Malware Bytes' Anti-Malware
SUPERAntiSpyware Professional Edition
Avast! Virus Cleaner
Avast! Rootkit Finder
Hijack This
Now I'm trying DrWeb CureIt.
-
Dr.Web CureIt log.
acsd.exe;c:\program files\common files\aol\acs;Probably DLOADER.Trojan;Deleted.;
00000465/stream002\_94126C67196F4E539DD322A1A8799AFA;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\00000465/stream0;Probably SCRIPT.Virus;;
stream002;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Archive contains infected objects;;
00000465;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5;Archive contains infected objects;Moved.;
-
I'm going to do full scans on safe mode with:
DrWeb CureIt
Avast! AntiVirus Professional Edition
Spybot - Search and Destroy
Malware Bytes' Anti-Malware
SUPERAnti-Virus Professional
Avast! Cleaner
Avast! Anti-Rootkit
Hijack This
I will report the logs and anything suspicious while I'm scanning.
**********
Still, why won't any anti-virus detect the FOLDER virus?
-
Now I know that I do have a virus because Safe Boot Mode won't start!
-
I don't know if this will help but SUPERAntiSpyware Professionial started a scan automadicly.
-
I GIVE UP ON THIS DUMB VIRUS! I AM GOING TO WATCH TV ALL NIGHT WHILE ALL MY ANTI-VIRUSES DO A FULL SCAN.
-
My Avast! Anti-Rootkit has been hacked! How do I know this? It automatically said that it accured a problem and had to close when it was almost done! Is their any possible way to get rit/detect this dumb virus??
-
How to restore Safe Boot.
The malware may have deleted the SafeBoot registry keys.
Here are some options to restore them:
http://didierstevens.wordpress.com/2006/06/26/restoring-safeboot/ (http://didierstevens.wordpress.com/2006/06/26/restoring-safeboot/)
http://didierstevens.wordpress.com/2007/02/19/restoring-safe-mode-with-a-reg-file/ (http://didierstevens.wordpress.com/2007/02/19/restoring-safe-mode-with-a-reg-file/)
Also see http://forum.avast.com/index.php?topic=26554.msg216924#msg216924 (http://forum.avast.com/index.php?topic=26554.msg216924#msg216924)
-
I'm trying Avira AntiVar now.
-
***
I hope you have uninstalled other AV services because, if not, you will continue to have problems. More than one AV service on a computer will cause missed detections and other problems.
***
-
***
I hope you have uninstalled other AV services because, if not, you will continue to have problems. More than one AV service on a computer will cause missed detections and other problems.
***
So now you tell me. -_-
Is it possible that I can keep some togeather? If so, witch ones?
RootKit Buster
PAVARK
CCleaner
DrWeb CureIt
Avast! AntiVirus
Spybot - Search and Destroy
Malwarebytes' Anti-Malware
SUPERAntiVirus Professional
Avast! Cleaner
Avast! Anti Rootkit
Avira AntiVir
Symantec Endpoint Protection
Hijack This
Or is it reciminded to install scan remove, install scan remove...
-
Hi Donovansrb10,
The only thing a user should not do is install two "resident" av solutions onto one machine. This brings the same effect as two watch dogs watching a house, they start to fight among each other and not protect the home (computer). It is very well possible to combine one resident av solution with various non-resident or on-demand anti-malware scanners, so I combine avast resident with DrWebCureIt, stinger.exe, RUBotted, ComodoBoClean, MBAM, SAS, SpywareBlaster, A-suared Free as my personal formula (always take care to fully upgrade and update every scanner and do a full scan every fortnight or so).
For Cleansing you could combine it with CCleaner, but I use ATFCleaner and ClearProg.
What you cannot combine is for instance avast resident and symantec resident or mcafee resident or whatever major resident av solution that runs in the background and where the one scanner can interfere or find up the malware signatures of the other (that is why sonme online scanners cannot be combined, because of the open signature files (panda and avast do not go together).
Same story can be told for a software firewall, just use one, two is not better it is worse, when visiting these forums more often these are the very first things the advanced users tell you here, so I will never forget this rule and now you won't either,
polonus
-
Short answer No.
Both avast and avira are resident anti-viruses and you should only have one resident anti-virus installed. Disabling one isn't enough as they have low level drivers running even when installed.
You can install on-demand only anti-viruses ones that aren't always running but these are not so common, bitdefender free is on-demand I believe. Your other options are to use on-line scanners as a secondary scan. I would however avoid Panda as that installs folders in your system32 folder and it doesn't encrypt its virus signatures and then avast will alert on those scarring you out of your wits.
On-line Virus Scanners and other useful Links Security-Ops.eu.tt (http://www.security-ops.eu.tt)
I would also wonder about Symantec Endpoint Protection as that too has an anti-virus.
-
How do I uninstall Symantec Endpoint Protection and still be able to reinstall it? ???
-
There is little point in uninstalling it to subsequently reinstall it, as it has a resident AV element and the basic rule of thumb is only one resident AV.
Programs are generally removed via ad remove programs.
-
But after I UNinstall it, wouldn't that remove it from the list so i can INstall it?
-
Do you think I should create a folder with all the installations ov the Anti-Viruses so I can reinstall it if I need to switch? BTW, While I had all those antiviruses running on my computer, (Now I only have Symantec and Avast!, Don't blame me I still have Symantec) Avira detected 2 viruses when it was 54% done BUT when I right clicked a folder, my computer crashed. >_<
-
Don't blame me I still have Symantec)
You're using more than one antivirus at a time? They will conflict.
1) Remove NAV or Norton 360 through Add/Remove programs from Control Panel. Boot.
2) Use Norton Removal Tool for Windows 2000/XP/Vista (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1) or Norton Removal Tool for Windows 98/Me (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_98Me/1169144666/2). Boot.
3) Install avast! (or repair the installation) and boot.
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
Also, after you use Add/Remove, you should use Avira Antivir RegistryCleaner as well as the appropriate "Uninstallation Package", both of which can be found at: http://www.avira.com/en/support/support_downloads.html
-
But after I UNinstall it, wouldn't that remove it from the list so i can INstall it?
There is 'no' list requirement to install, you just run the installation file again, but you don't want to do that, as I have been banging on, having multiple resident AVs are more likely to cause problems as you have just found.
You have to decide which you are going to keep and uninstall the others. One thing to bear in mind support is an element frequently forgotten when choosing what AV.
-
But after I UNinstall it, wouldn't that remove it from the list so i can INstall it?
There is 'no' list requirement to install, you just run the installation file again, but you don't want to do that, as I have been banging on, having multiple resident AVs are more likely to cause problems as you have just found.
You have to decide which you are going to keep and uninstall the others. One thing to bear in mind support is an element frequently forgotten when choosing what AV.
Where is the installation file?
-
Where is the installation file?
Where did you save the file when you downloaded it?
-
Where is the installation file?
Where did you save the file when you downloaded it?
I don't know. All I know that I find lots of it here:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
-
I don't know. All I know that I find lots of it here:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
We're not understanding each other.
That folder seems a Norton (Symantec) one. I'm talking about the setup.exe file of avast antivirus.
Did you remove other antivirus to use avast?
-
I don't know. All I know that I find lots of it here:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
We're not understanding each other.
That folder seems a Norton (Symantec) one. I'm talking about the setup.exe file of avast antivirus.
Did you remove other antivirus to use avast?
I removed all Anti-Viruses EXEPT Symantec because I don't know where the installation file is. I'll keep looking.
-
Do you think its somewhere in here?:
C:\Program Files\Symantec\Symantec Endpoint Protection\
-
Found It!
C:\Program Files\Symantec\Symantec Endpoint Protection\Cached Installs\{F7190D5F-FAA9-4488-8B2C-693196F7ED9B}\
-
I uninstalled Symantec. Now what do I do?
-
Don't blame me I still have Symantec)
You're using more than one antivirus at a time? They will conflict.
1) Remove NAV or Norton 360 through Add/Remove programs from Control Panel. Boot.
2) Use Norton Removal Tool for Windows 2000/XP/Vista (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1) or Norton Removal Tool for Windows 98/Me (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_98Me/1169144666/2). Boot.
3) Install avast! (or repair the installation) and boot.
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
Also, after you use Add/Remove, you should use Avira Antivir RegistryCleaner as well as the appropriate "Uninstallation Package", both of which can be found at: http://www.avira.com/en/support/support_downloads.html
When I clicked on the link for the Removal, it said that I was not a member. :(
-
...Should I try Hijack This again?
-
Here is the new Trend Micro Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:16 PM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
C:\Program Files\MegaCool\SomethingforU\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
-
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516774250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193516760546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 10115 bytes
-
***
An analysis of your HJT log shows the following :
We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
Must be fixed! DSSAgent by Brøderbund - spyware. Sends encrypted emails about the system back to the originators of the program.
http://www.bleepingcomputer.com/startups/dssagent.exe-1446.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Unnecessary (deactivated) entry that can be fixed.
***
-
I have Windows Firewall.
HOW DID DSSAGENT.EXE GET BACK ON THERE! SPYBOT S&D WAS SUPPOST TO DELETE IT!!!
So, I should fix Extra button thingy.
-
UniBlue RegistryBooster found 490 registy problems!
HELP! IT ONLY CLEANED 15!!!
-
Malwarebytes' Anti-Malware didn't detect the AgentDSS.
LOG:
Malwarebytes' Anti-Malware 1.36
Database version: 1959
Windows 5.1.2600 Service Pack 3
4/9/2009 6:57:12 PM
mbam-log-2009-04-09 (18-57-12).txt
Scan type: Quick Scan
Objects scanned: 162815
Time elapsed: 1 hour(s), 24 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
When I did a scan with Spybot S&D, it found 10 viruses. (I don't know where log file is. I saved it to C:\Program Files\Spybot - S&D\
-
I deleted the BSSTORE Thing. How can the AGENTDSS still get through and I payed lots of money for that program and it was SPYWARE in the FIRST place!?!?!?!?!!?!?!?!?!?!?!?! >:(
::) Well, I might as well burn the CD.
-
Ok, I'm doing ANOTHER scan with Spybot Search and Destroy. If that find nothing, I'm going to try Malwarebytes' Anti-Malware.
-
Spybot S&D found more viruses. I'm going to scan again to see what viruses it has after I deleted the viruses.
-
Spybot S&D found two viruses.
Malwarebytes' Anti-Malware found one.
(No Spybot log because I don't know where they save it dir/ what?)
Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.36
Database version: 1959
Windows 5.1.2600 Service Pack 3
4/10/2009 5:03:32 PM
mbam-log-2009-04-10 (17-03-28).txt
Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 308887
Time elapsed: 3 hour(s), 17 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> No action taken.
??? ??? ??? How is MSN a virus? ??? ??? ???
-
***
No, it does not indicate that MSN is a virus. It indicates that the riched20.dll has a problem.
Have you visited SmileyCentral or any other MyWeb/FunWeb sites?
A google search will tell you much. Here is one through ScanDoo.
http://g.s.scandoo.com/search?hl=en&meta=on&q=riched20.dll
And here are a few results that are relevant to the problem :
http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx
http://www.prevx.com/filenames/X191170003658458692-X1/RICHED20.DLL.html
***
-
Ok, I'm getting a new problem now. When I went on the computer, after my account loaded, these things weird happened:
-I coulden't contect to the internet.
-Internet Explorer automadicly opened.
(As I was just typing, A NEW VERSION OF VIRUS DATABASE HAS BEEN UPDATED!)
-
***
No, it does not indicate that MSN is a virus. It indicates that the riched20.dll has a problem.
Have you visited SmileyCentral or any other MyWeb/FunWeb sites?
A google search will tell you much. Here is one through ScanDoo.
http://g.s.scandoo.com/search?hl=en&meta=on&q=riched20.dll
And here are a few results that are relevant to the problem :
http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx
http://www.prevx.com/filenames/X191170003658458692-X1/RICHED20.DLL.html
***
So how do I remove the "RICHED.DLL" virus if it reapeared after Spybot S&D deleted it?