Author Topic: Viruses and Screen Saver problems...  (Read 44036 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Viruses and Screen Saver problems...
« Reply #60 on: September 10, 2008, 01:06:37 AM »
If I have the gist of what is going on installing the screen saver won't have any effect if there is something missing that would notify the screen saver to run.
Reinstall and we'll see if anything is missing ;)
The best things in life are free.

wyrmrider

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #61 on: September 10, 2008, 06:32:54 PM »
Tech posted this in another thread 

Can you try to overinstall Windows? Overinstallation can solve the problem and you won't lose your programs, settings, data, files, etc.
Just choose 'Repair' installation of Windows and install 'over' the old installation.
Are you using XP?

http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314058
http://www.webtree.ca/windowsxp/repair_xp.htm

Thanks Tech

YoKenny

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #62 on: September 11, 2008, 04:56:48 AM »
What Jean needs is SDFIX:
http://www.bleepingcomputer.com/forums/topic131299.html

Most likely it will have to be downloaded on a non-infected system then installed and ran on the infected system using the instructions from BleepingComputer.

Insure that your Sun Java is up to date by using JavaRa:
http://raproducts.org

Then insure other installed applications are up to date with Secunia Software Inspector by clicking on Start Scanner:
http://secunia.com/vulnerability_scanning/online
« Last Edit: September 11, 2008, 05:04:26 AM by YoKenny »

wyrmrider

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #63 on: September 11, 2008, 05:17:08 AM »
Thanks for stepping in YOKenny

Jean*
when you run SDFix follow the instructions exactly
any questions/ translations post them up first
post the log

Wyrmrider

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #64 on: September 11, 2008, 07:45:08 AM »
Tech posted this in another thread 

Can you try to overinstall Windows? Overinstallation can solve the problem and you won't lose your programs, settings, data, files, etc.
Just choose 'Repair' installation of Windows and install 'over' the old installation.
Are you using XP?

Hi,
That's the first thing I would have done!
But I don't have the disc installation. (Win XP Pro)
I have to go back to the store
where I bought my PC.
I might do it if there is no other solution.
But, I must say I am more interested to know
what's the cause of the bug!




Quote
What Jean needs is SDFIX:
http://www.bleepingcomputer.com/forums/topic131299.html

Most likely it will have to be downloaded on a non-infected system then installed and ran on the infected system using the instructions from BleepingComputer.

@YOKennny  and wyrmrider,

I'm not sure I want to run SDFIX.
I have NO viruses.  My system IS clean.  8)
AVAST, PANDA, TREND MICRO, KASPERSKY, SECUSER... :o
Don't tell me I still have some virus!
It's a joke, no?? :-X


Quote
SDFix is a program written by AndyManchesta that can remove many different types of Trojans and Worms.
You mean to say SDFIX will remove things
that the six others didn't find?
Will it stop somewhere?


As of now I have NO reason to beleive I still have some virus.
Sure everything IS possible!  But will I run ALL antivirus there is??


I REPEAT:
I just have a SMALL problem with double clicking
on screen savers applications.
It won't run, I just get the Configuration window!
I MUST go to the SS Tab and Install them.

And I'm still wondering why AVAST
did NOT stop those 2 Virus.
I still wait for an answer from AVAST techs...
Because with the researches I made,
they were not some NEW virus.
« Last Edit: September 11, 2008, 07:50:19 AM by JEAN* »

YoKenny

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #65 on: September 11, 2008, 09:21:58 AM »
Quote
I'm not sure I want to run SDFIX.
I have NO viruses.  My system IS clean. 
AVAST, PANDA, TREND MICRO, KASPERSKY, SECUSER...
Don't tell me I still have some virus!
It's a joke, no??
As of yet I do no think that any of the anti virus vendors have come up with complete detection of this rapidly mutating infection.

If you have no virus and it is a safe application to run then what harm can it do?

I have run it on my systems and it found nothing but I have used it to remove the nasty infection it detects on my friends system.

Reviewing your old HijackThis logs leads me to this conclusion and have you removed the old Sun Java installs?
« Last Edit: September 11, 2008, 09:24:44 AM by YoKenny »

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #66 on: September 11, 2008, 11:15:58 AM »



If you have no virus and it is a safe application to run then what harm can it do?
It is just that I've got a life!  ;)
I don't really want to spend too much time
running antivirus programs!  I taught 6 was enough!
Tomorrow, there will be another?  And another??
I really don't understand why people don't beleive me?
I have no virus!
And, a fact is that SDFIX seems very "touchy" to me.
I don't want to make things worse... ;D ;D ;D

And yes I uninstalled Sun Java and run the latest version.

Here are again a picture (Proof !! ;D) of SECUNIA and the HJT Log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:56:39, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\CAPTURE\captimag.exe
C:\Documents and Settings\c\Menu Démarrer\Programmes\Démarrage\SaverStarter.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW6] "C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: captimag.lnk = C:\Program Files\CAPTURE\captimag.exe
O4 - Startup: SaverStarter.exe
O4 - Startup: TCLOCKEX.lnk = C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: =>&Anglais - http:\\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203493634812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203977164578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6629 bytes

micky77

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #67 on: September 11, 2008, 05:18:12 PM »
I've read several links,saying these programs av2008/2009 modify the wallpaper settings.One link suggests editing the registry. If you are desperate, and running out of ideas,it may be an idea.http://www.hardforum.com/showthread.php?t=1337448

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89339
  • No support PMs thanks
Re: Viruses and Screen Saver problems...
« Reply #68 on: September 11, 2008, 05:21:29 PM »
Well if I remember rightly MBAM detects these changes to the wallpaper and can correct them I believe as this was in another antivirus 2008/2009 style topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

micky77

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #69 on: September 11, 2008, 05:35:40 PM »
Well if I remember rightly MBAM detects these changes to the wallpaper and can correct them I believe as this was in another antivirus 2008/2009 style topic.
Yes,Ithink it was a bad idea to remove this threat manually.

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #70 on: September 11, 2008, 08:46:40 PM »
Well if I remember rightly MBAM detects these changes to the wallpaper and can correct them I believe as this was in another antivirus 2008/2009 style topic.
Between August 21st and September 11 (today!)
I runned 11 times MBAM, as asked by different people,   ;D
without finding anything significant!
The last 4 logs indicate "NO ERROR FOUND" on each item.
And I did updates of MBAM each time!

After reading your post, I deceided to run MBAM again just to please you...   :)
Hmmmmm!...  Seems to me there was an IMPORTANT UPDATE.
(It took some time to upload and the program was closed.
Then they asked me to open it again...)

And look at the log:  I think I've found something...  :P

To me, it would be:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ . . . etc.

I didn't change anything yet.


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1141
Windows 5.1.2600 Service Pack 3

11/09/2008 14:08:55
mbam-log-2008-09-11 (14-08-43).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 73580
Temps écoulé: 23 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


(Pfiou! Never practiced my english that much   ;D  ;D)
I must go out now. I'll be back in 1 h or so.
I expect good news when I come back... ;)

Thaks for  helping,
If you feel to correct my english, please do!

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #71 on: September 11, 2008, 08:49:10 PM »
I've read several links,saying these programs av2008/2009 modify the wallpaper settings.One link suggests editing the registry. If you are desperate, and running out of ideas,it may be an idea.http://www.hardforum.com/showthread.php?t=1337448
Hi,
I tried the link and it doesn't work at that moment...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89339
  • No support PMs thanks
Re: Viruses and Screen Saver problems...
« Reply #72 on: September 11, 2008, 08:57:52 PM »
That one you have shown from the last MBAM scan I have it Ignored from when it was detected on my system.

Looking at it it looks more like it is complaining about the syntax of the string "%1" %* which it classes as Bad (though I for the life of me can't see why, which is why I chose to Ignore it) and "%1" /S which it considers Good. Again I don't know why as this relatively new system hasn't been amended since it was purchased in regard to screen saver files.

I don't know if the /S switch after the "%1" is safer than the %* in the event a malicious screen saver attempting to be installed. But, it doesn't mean you have something malicious on your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wyrmrider

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #73 on: September 11, 2008, 11:20:16 PM »
Thanks DavidR, Micky,YoKenny
HJT does not find everything
What was asked is, and you may have
run javara
to check for java leftovers, traces, etc
they can cause undefined problems
java has used several install locations and different names so even doing a search by hand is tough

I have no problem with a SDFIX- just follow the instructions
I would rather do that than another MBAM scan
Does Windows XP not have a file verifier utility?
It does look that refreshing windows would tell us if something got hand removed by mistake

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #74 on: September 11, 2008, 11:53:42 PM »
Hi,
First, I'll tell you I was very disappointed by your answers!
I was so sure I had found the reason of the problem! :P
I was ABSOLUTLY sure you would have me correct the SCRFILE entry!

To me it was so obvious that my problem
was right there in front of me, laughing at me!  ;D ;D

And I WAS DAMN RIGHT!!
I just changed %* by /S
  ..... AND IT WORKED!
How good am I !   :D :D :D

I FOUND IT !!   I FOUND IT !!

Any reactions??
8)