Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: Can someone help me with a virus that spybot can't remove?

  1. #21
    Junior Member
    Join Date
    Feb 2008
    Posts
    23

    Default

    Hi again,

    There was a lot to do here and I was sick for a few days and wanted to do this all correctly and not rush through it, so I only got to this all now. Here's the check off list and a few questions I have.

    1. ZoneAlarm Firewall installed. Do I need to change anything or any settings with the windows firewall?

    2. OTMoveIt2 - Done

    3. System Restore disabled and enabled - Done

    4. IE Security Tab settings - all were already set as you stated, except "Navigate sub-frames across different domains" was set to Disable and not Prompt. Should I leave that as is or change to Prompt?

    5. Antivirus - I currently have Avast and it is updated. I got a copy of Symantec from my office and since people have been telling me that is better, I would like to use that instead. Should I install it, and then enable it and then disable Avast?

    6. I updated windows, custom, and checked all except Silverlight, as someone told me that I didn't need that software.

    7. I installed SpywareBlaster, checked for updates and I suppose it is running automatically even though I don't see any icons in the bottom right tray. Should I, or do I need to start it up every time I start or restart the computer?

    8. I downloaded the MVPS zip and unzipped it and per their instructions, double clicked on the bat file.

    9. I installed the google toolbar, though I am not sure how to use it yet or if I need to set anything with it.

    10. I installed Comodo and Winpatrol and both have icons in the bottom right tray, so I assume the just run automatically.

    OK.... I do have some questions.

    11. Do you need to see a new HiJack This or Kaspersky files just to make sure all the viruses are gone?

    12. Do I need to do a defrag on my computer now since I guess lots of stuff got deleted?

    13. Should I turn the SpyBot tea timer back on? With the newest program update to SpyBot this also appears to have its own desktop icon. I have no idea what this is or how to use it.

    14. The firewall asked me if I wanted to allow or deny "printfilterpipelinesvc.exe" and I think at first I said to allow and when another alert came up I said to deny. I have no idea what this is or what I should allow or not allow. Ack!

    15. Lastly, I am still getting many of the pop ups for "SpyBot - S&D's IE helper has detected an URL that is known as a malicious resource" and have to click DENY to close the pop up. I have the updated Spybot program on my work computer and I never get any of these pop ups at all, but visit the same web sites that I do at home. Why am I getting all of these pop ups at home? I still get them even after I did the MVPS bat file. Do I not have something set correctly? I would like for these bad urls to automatically be denied without the continual pop ups. Example, when I got to my yahoo mail, every mail I open up and ever screen I move to in Yahoo mail causes this pop up from SpyBot.

    Thank you again for all your help with this! I plan to make a donation to SpyBot in appreciation of all the help you gave to me.

    - Donna

  2. #22
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    1. You should disable windows firewall.

    4. That is fine.

    5. At least Symantec is a lot heavier than avast!
    If you decide to switch, please uninstall avast!, yes.

    7. Spywareblaster doesn't have icon in task bar or start with windows. It blocks things with settings; it's not running all the time. Just remember to update it often

    11. No need unless symptoms left.

    12. Defragging is always good to on regular bases.

    13. Yes, you can turn it back on.

    14. That is windows own file, link ,so you can allow it.

    15. I think that you better ask it here
    Last edited by Shaba; 2008-02-18 at 12:22.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #23
    Junior Member
    Join Date
    Feb 2008
    Posts
    23

    Default

    Thank you.

    I figured out how to prevent the Spybot S&D IE helper frequent pop ups. I went to TOOLS in IE > Spybot Congfiguration (I did not even know that was there until today) and was able to select to "block all bad pages silently" -- and now no more annoying "helpful" pop ups -- Yay!!!

    I don't seem to have any more virus symtpoms, but upon reboot yesterday when I had updated windows, I noticed this weird black box pop up that referred to win 32 or something. It closed by itself pretty quickly, so I could not write down what it actually said. So then opened up Spybot and updated/immunized, and then ran a scan check, and it picked up only one thing called, "win32.small.azl", so I selected to remove it and then also deleted it from the restore tab as well. When I turned on my computer today I ran Spybot again and it said "Congratulations - no threats"! So I guess this means I am all good now.

    On last thing... just something I noticed. Comodo BOclean is not allowing me to check for updates. Every time I try to, I get an error. I am wondering if this is normal or if I should uninstall and try to install it again.

    - Donna

  4. #24
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    "On last thing... just something I noticed. Comodo BOclean is not allowing me to check for updates. Every time I try to, I get an error. I am wondering if this is normal or if I should uninstall and try to install it again.

    Have you allowed BOclean from ZoneAlarm?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #25
    Junior Member
    Join Date
    Feb 2008
    Posts
    23

    Default

    "Have you allowed BOclean from ZoneAlarm?"

    Yes. I even checked the program list in ZoneAlarm and it had green checks next to it.

    I continued to get errors when I tried to update, so I read this on the BOClean support page - http://www.comodo.com/boclean/supboc.html

    "....then a manual update can be done by ftp download from ftp://nsdownloads.comodo.com/pub/boc425.xvu and then moving the file to the location specified in the BOClean configuration screen. The manual update and the automatic update are the same at all times."

    So I saved the ftp link to my bookmarks, and figured out where to save the file to (it asked to over write the same file name and I said yes), and I suppose I can just update it this way from now on.

    - Donna

  6. #26
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Nice to hear that it worked out

    Still problems?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #27
    Junior Member
    Join Date
    Feb 2008
    Posts
    23

    Smile

    No other problems in the last few days. I just have to install the Symantec VP software now and then check for any updates for it, and then uninstall the Avast. I hope to get to doing this later tonight. Everything else is done and I just have to check for updates weekly as you mentioned, to try to prevent getting infected again.

    I can not express my gratitude to you enough. This has been quite a learning experience for me. You have helped me fix my computer and have taught me so much on how to better protect it for the future. I just made a donation to SpyBot just now so I would not forget to do so. I am soooo appreciative. Thank you!!!

    - Donna

  8. #28
    Junior Member
    Join Date
    Feb 2008
    Posts
    23

    Unhappy

    OK... I think I may still have some virus remaining. :(

    I installed Symantec last night, and updated it (though I received an error due to symantic being in the host file twice, and tried to remove the entries and could not, it still seemed to update properly regardless), and then I ran a full scan with Symantec that took well over an hour and it came back fully clean, and so lastly I uninstalled Avast and then rebooted.

    Upon reboot, my system suddenly was running immensely slow... really slow... frustratingly slow. I figured maybe Symantec was running some sort of scan, but wondered why it was making my home computer operate so slowling and never made my work computer operate that way.

    Then as I was on the internet, suddenly a yellow alert popped up saying that Symantex Auto Protection was disabled. Then the Windows Shield Alert also popped up saying I had no antivirus protection at all. !!!! I was completely freaked out by this. Then I was trying to open up the Symantec to turn the protection on and it wouldn't open for about four or five minutes it seemed. There was like an immense slow down of my system for some reason. Then when Symantec finally opened, I was able to turn the protection back on, but I was really upset that the protection was turned off like that and that everything was so slow. This has never happened with Avast at all. :(

    Do I still have a residual virus or is this sort of thing normal with Symantec, and if it is normal... I will uninstall this horrible software (why did everyone tell me it was so much better) and put Avast back on. :(

    Should I run scans again (and if so, in normal mode or safe mode (I was told safe mode is best, because viruses can hide in normal mode))?

    - Donna

  9. #29
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Yes, Norton is a way heavier than avast! So I would say it's normal.

    You can post back a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #30
    Junior Member
    Join Date
    Feb 2008
    Posts
    23

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:45:14 PM, on 2/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Comodo\CBOClean\BOCORE.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\aaaaTemp\Setups\HiJack This\HiJackThis.exe

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: PrevxCSI.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128397785765
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    --
    End of file - 5853 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •