|
-
October 15th, 2005, 11:43 PM
#1
Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool. Type virtumonde in the dialog box. Let it run and after a few minutes, a prompt will appear. Click OK to write the results to Notepad and post them here.
Also try searching for gebyy and awvvw
-
October 16th, 2005, 12:53 AM
#2
-
July 13th, 2008, 08:39 PM
#3
chkdsk /f problem
Crunchie
I'm writing you after a couple of years (hoping you are still there!) w a new, unrelated problem--on my daughter's computer.
it's a basic Compaq running windows xp home edition (updated to sp2 or probably sp3--I remember that stuff about my computer but not always the kids' computers).
anyway: chkdsk /f stall at step 2, index checking--get to 5% and doesn't go further (stalled at exactly the same point when I re-ran it).
computer is operable so I can run hijack this or whatever else by way of diagnostics you think I should run.
thanks!
best,
Tenney, in Tucson (USA)
-
October 16th, 2005, 01:03 AM
#4
Go here and download then run Silent Runners.vbs. It generates a log, please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.
May find it, may not  .
-
October 16th, 2005, 02:09 AM
#5
nope
none of the files, virtumonde, gebyy, awvvt, found.
here's the log: I'll break it into two posts as it's too long for one:
**
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [file not found]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"tgcmd" = "C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf" ["Comcast"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SunKistEM" = "C:\Program Files\eMachines Bay Reader\shwiconem.exe" ["Alcor Micro, Corp."]
"SM1BG" = "C:\WINDOWS\SM1BG.EXE" ["Cypress Semiconductor"]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"Dell AIO Printer A920" = ""C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"" ["Dell Computer Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"CyberPatrolNew" = ""C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m" ["SurfControl plc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = "UberButton Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = "YahooTaggedBM Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQ\ICQShExt.dll" [null data]
"{D1FB6C78-10FD-45cd-8FF4-8267D62992FB}" = "CompuServe"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\csshare\shell\us\shellext.dll" ["CompuServe Interactive Services, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{969223c0-26aa-11d0-90ee-444553540000}" = "Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "pgp55mn.dll" ["Pretty Good Privacy, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{9A0FCE34-C7CA-4F8F-A2BD-2265244B280B}" = "YDS Icon Overlay Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\YAHOO!~1\YDSICO~1.DLL" [empty string]
"{4469E55B-EF37-4E08-A39B-5774F91DB50B}" = "YDS Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\YAHOO!~1\YDSICO~1.DLL" [empty string]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
PDZIPMenu\(Default) = "{18b78d40-142d-11cf-9f12-0020aff0e034}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PowerDesk\pdshext.dll" ["Mijenix Corporation"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PDZIPMenu\(Default) = "{18b78d40-142d-11cf-9f12-0020aff0e034}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PowerDesk\pdshext.dll" ["Mijenix Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "tnathanson" & "All Users" startup folders:
------------------------------------------------------------
C:\Documents and Settings\tnathanson\Start Menu\Programs\Startup
"tomorrow" -> shortcut to: "C:\Documents and Settings\tnathanson\My Documents\txt files\tomorrow.txt" [null data]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"BigFix" -> shortcut to: "C:\Program Files\BigFix\BigFix.exe /atstartup" ["BigFix Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer - tn" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\cplsp.dll ["SurfControl plc."], 01 - 13, 27
%SystemRoot%\system32\mswsock.dll [MS], 14 - 16, 19 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 17 - 18
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"]
{6224F700-CBA3-4071-B251-47CB894244CD}\
"ButtonText" = "ICQ"
"MenuText" = "ICQ"
"Exec" = "C:\Program Files\ICQ\ICQ.exe" [null data]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{97809617-3937-4F84-B335-9BB05EF1A8D4}\
"ButtonText" = "Help"
"Exec" = "http://online.comcast.net/help/" [file not found]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
-
October 16th, 2005, 02:10 AM
#6
rest of log
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.emachines.com
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
SAVScan, SAVScan, ""C:\Program Files\Norton AntiVirus\SAVScan.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 231 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 19 seconds.
---------- (total run time: 293 seconds)
-
October 16th, 2005, 02:35 AM
#7
Not seeing anything there either. Could just be a false positive from active scan.
Have you tried any other online scans?
BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.
Housecall at TrendMicro
http://housecall.trendmicro.com/hous...start_corp.asp
Make sure you tick Auto Clean.
eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
-
October 16th, 2005, 04:08 PM
#8
BitDefender scan
scanned w BitDefender: it found just one virus & deleted the file:
Trojan.Downloader.Ieax.A
next step? is there one?
-
October 16th, 2005, 04:59 PM
#9
At the moment I would just put it down to a false positive. You could try a registry cleaner maybe? Other than that, I can think of nothing else.
-
October 16th, 2005, 10:44 PM
#10
more adware
can you recommend a registry cleaner? is it worth it?
also: Norton scan found more adware, which it can't delete. It's called ADWARE.CDT and it's located at C:\Program Files\support.com\backup\59\590DE8D5d01
Norton wouldn't delete it but I just deleted by hand.
question: a couple of the online scanners you recommended--esp. the Trend Micro, not so much the Active Scan--run really slowly if Norton auto protect is on, so I disabled auto protect (but kept the Zone Alarm firewall active). So: is it worth running the Trend Micro scan if I have to do that, or is it likely to create more problems than it eliminates? (Active Scan seems to zoom along fine w Norton auto protect still enabled).
also: I usually run: Norton AV auto-protect; the Microsoft beta spyware detector (but I sometimes alternate this w Pest Patrol); and Zone Alarm (but this frequently slows my computer down a lot, though often things run fine; when it's too slow I close it and just re-enable the windows default firewall, which I know doesn't check outgoing traffic). is this a pretty good suite of programs? do you have other recommendations?
thanks again!
-
October 17th, 2005, 06:13 AM
#11
Easycleaner is pretty good, as is registry mechanic. 1st is free.
I personally prefer Sygate firewall over ZoneAlarm. Don't have any problems with it.
Other than that I would use another browser where you do not have to run any real-time antispyware tools .
I use Opera with just an AV and a firewall. Never had any serious nasties, just a few cookies.
If you are concerned about the length of time Trend is taking, do not worry about it. There a a few others you can use .
-
October 17th, 2005, 09:14 PM
#12
Easy Cleaner
thanks!
I did a scan w Easy Cleaner & it found something like 318 invalid entries. I've created a system restore point, & in Easy Cleaner there's an UNDO function.
do you think I should just go ahead and delete all 318 invalid entries and hold my breath?
I'm assuming the log is too long to post here--yes?
thanks again
-
October 18th, 2005, 04:13 AM
#13
I have had absolutely no problem with deleting everything that EZ cleaner finds. As you say, there are also backups created .
-
October 18th, 2005, 05:24 PM
#14
 Sygate
so far so good w EZ Cleaner--no problems yet after deleting bad registry entries.
question about Sygate PF: I installed it & like it. but apparently I can't update the signatures unless I buy the pro version (I can get updates of the program itself, but not of the signatures). Is that right, do you know?
if it is, I need to decide whether to plunk down the $40 US rather than put up w the sometimes balky Zone Alarm free program . . .
-
October 19th, 2005, 06:47 AM
#15
I never realised that was the case. I have the Pro version. Sorry if I gave you a bum steer  .
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
