Author Topic: Suspicious Message Alerts! Lots of them!!  (Read 12986 times)

0 Members and 1 Guest are viewing this topic.

Offline Yox

  • Newbie
  • *
  • Posts: 7
  • Yeah ..... Right!
Re: Suspicious Message Alerts! Lots of them!!
« Reply #15 on: October 22, 2006, 09:00:26 AM »
Morning Everyone,

Well, this morning I powered up, and immediately got a Trojan alert, which was something called twain22.exe:  win32:PdPinch-AU.  This was sent to the chest.  It has reappeared 4 times in the hour and a half since I powered up.

I have read the comments on the forum ... I'm getting paranoid guys!! ... I've downloaded and run Security Task Manager, which has allowed me to delete (quarantine) jgdwadsn.exe.  Thanks Tech for the recommendation - it has also found these files:

e1.dll                          (95% rating)
w3sskbda.dll              (82% rating)
iuennwcl.dll                (82% rating)

Can someone please advise on these??

How do I best move forwards from here?   Would it help to re-run Hijack This at this point to see what is still there?  I need to clean my machine, and then take steps to prevent this happening again.  All advice gratefully received!!

Oh .... lastly - the name "Yox" ..... my real name is David Yoxall .... Yox has been my nickname since time immemorial!!!

Offline Spyros

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1139
Re: Suspicious Message Alerts! Lots of them!!
« Reply #16 on: October 22, 2006, 10:20:25 AM »
I've downloaded and run Security Task Manager, which has allowed me to delete (quarantine) jgdwadsn.exe.  Thanks Tech for the recommendation

TECH???
I thought that was me?!
 ;D ;D ;D

Quote
- it has also found these files:

e1.dll                          (95% rating)
w3sskbda.dll              (82% rating)
iuennwcl.dll                (82% rating)

Can someone please advise on these??
1st & 2nd one belong to Stration/Warezof. Possibly the 3rd too, as it isn' t a known process.
Find the files and put them to a password-protected .zip file & send them to Virus[at]avast.com with a short description, a link to this thread and the password for the .zip file.
Then use Security Task Manager to kill & quarantine them.
Run any good spyware programm you can get (ewido, a-squared) and possibly an online virus scanner, such as Kaspersky (http://www.kaspersky.com/virusscanner).

Offline Yox

  • Newbie
  • *
  • Posts: 7
  • Yeah ..... Right!
Re: Suspicious Message Alerts! Lots of them!!
« Reply #17 on: October 22, 2006, 04:49:39 PM »
OK Folks,

Update time!

First, humble apologies Spyros - it was you - blame it on my very small brain!

I've zipped up the 3 files above & sent them to Avast!.  I then deleted (quarantined) the files using Security Task Manager.

I then downloaded Kaspersky.com, which is running now - so far it has found 21 viruses -

riskware not-a-virus:Monitor.Win32.KeyKey.121                        x 5
Trojan program Trojan-Downloader.JS.Psyme.ce                       x 1
Trojan program Trojan-Spy.HTML.Fraud.gen (modification)         x 1
virus Email-Worm.Win32.Warezov.dc                                      x 7
deleted: virus Email-Worm.Win32.Warezov.df                         x 7

All these have been deleted.  theres still an estimated 2 1/2 hours to go!!

When all this has finished am I "clean"??

Interestingly, I cannot run Avast and Kaspersky concurrently - which is better to have running all the time??

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Suspicious Message Alerts! Lots of them!!
« Reply #18 on: October 22, 2006, 05:47:50 PM »
I then downloaded Kaspersky.com, which is running now - so far it has found 21 viruses
Did you Quarentine these ones?
Didn't avast detect them? If so, can you extract them from the Kaspersky Quarentine to an USB Driver, zip, password and send it to virus (at) avast.com to analysis?
Thanks.

When all this has finished am I "clean"??
Well... who knows.
Better will be:
1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Use a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).

Interestingly, I cannot run Avast and Kaspersky concurrently - which is better to have running all the time??
No interestingly, but it's normal. You can't run two antivirus at the same time. They will conflict.
Are you using the Professional version of avast? Or you're trying to compare the free avast with the paid Kaspersky?
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84921
  • No support PMs thanks
Re: Suspicious Message Alerts! Lots of them!!
« Reply #19 on: October 22, 2006, 05:56:12 PM »
@ Vox
There is nothing to stop you using avast as the resident scanner and only using on-access scanners (Bitdefender, etc.) or on-line scanners as a back-up scanner - On-line Virus Scanners and other useful Links Security-Ops.eu.tt, you will find many links for on-line scanners there, including a link for Kaspersky Web Scanner.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Roma

  • Newbie
  • *
  • Posts: 7
  • I'm not a llama*))
Re: Suspicious Message Alerts! Lots of them!!
« Reply #20 on: October 23, 2006, 11:46:50 AM »
Well, this morning I powered up, and immediately got a Trojan alert, which was something called twain22.exe:  win32:PdPinch-AU.  This was sent to the chest.  It has reappeared 4 times in the hour and a half since I powered up.

Hello,
Can you help me with this win32:PdPinch-AU (WINDOWS/twain22.exe)?
Avast deletes this file, but after restarting twain22.exe comes back. What I need to remove else?

Thank you.

Offline Yox

  • Newbie
  • *
  • Posts: 7
  • Yeah ..... Right!
Re: Suspicious Message Alerts! Lots of them!!
« Reply #21 on: October 23, 2006, 01:38:09 PM »
1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Use a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).

Hi folks,

I'm getting there.  Question - do I need to restore system support afterwards??

Thanks ....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Suspicious Message Alerts! Lots of them!!
« Reply #22 on: October 23, 2006, 08:03:26 PM »
I'm getting there.  Question - do I need to restore system support afterwards??
If you want to use it, enable it.
Disabling deletes all restore points (and the infected files that come back... recurring infection). Enabling it again - after step 3 - is up to you. It won't harm and will allow you to use this MS feature  8)
The best things in life are free.