Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Files


  • This topic is locked This topic is locked
15 replies to this topic

#1 202

202

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 01 September 2007 - 03:03 PM

Hi
I have a very short hijack this log. I try and run a minimum of processes on my system, which is really old and slow.
there are three of four hijack this log entries that say the files are missing. is it safe to check and fix those entries?
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

I inherited this system so it's intirely possible these files really are missing.

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:15 PM

Posted 02 September 2007 - 01:20 AM

there are three of four hijack this log entries that say the files are missing. is it safe to check and fix those entries?

No, since these are not missing. It doesn't mean because, HijackThis displays them as missing that they are really missing..

Sidenote..

I have a very short hijack this log. I try and run a minimum of processes on my system, which is really old and slow

In that case, I rather suggest/recommend you get rid of Norton instead, because Norton is a HUGE resource hog. You need at least 512MB ram to run it properly and even then it's still causing a terrible slow system.
Also take a look here: Help! My computer is slow!
Why not installing a free Alternative? For example Avira Antivirus which is great in detection and removal and isn't such a resource hog as Norton is?

Also, an Antivirus should always be running in the background, but as I see in your case, you already disabled/deleted some Norton related startups. How are you supposed to prevent malware if you disable some Antivirus components?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 03 September 2007 - 05:12 PM

to answer you question, I use zonealarm as my firewall.
I use firefox as my brower.
I've blocked all HTML graphics in my email [and never open anything sent to me in email]
and I run spybot and ad-ware every morning. Spybot warns me about adaware, which warns me about spybot :thumbsup:
but... you're right about Norton. a long time ago it was a lot better. for example speed disk had a feature that when you hovered the mouse over a [for example unmovable] block of sectors, it would show you what files were un-movable. you could go in and make them moveable or delete them.
tell me more about the free virus checker you mentioned. [right now i can't see your reply so i can't recall anymore than it started with an AV??? ]
also, tell my your relationship, if any, to the people who wrote it. I've seen it mentioned several times in my really casual browsing thru this forum.

thanks.

2O2

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:15 PM

Posted 03 September 2007 - 05:25 PM

The Free Antivirus is Avira: http://www.free-av.com/
It's great in detection and removal. The premium version (which is not free, but not expensive at all) does also flag and delete Spyware/Adware.

If you had posted your complete HijackThislog, I could have a look as well what else there is installed that may be a resource hog - or if there's any malware present.
Unfortunately you only posted a small part of your HijackThislog. I don't even see the "running processes" part.

I use zonealarm as my firewall.

If your system is old and slow, I do not recommend Zonealarm either. Comodo Firewall is a free alternative - runs smoother than zonealarm.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 07 September 2007 - 03:34 PM

hi again.
as I said before, nice dog. but i wouldn't want to meet him/it in a dark alley at night.
For some reason?? my reply to you got blown off by the moderator. ???
it was said i was using an older [illegal] copy? It was a beta copy but it produces almost the same log as the version 2.0.2
does. go figure. it just says version 2.0.0 beta instead.

Gibson recommends zone alarm, and he wrote adaware before he gave it away [with the priviso that there alway be a free version available]

ok here is my complete log using version 2.0.2 - however i went to http://www.trendsecure.com/portal/en-US/th...p?page=download
to get it rather than follow the link in the message from the moderator. It's where i originally got the beta version

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:39 PM, on 9/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe <---- is this for a printer???
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe <--- yes, i was running both to compare logs.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for HiJackThis.zip\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 1989 bytes

I plan to 'fix' 03, toolbar &radio
I don't 'like' the fact that 06 [anything having to do with IE bothers me. too buggy & full of hacking holes]
I'm unsure of why i need 09 an 'Extra Button' with (no name) or 09 Extra 'Tools' but both of these are pointing at ssv.dll
nor am i sure why I need yinsthelper.dll from yahoo. course i use yahoo for my email... but that should be entirely contained in the browser box.
and finally, i tried to install JUST google earth a couple of weeks ago and then spent the next week UN-installing all of the crap it installed in addition to itself.... why do people DO that???? so I don't think i need 023 googleUpdaterService either.
my question is
Can I 'fix' all of these?

2=B(second letter of alphabet) O and 2 or BOB.
but that nick name was taken.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:15 PM

Posted 07 September 2007 - 04:23 PM

Hi,

I merged your thread since you started a new thread instead.
Please stick with this thread.

C:\WINDOWS\system32\spoolsv.exe <---- is this for a printer???

It's the Print+Fax Spooler
Do not delete it, because I have the feeling that you want to delete anything - legit files you *think you don't need.

I plan to 'fix' 03, toolbar &radio
I don't 'like' the fact that 06 [anything having to do with IE bothers me. too buggy & full of hacking holes]

So why haven't you updated your Windows to Service pack 2 then. You are complaining about security holes, but your Windows is not properly patched?
Don't fix that O3 entry.

so I don't think i need 023 googleUpdaterService either.

Well, it looks like you rather deleted the folder manually instead of properly uninstalling it, so the 023 googleUpdaterService is an orphaned leftover.
To get rid of it, go to start > run and copy and paste next command in the field: sc delete gusvc

And I still don't see an Antivirus installed. Any reason why?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 07 September 2007 - 04:54 PM

why haven't I patched windows xp. ??
Well, first off, I don't like the fact that every patch communicates personal information to Micro$oft, if your connected to the internet at all. And I've had patches fail because I wasn't connected to the internet, or i say 'no' when zonealarm asks.
I prefer to run a minimal o/s. and I'm considering changing to linux anyway.
Just because I'm paranoid doesn't mean that micro$oft isn't out to control the world. :thumbsup:

And no... i didn't just delete the folder... I started un-installing all of the crap that google put onto the system including tools bars and other things that they think will make my life "nicer" and will also give them more info about me.
It's amazing how many times zonealarm popped up asking me if I wanted this google dll or that one to access the internet.

I just installed Avira Antivir personal and it's running Luke Filewalker... cute.... and the 'classic' updater... which of course tried to connect. and i said yes when zone alarm blocked it. but just now something else popped up.
it's called Notification Tool. No further info... but it wants to contact the internal net address 127.0.0.1.
Now, why is that? wants to see if there are other computers on this network? I think I'll say no, and see if Notification Tool can still do it's job. Gee.... now it wants to talk to the router. wonder why that is?
btw the application name is avnotify. think it's related to AVira?

yup the following just popped up:
" Attention!

It seems like there are some problems with the internet connection. Therefore, the requested information can not be shown. Nevertheless, we donít want to deprive you of the following information:

Isn't that nice. phoning home didn't work so they essentially pop up an add for the other products.
oh well. the scan seems to be continuing and the update seems to be downloading. Is this going to happen everytime I run the updater?

can you tell me 1, why shouldn't i 'fix' the 03 entry And what "sc " runs? is SC a scripting command?
I mean i recognize delete. but wouldn't doing a search for google and deleting all folders accomplish the same thing... as well as freeing up some disk space.

thanks.

Bob

#8 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 07 September 2007 - 04:55 PM

btw I didn't close the thread. the administrators script did because i was using the beta version of hijack. Thanks for merging them.

bob

#9 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 07 September 2007 - 04:59 PM

btw again, this computer doesn't have either a fax nor a printer -- so why do i need a spooler using cpu cycles?

bob

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:15 PM

Posted 07 September 2007 - 05:19 PM

I just installed Avira Antivir personal and it's running Luke Filewalker... cute.... and the 'classic' updater... which of course tried to connect. and i said yes when zone alarm blocked it. but just now something else popped up.
it's called Notification Tool. No further info... but it wants to contact the internal net address 127.0.0.1.
Now, why is that? wants to see if there are other computers on this network? I think I'll say no, and see if Notification Tool can still do it's job. Gee.... now it wants to talk to the router. wonder why that is?
btw the application name is avnotify. think it's related to AVira?

You just installed Avira, your Zonealarm gives indeed "notifications" about Avira and you also block it? It doesn't mean that, because Zonealarm gives a notification that you should block everything. Because it's very clear here that it is related with Avira.

yup the following just popped up:
" Attention!

It seems like there are some problems with the internet connection. Therefore, the requested information can not be shown. Nevertheless, we donít want to deprive you of the following information:

Isn't that nice. phoning home didn't work so they essentially pop up an add for the other products.

All Avira was doing was downloading its definition files, to keep the database updated. It's normal that you will receive that message afterwards if you already blocked it in your Zonealarm.
Guess you don't really understand how to use a firewall properly...

can you tell me 1, why shouldn't i 'fix' the 03 entry And what "sc " runs? is SC a scripting command?

Because the O3 entry is legitimate and we don't want people to fix legitimate entries. We won't support this either. If you think you don't need it, then go ahead and fix it, since I wouldn't be able to prevent you from doing this anyway. Just don't complain afterwards that you messed up your system - because I also see that you want to delete your spoolsv.exe ????

And what "sc " runs? is SC a scripting command?

sc.exe is a command line tool present in Windows XP.
It deal with services. So in your case, the GoogleUpdaterService.exe is already deleted - so this leaves an orphaned service in the registry.

Good advice - Don't fix when it ain't broken.
I have warned you - don't delete files/folders entries you're not sure about, or because you think they are not needed - because you will break your system and I think I won't be able to help you then to fix your corrupted system since I have warned you before.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 07 September 2007 - 05:30 PM

avi finally finished scanning. took about 4 or 5 times longer than adaware.
it reported that it can't scan c:\pagefile.sys.
I'm not surprised. but... why would it try?
and why report pagefile.sys. first just running the scanner is probably modifying the pagefile.sys
on an ongoing basis.
the only way i could think to scan pagefile.sys would be to bring up the system using a dos disk in drive A,
something like spinrite, only with a version of avira on it instead of the disk repair exe spinrite.

Ok do I need to worry about not scanning the pagefile.sys. Are there any virii, worms or rootkits that CAN modify pagefile.sys?

thanks
Bob

#12 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 07 September 2007 - 07:45 PM

hi again,

actually i think the pop up was from the first run of Avira. and it wasn't necessary for the download of the definition files. the downloader ran invisibly without a window at all, and succeeded shortly before the first scan finished. It only required 1 yes to zone alarm.

I first learned to program on an IBM 1401 [2nd generation computer that you've probably never heard of } using punched cards and FORTRAN.

I retired this year as an embedded C++ programmer working for McData corp - purchased by Brocade in January.
I understand FiberOptic protocol. I'm also a certified Solaris 8 network and system admin. previous job was unix sys admin specializing in security. Ever hear of a packet sniffer called Snort?

I think I understand firewalls pretty well. I don't understand windows which is incredibly and NEEDLESSLY complex, which is why I'm probably going to change to Linux on my next computer. I hope I can buy one without Vista.

btw Process Explorer is really neat, but it also reinforces my opinion on how needlessly and stupidly complex windows is.
I won't change to vista. I don't appreciate an o/s that's been written by hollywood and recording companies. :thumbsup:
Heck, my oldest daughter who teaches web design and languages like python, java, javascript and perl at the local college won't use it in her courses either. It's almost a case of CAN'T use it.

here's the process explorer report:
Process PID CPU Description Company Name
System Idle Process 0 93.40
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
SMSS.EXE 388 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 452 0.94 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 476 Windows NT Logon Application Microsoft Corporation
SERVICES.EXE 520 4.72 Services and Controller app Microsoft Corporation
SVCHOST.EXE 688 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 1172 WMI Microsoft Corporation
SVCHOST.EXE 712 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 840 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 872 Generic Host Process for Win32 Services Microsoft Corporation
SPOOLSV.EXE 1152 Spooler SubSystem App Microsoft Corporation
avguard.exe 1200 Antivirus On-Access Service Avira GmbH
sched.exe 1832 Antivirus Scheduler Avira GmbH
SVCHOST.EXE 1904 Generic Host Process for Win32 Services Microsoft Corporation
vsmon.exe 2016 TrueVector Service Zone Labs Inc.
LSASS.EXE 532 LSA Shell (Export Version) Microsoft Corporation
EXPLORER.EXE 1072 0.94 Windows Explorer Microsoft Corporation
ZAPRO.EXE 1468 ZoneAlarm Pro Zone Labs Inc.
avgnt.exe 1480 Antivirus System Tray Tool Avira GmbH
procexp.exe 804 Sysinternals Process Explorer Sysinternals
firefox.exe 1192 Firefox Mozilla Corporation

and here's the last hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:48 PM, on 9/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Documents and Settings\Owner\Desktop\finals\procExplorer\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijack this\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 2397 bytes

Can you tell me what the purpose of yinsthelper.dll is? I think it's the last superfluous process [other than spool] still running. btw I had to get help from symantec to uninstall norton system works and norton virii checker. apparently their product is so screwed up that they have written an UNINSTALLER that goes thru and removes every one of their products that it can find. about the only thing from symantec that does work pretty well. even then I had to search for norton and symantec to find all of the crap it left behind. but it did find all of the executables. And to be fair, Norton's utilities used to work really great when Norton himself was responsible for them.


Thanks for your help.

Bob

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:15 PM

Posted 08 September 2007 - 12:25 AM

Hi,

Ok do I need to worry about not scanning the pagefile.sys

No, because that file is locked/is in use and that's why Avira is not able to scan it. http://www.aumha.org/win5/a/xpvm.php
This one won't be modified by malware either.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

This is an activeX for your Yahoo. But since I see you don't have Yahoo installed, you may check and fix that one.

One more thing.. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Yes, I know about Norton, that's why I don't recommend it either :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 202

202
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sacramento
  • Local time:03:15 PM

Posted 08 September 2007 - 03:41 PM

Hi,

"This is an activeX for your Yahoo. But since I see you don't have Yahoo installed, you may check and fix that one."

this must be a left over. I will remove it. Thanks.

I actually got email from the help desk at Symantec stating the the only browser they support is IE.
one more reason not to do business with them ever again. & I know guys i used to work with who are now working for them. I guess when you need a job it's any port in a storm.

thanks again.

bob

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:15 PM

Posted 08 September 2007 - 03:54 PM

Symantec isn't bad - It's actually pretty good in detection and removal (that improved a lot)- and it does an excellent job when File infectors are present - but, it's bloated > result, causing a huge system slowdown...
Also, Symantec/Norton is for the more advanced users since many do not really understand how to properly configure it (especially when they are using Norton Internet Security) and how to "tweak" it in case when there are compatibility issues with other software installed.
And as you already said, uninstalling Norton/symantec is a pain - even after uninstalling, a lot of services are still present and actually running, for example LiveUpdate etc... This one does have a seperate uninstaller in add/remove programs though, but not many people uninstall it - Anyway, it should getting uninstalled together while you are uninstalling Norton - Not as a seperate program.

And that's why I don't really recommend Norton/Symantec.. also since I know there are free Alternatives out there which aren't such a resource hog (Avira for example), which is excellent in detection and easy to configure. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users