Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus won't start...


  • Please log in to reply
13 replies to this topic

#1 momoko

momoko

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 13 June 2005 - 10:57 PM

ZoneAlarm crashes, AdAware freezes.
Unable to download anything with IE, using mostly Firefox.
Windows98se, CA EZ Antivirus, ZAPro, AdAware, Greyware Registry Rearguard.
On a Linsys 4-port router with one other Win95 machine and an XBox hooked up with ADSL on a SpeedStream modem.
Please help.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:19 PM, on 6/13/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\GRR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
E:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\IVASION\WINPOET\WINPPPOVERETHERNET.EXE
E:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
E:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
E:\PROGRAM FILES\COMPUTER ASSOCIATES\MAILWATCHER\MWATCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.earthlink.net/~lenareeves/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: Bugnosis - {3A6514CD-A457-11D4-8AF3-000102686B79} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBBUG.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] LoadPowerProfile
O4 - HKLM\..\Run: [PPMemCheck] E:\PROGRA~1\PESTPA~1\PPMEMCHECK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRAM FILES\ZONE LABS\ZONEALARM\zlclient.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ad-Aware] "E:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [AWMON] "E:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [VetAlert] E:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] LoadPowerProfile
O4 - HKLM\..\RunServices: [Greyware Registry Rearguard] c:\windows\system\grr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MailWatcher] E:\PROGRAM FILES\COMPUTER ASSOCIATES\MAILWATCHER\MWATCH.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: IE Zoom &In - E:\PROGRAM FILES\IE ZOOMER\IE Zoom In.htm
O8 - Extra context menu item: IE Zoom O&ut - E:\PROGRAM FILES\IE ZOOMER\IE Zoom Out.htm
O8 - Extra context menu item: Open in IE &Zoomer - E:\PROGRAM FILES\IE ZOOMER\Open in IE Zoomer.htm
O8 - Extra context menu item: IE Zoomer Help... - E:\PROGRAM FILES\IE ZOOMER\IE Zoomer Help.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra button: Bugnosis - {630CB4FA-AA9E-4bf2-BBD1-81C239203E2F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBBUG.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://www.myfamily.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://chat.msn.com
O15 - Trusted Zone: http://communities.msn.com
O15 - Trusted Zone: http://members.msn.com
O15 - Trusted Zone: http://lw10fd.law10.hotmail.msn.com
O15 - Trusted Zone: http://home.earthlink.net
O15 - Trusted Zone: http://start.earthlink.net
O15 - Trusted Zone: http://support.earthlink.net
O15 - Trusted Zone: http://hometools.earthlink.net
O15 - Trusted Zone: http://thesims.ea.com
O15 - Trusted Zone: http://members.diaryland.com
O15 - Trusted Zone: http://*.diaryland.com
O15 - Trusted Zone: http://www.pcforrest.freeserve.co.uk
O15 - Trusted Zone: http://www.myrealbox.com
O15 - Trusted Zone: http://webmail.myrealbox.com
O15 - Trusted Zone: http://www.bookmarklets.com
O15 - Trusted Zone: *.digitalpets.com
O15 - Trusted Zone: http://www.techtv.com
O15 - Trusted Zone: http://cgi.techtv.com
O15 - Trusted Zone: http://www.fark.com
O15 - Trusted Zone: http://www.cbs.com
O15 - Trusted Zone: http://wwwimage.cbs.com
O15 - Trusted Zone: http://*.cbs.com
O15 - Trusted Zone: http://www.acmebraintrust.com
O15 - Trusted Zone: http://www.hbo.com
O15 - Trusted Zone: http://www.netsol.com
O15 - Trusted Zone: http://*.rangerjoes.com
O15 - Trusted Zone: http://www.apple.com
O15 - Trusted Zone: http://cgi4.ebay.com
O15 - Trusted Zone: http://cgi3.ebay.com
O15 - Trusted Zone: http://pages.ebay.com
O15 - Trusted Zone: http://movies.citysearch.com
O15 - Trusted Zone: http://www.ancestry.com
O15 - Trusted Zone: http://www.tvguide.com
O15 - Trusted Zone: http://www.survivorfever.net
O15 - Trusted Zone: http://survivoraddicts.community.everyone.net
O15 - Trusted Zone: http://boards.survivoraddicts.com
O15 - Trusted Zone: http://www.kathyobrien.com
O15 - Trusted Zone: http://crm.my-etrust.com
O15 - Trusted Zone: http://extratv.warnerbros.com
O15 - Trusted Zone: http://www.gorillaz.com
O15 - Trusted Zone: http://www.rca.com
O15 - Trusted Zone: http://www.knplogic.co.uk
O15 - Trusted Zone: http://www.sciencemuseum.org.uk
O15 - Trusted Zone: http://wpni01.auroraquanta.com
O15 - Trusted Zone: http://abc.abcnews.go.com
O15 - Trusted Zone: http://bventertainment.go.com
O15 - Trusted Zone: http://bsc.cards.go.com
O15 - Trusted Zone: http://www.consumersearch.com
O15 - Trusted Zone: http://www.curtismathes.com
O15 - Trusted Zone: http://www.bluelight.com
O15 - Trusted Zone: http://www.deniserichards.com
O15 - Trusted Zone: http://www.africa360.com
O15 - Trusted Zone: http://www.govbenefits.gov
O15 - Trusted Zone: http://atomfilms.shockwave.com
O15 - Trusted Zone: http://best.ssa.gov
O15 - Trusted Zone: http://www.drweil.com
O15 - Trusted Zone: http://www.neopets.com
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://home.pacbell.net
O15 - Trusted Zone: http://download.zonelabs.com
O15 - Trusted Zone: http://www.fns.usda.gov
O15 - Trusted Zone: http://www.michigan.gov
O15 - Trusted Zone: http://www.heartfailure.org
O15 - Trusted Zone: http://www.ca.com
O15 - Trusted Zone: http://www.computers4sure.com
O15 - Trusted Zone: http://pub124.ezboard.com
O15 - Trusted Zone: http://www.ew.com
O15 - Trusted Zone: http://*.survivornews.net
O15 - Trusted Zone: http://www.pcconnection.com
O15 - Trusted Zone: http://www.survivorjeff.com
O15 - Trusted Zone: http://forms.real.com
O15 - Trusted Zone: http://www.cbsnews.com
O15 - Trusted Zone: http://www.oldversion.com
O15 - Trusted Zone: http://thesims.strategy-gaming.com
O15 - Trusted Zone: http://*.survivor-central.com
O15 - Trusted Zone: http://www.herald-sun.com
O15 - Trusted Zone: http://www.license.shorturl.com
O15 - Trusted Zone: http://*.lovethosekids.com
O15 - Trusted Zone: http://*.votedoff.tv
O15 - Trusted Zone: http://www.lissaexplains.com
O15 - Trusted Zone: http://resources.survivorphoenix.com
O15 - Trusted Zone: http://forums.survivorphoenix.com
O15 - Trusted Zone: http://www.bananatv.com
O15 - Trusted Zone: http://www.mithology.org
O15 - Trusted Zone: http://www.fightclub.co.uk
O15 - Trusted Zone: http://www.intel.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: http://*.nypost.com
O15 - Trusted Zone: http://login.passport.net
O15 - Trusted Zone: http://registernet.passport.net
O15 - Trusted Zone: http://*.sptimes.com
O15 - Trusted Zone: http://pages.prodigy.net
O15 - Trusted Zone: http://www.antithesys.net
O15 - Trusted Zone: http://signin.projo.com
O15 - Trusted Zone: http://www.elob.org
O15 - Trusted Zone: http://*.anomalies-unlimited.com
O15 - Trusted Zone: http://www.chfpatients.com
O15 - Trusted Zone: http://insideoe.tomsterdam.com
O15 - Trusted Zone: http://www.tomsterdam.com
O15 - Trusted Zone: http://www.tremble.com
O15 - Trusted Zone: http://community.realitytvworld.com
O15 - Trusted Zone: http://www.survivorblows.com
O15 - Trusted Zone: http://*.survivorparatrooper.com
O15 - Trusted Zone: http://www.lhs.berkeley.edu
O15 - Trusted Zone: http://www.thestore.adidas.com
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://www.realiiity.com
O15 - Trusted Zone: http://www.pcmag.com
O15 - Trusted Zone: http://www.survivoramazon.com
O15 - Trusted Zone: http://www.mailwasher.net
O15 - Trusted Zone: http://www.accu-chek.com
O15 - Trusted Zone: http://diabetesorg.healthology.com
O15 - Trusted Zone: http://ww12.e-tractions.com
O15 - Trusted Zone: http://*.bravotv.com
O15 - Trusted Zone: http://veepers02.budweiser.com
O15 - Trusted Zone: http://*.hollywoodvideo.com
O15 - Trusted Zone: http://www.lavasoft.de
O15 - Trusted Zone: http://*.atkins.com
O15 - Trusted Zone: http://www.nbc.com
O15 - Trusted Zone: http://www.killersims.com
O15 - Trusted Zone: http://web.tickle.com
O15 - Trusted Zone: http://www.dtriptv.org
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab
O16 - DPF: {3A6514CD-A457-11D4-8AF3-000102686B79} (Bugnosis) - http://www.bugnosis.org/downloads/webbug.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...wave/wtinst.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

Thank you.

Edited by momoko, 13 June 2005 - 10:59 PM.


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 14 June 2005 - 05:56 PM

HAve you tried disabling about half of the applications that you have running? I think you may be just choking your system. What are your system specs? :thumbsup:

Also, do you have two anti-virus applications running? That will cause problems.

#3 momoko

momoko
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 14 June 2005 - 06:42 PM

I have a lot of stuff installed but not running.

533 celeron, 256 RAM, 13G 5400rpm WD HD master, 80G 7200rpm 8M cache Maxtor slave, slow CD-RW.

Only one AV as far as I know, maybe some fragments left from earlier versions as I have been with CA since it was the free for personal use edition. I think a lot of those trusted zone entries neee to be cleaned up though. :thumbsup:

Edited by momoko, 14 June 2005 - 06:45 PM.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 14 June 2005 - 08:12 PM

According to your log, your E-Trust is running just fine...what is CA? :thumbsup:

I'm a little confused.

#5 momoko

momoko
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 14 June 2005 - 09:59 PM

CA is Computer Associates. Sorry.

That's just it. It looks like it should be running but it's not. I was wondering about that CAVRID entry:

O4 - HKLM\..\Run: [VetAlert] E:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

As you can see there is an entry for the tray icon, but it never shows up either. It also doesn't get listed in the running processes. There is a CA MailWatcher program running but it has nothing to do with the antivirus. It's just a little oldie CA used to give away free a few years ago.

Oh yeah, when I updated ZAPro there was a new function to protect the antivirus program and ZA couldn't even find one. :thumbsup:

Edited by momoko, 14 June 2005 - 10:31 PM.


#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 15 June 2005 - 08:01 AM

This may be a stupid question, but I need to ask. Is there an option within Etrust to hide the icon? I know Sygate has an option to hide the icon. The only other option I can think of at the moment is to completely uninstall it, then reinstall it again (which I am assuming you have tried? )

#7 momoko

momoko
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 15 June 2005 - 05:10 PM

Actually that's not a stupid question. I thought of it too and therein lies part of the problem. I didn't think such a feature would be automatically turned on by default with the installation process but you never know so I tried to start the program from the start menu so I could check the preferences but it wouldn't open. Oh cr*p! I just went to check again and it's not even there. It's not even in program files where it was installed.! It's nowhere! What the?!?!?! I am just so sick of this!

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 15 June 2005 - 05:30 PM

I think we need to back up a step.. some malware will remove Anti-Virus software, so let's see if we can eliminate that possibility. In IE, go to :
[*]TrendMicro

Run the scan, and let it fix everything it finds. Please take note of anything it finds that can't be fixed (if anything), along with full path names.

#9 momoko

momoko
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 15 June 2005 - 07:46 PM

It didn't find anything. :thumbsup:

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 15 June 2005 - 07:57 PM

I love problems like these... they make me think. I'm stumped though. If it were me, I would uninstall ETrust, delete any folders left over, remove all references from the registry, and then reinstall it. I'm just not sure what to do right at this moment. :thumbsup:

#11 momoko

momoko
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 16 June 2005 - 02:25 AM

Well I just found some bad news. There's a really nasty exploit involving eTrust EZ antivirus and also a ZoneAlarm antivirus. I think since my subscription just ran out I'll just drop them and find something else. Any suggestions?

#12 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 16 June 2005 - 08:40 AM

I use AntiVir Personal.. it's small, and they update definitions frequently... oh yeah, and the personal version is free. I wouldn't be too quick about dumping Zone Alarm... there are ways around any firewall. If you do though, Sygate makes a nice free firewall. :thumbsup:

#13 momoko

momoko
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 16 June 2005 - 03:29 PM

Oh I won't dump ZoneAlarm. It's just their new antivirus that's vulnerable to this new exploit and I don't have that. Funny thing is I wouldn't have known about this problem if the CA support website hadn't been missing a submit button prompting me to go searching everywhere for a way to contact them.

I never found a way to contact them but I did find an obscure little help forum where this was being quietly discussed. It sorta explains why they were offering me a license renewal for $13. I'm glad I found out before I renewed my subscription.

Thanks for your help. Got a link to the AntiVir Personal?

#14 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:35 PM

Posted 16 June 2005 - 04:20 PM

http://www.free-av.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users