TechSpot

not-a-virus

By sharpeye72
Apr 11, 2007
  1. Hey everyone, this is my first time on this site and im very much hoping someone may be able to help me with my problem.
    I have recently upgraded my Zone Alarm protection and even though my older version could not detect a problem, the upgrade has found 2.

    not-a-virus:Risk Tool Win32.reboot.f
    not-a-virus:Client-IRC Win32.mIRC.617

    The first is giving zone alarm treatment an error, it has found it several times now and the delete option wont work, it changes to delete on reboot, then i reboot but the little bugger is stuborn and wont delete.
    The second has only just become apparent which is now why im here.

    The file path for the first one is

    C\WINDOWS\TEMP\$24657D35.t$m

    This does not exist!!!

    I've tried a scan with AVG on this folder as a second opinion but this finds nothing.

    The only symptom I can really offer is when I power up my pc, when windows has finished loading and the machine is ready to use, it reboots. The next time its finished initializing I get a "systme has recovered from a fatal error" and when I send a report it gives me details of a moden driver thats out of date, or more recently something to do with spyware doctor.

    As this is my only symptom, the best way to stop this happening is I never shut my pc down so it never needs to start up (not very good for the electricity bill !!!!)

    The path for the second one is

    D\Program Files\mIRC\mirc.exe

    Whenever I try to use mIRC, Zone Alarm sees this as a problem anyway so removal of this program is my best guess for that problem.

    Any help with these items would be greatly appreciated.

    Sharpeye :D
     
  2. CCT

    CCT TS Evangelist Posts: 2,653   +6

    For the 'hidden' one, set your view to 'show hidden' - :)
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    Thaks for your speedy response :)
    My hidden is always set show hidden and its still hidden, I already thought of that one cheers :)

    Heres my HJT log



    Its going to take a while to get an AVG log. I'll do the other thigs you advised and post a reply as soon as I have the results

    Oce again, many thanks
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re running an outdated version of HijackThis.

    It also appears you`re running two firewall programmes. Blackice and Zonealarm, this is not recommended and can cause serious conflicts. Uninstall one of your firewall programmes, preferably BlackIce.

    Then post all the requested log files, when you`re finished with the instructions.

    Regards Howard :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    thanks howard

    I jumped the gun with my last post, I had yet to read your post on which pieces of software to use and the need to rename hjt.
    I have now read this post and am in the process of following your instructions.
    I do have 2 firewalls, however, I generally tend to close down blackice when i get started but will do as you advise and remove this.
    Im in the midst of download/updating the tools required and i'll post the releveant info as and when im finished
     
  7. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    hey howard
    i've finally finished running through your instructions and everything seems to check out ok, including rootkit
    here are the log files of the tools i've used but just to let you know, zone alarm found 2 "not-a-virus" files in wondows/temp even though all the other stuff checks out.
    anyway, here are those logs, i have to send them seperately because of the character limit.

    heres look 2 me log

    I very much appreciate your help, hope all the above isn't information overload
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please repost all your the requested log files as Attachments. See HERE for instructions.

    Regards Howard :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    i do appologise, here are the log files in attatchment form, hope they are better for you.
     
  10. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I see that you're still running BlackIce and ZoneAlarm, which, as Howard said, is not recommened. You should uninstall one of them immediately, preferably BlackIce.

    With that said, it looks like a little stuff which can easily be fixed.

    Have HijackThis fix these entries (if there) by placing a tick in the little box next to them:

    All the R0 and R1 entries

    O4 - HKLM\..\Run: [Error Nuker] G:\Security software\Error Nuker\bin\ErrorNuker.exe autostart

    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\GAMES\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\GAMES\PartyPoker\RunApp.exe

    Click the Fix Checked button.

    Go into add/remove programs on your control panel and uninstall anything having to do with PartyPoker or Error Nuker.

    Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

    In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

    Now delete the following bold files/folders (if there):

    G:\Security software\Error Nuker<--delete the entire folder

    G:\GAMES\PartyPoker<--delete the entire folder

    Now reboot normally and rehide your protected files by doing the reverse of the unhiding instructions.

    Then post fresh HijackThis, ComboFix, and AVG Antispyware logs as attachments into this thread.

    Regards :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  11. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    here are the latest set of test results.
     
  12. tomrca

    tomrca TS Rookie Posts: 1,000

    looks good to me. you can fix these with hjt by placing a tick next them and select fix

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - G:\SECURI~1\SPYWAR~2\tools\iesdsg.dll (file missing)

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - G:\SECURI~1\SPYWAR~2\tools\iesdpb.dll (file missing)

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - G:\SECURI~1\SPYWAR~2\tools\iesdpb.dll (file missing)
     
  13. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    still have problem

    i followed all the instructions, when i woke up this morning zonealarm found 2 cases of "not-a-virus:RiskTool.Win32.Reboot.f " i tried the repair option and i got error as the result, it said it couldnt repair them as they could not be found.

    heres my latest hjt log
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The not-a-virus:RiskTool.Win32.Reboot.f warning is often associated with Smitfraudfix and is a false positive.

    Get rid of Smitfraudfix if you have it and see if the warning ceases.

    Regards Howard :)
     
  15. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    combofix

    hhmmmmm, that sound odd, i will do as you advise. I have included my latest combofix log as well.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything particularly nasty in your Combofix log.

    Apart from the not-a-virus:RiskTool.Win32.Reboot.f alert, which as I`ve already said is probably due to a false positive and is more than likely Smitfraudfix, how`s your system running?

    Regards Howard :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    my pcis still on the slow side but im currently ruuning a zonralarm scan. its brn going fo just over an hour but its found something already but i dont want to stop it till its done. i only have 256meg of ram and i find zonealarm quiye greedy with my memory.
    i got rid of smitfraud, i'll let you more when the scan is complete

    i've been recommended nod32 as an anti-virus solution and when i checked out their site they make some impressive claims, the most eye catching to me is much less resorces it uses compaired to zone alarm.
    I downloaded the trial but when i tried to install it, it asked to remove all other anti-virus software so I left it at that.
    What are your thoughts on this product??
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`ve never used Nod32, but I have heard some good things about it. By all means give it a try and see what you think.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    zone alarm scan

    i've just got back to my latest zone alarm scan and it found nothing. :giddy:
    I had a hunt around some zone alarm options and i hadn't checked the quarantine, it had 3 not-a-virus things an there, i deleted those, (something i hade told to do when it finds them i must ad) and ran a scan which has come back clean.
    I did dig further into zone alarm settings and in advanced options, (just next to update now on the anit-virus/spyware page) i discovered, in detection under spyware management it is set intellegent quick scan(recommended) but there are full system scan and deep-inspection scan options.
    are either of these options worth doing now i feel cure??
    also is there any other measures i can take , i feel i've learned a bit now i've had that but im sure theres more to learn to stay protected.

    Thanks ever so much for your help, with the software i already had i thought i was doing ok but obviously not

    once again thanks sharpeye :wave: :giddy:
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    By all means, try doing a deep scan and see what it comes up with, if anything.

    Regards Howard :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. sharpeye72

    sharpeye72 TS Rookie Topic Starter

    hey howard, i have just one more question you might have an answer for.
    I keep getting a microsoft updates available icon but it never works. The update is a security update for flash player but when i try the update automaticallyit never completes and when i do it manually it tells me the update is not for the version of flash im running, but it keeps coming back on a daily basis and if i do run it my computer runs like a slug.
    Any ideas??
    I thought of uninstalling flash as I dont use it, but I may use it again one dayand i lost the installation disk.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Uninstall the Flash Player and reboot your system, then download and install the latest version from HERE.

    See if that helps.

    Regards Howard :)

    This thread is for the use of sharpeye72 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...