Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

AVG found virus...can you please read HJT

4693 Views 35 Replies 2 Participants Last post by  imperfeckd
I
AVG found a virus (trojan )and i put it in vault :eek: ....does this mean it is quarentined? :confused: and do i have to do anything with it now???:confused:

***edit***..now has found another one...same exact virus....put it in vault and the status on them both say active..:eek:...i have deleted my temp. files :eek:

i did a HJT log and am posting it...can you please read it for me to make sure pc is clean???i:) am on brand new computer now...:) thankyou...:)

Logfile of HijackThis v1.99.1
Scan saved at 6:42:58 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\diane\My Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5858bad6635418ebf0517d9486f0fcb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5858bad6635418ebf0517d9486f0fcb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
See less See more
Save
Like
Status
Not open for further replies.
1 - 16 of 36 Posts
Byteman
Hi Diane, The items found by AVG in quarantine (Vault) can be emptied from there- but they can also be Restored, and you have to be careful not to let them back-

I hate to tell anyone to just clear out the vault without knowing what was found, so, can you go into the Test Center and find the log for that scan or those two items that were found, and post them?

Did you have another TSG thread where someone was helping you?
Save
Like
Byteman
Hi, Well if they are gone then that's that and you submitted them so if they were new, then that will help. Slight chance of them doing anything.

I would need the filenames and where exactly they were in the system- you might see that, in the log or report, if you saved the BD one, or from AVG's. The online scans can even get into System Restore and clean things, really good thing to run once in while that's for sure.

For most of these Exploits there is an update or patch from Microsoft

I will look for it and post back.
Save
Like
Byteman
Hi, This is a detection of HTML.IE.Slice.c

what was found on yours may be very similar and it may help you find a filename> 5846168D.htm

Here is where to get the patch for this vulnerability, though it may already be installed (will tell you if
it is already patched) because you may have gotten it in temp files, before your machine was fully updated.
Will not hurt to make sure!

http://www.microsoft.com/technet/security/Bulletin/MS06-057.mspx

Make sure you get the right one for your version of Windows.
Save
Like
Byteman
Hi, The download was for a Critical Update to patch a vulnerability, not Service Pack 2, however if you have installed Internet Explorer 7, then you are already patched, unless you had the trojans or vulnerability breached.....before you installed IE 7.0 as it carries over from IE 6. You have IE 6, and that tells me you
probably have Automatic Updates turned off, or at least have updates set to not install if they are downloaded, until you run them.

The exploits are things that run off of websites, where if you go to the site unprotected, unpatched, or without an antivirus program let's say, these bugs will immediately be running in through the open door. It's actually a good way to get "hacked" and therefore we need to take care of the vulnerability, and also the files that have managed to get in. The vulnerability is a defect, or something hackers and the like take advantage of, to get control of other computers and wreak havoc, steal money, info, become famous....

NEVER try to "run" or "Open" a file that has been detected as infected!!!!!!!!!!!!!!!!

Not even if someone tells you it's a recipe for wealth and fame or a winning lottery scheme
[Sometimes, you don't even need to open or run a virus, they can be started by a preview in for example, Outlook Express, not all virii can do that.

{I'm sorry, I wrote this before I discovered that you had installed the patch, so NEVERMIND!!...}

I advise you to download the patch, here: Without it, the door remains Open! Somehow, you don't have this update, it was issued some time ago....do you have Automatic Updates turned off? That itself is not too bad an idea, as sometimes these updates break Windows> so, if you are not automatically downloading and installing them, I can't say that is totally bad, but you must run Windows Updates manually, and if you do not have them install themselves right then, you must remember to do so.

http://www.microsoft.com/technet/security/Bulletin/MS06-057.mspx

It says this at the link above>
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Download the update
That does not mean your'e downloading SP2, it means that the patch there next to it, is FOR those using Windows XP that have either SP1 or SP2 INSTALLED....means that it is compatible with either.

The download link is right there, "Download the Update" save to dekstop or your favorite download folder When you install patches like that, they close the hole these bugs apparently are sliding through, you could only otherwise prevent them with an extremely security tight setup, and that might not work, since they take advantage of Windows and IE, it's nothing you do or don't do. A firewall might alert you but might not work in time, or you or someone might tell the firewall it's OK not realizing what was happening.

Anyway, the file you are after is:

POH9RTHN\3_z[1].htm.....***** <<this is one file located here> The random folder name is normal,
that is in the CONTENT.IE5 main folder...do not delete the folder delete the files in them with the tool I will post below. 3_z[1].htm <<<this is the file name but, there may be others there by now, apparently they are coming from a website you or someone goes to, or email or IM links OR files downloaded

This file was found IN the AVG Virus Vault, it has been deleted by Bit Defender.
:\$VAULT$.AVG\52325390.FIL
Infected with: Exploit.HTML.IESlice.C

C:\$VAULT$.AVG\52325390.FIL
Disinfection failed

C:\$VAULT$.AVG\52325390.FIL
Deleted

Same for the second file Bit Defender found, it tried disinfection, failed, so it deleted it.

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Infected with: Trojan.Exploit.JS.B <<this is your notification or Trojan name

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Disinfection failed <<this is the first action, which failed....

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Deleted << this is the second action, which got rid of it!

All 3 above in each group, are the SAME FILE, if you look closely at the filename.

bdoscan.xxxxxxxx's

These are the logs, if you can see them can you open and copy and paste the content into a reply? It's just a report, the log, the results....of the scan. You cannot attach an HTML file extension so rename it to text.....

We can get rid of anything in the Temp folders using a nice utility, perhaps you even already have one....let's use CleanUp! This will NOT empty the Virus Vault, you have to do that!

Download Cleanup from here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies <<Checking this will remove saved logins...usernames and passwords!
      You might want to wait until you are sure you have those things written or saved someplace else!
    • Cleanup! All Users
    Click OK
  • DO NOT RUN IT YET

Now boot to safe mode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter

Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
Restart the computer normally, and back to regular Windows (no key tapping please).

Next: Open AVG, go to the Virus Vault in the Test Center and empty it! Or, these files that are actually
copies of the trojans, will stay there forever (they cannot do anything to the system in Vault but they will continue to be found by other scanners and worry you to death.

Scan again with Bit Defender --Place a check on everything under "Scan Options"

There should be something that tells you "Save Results" or similar----please try to find that, save the results to YOUR DESKTOP so you can find them, and then, copy and paste them to your reply, and also put in a new Hijackthis log and we will check them. You may have saved the results, those text files look like the ones, but I cant really tell for sure, only you can, they cannot do anything so open them and look and see what they tell you, you should recognize the files found....they might be older scan results though!

scanrep.html This looks like the BitDefender result log but you cannot post HTML here at TSG, so you need to save the Text from it and post that way. All we need to see is the exact filenames and where it was found on the system, and what the scanner did with it, for each file found..

Rename the results file this time, so you can easily pick it out!
See less See more
Save
Like
Byteman
Diane, I found good (better than mine) directions for saving the
Bit Defnder scan results

[webquote=http://forums.majorgeeks.com/showthread.php?t=35407]

Bitdefender: agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. ((I can do that here on my computer-edit by Byteman. TSG site does not allow HTML to be uploaded))

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an ATTACHMENT. See: HOW TO: Attach Items To Your Post
You MUST attach the Bitdefender log even it it indicates no problems. We want to see it anyway!!!![/webquote]
See less See more
Save
Like
Byteman
Diane, that is a report, done correctly... from Jan 14th, today. Infected files were

""Deleted files = 2""

We should see that no more of the exploit is found since you have installed that patch.

The JS type typically is after passwords, at least tht is what they used to do...I have not gone to the link about this specific bug but I will be able to shortly. :up:

More likely they are just coming into Temp Internet Files cache, but are not anything "infecting" your system.
Or, your own installed programs would have been popping up telling you about it....

AVG Antivirus is a good program, but it may not be detecting things coming into Temp files, at least until
they are active... You do have AVG protection turned on, right???
And, you keep it updated??

You should also use AdAware and SpyBot...or, Windows Defender from Microsoft.

Or, AVG Antispyware...this is a free trial type, it expires as far as updating, but will still protect you
from whereever it leaves off. Of course, an antispyware program that is kept udpated, is much better to have. This program is the old Ewido trojan detector, AVG's owner company acquired it recently.

Windows Defender, for XP, is free, from Microsoft.
See less See more
Save
Like
Byteman
Diane, those are the same files, they have been deleted....no need to post anymore OLD logs, just get the CleanUp utility I posted, run it as shown, and then take new Bit Defender scan post the log, and also, a new Hijackthis log.

When you do an antivirus scan , an AVG log is always saved, even if you stop the scan early>

Look in> Test Results>> they may be from way back, just look at the newest one
If you havent recently scanned with AVG,then no sense posting anything....

Virus Vault in AVG was emptied apparently, by the Bit Defender scan.....so, you probably only had the one file found by AVG, as you said, the other one wasn't detected at all by AVG.
Save
Like
Byteman
Diane, No need to post the entire AVG log> just copy and paste the selected text of the filenames, file locations, and what was done with them...if there are any.

Since viruses etc are first Cleaned/Disinfected by default> then if not cleanable, the next move by an antivirus program is Vault/Quarantine, or Delete, there really is no need to post any of the old things that were detected...if you can do it, then do so, but really, don't like get old and gray about it. You would be getting AVG alerts about anything that infected anything.
Try a new scan with AVG when you have some time.

CleanUP!> get CleanUp452.exe Available from: HERE

I have never done any backing up before using it, but I do have backups made of anything I need.

I can;t tell you what to do here, but backing up ususally consists of any files you moved to the new computer, such as music, pictures, documents, downloaded program installers, etc that you do not have saved anywhere else. You should put all those on media, either DVD or CDRW, but if you do not have any files to back up, then there is no need to do that.

You could create a NEW Restore Point right before you run CleanUp.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "Before cleanup". Click Create and you're done.

Wait five minutes then run the CleanUP! program, boot to safe mode to do it!!!!!!!

What you really really need to do is see if Windows Updates are set up to INSTALL not just download....

Start>Control Panel> Security Center> does it say Automatic Updates? See how your settings are> ON
means, any updates will be downloaded and installed, in the backgroun, with only a shield icon in the system tray telling you....same icon as the Security Center, only it is gold color.

It could be that you have it set to download updates only, which does no good unless you go and install them.

Check how they are set up this way> ""To open Automatic Updates, click Start, click Control Panel, and then double-click Automatic Updates"" See how the settings are.

Here is a pic of how it looks, when Automatic Updates is "ON"

(The screenshot was made with a Yahoo Widget)

You may not want it this way- many people feel that they would like to be more in control of updates from Microsoft and they have it set to DOWNLOAD them to the hard drive, but NOT to install automatically. ((It will tell you for sure at the Windows Update website)).

Attachments

See less See more
Save
Like
Byteman
Hi, Yes, all executable files,/ program installers for example will in XP Service Pack 2, prompt you about running (or executing)...them.

If do not say Yes, the program will not install, we need that to install please. Your PC was not in much danger at all....just a few baddies that got into your Temp Internet Files.

How? I can't really say, but we would like you to tell us what site that was that did it, you can Private Message me that if you do not want to post it out in the open forums, not good to post active links to bad sites in the forum.... A TSG member dvk01 adds them to various lists, and might like to see what you have found.
Save
Like
Byteman
:D "There are no stupid questions...only those that are not asked"
AcaCandy uses that line in her Signature, or she used to anyway.

No, it was "There are no stupid questions, only people that don't ask them"

Or, something similar....:D

Go get CleanedUp :)
Save
Like
Byteman
Hi, Just read your post about the file size for CleanUp....

That's odd, but it does happen. I can only suppose it may be the Zone Alarm True Vector firewall, or

SUPERantispyware that is messing the download.

You should of course delete the other CleanUP downloads.

I just downloaded the file, it is 331 kb

http://www.stevengould.org/software/cleanup/download.html

Scroll down to> CleanUp! 4.5.2 Downloads
Available from:

Primary download site (setup program) Then right click the blue CleanUp452.exe and select
"Save Target As" it should say Application in the lower white space, and cleanup452.exe in upper space. Then, tell it the folder you want it downloaded to, I just use the desktop, (and move them later).
The yellow Information Bar at the top of the page, pops up....you have to click that and say "YES" to download the file.....

It should be 331 kb's.

I ran it, and the setup window came up, no error message.

Can you try once again?

If no go, we will get something else.
See less See more
Save
Like
Byteman
Hi, You are doing fine.
no need to post logs from anything, as long as only Cookies....(or nothing) ....is found infected.

I was posting for you to run AVG at some time, just to ease your mind. Since Bit Defender has been finding this particular bug well for you, just for now run that...if it comes up clean, then you are all set.
Save
Like
Byteman
Hi, No problem- we were typing at the same time.
Scan report generated at: Sun, Jan 14, 2007 - 22:09:40


Scan path: C:\;D:\


Identified Viruses
0

Infected Files
0

That is what I just copied out of your Bit Defender scan log, I opened it from your attachment after RE-saving it as an .html file, and highlighted just those 2 parts above.

Clumsy way we have to do that, but we cannot attach an .html file to our posts, as bad folks can do badthings with that.

Things look good.

When you have a File Download box open, look at the Save In line....it will stay at the last place you downloaded anything TO, until when you download a file, you actually change the Location to another folder
(like Desktop). You hit the little drop down arrow at the right of the line to change the Location you want to put the file.
See less See more
Save
Like
Byteman
Hi, Probably it is Zone Alarm or SUPERantispyware that is preventing the download.

http://www.superantispyware.com/WebHelp/SUPERAntiSpyware.htm

I am not sure which version you have, the free edition or the Pro, the free does not have REAL TIME Protecton, so probably it is not at fault.

However, it says this at SUPER's FAQ's section:

""I am running other spyware and/or virus programs, will SUPERAntiSpyware interfere with them?

SUPERAntiSpyware has been designed to be compatible with popular anti-virus and anti-spyware applications such as SpyBot, AdAware, GriSoft AVG, McAfee, Norton, Symantec, Kaspersky, Webroot, PCTools, etc.

SUPERAntiSpyware should co-exist and compliment any security application. We have designed SUPERAntiSpyware to work seamlessly with your operating system and other software applications. ""

So, I suspect Zone Alarm.

Remember, you also have to click the yellow Information Bar at the top of IE window to ALLOW the file download.

Try from these links for SpyBot 1.4

http://www.safer-networking.org/en/download/index.html

First one in list at above link.

http://www.download.com/3000-8022-10122137.html

http://www.majorgeeks.com/download2471.html

At the above, choose a server, I often use the second one in the list
Texas USA

http://www.techsoup.org/products/downdetails.cfm?downloadcat=7&downloadid=171

If it is just Internet Explorer browser preventing download, do this:

At top of any IE window, hit Tools>Internet Options>Security>Reset all zones to default.
See less See more
Save
Like
Byteman
Hi, Your'e welcome!

Here are some other good places to scan, if you see anything
going on and want to cross-check the programs etc you are using now...

http://wiki.castlecops.com/Malware_Removal:_Online_Anti-Virus_Scans

Let me know if they find anything! Or, post the log.

Your HJT log looks fine by the way.
Save
Like
Byteman
Diane, You could try this new tool that checks programs like IM apps, browsers, other software for security and updates.

http://forums.techguy.org/security/525444-secunia-software-inspector-update-checker.html

I think your friend (Blackmirror) has found it and used it, but tell her anyway.
Save
Like
1 - 16 of 36 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top