Antivirus XP 2008 causinf problems. Please help.

Status
Not open for further replies.
Fidos,

Don't delete or remove any of the programs we have run just yet, we will go over them when we're done and I will tell you what to remove and what to keep.

The file we submitted was the wrong one and its not needed now anyway, we need to work on fixing Zone Alarm for you.

C:\Qoobox\ComboFix-quarantined-files.txt <---This file will open in Notepad, post it please
 
Anyways, if you do mean post it on this site, here it is:

2003-05-14 17:07:16 389,120 C:\Qoobox\Quarantine\C\WINNT\system32\actskn43.ocx.vir
2005-01-04 01:49:09 5,296 C:\Qoobox\Quarantine\C\WINNT\Web\default.htt.vir
2005-07-13 05:15:02 24 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2005-07-13 05:27:26 1,024 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search.vir
2005-11-15 08:50:34 372,816 C:\Qoobox\Quarantine\C\WINNT\system32\vsdatant.sys.vir
2007-03-07 17:37:54 264,376 C:\Qoobox\Quarantine\C\WINNT\system32\Launcher.exe.vir
2007-11-19 06:05:44 769 C:\Qoobox\Quarantine\C\Documents and Settings\Lee\Application Data\Macromedia\Flash Player\#SharedObjects\PZ47KJSE\bin.clearspring.com\clearspring.sol.vir
2008-06-20 19:09:55 139 C:\Qoobox\Quarantine\C\Documents and Settings\Lee\Application Data\Macromedia\Flash Player\#SharedObjects\PZ47KJSE\interclick.com\ud.sol.vir
2008-08-20 05:05:37 118,784 C:\Qoobox\Quarantine\C\WINNT\system32\3.tmp.vir
2008-08-20 22:08:17 118,784 C:\Qoobox\Quarantine\C\WINNT\system32\8.tmp.vir
2008-08-21 20:53:53 118,784 C:\Qoobox\Quarantine\C\WINNT\system32\4.tmp.vir
2008-08-22 18:15:45 118,784 C:\Qoobox\Quarantine\C\WINNT\system32\5.tmp.vir
2008-08-26 02:30:02 2,896 C:\Qoobox\Quarantine\Registry_backups\Service_MAPI.reg.dat
2008-08-26 02:30:02 798 C:\Qoobox\Quarantine\Registry_backups\Legacy_MAPI.reg.dat
2008-08-26 02:30:02 844 C:\Qoobox\Quarantine\Registry_backups\Legacy_RDRIV.reg.dat
2008-08-26 02:37:44 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-08-26 02:37:44 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-08-26 02:37:44 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-08-26 02:37:46 307 C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{AE75F0AA-0C09-3646-8A7B-28B24300F4B3}.reg.dat
2008-08-26 02:37:47 302 C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{C911510E-E118-7A41-1C46-3B7495D7F222}.reg.dat
2008-08-26 02:37:54 141 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Steam.reg.dat
2008-08-26 02:37:54 153 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Spyware Vanisher.reg.dat
2008-08-26 02:37:54 194 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Micr Update.reg.dat
2008-08-26 02:37:55 100 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-lpt.reg.dat
2008-08-26 02:37:55 101 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-teqq32.reg.dat
2008-08-26 02:37:55 103 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-porka_.reg.dat
2008-08-26 02:37:55 104 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MONITER.reg.dat
2008-08-26 02:37:55 108 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-BoundRec.reg.dat
2008-08-26 02:37:55 122 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-M_S DVD DirectX Dll Drivers.reg.dat
2008-08-26 02:37:55 153 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Windows Logon Service.reg.dat
2008-08-26 02:37:55 153 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Windows SRM32 Pass.reg.dat
2008-08-26 02:37:55 160 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Microsoft MCT64 Center.reg.dat
2008-08-26 02:37:55 160 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Microsoft MicroP Protocol.reg.dat
2008-08-26 02:37:56 130 C:\Qoobox\Quarantine\Registry_backups\HKCU-RunServices-M_S DVD DirectX Dll Drivers.reg.dat
2008-08-26 02:37:56 132 C:\Qoobox\Quarantine\Registry_backups\HKCU-RunServices-MS Windows Security Updater.reg.dat
2008-08-26 02:37:56 168 C:\Qoobox\Quarantine\Registry_backups\HKCU-RunServices-Windows Logon Service.reg.dat
2008-08-26 02:37:56 168 C:\Qoobox\Quarantine\Registry_backups\HKCU-RunServices-Windows Update Service.reg.dat
2008-08-26 02:37:57 103 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-progmen.reg.dat
2008-08-26 02:37:57 106 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-wormexe.reg.dat
2008-08-26 02:37:57 107 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Dest068.reg.dat
2008-08-26 02:37:57 110 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-startman.reg.dat
2008-08-26 02:37:57 118 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Microsoft MCT64 Center.reg.dat
2008-08-26 02:37:57 121 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Windows Update Service.reg.dat
2008-08-26 02:37:57 123 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-M_S DVD DirectX Dll Drivers.reg.dat
2008-08-26 02:37:57 125 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-MS Windows Security Updater.reg.dat
2008-08-26 02:37:57 127 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Sygate Personal Firewall Start.reg.dat
2008-08-26 02:37:57 132 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Netbios Helper.reg.dat
2008-08-26 02:37:57 150 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SMrhc17dj0et2g.reg.dat
2008-08-26 02:37:57 152 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Micr Update.reg.dat
2008-08-26 02:37:58 122 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-FireWire Service.reg.dat
2008-08-26 02:37:58 131 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-M_S DVD DirectX Dll Drivers.reg.dat
2008-08-26 02:37:58 133 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-MS Windows Security Updater.reg.dat
2008-08-26 02:37:58 135 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-Sygate Personal Firewall Start.reg.dat
2008-08-26 02:37:58 163 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-Windows SRM32 Pass.reg.dat
2008-08-26 02:37:58 163 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-Windows Update Service.reg.dat
2008-08-26 02:37:58 169 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-Microsoft MCT64 Center.reg.dat
2008-08-26 02:37:58 169 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-Microsoft MicroP Protocol.reg.dat
2008-08-26 02:37:58 203 C:\Qoobox\Quarantine\Registry_backups\HKLM-RunServices-Micr Update.reg.dat
2008-08-26 02:37:59 119 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Microsoft MCT64 Center.reg.dat
2008-08-26 02:37:59 124 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-M_S DVD DirectX Dll Drivers.reg.dat
2008-08-26 02:37:59 128 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Sygate Personal Firewall Start.reg.dat
2008-08-26 02:37:59 153 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Micr Update.reg.dat
2008-08-26 02:37:59 162 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Windows Login Security.reg.dat
2008-08-26 02:37:59 162 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Windows Logon Service.reg.dat
2008-08-26 02:38:00 132 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunServices-M_S DVD DirectX Dll Drivers.reg.dat
2008-08-26 02:38:00 211 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunServices-Windows Login Security.reg.dat
2008-08-26 02:38:00 211 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunServices-Windows Logon Service.reg.dat
2008-08-26 02:38:00 211 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunServices-Windows Update Service.reg.dat
2008-08-28 18:47:47 804 C:\Qoobox\Quarantine\Registry_backups\Legacy_MCSECURE.reg.dat
2008-08-28 18:47:47 816 C:\Qoobox\Quarantine\Registry_backups\Legacy_DXDMAIN.reg.dat
2008-08-28 18:47:48 1,168 C:\Qoobox\Quarantine\Registry_backups\Legacy_VSDATANT.reg.dat
2008-08-28 18:47:48 2,780 C:\Qoobox\Quarantine\Registry_backups\Service_netinfo.reg.dat
2008-08-28 18:47:48 2,814 C:\Qoobox\Quarantine\Registry_backups\Service_mcsecure.reg.dat
2008-08-28 18:47:48 2,986 C:\Qoobox\Quarantine\Registry_backups\Service_dxdmain.reg.dat
2008-08-28 18:47:48 798 C:\Qoobox\Quarantine\Registry_backups\Legacy_NETINFO.reg.dat
2008-08-28 18:47:48 814 C:\Qoobox\Quarantine\Registry_backups\Legacy_ZONELAPS.reg.dat
2008-08-28 18:47:48 830 C:\Qoobox\Quarantine\Registry_backups\Legacy_SCARDCLNT.reg.dat
2008-08-28 18:47:48 854 C:\Qoobox\Quarantine\Registry_backups\Legacy_RPCMON.reg.dat
2008-08-28 18:47:48 864 C:\Qoobox\Quarantine\Registry_backups\Legacy_RPCCLIENT.reg.dat
2008-08-28 18:47:49 2,438 C:\Qoobox\Quarantine\Registry_backups\Service_vsdatant.reg.dat
2008-08-28 18:47:49 2,938 C:\Qoobox\Quarantine\Registry_backups\Service_Rpcmon.reg.dat
2008-08-28 18:47:49 2,980 C:\Qoobox\Quarantine\Registry_backups\Service_RpcClient.reg.dat
2008-08-28 18:47:49 3,054 C:\Qoobox\Quarantine\Registry_backups\Service_SCardClnt.reg.dat
2008-08-28 18:47:50 2,752 C:\Qoobox\Quarantine\Registry_backups\Service_Zonelaps.reg.dat
2008-08-28 18:48:05 168,862 C:\Qoobox\Quarantine\C\WINNT\system32\vsdatant.sys.zip
2008-08-29 03:37:43 1,082 C:\Qoobox\Quarantine\Registry_backups\Legacy_MSVNC.reg.dat
2008-08-29 03:37:43 2,512 C:\Qoobox\Quarantine\Registry_backups\Service_msvnc.reg.dat
2008-08-29 03:37:43 660 C:\Qoobox\Quarantine\Registry_backups\Service_GencTurK RootKit Driver.reg.dat
2008-08-29 19:27:12 9,611 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-08-29 19:27:31 876 C:\Qoobox\Quarantine\Registry_backups\Legacy_GENCTURK_ROOTKIT.reg.dat
2008-08-29 19:27:31 944 C:\Qoobox\Quarantine\Registry_backups\Legacy_DEFRAGMENTATION_MANAGER.reg.dat
2008-08-29 19:27:32 2,544 C:\Qoobox\Quarantine\Registry_backups\Service_GencTurK RootKit.reg.dat
2008-08-29 19:27:32 3,010 C:\Qoobox\Quarantine\Registry_backups\Service_Keyboard Service.reg.dat
2008-08-29 19:27:32 3,240 C:\Qoobox\Quarantine\Registry_backups\Service_Defragmentation Manager.reg.dat
2008-08-29 19:27:32 864 C:\Qoobox\Quarantine\Registry_backups\Legacy_LSA_SERVER.reg.dat
2008-08-29 19:27:32 864 C:\Qoobox\Quarantine\Registry_backups\Legacy_SOUND_SERVICE.reg.dat
2008-08-29 19:27:32 896 C:\Qoobox\Quarantine\Registry_backups\Legacy_KEYBOARD_SERVICE.reg.dat
2008-08-29 19:27:33 2,932 C:\Qoobox\Quarantine\Registry_backups\Service_Sound Service.reg.dat
2008-08-29 19:27:33 3,036 C:\Qoobox\Quarantine\Registry_backups\Service_LSA Server.reg.dat
2008-08-29 19:28:05 1,622 C:\Qoobox\Quarantine\catchme.log
 
Thats fine but I don't see the file I am looking for, be back in a bit. Hang in, we're almost done and your system looks fine
 
Lets do this

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c Vfind -ltf "%systemdrive%\vsdatant.*" >Log.txt&Log.txt&del Log.txt

A Notepad file will open. Post the contents of Log.txt in your next reply.
 
Here's the contents of the log.txt:

----a-w 372,816 2005-11-15 08:50:34 C:\QooBox\Quarantine\C\WINNT\system32\vsdatant.sys.vir
----a-w 168,862 2008-08-28 18:48:05 C:\QooBox\Quarantine\C\WINNT\system32\vsdatant.sys.zip

Entries: 2 (2)
Directories: 0 Files: 2
Bytes: 541,678 Blocks: 1,059
 
OK,

Go here and copy and paste this file to your desktop
C:\QooBox\Quarantine\C\WINNT\system32\vsdatant.sys.zip

Then right click on it and rename it, all you have to do is remove .zip


So it should look like this
C:\QooBox\Quarantine\C\WINNT\system32\vsdatant.sys

Then right click and copy it and paste it here
C\WINNT\system32

Let me know if it was successful and if so then we can restore the registry entry and ZoneAlarm may work.
 
Moving right along.

Go to Start > Run >

Copy and Paste this in to the run box
Regedit "C:\Qoobox\Quarantine\Registry_backups\Service_vsdatant.reg.dat"

Click yes at the prompt to merge into the registry.


Reboot and try ZA and see if its running ok now
 
Hi, I did what you told me to do and when I restarted the computer I hit a blue screen that said:
STOP:c000026c {Unable To Load Device Driver}
\SystemRoot\System32\vsdatant.sys device driver could not be loaded
Error status was 0xc000012f:sad:

So I restarted the computer again and I still got the same screen, and then I got the computer to restart normally by going into safemode and cutting the vsdatant.sys file from C:\WINNT\system32 to my desktop.

So what do I do next?
 
Morning Fidos,

This has been a bit tricky to say the least, but we still need that file for ZA to work , we may just have done it wrong, My bad on this one, its still a zip file and removing the extension did not change it.

Make sure this file is still on your desktop and rename it back by adding the .zip so now it should be this
C:\QooBox\Quarantine\C\WINNT\system32\vsdatant.sys.zip

Then doubleclick it and unzip it to system32


Ken
 
Last edited:
OK, so now I unzipped it into C:\WINNT\system32. Do I restart the computer again and see if it worked?
 
Fidos,

You had some nasty infections on this system and with Zone Alarm not running is really the least of the issues. We tried to fix this without you having to reinstall it but it looks like this will be something your going to have to do.


Just uninstall ZA from your Add Remove Programs and download a new copy and install it. I would delete that file as it may be corrupted and may not uninstall when you uninstall ZA

Ken
 
Last edited:
Ok, I reinstalled ZoneAlarm and everything seems to be working fine now. Thanks for helping me.:)
I just have one more question. Which programs that I downloaded shouldn't be used for scanning my computer?
 
Fidos, thats great :bigthumb:

GMER <---Drag it to the trash

Fixwareout <---Drag it to the trash

SDfix <--- Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

SuperAntiSpyware <---Yours to keep also but if you keep Malwarebytes then remove this one, you just need one

Hijackthis <---Your call, hopefully you won't need it again, if you do you can redownload it

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • CF_Cleanup.png

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.




Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.
Click to expand...

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
Status
Not open for further replies.
Back
Top