Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RecordNow and Veritus update manager , and backweb Issues


  • Please log in to reply
24 replies to this topic

#1 brandbuster

brandbuster

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 01 July 2011 - 03:54 PM

Hi there, I have discovered my mothers computer is infected I think I have already downloaded malware bytes and removed some threats RecordNow cannot be removed with windows and malwarebytes hasn't removed it either what should I do

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 01 July 2011 - 09:26 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 01 July 2011 - 09:32 PM

Hello, Please post your MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Record now is usually a part Of NERO, a CD burning software. Is Nero in your profram list?
What Backweb apps are showing? Is this XP?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 02 July 2011 - 03:22 AM

hi here is the security check log

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Security Scan Plus
ZoneAlarm Extreme Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
Zone Labs ZoneAlarm zlclient.exe
Zone Labs ZoneAlarm MailFrontier mantispm.exe
``````````End of Log````````````

and the malware bytes log I will post soon I was prompted to run it in safe mode and I can't now access it have rebooted normally

TO INSANITY;

This is a xp machine and Nero is not now on this machine but might have been at some time and the real pain is this Veritus update manager which plays up with problems similar to this

"
Post subject: VERITAS update manager problem...PLEASE HELP!!
PostPosted: Sat 01 Dec, 2007 6:07 pm
Offline
Regular Member

Joined: Fri 30 Nov, 2007 5:56 pm
Posts: 19
everytime I turn on my computer a windows installer pops up and runs & then an error comes up saying that SGuard.msi is missing & has a browser & says to try another location. Well, it's a constant over and over deal that never stops. I have restored my computer to an earlier time thinking that might help but it didn't. I have searched the internet for a download or something for this "SGuard.msi" but no luck. It is through recordnow, but I never use that program & have never used recordnow. I tryed uninstalling recordnow but my screen went black & said a serious error has occured & my computer was ticking inside like aweful. It wouldn't stop so I had to turn off the computer with the power button & turned it back on, the computer started normal (except for the VERITAS update manager thing)
"

But I just can't uninstall Record now I didn't get the black screen.

As for Backweb it prompts a Zone alarm warning saying it is behaving suspiciously but I don't know which apps it came with Could it be MOZY back up software?

#5 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 02 July 2011 - 03:49 AM

HI again Heres the malware log showing 15 threats I have removed but problems still persist.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6995

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

2/07/2011 7:40:19 AM
mbam-log-2011-07-02 (07-40-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 292982
Time elapsed: 57 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\grouppolicymanifest (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Owner\local settings\Temp\temporary directory 9 for adobe photoshop cs2 v9.0 final + keygen & activator==.zip\adobe photoshop cs2 v9.0 final + keygen & activator==\adobe.photoshop.cs2.keygen-pantheon.(www.zonapentel.com)\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe.photoshop.cs2.keygen-pantheon.(www.zonapentel.com)\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\LimeWire\adobe photoshop cs2 v9.0 final + keygen & activator==\adobe photoshop cs2 v9.0 final + keygen & activator==\adobe.photoshop.cs2.keygen-pantheon.(www.zonapentel.com)\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\0200000019f6083c509c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\0200000019f6083c509o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\0200000019f6083c509p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\0200000019f6083c509s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\gnuhashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicymanifest\1.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicymanifest\1.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicymanifest\2.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicymanifest\3.video.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicymanifest\4.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grouppolicymanifest\5.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 02 July 2011 - 10:56 AM

Please update Internet Explorer to version 8. Version 6 is obsolete and thus dangerous.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Attach the file to your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 July 2011 - 01:05 PM

Hi broni,

how do I attach a file to a post?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 July 2011 - 01:08 PM

Sorry about that. You can't in this forum.

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

Did you fix your Java?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 July 2011 - 01:16 PM

Hi Broni , here is link, I think java is fixed now.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 July 2011 - 01:31 PM

1. BTW, did you update IE to version 8?

2. Uninstall ask.com bar and McAfee Security Scan Plus, typical foistwares.

3. Re-run Autoruns, click on "Logon" tab and UN-check following items:

+ "AlcxMonitor"
+ "ApnUpdater"
+ "AutoTBar"
+ "CamMonitor"
+ "CanonMyPrinter"
+ "CanonSolutionMenuEx"
+ "HP Component Manager"
+ "hp Silent Service"
+ "HP Software Update"
+ "HPDJ Taskbar Utility"
+ "IgfxTray"
+ "Motive SmartBridge"
+ "MSPY2002"
+ "Share-to-Web Namespace Daemon"
+ "SunJavaUpdateSched"
+ "hp center.lnk"
+ "McAfee Security Scan Plus.lnk"

Restart computer and report on current issues.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 July 2011 - 02:30 PM

1 IE updated.
2 Ask Tbar and McAfee security uninstalled

3. Autoruns rerun and restarted. Still getting vertis update hiccup at start up it can only be stopped by task manager.
I would probably get zone alarm warning about backweb as well but I checked the apply for perpetuity box when I denied it last time.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 July 2011 - 02:41 PM

ZA seems to be oversensitive.
Actually BackWeb came from a legit entry:
+ "hp center.lnk" "" "" "c:\program files\hp center\137903\program\backweb-137903.exe"
We disabled it as a startup, so it shouldn't bother you anymore.

Go back to Autoruns>Login and UN-check also this:
+ "StorageGuard"

Restart computer and let me know.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 July 2011 - 02:49 PM

Hi yeah its gone away now.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 July 2011 - 02:53 PM

Any current issues?

Since MBAM found some issues, I'd like to make sure your computer is clean.
You ran it from Safe Mode.
Update MBAM, run "Quick scan" from normal mode and post fresh log.

Then...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 brandbuster

brandbuster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 July 2011 - 03:42 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7012

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/07/2011 8:31:28 AM
mbam-log-2011-07-04 (08-31-28).txt

Scan type: Quick scan
Objects scanned: 172753
Time elapsed: 24 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\my documents\downloads\freezip.exe (Trojan.Agent) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users