Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Antivirus: Not sure whether my PC is infected


  • Please log in to reply
7 replies to this topic

#1 water

water

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 22 June 2005 - 10:52 AM

The installed Norton showed that my PC is clean but the online Norton scan said that the machine is infected. The following is the online scan result. Pls help...

C:\Recycled\Q330995.exe is infected with Adware.MainSearch
C:\Recycled\Dc10.dll is infected with Adware.MainSearch
C:\Recycled\Dc16.dll is infected with Adware.MainSearch
C:\Recycled\Dc28.dll is infected with Adware.MainSearch
C:\Recycled\Dc30.dll is infected with Adware.MainSearch
C:\Program Files\HijackThis Anti-Spy\backup-20041202-010815-321.dll is infected with Adware.MainSearch
C:\Program Files\HijackThis Anti-Spy\backup-20041203-001234-742.dll is infected with Adware.MainSearch
C:\Program Files\HijackThis Anti-Spy\backups\backup-20041204-190319-168.dll is infected with Adware.MainSearch
C:\Program Files\HijackThis Anti-Spy\backups\backup-20041205-224738-309.dll is infected with Adware.MainSearch
C:\Program Files\HijackThis Anti-Spy\backups\backup-20041207-020837-639.dll is infected with Adware.MainSearch

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 23 June 2005 - 02:44 AM

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

#3 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:12:46 AM

Posted 23 June 2005 - 06:15 AM

They are files which other anti-virus or anti-spyware programs have backed up before deletion. C:\recycled is your Recycle bin - just empty it. As for the others - Run HijackThis Anti-Spy and see if it allows you to delete backed up files (or maybe quarantined files?). I don't use that program so I don't know what options it has.

I suggest you also follow this:
Do you have any anti-spyware installed? If not download and update all of the following:Reboot your computer in Safe Mode and run the anti-virus scan and anti-spyware scans there.
If you are not sure how to boot in Safe Mode there is a tutorial here: Safe Mode

See if that helps :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#4 water

water
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 23 June 2005 - 09:52 AM

Thanks all.

I scaned my notebook by updated Spybot S&D, Ad-Aware SE and Norton Antivirus. All results showed that the machine is clean. It is only the online Norton scan indicated that the computer is infected.

As suggested, I have cleared my recycle bin.

Have anyone heard of Isass.exe file? Sometimes when I started my notebook, there is an error message saying the the Isass.exe file does not work.

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:46 AM

Posted 23 June 2005 - 12:49 PM

According to our Startup Database :

Isass.exe
1. - Added by the FUTRO TROJAN!
2. - Added by the W32/Bropia-M worm.

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Also install, update, and run:
aČ free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 water

water
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 27 June 2005 - 12:32 PM

Thanks but I think my notebook has already been hit. I tried Spybot and Ad-aware but still couldn't be able to delete items like CallingHome.biz and Elitetum. Also they changed my default internet site from Yahoo to something else. I am now using another notebook. Can I download the software you mentioned when my PC is still infected?

#7 water

water
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 27 June 2005 - 01:00 PM

Further bad news. My notebook does not allow me to download those free softwares because my security settings do not allow me to do so.

#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:46 AM

Posted 27 June 2005 - 04:04 PM

Hello water.

I've split off your HJT log from your post here.
HijackThis logs belong in the HijackThis Logs and Analysis forum.

The log you posted was a old version of HJT.
You need to post a log using the newest version.
You can get a current version here:
HijackThis Download Link

Run it, and then post it in the correct forum.
Also, include a link to this thread in your post, so the Team member helping you will have some background information.

NOTE:
Please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

After you post your log, go to the top of the page and click on Track this topic.
That way you'll be notified by E-mail, when your topic has been responded to.

Edited by tg1911, 27 June 2005 - 05:40 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users