Wyrmrider! thank you for your replies. All this techy stuff is mind boggling, lol. I need a cup of coffee, a red bull and multi vitamin.
NOrton
I did not see that you removed and ran the norton uninstaller so for now Do NOT DO THAT
You have uninstalled avast and avira
run this www.avast.com/eng/avast-uninstall-utility.html
then go here http://www.pchell.com/virus/uninstallantivir.shtml
so I should run the above incase there are traces of avast and avira?
Report Back Is your current version the only Norton you have had on this machine
so I just spoke w/the previous owner and when they first had this laptop in 2005, it was in fact,pre installed w/norton. a few months ago the hard drive crashed and they reinstalled the original software the laptop came with, norton 2005 being one of them. that expired about 5 days ago and I was considering other anti virus (AVAST being on the top of my list because I have used it in the past and have had great success with it), when I accidentally downloaded the virus and when norton flagged it, I figure it best to immediately upgrade and did so by selecting the download option for Norton anti virus 2008.
Now since you are no longer an avast user see you later
just kidding this is a user driven forum welcome to avast
you can't leave me! you're my techy angel!
sounds like Kazza is not installed just some files on D go ahead and delete the file and folder
done!
you do not have to pause norton but would not hurt to disconnect from internet and pause when running spybot/ MBAM and especially if running an on line AV scan like Kaspersky
pause norton and disconnect when running Kaspersky?
Ad-aware will not hurt anything - did you run a scan?
a few of them, between yesterday and the day before, it removed about 200 infections. I tried finding the log by going here: C:\Documents and Settings\All Users
but there isn't an application folder.so this is all I was able to get w/o running another scan for detailed results:
20080906 16-06-11 : Started cleaning the system of infections
20080906 16-06-12 : Clean operation finished
(I began running it as I’ve been replying and its found 9 objects so far)
If you ran a spyware terminator scan and it found anything please post- did you update?
So apparently, while I was napping, my roommate went into the Antivirus 2009 folder, right clicked on the Smart Virus.exe program and selected scan with avast. Avast immediately identified it as a Trojan and recommended sending it to the chest, which they followed. She attempted to individually scan the other items in the folder zlib.dll and vscan.tsi, and said that the scanner appeared and disappeared, so she assumed it didn’t detect anything. She said there were only 6 items in the vault. I only know of what I last saw in the screen shot attached a prior post. I uninstalled avast before finding this out.
ST is the only program you have with real time anti spyware features
My roommate used spyware term to scan the smartvirus2009 desktop shortcut and here is that log:
Logfile of Spyware Terminator v2.2.1.433 (db:2.008.007.001)
Scan Time: 9/7/2008 11:01:51 AM length: 0 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 2 (Critical:1)
Filter: No System items, No Safe items, No Invalid items
Threat Files
<Trojan.Downloader.Zlob.Gen> : C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url
Advanced Files Report
End of Report
Spybot did you install t-timer?
I have no idea, but lately when I attempt to turn the comp off, or restart, a teatimer error message appears.
if you did go to upper left Mode>advanced>tools>resident and uncheck t-timer
please check -as T-timer can interfere with removal activities- that's what it does- prevents changes
done!
do you know what the files in the avast chest were?
last I saw were the 6 listed in an earlier screenshot attachment and my roommate said that the smartvirus.exe file was moved there. I did email avast with the info.
via con dios
Tehe
Your Avast chest shows several Restore point files which will go away in any case
the Kaza is there so if you do not find it on D:\programfiles\kaza that's where it went
it was on the d drive and is now gone
vanwxemkgrp.dll I would think nasty but most of the google hits are Polish
Polonus- you lurking today? If we could retrieve it I would upload to virustotal and avast for inspection
If we cannot easily retrieve - no great loss
how can I go about helping you obtain that?
These were in your first HJT any idea what removed them
ad aware spyware terminator scans?
I have no idea. Any suggestions as to how to find out?
C:\Program Files\Smart Antivirus 2009
No, it’s gone =)
I think this thread shows the advantage of running multiple scanners
I read that some programs can pick up what others miss, that is why I’ve always had more than one anti virus and anit spam programs running. But will keep the anti-virus software down to one, the last thing I want is any more problems!
The antivirus 2009 may have reinstalled itself on a reboot between spybot and MBAM
we will need to run a root scan
could someone post up the list of rootkit scanners?
I did a search on mycomp for root kit and realized that I still have Ashampoo AntiSpyWare, from some time ago, it has:
RootKitDetector.exe
the ashampoosoftware is inactive, should I just delete it?
I read that ad-aware and avira have rootkits
http://www.cnet.com/topic-software/rootkit.htmlthe third spybot shows
wscsvc.exe
Wscsvc.exe is PWS-Banker.k.gen.
Read more:
http://vil.nai.com/vil/content/v_132052.htm
Kill the process wscsvc.exe and remove wscsvc.exe from Windows startup
Hmmm, I’ve never seen e-gold pop ups
let's see if this shows up again
did MBAM get it?
Should I run MBAM again at some point?
continue the plan
Kaspersky
SDFix
new HJT
I previously mentioned that I was running ad-aware while responding. I selected a ‘smart scan’ and it found 9 objects. Please see attached.
Thank you everyone for being so helpful!
*** the file is an .xml file so I couldn’t attach it, when I selected the link to make a screen shot, I received this:
The XML page cannot be displayed
Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.
The system cannot locate the resource specified. Error processing resource 'file:///C:/Documents and Settings/Administrator...