TechSpot

winantivirus pro 2007

By zulanders
Feb 25, 2007
  1. hai all,

    i am new here in this forum so please correct me if i done something wrong

    just couple of days ago this program suddently pop-up and infected my pc.
    it slow down my pc especially during start-up and opening program.

    i know this thing is a hell thing to happen

    to anyone know how to FULLY counter this, please let me know

    thanx.
     
  2. thewoosterisroot

    thewoosterisroot TS Enthusiast Posts: 192

  3. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    Ohh i forget to mention that i have done all the step in the given link
    sorry...:stickout:

    the given log is the end result

    is the malware has been 100% off my pc?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Delete all files in AVG Antispyware quarantine.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O15 - Trusted Zone: http://*.inicis.com

    O15 - Trusted Zone: http://*.vpay.co.kr

    O16 - DPF: {0a454840-7232-11d5-b63d-00c04faedb18} - http://pc/download/jinitiator/jinit11814.exe

    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.jumboplay.com.my/class/DragonbackCtl.ocx

    O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/wallet50/INIwallet50.cab

    Click on the fix checked button.

    Close HJT and reboot your system.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of zulanders only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    ok i have done all the thing you told....
    below is the new log.... is it clean???

    another thing,
    i feel that my pc is becoming much slower than before...
    is it normal?
    is there any other file/program that i need to delete/remove?
     
  6. tomrca

    tomrca TS Rookie Posts: 1,000

    looks ok apart from this entry:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll]

    http://www.symantec.com/avcenter/reference/newsletter/Apr04inews.htm

    Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow Vulnerabilities
    http://online.securityfocus.com/bid/10199
    Yahoo! Messenger is a freely available chat client distributed and maintained by Yahoo! It is available for the Microsoft Windows platform. When Yahoo! Messenger is installed it registers "yinsthelper.dll." This library adds the following COM objects:

    * YInstHelper.YInstStarter.1
    * YInstHelper.YAcs1
    * YInstHelper.YSearchSetting2

    It has been reported that the COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 are prone to remote memory corruption vulnerabilities, most likely due to buffer overflow conditions. The condition occurs in YInstHelper.YInstStarter.1 when the properties "DesktopIcon", "AppId", and "Test" are given values that are 255 bytes or longer. By crafting a HTML page that invokes this COM object, and passing data to one of these properties, an attacker may overwrite values that are crucial to controlling program execution flow. Ultimately an attacker may exploit these issues and then execute arbitrary instructions in the context of the user who is running an instance of Internet Explorer used to view the malicious Web page.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    By all means fix the entry pointed out by tomrca. It won`t make much difference to your Yahoo messenger.

    Bear in mind that the vulnerability in yinsthelper.dll was from 2004 and has long since been patched.

    One thing that`s slowing your system down is your Symantec/Norton programme. It is known to be a resource hog. I recommend you get rid of it and use one of the free anitvirus and firewall programme in this thread HERE. You should also disable the AVG Antispyware Resident Shield.

    If you have any problems in uninstalling Symantec/Norton, see this thread HERE.

    Regards Howard :)

    This thread is for the use of zulanders only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    ok i fix the entry as told by tomrca (by the way thanks tomrca)

    i got a few question...
    what is exactly hjt log? what it show anyway?
    how can you now if somebody have infected by virus/malware by looking to the log?

    about the antivirus stufff... can the recommended antivirus be use on company pc? because the pc i have been working on is from my office.

    i have try to use zonealarm, but i always have trouble... such as i cant connect to the net and i cant access some program inside the network.
    So i have to uninstall the firewall.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    A HijackThis log(HJT log), is a diagnostic programme, that shows what is running on your system. It allows people who can analyse them to see if viruses/malware etc is running on the system.

    If you have administrative rights over the companies computer, you can uninstall and install software as you see fit. However, if you don`t have administrative rights, then you`d need to speak to whoever is the systems administrator.

    To answer you question, the free AVG Antivirus software is only supposed to be used for home users.

    Taken from HERE.

    This may well apply to other free software as well, so you`d need to check out the user agreements for the various software.

    Zonealarm can cause problems on some systems. Therefore an alternative firewall will need to be found.

    Regards Howard :)

    This thread is for the use of zulanders only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. tomrca

    tomrca TS Rookie Posts: 1,000

    well it's not easy for most of us, but howard is brilliant at it.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Actually mate, it`s not that hard to tell if there are infections from looking at a HJT log. Google and Yahoo search engines are very good for finding out what`s good and what`s bad etc. The trick is in knowing how to get rid of the infections once they`ve been identified, as simply fixing something with HJT won`t get rid of the infection. In fact, fixing stuff with HJT can make getting rid of something a lot harder.

    When you`ve done as many HJT logs as I have, you tend to get used to what should and shouldn`t be there. It just takes practice that`s all. The really tough bit is when a new virus or variant starts doing the rounds. Trying to find a fix can be a very long, tedious and sometimes a fruitless task lol.

    Regards Howard :)
     
  12. tomrca

    tomrca TS Rookie Posts: 1,000

    when howard says,
    .
    look at the top right of his posts. more tan 17,500 posts. this diveded by three, is the approximate people that howard has helped.

    If i could be half as good, i would be very happy!:rolleyes:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...