 Check For Infection, HiJack This Log |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Aug 3 2006, 10:54 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282  |
Logfile of HijackThis v1.99.1 Scan saved at 9:45:21 PM, on 8/3/2006 Platform: Windows 98 SE (Win9x 4.10.2222B) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ATI2EVXX.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\NORTON GOBACK\GBPOLL.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE C:\WINDOWS\SYSTEM\E_S4I2C1.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\NOTEPAD.EXE C:\MY DOCUMENTS\MY DOWNLOADS\HIJACKTHIS(2).EXE O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [GBPoll] C:\Program Files\Norton GoBack\GBPoll.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE" O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: MOUSE.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {BA549C46-AD38-11D7-A476-00D0590EC9DE} (SiS_OCX98 Control) - http://www.sis.com/ocis/SiSAutodetect98.cab O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab |
 |
 
|
|
Aug 4 2006, 04:52 AM
Post
#2
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
I see a clean log here Dan W.
How do you feel the computer is running? What program found the supersearch adware? Does the scan run clean now? David |
|
|
|
|
Aug 4 2006, 10:15 AM
Post
#3
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
Hey there,
Sorry to add more instructions here but I would like you to do something else for me. I have been in correspondance with an expert who would like me to check a file for them. Do you know anything about the following entry? O4 - Global Startup: MOUSE.EXE I would like you to do two things please: 1) Please visit the online Jotti Virus Scanner Click on "Browse" button. Copy and paste the following filepath in the box: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOUSE.EXE Click on the "Open" button. The scanner will check the file with various AV companies. Copy and paste the results box into a reply to this thread. 2) Go to this page. Enter the url of this thread in the first field. Where it says, browse to the file that you want to submit, copy and paste next in the field: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOUSE.EXE Then click the Send File button below. Please let me know when you have submitted the file. Thanks, David |
|
|
|
|
Aug 4 2006, 11:58 AM
Post
#4
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
By the way, this is dual-boot computer with 98SE and XP Pro. Do you want me to post my XP Pro. Hijack This log also? The anti-virus site was too busy but I will try again later. The antispyware component of Zone Alarm Professional version 6.1.744.001 found this and it runs clean now. I still wonder if it was a false positive because neither AVG Free, Spybot Search and Destroy or Adaware SE picked this up. Thanks for your help.
|
|
|
|
|
Aug 4 2006, 12:12 PM
Post
#5
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
Hey Dan,
No problem about the sites being busy, but please complete step #2 of the above post and upload the file. I will do the Jotti scan for you. It could well be a false positive but lets not jump to a false conclusion for the moment. When you ran the scan did you happen to note a location of the file the program flagged as supersearch? I want to firstly check on that mouse.exe as there has been interest in the file from experts. It is unusual for a legitimate file to be placed in the global startup folder. Please upload the file and we can move on from there. David p.s. Go ahead and post the XP log also. This post has been edited by D-Trojanator: Aug 4 2006, 12:12 PM |
|
|
|
|
Aug 4 2006, 02:02 PM
Post
#6
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
The file has been uploaded. I missed the location of where the file was -- sorry. Hang on a minute while I switch to XP Professional to load that log as well. Also, puzzling is in Spybot Search and Destroy on the 98SE side I have 6 items that will not immunize but a scan discovers nothing. AVG and Adaware SE also report clean as does the antispyware component of Zone Alarm Profesional after that 1 hit. Thanks for all of your help. I appreciate it.
This post has been edited by Dan W.: Aug 4 2006, 02:51 PM |
|
|
|
|
Aug 4 2006, 02:45 PM
Post
#7
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
Logfile of HijackThis v1.99.1
Scan saved at 1:39:51 PM, on 8/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE F:\WINDOWS\CTHELPER.EXE F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\QuickTime\qttask.exe F:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\ATI Technologies\ATI.ACE\cli.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe F:\Program Files\ATI Multimedia\main\ATIDtct.EXE F:\Program Files\Messenger\msmsgs.exe F:\Program Files\AntiVir PersonalEdition Classic\sched.exe F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe F:\WINDOWS\system32\CTsvcCDA.exe F:\WINDOWS\system32\MsPMSPSv.exe F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\ATI Technologies\ATI.ACE\cli.exe F:\Program Files\ATI Technologies\ATI.ACE\cli.exe F:\DOCUME~1\Dan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O4 - HKLM\..\Run: [EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] F:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [ATI Launchpad] "F:\Program Files\ATI Multimedia\main\LaunchPd.exe" O4 - HKCU\..\Run: [ATI DeviceDetect] F:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?1af21addf166467fb5943eacb8b34472 O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?1af21addf166467fb5943eacb8b34472 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123105645671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126316301949 O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
Aug 9 2006, 03:20 AM
Post
#8
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
Heya Dan W.
 Sorry for the delay in getting back to you, This thread somwhat slipped through the net. I didn't receive a notification that you had replied. The mouse.exe file that you uploaded was a legitimate intel mouse driver. The reason I wanted to take a look at this file was due to Microsoft MVP security newletters stated they wanted to look out for a similar file that was infecting computers, hiding under the mouse.exe name. Luckily for you, this was not the case as the file was safe. The jotti scan for the file also came up clean, just in case you were interested. The XP log that you posted is also clean, and to be honest I think that this thread will just be running round in circles trying to find files that do not exist. My thoughts are that this adware you found was successfully removed, and you now have a clean computer, on both the 98 and the XP sides of the dual boot. However, I don't want to jump to a false conclusion so I see no harm in running some additional scanners to see what they pick up. You can complete the following on both sides of the dual boot and see what it picks up. If you already have the program installed, let me know and we can try another one. Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06. Run Ad-Aware, and click Check for updates now. Select Configurations (click the Gear wheel at the top) as follows: General Button > Safety & Settings > Check (Green) all three. Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion". Click Proceed. To start the scan, Click > "Scan Now" at left. Select "Search for low-risk threats". Select "Perform full system scan". Click "Next". When the scan has completed, select Next. In the Scanning Results window, select the "Critical Objects" tab. Right-click on the screen and choose "Select all objects". Click Next to remove the infections found, and click OK to the prompt. Restart the computer. Let me know if any infections are found, and whether they can be deleted. David
|
|
|
|
|
Aug 9 2006, 10:00 AM
Post
#9
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
The Adaware SE scan was clean on both sides of the computer. My only puzzlement now is that the immunization feature on Spybot Search and Destroy in the 98SE side will immunize all objects but then six will not be immunized if I click the button again. This does not happen on the XP Pro. side of my computer. A scan with spybot search and destroy was clean too. CWShredder 2.19 did not pick up anything and AVG Free (complete scan) scan said all was good. Any more suggestions and I really appreciate your help.
|
|
|
|
|
Aug 9 2006, 11:01 AM
Post
#10
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
Can you tell me what the names of the entries Spybot cannot immunise?
If AVG, adware and CWshredder are clean, I would assume these are false positives. Let me know... David |
|
|
|
|
Aug 9 2006, 02:23 PM
Post
#11
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
How do I check for the areas of Spybot search and destroy that are not immunized. Another concern just came up --- SpywareBlaster that used to work really well with no problems now will not run -- it just shuts down when I try to open it to look for updates. Do you think there is something malicious inside of 98SE that I have not discovered yet. Thanks for all of your help.
Follow up: I uninstalled SpywareBlaster 3.5.1 and reinstalled and it is now working fine with everything immunized. This post has been edited by Dan W.: Aug 9 2006, 02:30 PM |
|
|
|
|
Aug 9 2006, 04:48 PM
Post
#12
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
Hey Dan.
I wouldn't be worries about the SpyBot immunisation at all to be honest with you. I just downloaded and installed the program and ran the immunization and originally it said all areas could be immunised. I reboot and checked again and it said 3 were not able to be immunised. I looked around on google and this seems to be a common problem, perhaps caused by incorrect permissions or something similar, but I can't be sure. You might like to reinstall SpyBot and see if you can correct the problem that way, or perhaps try the immunisation in safe mode? As shown by SpywareBlaster, if something goes wrong with a program, my first attempt to fix the problem is to reinstall it. I think we have a clean computer here - The chances of anything malicious hiding are very small in my opinion. David |
|
|
|
|
Aug 9 2006, 05:44 PM
Post
#13
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
Thanks again so much for your help. I try and be super-careful about not getting anything on my computer and when I got the one piece of adware then I was really worried. I still wonder how it slipped through with my Zone Alarm Professional firewall and all the other anti-virus and anti-spyware programs that I mentioned. Anyway, thanks again for your help and I will try an unistall and reinstall of Spybot to see if that works. I did not realize other people had this problem with the immunization function of Spybot and it shows me again that Google is our friend.
Follow Up: I followed your advice and still unable to immunize the 6 things in Spybot. Also, every once in a while when I reboot the taskbar shows and the auto-hide button has been unchecked although I have it checked Is this something to do with the way Windows 98SE is configured or something malicious. Thanks again for all of your help. I appreciate it. This post has been edited by Dan W.: Aug 9 2006, 11:04 PM |
|
|
|
|
Aug 11 2006, 04:55 PM
Post
#14
|
|
|
Forum Addict Group: HJT Team Posts: 10,603 Joined: 28-October 05 From: London Member No.: 38,920 |
I think it's important for you to understand that various malware is created everyday. No matter how many different antivirus/spyware programs you have on your computer, you will always be at risk from threats when you go on the internet. Let me try and explain in a bit more detail. The way an antimalware application works is by receiving an update from the internet which contains a special fingerprint for all known bad files. When you scan your computer the files are compared to the bad files on the fingerprint - if there is a match the file can be successfully deleted. However, there is what I like to call the processing time. From the time the malware is released onto the internet, next to the antimalware application updating their definitions, and finally to you at home updating your PC to these latest updates - That's the time in which you can get infected no matter how many antivirus applications you have running. That's the reason that by the end of the week when I scan my own computer, I will always have some new entries. Of course the other reason behind that is that some malware can escape an antimalware's active guard and will only get detected when you run a scan of your computer. That would most likely be the best explanation why the W32.yok.supersearch managed to wangle its way onto your computer; maybe because zone alarm had not updated its definitions or it just managed to slip past unnoticed. Don't quote me on this but I think that if an application monitored every file on your computer 100% of the time it would slow you down a lot! In regards to the spybot issue I downloaded the program myself and installed it onto my computer; having tried to fully immunise my computer I got a message says 2 or 3 areas could not be immunised. I then clicked to retry immunisation and I was told the whole computer was immunised. Reboot and tried again and I got the message that 2 or 3 areas could not be immunised. I don't know what the cause of this is, but I can almost guarantee this is a bug with the software and is not caused by a malicious thread by any means at all. Finally I did a little research on the fact that the taskbar is always resetting and I think this could be a bug with Microsoft. Alas, Microsoft have stopped releasing updates for 98 at the moment. If this error is coming on the other side of the Dual Boot, XP, let me know. I found a few registry edits which might fix the problem but would most likely only work on XP. I don't dare try them on 98 as there could be horrific results.
Hope this helps. David |
|
|
|
|
Aug 11 2006, 05:18 PM
Post
#15
|
|
|
New Member Group: Members Posts: 10 Joined: 3-August 06 Member No.: 79,282 |
Thanks so much for the reply. The taskbar only sometimes does not auto-hide. It did auto-hide like normal today. I will keep an eye on things on my computer as well. Do you know of any way that computer users can come together and use part of their computer power to help shut down people that are hacking or trying to hack people's pcs. I just think it would be awesome if legitimate computer users could take an offensive stand against malicious people and companies that are causing so many problems and not continue to have a purely defensive strategy. Thank you and Great Job on becoming a moderator!!!
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 02:42 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.