Author Topic: MSN virus/several trojans help?!?  (Read 37045 times)

0 Members and 1 Guest are viewing this topic.

Spiritsongs

  • Guest
Limewire
« Reply #60 on: November 19, 2006, 09:10:55 PM »
 :)  Hi "Pan" :

     Your screen shot showed "Limewire", which is a P2P program; having programs
     like that on a computer increases the risk of getting "bad stuff", like trojans.

     Would be better "replacing" it with the safer and "cleaner" Shareaza
     from www.shareaza.com .

pandammonia

  • Guest
Re: MSN virus/several trojans help?!?
« Reply #61 on: November 20, 2006, 12:30:43 AM »
Hey spirit- Thanks for heads-up! I use Shareaza on my pc, and have already planned ditching limewire and putting shareaza on his pc instead. I don't know how much cleaner it is (lol) but i've never been infected by it, caught a few beforehand though, but i much prefer shareaza, better program, and Aussie made!

pandammonia

  • Guest
Re: MSN virus/several trojans help?!?
« Reply #62 on: November 20, 2006, 04:16:53 AM »
Hey i scanned installer5.exe ay virustotal. Only prevx1 found it as a virus, it called it Spyware.Free.Serials.Hijacker. Is this anything to worry about?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: MSN virus/several trojans help?!?
« Reply #63 on: November 20, 2006, 09:56:51 AM »
Quote
Hey i scanned installer5.exe ay virustotal. Only prevx1 found it as a virus, it called it Spyware.Free.Serials.Hijacker. Is this anything to worry about?

It looks like an installation file. It would be dangerous to click on, because it would install some spyware. Just sitting there it is not harmful. exe files like this downloaded from websites, messenger programs , P2P networks etc can be very dangerous if opened. Make sure you delete it , and also have a quick look for any suspicious exe files lying around. If you find any, check the name on Google or send them to VirusTotal.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: MSN virus/several trojans help?!?
« Reply #64 on: November 20, 2006, 12:30:47 PM »
Hey i scanned installer5.exe ay virustotal. Only prevx1 found it as a virus, it called it Spyware.Free.Serials.Hijacker. Is this anything to worry about?

To be sure, the better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti
The best things in life are free.

pandammonia

  • Guest
Re: MSN virus/several trojans help?!?
« Reply #65 on: November 20, 2006, 02:16:47 PM »
Cool, will remove it though. Theres also some strange files n folders laying around i think might have come with virus too (ie empty folder 'bintheredunthat'), that i shall also check n delete. Other than that i think he's clean now, everythings working gr8 so far. I switched Kerio for Zone Alarm, which i find much better and will now be putting on my pc too. AVAST! is on, updated and happy! Having so much trouble getting CA/VET AV off, it fails through its own uninstallation process, but they dont seem to be clashing, any removal hints?
Can't thank you all enough, especially u frank  ;D .
THANK U THANK U THANK U

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: MSN virus/several trojans help?!?
« Reply #66 on: November 20, 2006, 05:03:08 PM »
You're welcome!

I think you should try and remove VET because there are two running processes and  services which at the vet least are taking up system resources. At the worst they may clash with avast! and cause instability.

I tracked down a manual removal guide for CA eTrust EZ anti-virus (which I think is the same as VET in Australia).

Basically it involves deleting the software and services registry keys- then rebooting the computer.

There are instructions for backing up the registry before you begin and some screen shots to help you.

Click on the eTrust link on this page:

http://virusthreatcenter.com/permalink.aspx?BlogId=92
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: MSN virus/several trojans help?!?
« Reply #67 on: November 20, 2006, 05:17:48 PM »
Here are some instructions for older versions- they come from the same site and were quoted in an Experts Exchange thread. Looks like they've been removed from the CA eTrust site, but they may apply to you if you have an older version sitting on the computer. You'll need to check which registry entries exist on your computer.

Quote
"VERSION 6.0

Note: For security reasons, the following key and program file group are not deleted after the uninstall of version 6.0.

You may delete these manually:
     HKEY_CURRENT_USER\Software\ComputerAssociates\InoculateIT
     C:\Program Files\CA


If you did not uninstall via the Add and Remove programs menu, please follow the instructions below:
Delete Registry Keys:
Go to Start - Run - and type in regedit.
Hit Enter. (Click the + signs where you are instructed to "scroll").
In the Registry editor, scroll to:

          + HKEY_LOCAL_MACHINE
          + SOFTWARE
          + ComputerAssociates
          + InoculateIT

     Once you have scrolled to HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\InoculateIT Click EDIT (at the top of the screen) and Select Delete.

     Repeat these steps for the following keys:

          HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ScanEngine
          HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\CA-InstalledITProducts
          HKEY_CURRENT_USER\Software\ComputerAssociates\InoculateIT


Remove Files and Directory: C:\Program Files\CA\…
Go to My Computer
Open the C: drive (or which ever drive on which you installed the program.)
Open the Program Files folder (click "show files" to view the files in that folder.)
Open the CA folder.
Open the eTrust EZ Armor folder.
Highlight the eTrust EZ Antivirus folder and click delete.
Highlight the ScanEngine folder and click delete.
Make sure you delete those folders from the recycle bin as well.

 

VERSION 6.1

Delete Registry Key:
Go to Start - Run - and type in regedit.
Hit Enter. (Click the + signs where you are instructed to "scroll").
In the Registry editor, scroll to:

          + HKEY_LOCAL_MACHINE
          + SOFTWARE
          + ComputerAssociates
          + Anti-Virus

Once you have scrolled to HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\Anti-Virus Click EDIT (at the top of the screen) and Select Delete.

Remove Files and Directory: C:\Program Files\Computer Associates\eTrust EZ Antivirus
Go to My Computer
Open the C: drive (or which ever drive on which you installed the program.)
Open the Program Files folder (click "show files" to view the files in that folder.)
Open the CA folder.
Highlight the eTrust EZ Antivirus folder and click delete.
Make sure you delete the folder from the recycle bin as well.

http://www.experts-exchange.com/Miscellaneous/Q_21919042.html?qid=21919042

(Registration required.)
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

pandammonia

  • Guest
Re: MSN virus/several trojans help?!?
« Reply #68 on: November 21, 2006, 01:37:29 AM »
I looked on the VET website and they provide removal tips for every other anti virus but theirs, thanks for finding removal instructions, will do it asap. Also, what exceptions do i need to allow for avast using ZoneAlarm, so it will update, etc? Also, do u know if microsoft/windows updates get through or do i need exceptions for that 2?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: MSN virus/several trojans help?!?
« Reply #69 on: November 21, 2006, 02:07:03 AM »
Also, what exceptions do i need to allow for avast using ZoneAlarm, so it will update, etc?

avast.setup, ashMaiSv.exe (avast! mail scanner) and ashWebSv.exe (avast! web shield).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: MSN virus/several trojans help?!?
« Reply #70 on: November 21, 2006, 02:13:57 AM »
Also, do u know if microsoft/windows updates get through or do i need exceptions for that 2?
The majority of Microsoft updates does not require 'exceptions' (it's better to say that does not be allowed to connect).
Some of them are small executable files that start a full set of files in order to update your computer. In this case, this specific executable needs to be allowed to connect  ;)
The best things in life are free.

pandammonia

  • Guest
Re: MSN virus/several trojans help?!?
« Reply #71 on: November 21, 2006, 02:16:48 AM »
Cheers oldman! :D
Thanks tech- so i dont add exceptions for microsoft, just let it go if it comes up asking?!?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: MSN virus/several trojans help?!?
« Reply #72 on: November 21, 2006, 02:40:06 AM »
Thanks tech- so i dont add exceptions for microsoft, just let it go if it comes up asking?!?
Yes... wait for the update to ask to connection  8)
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: MSN virus/several trojans help?!?
« Reply #73 on: November 21, 2006, 10:28:06 AM »
Allow connections for trusted programs. (Allow trusted programs to access the internet.)

The term exceptions is used in Windows firewall to mean incoming connections.

Kerio calls these attempts from outside to connect to your computer incoming connection alert. (Red Warning). Zone Alarm warns that a program is trying to act as a server. (Blue warning.)

Quote
Server Alerts
You may receive some alerts asking you if a certain program should act as a server and be given "server rights". Under most circumstances, you do not want to give a program "server rights" unless you want to allow outside connections to access that specific program.

Quote
The safest approach is to deny "server rights" to any program (unless you are running a Web site from your computer for instance).

http://www.zonelabs.com/store/content/support/zasc/faqs.jsp?dc=12bms&ctry=US&lang=en&lid=zasupp_i#13

http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?anchor=alerts&lid=zasupp_u
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog