Author Topic: Viruses and Screen Saver problems...  (Read 43907 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Viruses and Screen Saver problems...
« Reply #15 on: August 29, 2008, 12:00:51 AM »
Hi JEAN*,

You can fix this line with HJT:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
File Missing
When a file is missing, you should always have HijackThis fix the item.

Further analysis of your hjt file:
Your system seems clean of malicious software, but you have no active firewall running. This could cause a hightened risk of remote attacks.

Survey of active tasks:
smss.exe   

System task
   

Session Manager Subsystem
winlogon.exe   

System task
   

Microsoft Windows Logon Process
services.exe   

System task
   

Windows Service Controller
lsass.exe   

System task
   

Local Security Authority Service
svchost.exe   

System task
   

Microsoft Service Host Process
svchost.exe   

System task
   

Microsoft Service Host Process
svchost.exe   

System task
   

Microsoft Service Host Process
aswUpdSv.exe   

Virusscan
   

Avast Anti-Virus Component
Explorer.EXE   

System task
   

Microsoft Windows Explorer
ashServ.exe   

Virusscan
   

Avast
jusched.exe   

Backgroundtask
   

Sun Java Update Scheduler
point32.exe   

Application
   

Microsoft Intellimouse Monitor
type32.exe   

Application
   

Microsoft Office Keyboard Console
ashDisp.exe   

Virusscan
   

Avast AntiVirus
realsched.exe   

Application
   

RealNetworks Scheduler
PSFree.exe   

Backgroundtask
   

Pop-Up Stopper Free from Panicware.
MsnMsgr.Exe   

Application
   

MSN Messenger
DesktopWeather.exe   

Unknown task
   

SUPERAntiSpyware.exe   

Anti Add/Spyware software
   

SUPERAntiSpyware
spoolsv.exe   

System task
   

Microsoft Printer Spooler Service
orbitdm.exe   

Background task
   

orbitdm.exe
captimag.exe   

Unknown task
   

SaverStarter.exe   

Unknown task (screen saver freeware)
   

Webshots.scr   

Unknown task Description: File webshots.scr is located in a subfolder of "C:\Program Files" or sometimes in a subfolder of C:\. Known file sizes on Windows XP are 1605632 bytes (60% of all occurrence), 1646592 bytes, 3297280 bytes, 1650688 bytes, 1843200 bytes.
There is an icon for this program on the taskbar next to the clock. The program has a visible window. The file is not a Windows core file. webshots.scr is able to connect to Internet, record inputs. Therefore the technical security rating is 18% dangerous, however also read the users reviews.

If webshots.scr is located in the folder C:\Windows then the security rating is 21% dangerous. File size is 1957888 bytes (85% of all occurrence), 634880 bytes. The program has a visible window. The file is located in the Windows folder, but it is not a Windows core file. The file is not a Windows core file. webshots.scr is able to record inputs, connect to Internet.

Important: Some malware camouflage themselves as webshots.scr, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the webshots.scr process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.
   

ashMaiSv.exe   

Virusscan
   

Avast Anti-Virus Component
ashWebSv.exe   

Virusscan
   

avast! Web Scanner
usnsvc.exe   

Application
   

Messenger Sharing USN Journal Reader Service
rundll32.exe   

System task
   

Microsoft Rundll32
iexplore.exe   

Application
   

Microsoft Internet Explorer
WLLoginProxy.exe   

Application
   

Microsoft? Windows Live Login Helper
HijackThis.exe   

Application
   

Merijn Hijackthis



polonus
« Last Edit: August 29, 2008, 12:40:50 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89244
  • No support PMs thanks
Re: Viruses and Screen Saver problems...
« Reply #16 on: August 29, 2008, 12:32:24 AM »
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.

Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
The latest version is JRE version 6 update 7, there is a Release Candidate (RC) update 10 but I would give that a wide berth until it is a regular release.

A visit to http://secunia.com/software_inspector/ for a check to see if there are any other updates you need.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YoKenny

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #17 on: August 29, 2008, 02:23:45 AM »
The sun Java version you are running is down level and has security exposures.

Download JavaRa then run it and un-install all old versions of sun Java:
http://raproducts.org

Get the latest version of Sun Java:
http://www.java.com/en/download/manual.jsp

Go to Secunia: Online Software Inspector and run it to detect other insecure aplications:
http://secunia.com/software_inspector

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89244
  • No support PMs thanks
Re: Viruses and Screen Saver problems...
« Reply #18 on: August 29, 2008, 02:48:00 AM »
Is that an Echo I can hear ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YoKenny

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #19 on: August 29, 2008, 04:19:29 AM »
Quote
Is that an Echo I can hear

I was just pointing out JavaRa.

I wonder if polonus was around when God was making the Universe that there would not have been as many mistakes made?

wyrmrider

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #20 on: August 29, 2008, 04:31:21 AM »
echo big time
I was about to suggest the same thing

spybot is a keeper due to immunize
I'd also keep the others around and reasonably updated
most really bad stuff showing up nowdays kills teh internet connection making downloading them when you need them difficult
I'd pick one for real time  most of the guys on this forum like spyware terminator (without the AV and toolbar)
I'm trying out some different ones
 
back on topic
how bout the screen saver problem guys


REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #21 on: August 29, 2008, 05:10:57 AM »

Hi polonus,

Quote
You can fix this line with HJT:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
File Missing
When a file is missing, you should always have HijackThis fix the item.

Well noted and done.


Quote
Further analysis of your hjt file:
Your system seems clean of malicious software, but you have no active firewall running. This could cause a hightened risk of remote attacks.

I don't understand, because I have the Windows firewall on!!


WEBSHOT


I am surprised about your comments on Webshot

http://www.webshots.com/


There are some comments there:

http://siteadvisor.se/sites/webshots.com


http://personalweb.about.com/od/photohosting/gr/webshots.htm

http://personalweb.about.com/lr/webshots/75662/1/

Thanks again,
Jean*


LAST HJT:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:31, on 2008-08-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
E:\0000\40 APPLI CATIONS\CAPTURE\captimag.exe
C:\Documents and Settings\c\Menu Démarrer\Programmes\Démarrage\SaverStarter.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HJT\Prog Installé\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW6] "C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: captimag.lnk = E:\0000\40 APPLI CATIONS\CAPTURE\captimag.exe
O4 - Startup: SaverStarter.exe
O4 - Startup: TCLOCKEX.lnk = C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: =>&Anglais - http:\\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203493634812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203977164578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6706 bytes

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #22 on: August 29, 2008, 05:24:49 AM »
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.

Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
The latest version is JRE version 6 update 7, there is a Release Candidate (RC) update 10 but I would give that a wide berth until it is a regular release.

A visit to http://secunia.com/software_inspector/ for a check to see if there are any other updates you need.

Hi DavidR

I will do that!!
Thanks.
Jean*

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #23 on: August 29, 2008, 05:31:51 AM »
Is that an Echo I can hear ;D

Moujhajhajahjahjahjahjajaj   ;D   ;D     ;D


J*

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #24 on: August 29, 2008, 05:44:41 AM »
Hi wyrmrider,

echo big time
I was about to suggest the same thing

;D   ;D  ;D   ;D

Quote
spybot is a keeper due to immunize
I'd also keep the others around and reasonably updated
most really bad stuff showing up nowdays kills teh internet connection making downloading them when you need them difficult
I'd pick one for real time  most of the guys on this forum like spyware terminator (without the AV and toolbar)
I'm trying out some different ones

Sounds good to me! ;)


Quote
back on topic
how bout the screen saver problem guys

Moujhajhajhajaaahjaj

How come I have the impression some can't read?  ;D ;D ;D 8) :P



My PC is clean - no viruses - no Spywares !

I have a Screen Saver problem due to a Virus I HAD!!..

Read my first post please...    ;D ;D

And , of course, many thanks to all!...

Jean*

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #25 on: August 29, 2008, 05:48:00 AM »
Quote
Is that an Echo I can hear

I was just pointing out JavaRa.


Hi YoKenny,

Quote
I wonder if polonus was around when God was making the Universe that there would not have been as many mistakes made?

  ??? What do you mean?? 8)

Jean*

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89244
  • No support PMs thanks
Re: Viruses and Screen Saver problems...
« Reply #26 on: August 29, 2008, 03:06:09 PM »
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

- There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

There are some that consider the webshots adware/spyware.
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

http://www.liutilities.com/products/wintaskspro/processlibrary/launcher/
http://www.auditmypc.com/process/launcher.asp
Quote
launcher.exe (Launcher) - Details

The launcher.exe process may watch you as you are surfing the internet and report any information that it discovers to an online database. It will also create and display targeted advertisements.

So you have to ask yourself what benefit do you get from it and are you happy that it could be reporting your browsing activity.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wyrmrider

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #27 on: August 29, 2008, 05:59:52 PM »
back on topic

what about the munged screensaver start

REDACTED

  • Guest
Re: Viruses and Screen Saver problems...
« Reply #28 on: August 29, 2008, 07:24:23 PM »
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

Hi DavidR

I don't want to become histerical about protection!! ;)
This is the ONLY virus I ever had in 15 years!
I never used any firewall.
I spent the last 3/4 days cleaning, downloading, trying, etc...
And I found really nothing special I didn't detect before...
I just want to enjoy Internet normally.
I don't nead to put my PC in a safe!  :)   ;D ;D ;D ;D



Quote
There are some that consider the webshots adware/spyware.
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

http://www.liutilities.com/products/wintaskspro/processlibrary/launcher/
http://www.auditmypc.com/process/launcher.asp


So you have to ask yourself what benefit do you get from it and are you happy that it could be reporting your browsing activity.

I never had any problem whatsoever with Webshots.
Just enjoyed it since 6/7 years.  Lots of splendid pictures, a very good screen saver.
And you can have a nice desktop picture changing every 5 minute if you want to!!
And I just don't care if they can know where I go on the web...
And I don't think they are the only ones to do so!!
What about GOOGLE???  ;)
I would show every site web I visit to my mother if she where still alive!!  ;D ;D ;D ;D ;D

I never had any spamming problems.  I get 1 or 2 spams a day.  That's all. So, not bad, I think.


TO ALL:


And MOST IMPORTANT, nobody, NOBODY (except wyrmrider)
noticed my ORIGINAL and ONLY QUESTION:
my SCREEN SAVER PROBLEM!!

In fact I had 2 questions:
the other is:
WHY  AVAST did not stop the virus AV2009??
It's not a new virus? Is it??
Was it not in the detection list?

Everyone just made me clean and clean and clean...

I now have dry skin problems!!  8) 8) ;D ;D ;D ;D


and from now on, would you all post
about my original post and questions!



Or is it just a language problem?
I am from French Québec so my english
might not always be 10/10. :)   :D :D

Have a nice day,
Jean*

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Viruses and Screen Saver problems...
« Reply #29 on: August 29, 2008, 08:03:28 PM »
Hi JEAN*,

Je vous souhait le bon week-end,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!