winantivirus pro 2007

Status
Not open for further replies.
Z

zulanders

Posts: 40   +0
hai all,

i am new here in this forum so please correct me if i done something wrong

just couple of days ago this program suddently pop-up and infected my pc.
it slow down my pc especially during start-up and opening program.

i know this thing is a hell thing to happen

to anyone know how to FULLY counter this, please let me know

thanx.
 
Ohh i forget to mention that i have done all the step in the given link
sorry...:stickout:

the given log is the end result

is the malware has been 100% off my pc?
 
Hello and welcome to Techspot.

Delete all files in AVG Antispyware quarantine.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O15 - Trusted Zone: .inicis.com[/url]

O15 - Trusted Zone: .vpay.co.kr[/url]

O16 - DPF: {0a454840-7232-11d5-b63d-00c04faedb18} - http://pc/download/jinitiator/jinit11814.exe

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.jumboplay.com.my/class/DragonbackCtl.ocx

O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/wallet50/INIwallet50.cab

Click on the fix checked button.

Close HJT and reboot your system.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :wave: :wave:

This thread is for the use of zulanders only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok i have done all the thing you told....
below is the new log.... is it clean???

another thing,
i feel that my pc is becoming much slower than before...
is it normal?
is there any other file/program that i need to delete/remove?
 
looks ok apart from this entry:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll]

http://www.symantec.com/avcenter/reference/newsletter/Apr04inews.htm

Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow Vulnerabilities
http://online.securityfocus.com/bid/10199
Yahoo! Messenger is a freely available chat client distributed and maintained by Yahoo! It is available for the Microsoft Windows platform. When Yahoo! Messenger is installed it registers "yinsthelper.dll." This library adds the following COM objects:

* YInstHelper.YInstStarter.1
* YInstHelper.YAcs1
* YInstHelper.YSearchSetting2

It has been reported that the COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 are prone to remote memory corruption vulnerabilities, most likely due to buffer overflow conditions. The condition occurs in YInstHelper.YInstStarter.1 when the properties "DesktopIcon", "AppId", and "Test" are given values that are 255 bytes or longer. By crafting a HTML page that invokes this COM object, and passing data to one of these properties, an attacker may overwrite values that are crucial to controlling program execution flow. Ultimately an attacker may exploit these issues and then execute arbitrary instructions in the context of the user who is running an instance of Internet Explorer used to view the malicious Web page.
 
Your HJT log is clean.

By all means fix the entry pointed out by tomrca. It won`t make much difference to your Yahoo messenger.

Bear in mind that the vulnerability in yinsthelper.dll was from 2004 and has long since been patched.

One thing that`s slowing your system down is your Symantec/Norton programme. It is known to be a resource hog. I recommend you get rid of it and use one of the free anitvirus and firewall programme in this thread HERE. You should also disable the AVG Antispyware Resident Shield.

If you have any problems in uninstalling Symantec/Norton, see this thread HERE.

Regards Howard :)

This thread is for the use of zulanders only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok i fix the entry as told by tomrca (by the way thanks tomrca)

i got a few question...
what is exactly hjt log? what it show anyway?
how can you now if somebody have infected by virus/malware by looking to the log?

about the antivirus stufff... can the recommended antivirus be use on company pc? because the pc i have been working on is from my office.

i have try to use zonealarm, but i always have trouble... such as i cant connect to the net and i cant access some program inside the network.
So i have to uninstall the firewall.
 
zulanders said:
)what is exactly hjt log? what it show anyway?
how can you now if somebody have infected by virus/malware by looking to the log?
Click to expand...

A HijackThis log(HJT log), is a diagnostic programme, that shows what is running on your system. It allows people who can analyse them to see if viruses/malware etc is running on the system.

about the antivirus stufff... can the recommended antivirus be use on company pc? because the pc i have been working on is from my office.
Click to expand...

If you have administrative rights over the companies computer, you can uninstall and install software as you see fit. However, if you don`t have administrative rights, then you`d need to speak to whoever is the systems administrator.

To answer you question, the free AVG Antivirus software is only supposed to be used for home users.

Taken from HERE.

AVG Anti-Virus Free and AVG Anti-Spyware Free is for private, non-commercial, single home computer use only.
Click to expand...

This may well apply to other free software as well, so you`d need to check out the user agreements for the various software.

i have try to use zonealarm, but i always have trouble... such as i cant connect to the net and i cant access some program inside the network.
So i have to uninstall the firewall.
Click to expand...

Zonealarm can cause problems on some systems. Therefore an alternative firewall will need to be found.

Regards Howard :)

This thread is for the use of zulanders only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Actually mate, it`s not that hard to tell if there are infections from looking at a HJT log. Google and Yahoo search engines are very good for finding out what`s good and what`s bad etc. The trick is in knowing how to get rid of the infections once they`ve been identified, as simply fixing something with HJT won`t get rid of the infection. In fact, fixing stuff with HJT can make getting rid of something a lot harder.

When you`ve done as many HJT logs as I have, you tend to get used to what should and shouldn`t be there. It just takes practice that`s all. The really tough bit is when a new virus or variant starts doing the rounds. Trying to find a fix can be a very long, tedious and sometimes a fruitless task lol.

Regards Howard :)
 
when howard says,
"When you`ve done as many HJT logs as I have, you tend to get used to what should and shouldn`t be there. It just takes practice that`s all. "
Click to expand...
.
look at the top right of his posts. more tan 17,500 posts. this diveded by three, is the approximate people that howard has helped.

If i could be half as good, i would be very happy!:rolleyes:
 
Status
Not open for further replies.

Similar threads

A
Alienware's Pro Wireless Mouse and Pro Wireless Keyboard peripherals are built for esports
Replies
5
Views
292
StupidPeopleSuk
StupidPeopleSuk
Gilbertcyberpro
Alienware 17 r5 Why is my internet speed being reduced to 30 download and 0.4 upload. Normally 900 up and down
Replies
2
Views
1K
Mark Fuller
M
Shawn Knight
Netflix Bites is a unique dining experience that brings your favorite cooking shows to...
Replies
1
Views
371
emmzo
E

Latest posts

Back