Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 5 of 5 Posts

· Registered
Joined
·
254 Posts
Discussion Starter · #1 ·
avg found no viri......

avast set at maximum sensitivity found 2:
Matyas in -sys\Activescan\pav.sig, and

Kuang2 in -sys\ActiveScan\IMscan.dll ,,,

could not put these in "vault"..would get "RPC Server is unavailable. cannot process "c:\win\sys\activescan\pav.sig"file or -IMscan.dll...

Is activescan folder part of the "trend housecall"?
i couldn't find it.

Kapersk online would not work for me......

Panda online scan found and fixed 2 viri:gendel.A in -sys\gendel32.exe and TrjD in -\unzippid\hijackthis backup-20050104-212557....

Trend online scan found HTML ADVER.A which it could not fix, but said it was not dangerous.

Logfile of HijackThis v1.99.0
Scan saved at 5:10:36 PM, on 2/5/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v4.70 SP1 (4.70.0000.1155)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ANALOGX\COOKIEWALL\COOKIE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = {BROWSER_HOMEPAGE}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

THANKS FOR ANY SUGGESTIONS!.....
 

· Registered
Joined
·
254 Posts
Discussion Starter · #3 ·
thank you.....first scan was avg 7 w/ current update......it missed everything!

was surprized when avast started finding things, but suspected it was looking at another av program....is that what it did?
 

· Registered
Joined
·
2,735 Posts
Hi Barncat It is quite possible as they are both installed on your system Shut one down completely and run the other and see if it comes up clean You should choose which one you like Update it and to be safe uninstall the other .

For a second opinion you can always run Housecall or Panda as well .
 

· Registered
Joined
·
254 Posts
Discussion Starter · #5 ·
Dust Sailor, thanks....interesting handle...what does it refer to?

i only have one av running at a time, though spybot may look for things...not sure what it is doing...it fights with excite when i try to look at my mail,,,and looses....still get popunders....

i suspect everything found by all av scans was a false positive except for the html thing and it may be too.......avast av was set on "high sensitivity", so i'll not do that again....thanks again.....
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top