Re: Question Multi A/V Tool

From: "Diane P." <DMPnospam@xxxxxxxxxxxxxx>

|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:%23wsk33ayIHA.4816@xxxxxxxxxxxxxxxxxxxxxxx
From: "DMP00114" <GracieMP114@xxxxxxxxx>

|>> Thanks for the info. I don't know what could be wrong. I followed the
|>> directions and found them simple and easy to follow. For some reason,
|>> this program did not like my PC. What precipitated all this was Avast
|>> finding win32:adware-gen(ADW) and Win32:rootkit-gen(RTK). Avast
|>> recommended I move them to the chest, which I did. Then I ran thorough
|>> scan last night that took hours and the PC was clean. I turned off
|>> system restore before running the scan in safe mode. This morning, I
|>> found win32:trojan-gen and some problem with a Java 1.06 bin file.
|>> What I can't figure out, is that the buggers didn't show up on the
|>> thorough scan last night, but showed up when I ran another scan, "just
|>> to be on the safe side". I hope this is not one of those SP3 for WinXP
|>> related issues. I also have Super-Antispyware that found a couple of
|>> tracking cookies and nothing else; I also ran Ad-Aware and Spybot that
|>> I run faithfully every Saturday and they showed nothing. It was
|>> interesting to note that Avast showed the warning when I was scanning
|>> with SAS...go figure
|>>
|>> I thought there was a problem so, and I quit the Sophos scan. I
|>> proceeded to the Trend Micro scan and that ran fine and found no
|>> issues; I started the Kaspersky module, and it's been running since 10
|>> am; it's now 3pm. It's going thru my C drive, but I see a lot of
|>> "error=delete wrong pointer(00000000)" I don't have a clue what that
|>> means or if the scanner is doing it's job with all the errors. I
|>> haven't been able to sit and watch the whole process for all those
|>> hours.
|>>
|>> I couldn't tell if my PC was actually infected , but thought I should
|>> do something about the warning messages. Maybe all I should have done
|>> was move the offenders to the chest, but took what I thought was the
|>> safer road, now I'm not so sure.
|>>
|>> Thank you David. You provide a great service to those of us with
|>> issues.
|>>
|>> Diane
|>>

Diane:

The fact that they won't run and you have found malware which included a RootKit, I must
conclude that you are infected still.

You will need expert, guided help.
Suggested location; TheSpyKiller


1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Relevant Pages

  • Re: Problem with Win32.trojan.spy.agent.kb
    ... (HJT) ... Download/run Deckard's System Scanner: ... Forums where you can get expert advice for HiJack This! ... Logs. ...
    (microsoft.public.security.virus)
  • Re: I think I have been hijacked.
    ... (HJT) ... Download/run Deckard's System Scanner: ... Forums where you can get expert advice for HiJack This! ... Logs. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Rogue Program
    ... (HJT) ... Download/run Deckard's System Scanner: ... Forums where you can get expert advice for HiJack This! ... Logs. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: vista anti-virus
    ... (HJT) ... Download/run Deckard's System Scanner: ... Forums where you can get expert advice for HiJack This! ... Logs. ...
    (microsoft.public.windowsxp.general)
  • Re: removal of winspywareprotect
    ... (HJT) ... Download/run Deckard's System Scanner: ... Forums where you can get expert advice for HiJack This! ... Logs. ...
    (microsoft.public.windowsxp.help_and_support)