Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anybody Heard Of Freeloader_roings


  • Please log in to reply
9 replies to this topic

#1 bertram

bertram

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 15 September 2007 - 12:34 PM

Just run a TrendsMicro housecall and it came up with this FREELOADER_ROINGS and ADWARE_BHOT_IEHELPER but it cannot get rid of it. any body know abot these pests.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:45 PM

Posted 15 September 2007 - 01:07 PM

This could be a false positive. Run scans with the two programs below and let us know what they find.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 15 September 2007 - 01:30 PM

Do you have Spyware Doctor installed? This could just be a "False Positive". Trend Micro only started finding this malware entry after Spyware Doctor updated to version 5. If you uninstall Spyware Doctor, Trend Micro will no longer detect it. If you reinstall Spyware Doctor, then Trend Micro detects it again.

Adware_Bhot_Ihelper also know as HBO.Adware.Estalive: Software that displays pop-up/pop-under advertisements when the primary user interface is not visible, or which do not appear to be associated with the product.

When the Spyware Doctor Immunization is activated, Spyware Doctor creates a key which occupies the registry location where Estalive would normally infect your computer, as a result Estalive will fail to install.

Since Spyware Doctor adds an entry in this particular key other malware applications are generating false positives relating to the Estalive/ Adware_Bhot_Ihelper infection.

Please be assured that Spyware Doctor is not infecting your computer, we have contacted Trend Micro about this detection and are awaiting a fix.

pctools.com/forum
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 bertram

bertram
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 15 September 2007 - 01:48 PM

Hi Guys, thanks for the info. I don't have spyware doctor, I have spybot, Avira and superanti spyware. I will try to get the PC into safe mode, I always get problems with F8 but having read that warning I will try harder.

My Missus is also having problems with a trojan called banker so I am in for a long weekend.

Watch this space.

Bertie

#5 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:45 PM

Posted 15 September 2007 - 02:07 PM

There is another way to get into safe mode--info in link below.
How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 bertram

bertram
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 16 September 2007 - 04:27 AM

Thanks for that. I used to use the msconfig route but I have read that using that can cause problems because the boot.ini (not sure of the exact suffix) can get altered and you end up with further problems.

I will carry on and see.

Bertie

#7 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:45 PM

Posted 16 September 2007 - 07:27 AM

Quote Bertram----"My Missus is also having problems with a trojan called banker so I am in for a long weekend."

If you Google "trojan banker" you will see that there are many listings. I would try using the Super Antispyware and Bit Defender online scan. If that doesn't solve the problem you should post a Hijack This log in the Hijack This Forum.
"banker" is designed to steal financial info from the infected computer.

Info on how to post a Hijack This log in the Hijack This Forum:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 16 September 2007 - 02:22 PM

Using MSConfig to access (force) safe mode is not advisable if you suspect malware on your system. Doing so could make your computer unusable. Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode. If you use the /Safeboot option on the Boot.ini Tab to force safe mode when booting into safe mode with the F8 key does not work, it could have disastrous results. The Safeboot option modifies the Boot.ini file and you may be locked in a continuous reboot loop afterwards where you cannot get back to MSConfig and undo your selection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 bertram

bertram
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 20 September 2007 - 01:32 PM

Thanks for the warning. Sometimes F8 works and sometimes it doesn't. I used to use the other way but I think I won't be using it any more.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 20 September 2007 - 01:47 PM

I think a lot of us previously used that method. But as the malware writers change techniques, we have to adapt accordingly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users