Author Topic: very annoying! (Read 12674 times)

927 · « **on:** January 25, 2006, 02:10:55 AM »

its not the first time...:
after a file is scannad at jotti and avast finds problem x, then you do search "here" and nothing is found. in this case avast found something it calls Win32:Tysin

and i wanna know more about Win32:Tysin

http://www.asw.cz/i_kat_66.php?lang=ENG

and no, its not on my computer

igor · « **Reply #1 on:** January 25, 2006, 08:31:38 AM »

What exactly do you mean?
Are you saying that avast! scanner at Jotti finds a malware, but locally installed avast! doesn't detect anything in that file? If yes, what is the exact version of avast! (locally) installed and how exactly do you scan the file?

DavidR · « **Reply #2 on:** January 25, 2006, 03:38:59 PM »

I believ that 927 is saying there is no information on 'Win32:Tysin' using the avast.com web site search (the link given above).

@ 927
Unfortunately there is no common virus naming convention for virus names so what is picked up by another AV may well calle it comething different, an alias.
A google search for Win32:Tysin returns a couple of hits, in one there is a Jotti listing which shows other aliases.

Quote

INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 0aa3f3fd19c7fb7e9ec0521f203ac067
Packers detected:
-
Scanner results
AntiVir
Found Trojan/Fasiat
ArcaVir
Found nothing
Avast
Found Win32:Tysin
AVG Antivirus
Found nothing
BitDefender
Found Trojan.VB.AE
ClamAV
Found nothing
Dr.Web
Found Trojan.Landa
F-Prot Antivirus
Found nothing
Fortinet
Found W32/VB.AB
Kaspersky Anti-Virus
Found Virus.Win32.VB.ab
NOD32
Found Win32/VB.NBE
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

However, if you were to do a search for some of the other names given by the other AVs then you may well find more information. The Win32.VB.ab alias seems to return much more information.

927 · « **Reply #3 on:** January 25, 2006, 04:47:06 PM »

yes the real good av's has lot of info on certain virus or trojans (when you do a search on the website)

you are a long way from this
http://www.viruslist.com/en/index.html

but since avast is free i don't complain (much)

Vlk · « **Reply #4 on:** January 25, 2006, 05:09:10 PM »

927, every rule has an exception..

DavidR · « **Reply #5 on:** January 25, 2006, 05:28:27 PM »

Quote from: 927 on January 25, 2006, 04:47:06 PM

yes the real good av's has lot of info on certain virus or trojans (when you do a search on the website)

you are a long way from this
http://www.viruslist.com/en/index.html

but since avast is free i don't complain (much)

Just because detailed information isn't available on the web site doesn't mean avast isn't a good AV. Some of those that provide detailed information miss stuff that is picked up by avast.

Not to mention the information is out there, so devoting a team to this task would take people of the active development of avast.

There are many free products but I personally don't choose something just because it is free, it has to be up to the job and if it happens to be free that is a bonus.

Welcome to the forums and avast!

927 · « **Reply #6 on:** January 26, 2006, 01:07:21 AM »

yes but you want the hole package, not just a name when you are infected

what do "you" call blackworm/kama sutra/nyxem?

szc · « **Reply #7 on:** January 26, 2006, 01:18:27 PM »

Well I believe we already have a whole package... just try to find some free help at some other antivirus forum (if there is any provided for freeware version of the program). Virus naming doesn't mean anything when it comes to protecting part of the job, it's just an info, nothing else. Since avast! was installed first time on all my machines, term virus is unknown term here. That's what counts.

927 · « **Reply #8 on:** January 26, 2006, 03:55:46 PM »

when a trojan is found you wanna know how you got it, is it dangerous, what it did do, how can i fix it. some of them are really nasty!

if you think this is "just info" it's sad

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bankash.g.html

symantec don't have the "hole package" since nav sucks when it comes to find and preventing malware, big time, but the info is good.
avast is much better at this and offcourse is this way more important but information is still important

szc · « **Reply #9 on:** January 26, 2006, 04:21:44 PM »

It is not sad... it is the fact that most people don't even look at those information, they simply want to be protected. Do not forget that most people are still "normal" users without some extensive computer knowledge. They need a good antivirus, and they got it.

CharleyO · « **Reply #10 on:** January 26, 2006, 04:32:17 PM »

***

I have to agree with Tesla. Although I've messed with computers for 25+ years, security is the main thing with my computer these days and I could really care less what the name of the virus is nor what each av program calls it.

927, perhaps you think you need to know a virus name simple because you are use to an inferior av program with which you had to know or else you could not remove the infection it let in.

My main concern is that it is stopped before it does damage. AND, that is exactly what Avast! does and has done for more than 2 years for me.

***

927 · « **Reply #11 on:** January 26, 2006, 05:38:15 PM »

Logfile of HijackThis v1.99.1
Scan saved at 10:29:56, on 2006-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\SwiftBtn\SwiftBtn.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wmitra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wmitra.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\Margareta\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svt.se/texttv/202.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 222.89.98.219 www.wo365.com
O1 - Hosts: 222.89.98.219 cmfu.com
O1 - Hosts: 222.89.98.219 www.cmfu.com
O1 - Hosts: 222.89.98.219 9i0.com
O1 - Hosts: 222.89.98.219 www.9flash.com
O1 - Hosts: 222.89.98.219 9flash.com
O1 - Hosts: 222.89.98.219 www.nowok.net
O1 - Hosts: 222.89.98.219 nowok.net
O1 - Hosts: 222.89.98.219 wisa.com.cn
O1 - Hosts: 222.89.98.219 www.sia.com.cn
O1 - Hosts: 222.89.98.219 www.wisa.cn
O1 - Hosts: 222.89.98.219 wisa.cn
O1 - Hosts: 222.89.98.219 www.zhao99.com
O1 - Hosts: 222.89.98.219 zhao99.com
O1 - Hosts: 222.89.98.219 www.wo123.com
O1 - Hosts: 222.89.98.219 wo123.com
O1 - Hosts: 222.89.98.219 wo99.com
O1 - Hosts: 222.89.98.219 www.wo99.com
O1 - Hosts: 222.89.98.219 www.page.com.cn
O1 - Hosts: 222.89.98.219 page.com.cn
O1 - Hosts: 222.89.98.219 www.432.cn
O1 - Hosts: 222.89.98.219 432.cn
O1 - Hosts: 222.89.98.219 wysw.com
O1 - Hosts: 222.89.98.219 14.com.cn
O1 - Hosts: 222.89.98.219 www.14.com.cn
O1 - Hosts: 222.89.98.219 cnww.net
O1 - Hosts: 222.89.98.219 www.mv99.com
O1 - Hosts: 222.89.98.219 mv99.com
O1 - Hosts: 222.89.98.219 www.youav.com
O1 - Hosts: 222.89.98.219 www.mtvav.com
O1 - Hosts: 222.89.98.219 www.98983.com
O1 - Hosts: 222.89.98.219 98983.com
O1 - Hosts: 222.89.98.219 www.114.com.cn
O1 - Hosts: 222.89.98.219 114.com.cn
O1 - Hosts: 222.89.98.219 www.net114.com
O1 - Hosts: 222.89.98.219 www.skywz.com
O1 - Hosts: 222.89.98.219 skywz.com
O1 - Hosts: 222.89.98.219 www.hao6.com
O1 - Hosts: 222.89.98.219 hao6.com
O1 - Hosts: 222.89.98.219 www.678a.com
O1 - Hosts: 222.89.98.219 678a.com
O1 - Hosts: 222.89.98.219 www.7510.com
O1 - Hosts: 222.89.98.219 7510.com
O1 - Hosts: 222.89.98.219 www.zzkan.com
O1 - Hosts: 222.89.98.219 zzkan.com
O1 - Hosts: 222.89.98.219 www.ca183.com
O1 - Hosts: 222.89.98.219 ca183.com
O1 - Hosts: 222.89.98.219 3tom.com
O1 - Hosts: 222.89.98.219 www.yhjm.com
O1 - Hosts: 222.89.98.219 yhjm.com
O1 - Hosts: 222.89.98.219 www.k369.com
O1 - Hosts: 222.89.98.219 www.xxwww.com
O1 - Hosts: 222.89.98.219 xxwww.com
O1 - Hosts: 222.89.98.219 www.fm1000.net
O1 - Hosts: 222.89.98.219 fm1000.net
O1 - Hosts: 222.89.98.219 www.ok135.com
O1 - Hosts: 222.89.98.219 ok135.com
O1 - Hosts: 222.89.98.219 www.link999.com
O1 - Hosts: 222.89.98.219 link999.com
O1 - Hosts: 222.89.98.219 www.001wz.com
O1 - Hosts: 222.89.98.219 001wz.com
O1 - Hosts: 222.89.98.219 www.7t7t.com
O1 - Hosts: 222.89.98.219 7t7t.com
O1 - Hosts: 222.89.98.219 www.7k7k.com
O1 - Hosts: 222.89.98.219 7k7k.com
O1 - Hosts: 222.89.98.219 www.webcool.net
O1 - Hosts: 222.89.98.219 webcool.net
O1 - Hosts: 222.89.98.219 www.51sobu.com
O1 - Hosts: 222.89.98.219 51sobu.com
O1 - Hosts: 222.89.98.219 cy.51sobu.com
O1 - Hosts: 222.89.98.219 www.fj3721.com
O1 - Hosts: 222.89.98.219 fj3721.com
O1 - Hosts: 222.89.98.219 www.msncn.com
O1 - Hosts: 222.89.98.219 msncn.com
O1 - Hosts: 222.89.98.219 www.6235.com
O1 - Hosts: 222.89.98.219 6235.com
O1 - Hosts: 222.89.98.219 www.8goo.com
O1 - Hosts: 222.89.98.219 8goo.com
O1 - Hosts: 222.89.98.219 www.baimin.com
O1 - Hosts: 222.89.98.219 baimin.com
O1 - Hosts: 222.89.98.219 www.bwwz.com
O1 - Hosts: 222.89.98.219 bwwz.com
O1 - Hosts: 222.89.98.219 www.howow.net
O1 - Hosts: 222.89.98.219 howow.net
O1 - Hosts: 222.89.98.219 www.tongchi.com
O1 - Hosts: 222.89.98.219 tongchi.com
O1 - Hosts: 222.89.98.219 www.65658.com
O1 - Hosts: 222.89.98.219 65658.com
O1 - Hosts: 222.89.98.219 www.7o7o.com
O1 - Hosts: 222.89.98.219 7o7o.com
O1 - Hosts: 222.89.98.219 5126.net
O1 - Hosts: 222.89.98.219 www.5126.net
O1 - Hosts: 222.89.98.219 www.wangzhiku.com
O1 - Hosts: 222.89.98.219 wangzhiku.com
O1 - Hosts: 222.89.98.219 www.soyeah.com
O1 - Hosts: 222.89.98.219 soyeah.com
O1 - Hosts: 222.89.98.219 www.sowang.cn
O1 - Hosts: 222.89.98.219 sowang.cn
O1 - Hosts: 222.89.98.219 www.77177.com
O1 - Hosts: 222.89.98.219 77177.com
O1 - Hosts: 222.89.98.219 www.look8.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program\E2G\IeBHOs.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [QT4StBtn] C:\Program\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"
O4 - HKCU\..\Run: [wmitra] C:\WINDOWS\system32\wmitra.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

maybe this will get you "fall" down from the high towers...

and if you want i can send you some istbar files i downloaded very easily, whilst avast running

CharleyO · « **Reply #12 on:** January 26, 2006, 05:52:43 PM »

***

Do not click on any of those active links in that HJT log above. They lead you to China and thousands of cookies (no, not the good Chinese fortune cookies kind) ... probably spyware as well.

(I am running updated spyware programs now.)

Edit:

No spyware found!

Since istbar is basically adware, it may not be detected by many av programs. You can get removal help for it at this link :

http://www.doxdesk.com/parasite/ISTbar.html

***

essexboy · « **Reply #13 on:** January 26, 2006, 07:06:18 PM »

Quote

and if you want i can send you some istbar files i downloaded very easily, whilst avast running

Avast is ANTIVIRUS not Antispy ware

szc · « **Reply #14 on:** January 27, 2006, 02:57:24 AM »

Quote from: essexboy on January 26, 2006, 07:06:18 PM

Quote
and if you want i can send you some istbar files i downloaded very easily, whilst avast running

Avast is ANTIVIRUS not Antispy ware

Exactly... and btw, 927 remove those links (or at least disable them) from the HijackThis log file. There are many fresh users, tending to click on each and every one link they see. Posting something like that is not recommended.

Author Topic: very annoying! (Read 12674 times)

927

very annoying!

igor

Re: very annoying!

DavidR

Re: very annoying!

927

Re: very annoying!

Vlk

Re: very annoying!

DavidR

Re: very annoying!

927

Re: very annoying!

szc

Re: very annoying!

927

Re: very annoying!

szc

Re: very annoying!

CharleyO

Re: very annoying!

927

Re: very annoying!

CharleyO

Re: very annoying!

essexboy

Re: very annoying!

szc

Re: very annoying!