TechSpot

Virus

By Valerie
Jan 5, 2008
  1. Hello There....

    I recently ran BitDefender Online Scanner, it identified one virus w/five infected files. The information was the files could not be disinfected or deleted. I attempted to search for the files it provided and did so w/out success. The only information provided by the scan was virus detected
    Trojan.Generic.71582. Any help would be greatly appreciated. Thanks!
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi

    Please download and install SpyBots Search & Destroy

    Then Download and install Ad-Aware

    Make sure to fully update both programs before doing a full scan

    Also, always make sure your AntiVirus is up to date
     
  3. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    as requested

    alright, spybot found two problems w/my settings and fixed them both. also, adware results were just a couple of cookies and i removed them.
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  5. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    logs

    There were no results on the panda root kit. Here are the logs you requested.

    Also, ever since I started following the Viruses/Spyware/Malware, preliminary removal instructions every 2-3 minutes I am receiving a pop box that says: a change has been dected in the background page displayed on your desktop. You new page is (this is actuall empty). If this is ok, then click yes or press enter. Click no and we'll restore your page to the default, about home. I keep selecting no but then receive the same exact message again a few minutes later.


    Alright, I have been trying to upload the logs w/out success. I keep obtaining an upload error message. The AVG Anti-Spware had just one tracking cookie which I deleted.
     
  6. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    i was able to finally download hjt log. i'm still working on the other ones. thanks for your patience.

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

    heres the combofix log.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    WinPatrol loaded
    Ad-Aware Loaded
    Yahoo SearchProtection Loaded
    AVG Anti-Spyware Loaded
    SpywareGuard Loaded
    Sygate Loaded
    a-squared Scanner Loaded

    With also
    Your HP Printer
    AVG Antivirus
    DiscGui
    MSN
    And more

    It's a wonder the computer runs !

    I'd say go to Add/Remove programs and remove everything not needed anymore

    AFTER that (and after a few reboots I suppose) download and run this:
    http://www.mlin.net/StartupCPL.shtml
    And disable as many things starting as possible, except Antivirus)
    Note: these startup shortcuts, all start with Windows

    Then at last post your hijackthis.log again
     
  8. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    another hijack attachment

    omg, i know i have a lot of programs on the start up and just in general. honestly, i don't even know what programs i actually even need. i'm terrified to remove any programs because i'm not sure what the majority of them are and if its a program that the computer needs to properly function. any suggestions would be greatly appreciated. i made a few adjustments but know i could probably make more w/your help.
     
  9. momok

    momok TS Rookie Posts: 2,265

    Fix these two inactive entries in HijackThis:

    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)

    Apart from that, your logs are pretty much clean. Kimsland shall help you with the rest of the unnecessary program removal part.
     
  10. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    thanks

    thank you!
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Are you saying that users should have all these programs running ?
    Or are you saying that the programs themselves are unnecessary (ie they didn't help on this error)
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I think he was saying that you would help remove the unnecessary programs
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    OK

    Valerie, have you purchased these other programs ?
    If so then you could keep them (slowing your computer)
    But if these programs are free, then you might think of going to Add/Remove programs in Control Panel and removing them (I would)

    I'd also download Startup Control Panel (after the removal of all the other stuff above http://www.mlin.net/StartupCPL.shtml

    And disable any other unwanted startups

    By the way I am not saying to remove you Antivirus program
    Which should always be updated with real protection enabled
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Another good way for managing startup programs without downloading additional software is through spybot S&D. Go to Mode and select advanced. then expand tools in the left pane, then double click system startup uncheck items that don't need to be started everytime you turn on your computer.
     
  15. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    thank you

    I removed and cleaned up some of the start up programs. Also, I just realized that the infected files that the scan found were in restore.
     
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks Valerie, good point

    You should stop System Restore and then start it again creating a new clean restore point.

    How to stop System Restore

    Go to Control Panel
    Go to System
    Click on System Restore
    Tick the square to disable it
    Click Apply
    Click Yes

    To re-enable (as long as all malware is gone)
    Un-Tick the square
    Apply
    OK

    All done
     
  17. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    thanks

    done, thanks! i ran a new scan and the infected files were no longer there.
     
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hooray.

    Mostly support here will ask for another log file. But actually I believe this is all clean.

    Is it quicker now ?

    Resolved
     
  19. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    log

    yeah, the start up is a little faster, here's another log, better safe than sorry :)
     
  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I am not an expert in fully diagnosing your log.
    But I cannot see any issues in any file loading, except:
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    Which is really not a concern.

    If you would like to continue in checking/removing non-needed startups in your computer, please have a look at this link, which really covers everything.

    You may receive other replies
     
  21. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    JIT debugger

    I received a message:

    registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2 (2). Please check computer settings.

    cordby.eve !a 0x1700

    what is this message and how can i correct it?
     
  22. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Just In Time debugger

    And also you meant cordbg.exe (But that's ok, I knew it anyway :)

    Usually this fault has to do with .NET Framework corruption.
    It's a matter of uninstalling it, then re-installing it
    Info Here: http://support.microsoft.com/?id=320112

    One user reported that using System Restore, back to a time that all was ok, fixed the problem. But I would recommend doing the MS steps, just in case.
     
  23. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    Help Please

    I recently ran an online scan w/emsi, it said I had Worm.Win32.Netop.a and listed eight files that were infected. Is this a trojan or virus? How can I get rid of it. Any help would greatly be appreciated. Thanks!
     
  24. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  25. Valerie

    Valerie TS Rookie Topic Starter Posts: 39

    help please

    I recently ran an online scan w/emsi, it said I had Worm.Win32.Netop.a and listed eight files that were infected. Is this a trojan or virus? How can I get rid of it. Any help would greatly be appreciated. Thanks!

    Also, when I ran the spybot & search, I received a pop up warning box, "there were problems in the include file C:\Program Files\Spybot-Search_Destroy\Includes\Trojans.sbi. See "Include errors.log' for details. I just clicked the ok button. It appeared during the middle of the scan. Once the scan was complete, it said Congraluations, no immediate threats were found. I also ran the Panda Antirootkit. No problems!

    I attempted to upload the combo txt however it said my file of 127.7 kb bytes exceeds the forum's limit of 100.kb for this file type. There were no results on the AVG Antispyware logs.


    I posted a new thread as requested but haven't received any responses yet. Did I not post it correctly, here is a copy of what was posted.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...