Author Topic: have I got a virus or spyware (Read 5233 times)

UK_Sean · « **on:** March 24, 2005, 06:52:52 PM »

Hi all,

I'm new here

Last night windows explorer went all jerky (up and down and side to side really fast) so I couldn't delete temp folder or temp internet file, Other programs like spybot cleaner and many others, I used windows washer 5 and deleted all the folder and shut down my system and turned the power supply off and pressed the start button.

Then rebooted but still the same was happening.

So I shut the system down again and left it till this morning

Fearing the worst I booted up and all was fine (very weird)

So I did a scan with 3 online scanners and they all came up clean also did a scan with Panda Antivirus Platinum Internet Security 2005 which was my system scanner and found nothing (don't rate panda had it two weeks and nothing but trouble. I've uninstalled it now)

I heard about avast and thought I'd try it, I wish I'd try this before buying panda,

Oh well we live and learn

I did a scan with avast and in log file it said it couldn't scan three file (log file below) Does anyone know if these are harmful or not all so done a hijackthis also below

24/03/2005, 11:02:32
Memory scanning started...
No virus body found in memory.
Memory scanning finished (6.4s).
----------
Files scanning started...
C:\WINDOWS\SoftwareDistribution\EventCache\{7F3BB6ED-AA16-4AE8-8B7B-060C01F1644C}.bin... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (59281 files, 0 infected, 635.7s).
Drives scanned: C: F:

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:58:01, on 24/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Any help will be much appreciated

lee16 · « **Reply #1 on:** March 24, 2005, 07:14:19 PM »

Hi UK_Sean,

Quote

C:\WINDOWS\SoftwareDistribution\EventCache\{7F3BB6ED-AA16-4AE8-8B7B-060C01F1644C}.bin... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!

Is there anything 'odd' in your event viewer (Control Panel > Administrative Tools > Event viewer)

About your log, its clean, however these entries are unnecessary:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

And if you haven't over clocked your video card you can remove this entry as well (if you want):

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

--lee

UK_Sean · « **Reply #2 on:** March 24, 2005, 08:49:29 PM »

thxs lee

ASUS Probe is my system monitor for my asus motherboard

temps and fan speed.

I'm starting to think it was panda software causing the problem, But I'm still wondering about the three files that avast could'nt scan ?

lee16 · « **Reply #3 on:** March 24, 2005, 09:01:19 PM »

Hi

See here: http://www.computing.net/windowsxp/wwwboard/forum/61078.html

--lee

UK_Sean · « **Reply #4 on:** March 24, 2005, 10:17:19 PM »

Thxs Lee for the quick response

I've been looking at mt avast set up log and I'm not sure if avast has setup properly as their are a lot of not okay is this ok

24/03/2005 11:20:55   general      Started: 24.03.2005, 11:20:55
24/03/2005 11:20:55   general      Running setup_av_pro-26f (623)
24/03/2005 11:20:55   system      Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
24/03/2005 11:20:55   system      Computer WinName: HOMEBASE
24/03/2005 11:20:55   system      Windows Net User: HOMEBASE\Sean
24/03/2005 11:20:55   general      Cmdline: /sfx /sfxstorage "C:\DOCUME~1\Sean\LOCALS~1\Temp\_av_sfx.tm~a00764" /srcpath "C:\Documents and Settings\Sean\Desktop"
24/03/2005 11:20:55   general      DldSrc set to sfx
24/03/2005 11:20:55   general      Old version: ffffffff (-1)
24/03/2005 11:20:55   general      Install check: SetupVersion does NOT exist
24/03/2005 11:20:55   general      SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
24/03/2005 11:20:55   registry      Get registry: Software\Microsoft\Internet Explorer\Version=6.0.2900.2180
24/03/2005 11:20:55   general      Operation set to INST_OP_INSTALL
24/03/2005 11:20:55   general      GUID: c597367b-2bdc-474d-b629-f422b6659745
24/03/2005 11:20:55   general      SelectCurrent: selected server 'tmp sfx storage' from 'sfx'
24/03/2005 11:21:05   package      Load C:\DOCUME~1\Sean\LOCALS~1\Temp\_av_sfx.tm~a00764\prod-av_pro.vpu
24/03/2005 11:21:05   package      LatestPartInfo: news = news-42
24/03/2005 11:21:05   package      LatestPartInfo: program = prg_av_pro-26f
24/03/2005 11:21:05   package      LatestPartInfo: setup = setup_av_pro-26f
24/03/2005 11:21:05   package      LatestPartInfo: vps = vps-51101
24/03/2005 11:21:05   package      Part prg_av_pro-26f was set to be installed
24/03/2005 11:21:05   package      Part vps-51101 was set to be installed
24/03/2005 11:21:05   package      Part news-42 was set to be installed
24/03/2005 11:21:05   package      Part setup_av_pro-26f was set to be installed
24/03/2005 11:21:05   package      FilterOutExistingFiles: 136 & 0 = 136
24/03/2005 11:21:05   package      IsFullOkay: setif_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: setif_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: setup_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: setup_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_core-239.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_core-239.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_dll409-115.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_dll409-115.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_hlp409-1bd.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_hlp409-1bd.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_skins-12.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_skins-12.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: avscan-198.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: avscan-198.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsys-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsys-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsysgui-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsysgui-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vps-51100.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vps-51100.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vpsm-51101.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vpsm-51101.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: news409-2d.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: news409-2d.vpu - not okay
24/03/2005 11:21:05   package      FilterOutExistingFiles: 136 & 0 = 136
24/03/2005 11:21:05   package      FilterOutExistingFiles: 134 & 0 = 134
24/03/2005 11:21:05   package      IsFullOkay: setif_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: setif_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: setup_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: setup_av_pro-26f.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_core-239.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_core-239.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_dll409-115.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_dll409-115.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_hlp409-1bd.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_hlp409-1bd.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_skins-12.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: av_pro_skins-12.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: avscan-198.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: avscan-198.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsys-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsys-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsysgui-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: winsysgui-1.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vps-51100.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vps-51100.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay: vpsm-51101.vpu - not okay
24/03/2005 11:21:05   package      IsFullOkay:

Theres a lot more but ran out of space

lee16 · « **Reply #5 on:** March 24, 2005, 11:13:31 PM »

Im not sure what it means either (im just a user like you remember

).

You could try a repair of avast (Control pannel > Add/Remove programs > Avast > change/remove >Repair).

Did you try my other link?, did it help at all?

--lee

UK_Sean · « **Reply #6 on:** March 25, 2005, 12:01:31 AM »

Yes, Lee I looked at the link and thought of deleting them,

But then I looked on my laptop and the same files were there, So I've left them for the time being.

Avast seems to be working ok.

would you check yours please

I found it right click on the avast ball in system tray

click on avast viewer log and in viewer log it's at the left pane at the bottom and a tab called setup and updating

click on that and you'll see the list do you have any in yours?

many thanks

sean

lee16 · « **Reply #7 on:** March 25, 2005, 12:41:34 PM »

Hi Sean,

Yes, i have got some lines in my log file, none are the same as yours though, i think whats best is if you post this in the Avast 4.x Home/Pro board as you will have more chance of talking to someone who works for avast/Alwil who will understand what this means.

--lee

Author Topic: have I got a virus or spyware (Read 5233 times)

UK_Sean

have I got a virus or spyware

lee16

Re: have I got a virus or spyware

UK_Sean

Re: have I got a virus or spyware

lee16

Re: have I got a virus or spyware

UK_Sean

Re: have I got a virus or spyware

lee16

Re: have I got a virus or spyware

UK_Sean

Re: have I got a virus or spyware

lee16

Re: have I got a virus or spyware