Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware scan details


  • Please log in to reply
7 replies to this topic

#1 dougkaren

dougkaren

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 04 May 2005 - 06:33 AM

I scan with Microsofts beta antispyware. Every scan shows three items that are "removed", but they are always there with the next scan. How do I remove these three threats:

WinTools Trojan
HuntBar Browser Modifier
Altnet Browers Plug-in

Karen

BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:24 AM

Posted 04 May 2005 - 06:45 AM

Hi Karen

Are you turning off System Restore? You need to do that to remove these items. The procedure would be to do a scan, turn off System Restore (that deletes the infected restore points) and then turn it back on again (creating a clean restore point).

By default, System Restore is turned on in Windows XP. It is a powerful tool that generally should not be turned off.

Turn off System Restore

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Turn on System Restore
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Edited by Leurgy, 04 May 2005 - 06:46 AM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 dougkaren

dougkaren
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 04 May 2005 - 09:28 AM

Oh,
That makes sense . I'll try that now...

Thanks
Karen

#4 dougkaren

dougkaren
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 08 May 2005 - 07:12 AM

I tried scanning, the turning off system restore, but those three items still come up.

Karen

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:24 AM

Posted 08 May 2005 - 07:37 AM

It would seem that MS Spyware is not effective in your case. I suggest you try AdAware and Spybot Search and Destroy. These are well known programs that are widely used and a good complement to your anti-virus and MS Spyware.

Post back and let us know how you make out.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:24 AM

Posted 08 May 2005 - 08:51 AM

The MS app should be done in safe mode after you have turned system restore off.

Then reboot and use a few of these other anti-spyware programs:
Keep MS Syatem Restore off until you are certain no malware remains on your computer, then turn it on and create a new restore point.

Anti-malware freeware

AdAware: http://www.lavasoftusa.com/software/adaware/
Microsoft Antispyware Beta: http://www.microsoft.com/athome/security/s...re/default.mspx
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
Spybot S&D: http://www.safer-networking.org/en/index.html
Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx


Web based online Antivirus and anti-malware scans:

Panda Activescan (IE only)
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

You should use at least two of the web based scans. You must use IE to use them - not Firefox!

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:24 AM

Posted 08 May 2005 - 10:03 AM

The MS app should be done in safe mode after you have turned system restore off.

Then reboot and use a few of these other anti-spyware programs:
Keep MS Syatem Restore off until you are certain no malware remains on your computer, then turn it on and create a new restore point.


I have to disagree with Enthusiast in this instance. If you are running these applications that have the potential of making registry and system changes its not a good idea to turn off System Restore and leave it off through what could potentially be numerous reboots. Yes, scan, turn it off, but turn it back on before rebooting. Its better to have an infected restore point than no restore point at all.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 08 May 2005 - 06:18 PM

Hi dougkaren,

If you really want to get rid of those items, please submit a HijackThis log and let us have a look at what is going on on your system. To do that go to this tutorial and follow the instructions: How to post a HijackThis Log

Some of the malware on your system is notorious for being difficult to remove. It also likes to change file names and methods to stay ahead of automatic scanner/removers so that their definitions become outdated. And new ones are coming out all the time. With HijackThis we can get an idea of what you have on your system and won't rest til we find a way to get rid of it one way or another.

Don't worry at all about System Restore. The only malware you remove when turning it off are some backups that won't affect you unless you use System Restore to return your PC to an ealier state. This confuses some very intelligent people, but the fact is that you shouldn't worry about getting rid of those backups until you know your system is clean and take it for a test drive. Then you can purge any malware that is potentially backed up in System Restore, your antivirus' quarantine folder, and backups that programs like Spybot Search & Destroy and even HijackThis make in case of problems (in rare cases malware removal goes badly so the malware needs to be backed up).

It's possible MSAS is seeing SysRestore backups--antivirus scanners do very often. To find out, look for where the file is located in Windows Explorer--what folder is it in? If you see they are in SystemVolumeInformation folder, then they are locked down by System Restore and won't affect you. If you see that the bad file is in something like C:\WINDOWS\system32\badfile.exe then you are still infected and we need to see a HijackThis log. If all the bad files are located in SystemVolumeInformation folder, then you are no longer infected and it is safe to turn off/turn on System Restore to get rid of the infected restore points so you don't accidentally possible reinfect yourself by using System Restore. Otherwise, as Leurgy says, you need to leave System Restore on during scans and removal procedures in case something goes wrong.

BTW, I'm moving this Topic into the Security forum.

Edited by Papakid, 08 May 2005 - 06:37 PM.

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users