Yes, I've got this one over at the other forum
http://www.lavasoftsupport.com/index.php?showtopic=23687
We'll close this one so we don't have two going at once for the same problem
Type: Posts; User: CalamityJane; Keyword(s):
Yes, I've got this one over at the other forum
http://www.lavasoftsupport.com/index.php?showtopic=23687
We'll close this one so we don't have two going at once for the same problem
Hi, that certainly looks like an False Positive by Ad-Aware. It would certainly help them to fix it if you would post it at their forums in the False Positives area.
Here is the "how to"...
If this were my computer, I would wipe it first and reinstall because of the type of malware that has been running on it. Some of the installed software programs are now infected and may need to be...
That would be good. Also I'm concerned if the county is selling their computers without wiping them, other people's info on them could be compromised without their knowledge (the JP's cases,...
Hello Leo,
Let me explain why the questions.
The KAV scan has revealed a very serious trojan on the machine
You stated early on:
It is not just the machine's name. You are running...
No, we still need answers. Is this machine being used at an office and also is the data on it belong to a former employee because it may be needed to have someone do forensics on it. Maybe I'll...
This machine has numerous difficult to remove trojans, it's going to take quite a few steps to address them.
First, the awf trojan infects valid software programs so it continues to run and...
We have a number things to consider here.
1. The prior state of this computer and the information that is contained on it - obviously belongs to a former user and has not been wiped. Meanwhile...
True the VNC program is not a trojan (says so, infact with the tag of "Not a Virus" - Remote Admin tool) is just pointing out to you that you have remote admin tool installed because some malware can...
Here is the KAV scan results (not good!)
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 17, 2008 4:45:17 PM
...
Hi Leo,
Welcome back! Yes, you posted ok. Maybe it's that you need to make sure you have logged into your account when trying to post? Any way, it did take. I've got your logs here and going...
Go to the Control Panel and in Add/Remove programs find this one and remove it.
Java 2 Runtime Environment, SE v1.4.2
That is an old version of Sun Java that is vulnerable to malware exploit (And...
I may have to call you "Lucky Leo" as that seems to have made a serious dent in the malware. It needs a bit more cleanup so give me a few minutes to pour through all these logs to put together some...
Hello, Leo? Where did you go?
I think maybe your idea to reformat and reinstall is probably a good one since the software on here isn't yours and you don't have anything important on it - that is...
You've got a remote control program installed. Did you install that?
That's a mess alright. When did you acquire the computer? Do you have any of the install or recovery disks?
I'm asking because this computer only has SP1 and is dead meat if you can't get SP2. ...
Also, if you can attach the scan log from Spybot that might help too to see that report. When you go to post a reply, scroll down a bit and you'll see an area to "attach files" in *Additional...
It's very confusing with all the posts going on here but I'll help if I can get some logs from you. We can't tell anything from descriptions. I saw the other log on the "good computer" and didn't...
I closed the other topic and you can continue in this one here with Shaba. You can see that some of us help at many different forums. Posting at more than one without closing the others is not only...
Ok, I read back on the past pages and it appears that this user wants to continue here so I am going to close the other active topic - there is a KAV scan log over there you might want to review...
Looks like we are both working this same topic:
http://www.lavasoftsupport.com/index.php?showtopic=14873&
No wonder the logs are puzzling because you are doing stuff here also
Hi Marianna,
You're quite welcome! :)
The "problem" with SpywareBlaster's interaction with the new version of Spybot is something that Javacool is aware of and is going to be fixing in his next version, according to this thread at DSLR...
Hello Bruce,
You're welcome and glad we could help :) That does sound like a solid plan :bigthumb:
Best wishes to you and your daughter. I'll leave you with some recommendations and tips for...
If you can't get those files to me, I can collect them later from the backups of the program we are going to use to delete them. So let's proceed as I have now gotten this all written up. Warning! ...
Yes, that log is much better. It's a pretty infected machine so I will not have real good news for you. You might think about backing up any important data and looking for the install disks because...
Great, except your log is now all chopped up. Could you please open Notepad and choose *format* at the top and then make sure that "wordwrap" is unchecked then scan and make a fresh log and post...
Hi bruce48,
Are you still needing help? If so could you please scan and post a fresh HijackThis log so I can see where you are at this point?
I'm now subscribed to this thread so I'll get a...
WTG Phil! :heart:
Well deserved for all the hard work you do :bigthumb:
Wooo Hoooo Bitman! Congratulations!! :crowned:
Well deserved! :bigthumb:
Closing duplicate topic per OP's request.
You posted the same here:
http://www.dslreports.com/forum/remark,16625257
Which one are you going to stay with Myles? - we don't want to be working this twice in two forums.
Thanks
Next time you notice this happening, do a Ctrl/Alt/Del to open up the Windows Task Manager
Do you see anything consuming large amounts of CPU?
Paperport perhaps? I have a visioneer/paperport...
It's about d*mn time! LonnyRJones is definitely one of the Greats with a major G helping everyone fight spyware/malware.
Well deserved and long overdue, my friend! :bigthumb:
BIG {{{HUGS}}}...
Thanks, got the file. It's not an identified Malware but it came recently onto your system (May 17th?) and without your knowledge, plus no uninstaller with it. I would recommend you just delete...
Sorry, I missed seeing your reply here!
You log looks clean. I don't see where the Great Memo Zip file was uploaded? Can you go back and try that again. Be sure to press the *post* button...
Let's try this first to see if SmitfraudFix missed anything
Download this free tool called: smitRem
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
and save the file to your...
Hmmm, these symptoms I don't know about being associated with this infection.
Looks good! :) The newer version did find a lot of entries, most of them harmless gif images but there was one .dll.
Can you tell me if you see any problems now on your end?
Great, glad to hear it! And glad we could help :)
Some final cleanup and prevention recomendations follow.
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and...
You're welcome :)
Since your issues seem to be resolved at this point, I'll go ahead and archive and close this thread. If you should need it reopened for any reason, please send me a Private...
Open HijackThis and do a *scan only*
When it finishes, checkmark these items in the list and then press the *fix checked* button:
O2 - BHO: adobepnl.ADOBE_PANEL -...
OH, sorry, the Application Data folder is a hidden system file so you'll need to do this to see it:
Make sure your PC is configured to show hidden files
How to Show Hidden Files...
Ok, let's use a more cautious approach.
Go to Start > Run ... and type in the box: cleanmgr
Wait while Windows scans your system for files to delete to free up disk space.
When it finishes...
You're welcome! I'm very glad we could help :)
Some final cleanup and prevention recomendations follow.
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and...
I got the files, thank you! All 3 are infected.
Please delete these 3 files:
C:\WINNT\System32\WWLBH.DLL
C:\WINNT\SYSTEM32\CSORS.EXE
C:\WINNT\SYSTEM32\DMLXT.EXE
Ok, good :)
I need to examine those files please.
Go here to upload the files as attachments
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Just press new topic (Make the subject:...
Your log looks clean. Has that resolved the problem?
You did great, by the way! :bigthumb:
You also have a variant of PurityScan by OIN also that would be causing popups
Click Start > Control Panel > Add/Remove Programs
In the list of installed software, look for
SnowballWars...
Wareout is known to have stealth files. I would suggest you run the tool I posted up there for you and it will look for the files if they exist, and tell us what they are.