Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check For Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 Dan W.

Dan W.

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 03 August 2006 - 10:54 PM

I had W32.yok.supersearch which was considered adware and I removed the file. The Microsoft forums told me to post my Hijack This Log here and here it is:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:21 PM, on 8/3/2006
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\NORTON GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\E_S4I2C1.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\MY DOCUMENTS\MY DOWNLOADS\HIJACKTHIS(2).EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [GBPoll] C:\Program Files\Norton GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: MOUSE.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {BA549C46-AD38-11D7-A476-00D0590EC9DE} (SiS_OCX98 Control) - http://www.sis.com/ocis/SiSAutodetect98.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 04 August 2006 - 04:52 AM

I see a clean log here Dan W.
How do you feel the computer is running?
What program found the supersearch adware?
Does the scan run clean now?
David

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 04 August 2006 - 10:15 AM

Hey there,

Sorry to add more instructions here but I would like you to do something else for me.
I have been in correspondance with an expert who would like me to check a file for them.
Do you know anything about the following entry?
O4 - Global Startup: MOUSE.EXE

I would like you to do two things please:

1) Please visit the online Jotti Virus Scanner
Click on "Browse" button.
Copy and paste the following filepath in the box:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOUSE.EXE

Click on the "Open" button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.

2) Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOUSE.EXE

Then click the Send File button below.
Please let me know when you have submitted the file.

Thanks,
David

#4 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2006 - 11:58 AM

By the way, this is dual-boot computer with 98SE and XP Pro. Do you want me to post my XP Pro. Hijack This log also? The anti-virus site was too busy but I will try again later. The antispyware component of Zone Alarm Professional version 6.1.744.001 found this and it runs clean now. I still wonder if it was a false positive because neither AVG Free, Spybot Search and Destroy or Adaware SE picked this up. Thanks for your help.

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 04 August 2006 - 12:12 PM

Hey Dan,

No problem about the sites being busy, but please complete step #2 of the above post and upload the file.
I will do the Jotti scan for you.
It could well be a false positive but lets not jump to a false conclusion for the moment.
When you ran the scan did you happen to note a location of the file the program flagged as supersearch?

I want to firstly check on that mouse.exe as there has been interest in the file from experts.
It is unusual for a legitimate file to be placed in the global startup folder.
Please upload the file and we can move on from there.
David

p.s. Go ahead and post the XP log also.

Edited by D-Trojanator, 04 August 2006 - 12:12 PM.


#6 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2006 - 02:02 PM

The file has been uploaded. I missed the location of where the file was -- sorry. Hang on a minute while I switch to XP Professional to load that log as well. Also, puzzling is in Spybot Search and Destroy on the 98SE side I have 6 items that will not immunize but a scan discovers nothing. AVG and Adaware SE also report clean as does the antispyware component of Zone Alarm Profesional after that 1 hit. Thanks for all of your help. I appreciate it.

Edited by Dan W., 04 August 2006 - 02:51 PM.


#7 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2006 - 02:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:39:51 PM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
F:\WINDOWS\CTHELPER.EXE
F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\ATI Multimedia\main\ATIDtct.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\DOCUME~1\Dan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] F:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ATI Launchpad] "F:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] F:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?1af21addf166467fb5943eacb8b34472
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?1af21addf166467fb5943eacb8b34472
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123105645671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126316301949
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 09 August 2006 - 03:20 AM

Heya Dan W. :thumbsup:

Sorry for the delay in getting back to you,
This thread somwhat slipped through the net.
I didn't receive a notification that you had replied.

The mouse.exe file that you uploaded was a legitimate intel mouse driver.
The reason I wanted to take a look at this file was due to Microsoft MVP security newletters stated they wanted to look out for a similar file that was infecting computers, hiding under the mouse.exe name. Luckily for you, this was not the case as the file was safe. The jotti scan for the file also came up clean, just in case you were interested.

The XP log that you posted is also clean, and to be honest I think that this thread will just be running round in circles trying to find files that do not exist. My thoughts are that this adware you found was successfully removed, and you now have a clean computer, on both the 98 and the XP sides of the dual boot. However, I don't want to jump to a false conclusion so I see no harm in running some additional scanners to see what they pick up. You can complete the following on both sides of the dual boot and see what it picks up. If you already have the program installed, let me know and we can try another one.

Please download Ad-Aware SE Personal and install it.
If you already have Ad-Aware SE, please configure it as indicated below.
If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

Run Ad-Aware, and click Check for updates now.
Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings > Check (Green) all three.
Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion".
Click Proceed.

To start the scan, Click > "Scan Now" at left.
Select "Search for low-risk threats".
Select "Perform full system scan".
Click "Next".

When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects".
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.

Let me know if any infections are found, and whether they can be deleted.
David :flowers:

#9 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 August 2006 - 10:00 AM

The Adaware SE scan was clean on both sides of the computer. My only puzzlement now is that the immunization feature on Spybot Search and Destroy in the 98SE side will immunize all objects but then six will not be immunized if I click the button again. This does not happen on the XP Pro. side of my computer. A scan with spybot search and destroy was clean too. CWShredder 2.19 did not pick up anything and AVG Free (complete scan) scan said all was good. Any more suggestions and I really appreciate your help.

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 09 August 2006 - 11:01 AM

Can you tell me what the names of the entries Spybot cannot immunise?
If AVG, adware and CWshredder are clean, I would assume these are false positives.
Let me know...
David

#11 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 August 2006 - 02:23 PM

How do I check for the areas of Spybot search and destroy that are not immunized. Another concern just came up --- SpywareBlaster that used to work really well with no problems now will not run -- it just shuts down when I try to open it to look for updates. Do you think there is something malicious inside of 98SE that I have not discovered yet. Thanks for all of your help.

Follow up:

I uninstalled SpywareBlaster 3.5.1 and reinstalled and it is now working fine with everything immunized.

Edited by Dan W., 09 August 2006 - 02:30 PM.


#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 09 August 2006 - 04:48 PM

Hey Dan.

I wouldn't be worries about the SpyBot immunisation at all to be honest with you. I just downloaded and installed the program and ran the immunization and originally it said all areas could be immunised. I reboot and checked again and it said 3 were not able to be immunised. I looked around on google and this seems to be a common problem, perhaps caused by incorrect permissions or something similar, but I can't be sure. You might like to reinstall SpyBot and see if you can correct the problem that way, or perhaps try the immunisation in safe mode? As shown by SpywareBlaster, if something goes wrong with a program, my first attempt to fix the problem is to reinstall it.
I think we have a clean computer here -
The chances of anything malicious hiding are very small in my opinion.
David

#13 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 August 2006 - 05:44 PM

Thanks again so much for your help. I try and be super-careful about not getting anything on my computer and when I got the one piece of adware then I was really worried. I still wonder how it slipped through with my Zone Alarm Professional firewall and all the other anti-virus and anti-spyware programs that I mentioned. Anyway, thanks again for your help and I will try an unistall and reinstall of Spybot to see if that works. I did not realize other people had this problem with the immunization function of Spybot and it shows me again that Google is our friend.

Follow Up: I followed your advice and still unable to immunize the 6 things in Spybot. Also, every once in a while when I reboot the taskbar shows and the auto-hide button has been unchecked although I have it checked Is this something to do with the way Windows 98SE is configured or something malicious. Thanks again for all of your help. I appreciate it.

Edited by Dan W., 09 August 2006 - 11:04 PM.


#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:59 PM

Posted 11 August 2006 - 04:55 PM

I think it's important for you to understand that various malware is created everyday. No matter how many different antivirus/spyware programs you have on your computer, you will always be at risk from threats when you go on the internet. Let me try and explain in a bit more detail. The way an antimalware application works is by receiving an update from the internet which contains a special fingerprint for all known bad files. When you scan your computer the files are compared to the bad files on the fingerprint - if there is a match the file can be successfully deleted. However, there is what I like to call the processing time. From the time the malware is released onto the internet, next to the antimalware application updating their definitions, and finally to you at home updating your PC to these latest updates - That's the time in which you can get infected no matter how many antivirus applications you have running. That's the reason that by the end of the week when I scan my own computer, I will always have some new entries. Of course the other reason behind that is that some malware can escape an antimalware's active guard and will only get detected when you run a scan of your computer. That would most likely be the best explanation why the W32.yok.supersearch managed to wangle its way onto your computer; maybe because zone alarm had not updated its definitions or it just managed to slip past unnoticed. Don't quote me on this but I think that if an application monitored every file on your computer 100% of the time it would slow you down a lot! In regards to the spybot issue I downloaded the program myself and installed it onto my computer; having tried to fully immunise my computer I got a message says 2 or 3 areas could not be immunised. I then clicked to retry immunisation and I was told the whole computer was immunised. Reboot and tried again and I got the message that 2 or 3 areas could not be immunised. I don't know what the cause of this is, but I can almost guarantee this is a bug with the software and is not caused by a malicious thread by any means at all. Finally I did a little research on the fact that the taskbar is always resetting and I think this could be a bug with Microsoft. Alas, Microsoft have stopped releasing updates for 98 at the moment. If this error is coming on the other side of the Dual Boot, XP, let me know. I found a few registry edits which might fix the problem but would most likely only work on XP. I don't dare try them on 98 as there could be horrific results.
Hope this helps.
David

#15 Dan W.

Dan W.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 11 August 2006 - 05:18 PM

Thanks so much for the reply. The taskbar only sometimes does not auto-hide. It did auto-hide like normal today. I will keep an eye on things on my computer as well. Do you know of any way that computer users can come together and use part of their computer power to help shut down people that are hacking or trying to hack people's pcs. I just think it would be awesome if legitimate computer users could take an offensive stand against malicious people and companies that are causing so many problems and not continue to have a purely defensive strategy. Thank you and Great Job on becoming a moderator!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users