Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setpoint.exe & Bf2.exe "unauthorized Access Logged"


  • Please log in to reply
15 replies to this topic

#1 JPHarvey

JPHarvey

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 04:51 PM

Howdy all,
I had recently contracted a virus ( :thumbsup: ). The first thing that happened was that it shut down my programs and rebooted (I guess so it can get into the services). Anyway, I went throught and tried to clean it all up (to no avail) and rebooted and then it just rebooted itself again.
So the next step was to perform a System Restore, which seemed to do the trick - no more "Service" in the service list, no more strange processes (when viewing with the security task manager), and otherwise, it seems to be going fine.
My concern is that the is still remnants of the virus on my HDD. I ran crap cleaner and got out all the temp files, and whilst it was doing this Nortons identified and deleted a virus (what it called "backdoor.trojan"). So as you do - I shat myself! I have run nortons and a few freeware spyware finders, found and removed a couple of spyware entries, but there doesn't seem to be any virus on my PC???
So I guess you are wondering why I am posting - I went and checked out (for the first time ever) the Nortons Antivirus security reports. Under 'Alerts', there are a crap load of entries stating "Unauthorized access logged", and the details state that SetPoint (the logitech software for my G5 mouse) has been trying to access/modify some of the Norton Antivirus files. And when I play Battlefield 2, it says that that is also trying (BF2.exe), and from the log it says that it is almost every 2 - 3 minutes!!!
Do I still have a virus on my PC, that although is *maybe* being contained, could possibly be copying passwords, login details etc etc??? Ahhhrrrgg!

Thanks guys, and hopefully someone can provide me some advice.......
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

BC AdBot (Login to Remove)

 


#2 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 05:32 PM

Additionally (I just remembered from viewing the Security Task Manager), the System process (just called 'system' no exe file in the file name) and the system idle both had the Manufacturer Microsoft: Windows, whereas all the other microsoft process had Microsft Corporation: Microsoft Windows (or something along those lines).....

Am I screwed or what?
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#3 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 07:36 PM

Just a note. Have looked through some of the other posts and pinned items in the security section, and I am going to utilise some of the suggested programs (ie. Ad-aware (already use CCleaner, SpyBOT-S&D, Security Task Manager), Panda, and that one that starts with E, and have a play with HJT) before I post a HJT log.
I guess what I'm really after is if anyone has had these symptoms before. I can't say that my PC has slowed down or is doing things out of the ordinary (except for * below), I am just REALLY concerned that something may be sending out passwords to accounts etc, coz both me and the misus use it for bill payments accounting etc...


* The missus tried to access the site www.tattoojohnny.com on her login, but instead typed www.johnnytattoo.com and it went to www.notjustnakedchicks.com. Tried it on my login and it didn't work?? WTF? It does it everytime, so I thought maybe it is just dong it when therre is a non-existant webaddress, so I tired www.blahblahdohblahwah.com (or somethin similar) and it didn't happen.... go figure.
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 07:58 PM

Hi JPHarvey, I would run those programs you've listed. Have you tried running your AV in safe mode?
When you run AdAware follow these instructions LOOK

When installing Spybot, don not select the TEA Timer option for now.

Also I would Install and run Ewido 3.5. Download

If after all is done and you still feel something is wrong Post a hiack log. Once you've posted it do not make any further changes until told to by the HJT advisor

Edited by boopme, 09 April 2006 - 07:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 08:31 PM

Thanks boopme, Ewido was the name I couldn't think of earlier, so I will give that one a go like you have said. As my possibly infected PC is at home (I am on work PC now), I will give that a go tonight and report back tomorrow.....fingers crossed. Thanx.

Oh and no, I haven't tried it in safe mode as yet, and that seems like a great idea, so, as Yoda would say,"Do that, I will..."

Cheers

Justin
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 08:42 PM

Hi again , Can't believe I missed this earlier..

HERE is the Fix for Setpoint
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 08:47 PM

So are you saying that Setpoint isn't actually the setpoint that is used for my mouse? OMG! The path for the estpoint trying to access norton's is the logitech path....is it possible that info has been stolen even though Norton says it "stopped unauthorized access"? OMFG!
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 09:18 PM

This may be one of those false positives. The logitech software is trying to communicate. The AV is seeing this as a threat. I.m looking for something as I believe I had this ,similar, with a keyboard. There was some type of background(feedback) item, option, in the install software. I believe I uninstalled then Re installed but this time didn't allow the option. I'm trying to find the name.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 09:26 PM

Thanx boopme. I know it sounds funny, but if all this works out (which I'm sure it will, from what I have already seen on this site) I will happily donate....however, it'll be in $Australian ;)...

Thanks again!
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#10 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 09:42 PM

Another question then, is it possible for a virus to 'attach' itself to a legitimate program? For example, when I launch Battlefield 2, I notice in the Reports & Alerts for Norton AV, that the file BF2.exe (which is the actual file to launch the program) has tried to access the Norton files ("Unauthorized access logged"). or do viruses need to be a separate file?

Oh, and BTW, if I get annoying by asking too many questions, let me know. I just like to learn so I don't make the same mistakes!

Thanks

Justin
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 10:02 PM

Aha it was Backweb..
I believe getting this out will stop it.

With millions of people buying Logitech products through retail dealers and worldwide distributors, Logitech wanted to establish a direct relationship with our customers and improve our after-sales customer experience. By ensuring that our customers receive critical content such as notice of software upgrades, patches, and product promotions in a seamless, timely and cost-effective manner, Logitech is able to provide a high level of customer satisfaction with our products. We accomplish this using BackWeb's Proactive technology and patented Polite® communications technology, which avoids disrupting you by downloading content in the background during network idle time. We only retrieve information about your Logitech devices; no other information is uploaded to our servers or any other internet servers.

If you want to remove this feature, simply remove "Logitech Desktop Messenger" from Add/Remove programs in the control panel.


from Logitech..

No problem .. ionly work for amber nectars :thumbsup: but you can still donate to BC
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 10:19 PM

As to the other question "yes"
Read THIS bit of info
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 JPHarvey

JPHarvey
  • Topic Starter

  • Members
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:17 PM

Posted 09 April 2006 - 10:46 PM

Okay well that sux.... So does that mean, if BF2.exe has had it's code altered, that the only way to remove that particular virus is to remove the program, in this case Battelfield 2 (man, that sux, it takes ages to install it all over again!!!!! ;( )? Or can AV software remove/clean the altered file?
Also, in the even that I do uninstall BF2, will the virus realise what is happening and go some place else? I guess your answer to that will be that it depends on the virus.....

Oh...ohhhhh....this is overwhelming!
[CPU]Intel E6600 Core 2 Duo @ 3.19GHz
[MoBo]ASUS P5N32-SLI Premium (nForce590)
[RAM]4GB Corsair XMS2 DDR2-800 CL4 @ 710MHz
[GPU]XFX 8800 GTX 768MB [SLI] @ Stock
[PSU]CoolerMaster 1kW
[Audio]ASUS Xonar D2
[Case]Antec Nine Hundred
[OS]Windows Vista Ultimate 64
[LCD]SAMSUNG 226BW
[Other]WC'd CPU & SLI

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 10:58 PM

Hi JP, don't sweat it. This can be fixed.
First i would remove the Log desktop Mssgr.
see what happens.
Then follow all the steps 3 thru 8.
see what
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 09 April 2006 - 11:01 PM

Hi JP, don't sweat it. This can be fixed.
First i would remove the Log desktop Mssgr.
see what happens...
Then follow all the steps 3 thru 8. HERE
see what happens...
If it still persists post the log as per step 9
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users