Xoftspy - same problem as B Smithers

Status
Not open for further replies.
D

duracell

Posts: 7   +0
I ran the usual Xoftspy scan on 12th April and it showed up that I had murlo trojan in the following files. They return on each reboot despite my having removed them. I've downloaded and ran all the suggestions given in an earlier post and none of the programs find the murlo trojan. Hubby even linked me to his laptop and checked with Norton - but the full scan took 6 hours to run and then found nothing.

system\ip6fw\enum0
system\ip6fw\count
system\ip6fw\nextinst

Is there a default value for these registry entries or have you discovered how to remove them?

REALLY struggling with this one.
 
As you`re no doubt aware, I`ve been searching for a solution to this problem for several days, without success. the latest idea I have is to try the following and post the results. Maybe if I can find the source of the infection, I`ll be able to suggest a way to get rid of it.

Please run the Kaspersky online scanner and post the logfile.

Regards Howard :)

This thread is for the use of duracell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Log file Kapersky

Hi again,

I ran the scan on the critical areas (hope that was right) and here is the log file.

Good luck in your search for a fix.
 
Please run the scanner again and have it scan your entire system, not just the critical areas. Post a fresh scan log.

Regards Howard :)

This thread is for the use of duracell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Kapersky Full Scan

Hi Howard,

Here's the full scan of my computer. I've had to stop using Outlook as an email coming in is closing Outlood even before I get a chance to delete it. I logged onto my mail account online and there is no sign of this email on their server. It says from "none" and has nothing in the subject line. I don't know if it's significant, but it might be. Fingers crossed.

Thanks lots

Lorna
 
Uninstall Windows defender from add remove programmes(if there)

Empty your recycle bin.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard :)

This thread is for the use of duracell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
What's the hjt log?

Hi Howard,

I've printed out the instructions and will start the process asap, but what is a hjt log? Told you I was a dumb mum didn't I.

Rgds,

Lorna
 
Avenger

Hi again Howard,

I've attached the Avenger text file and the hjt log.

I finally got a reply from Xoftspy (see below). I'm not convinced as why would I get the trojan warnings and then immediately have problems with Outlook? Could it be a coincidence that the version of Xoftspy I'm using is now discontinued and the newer XoftspySE claims to fix everything? Or am I just a suspicious old sod?

Thanks again

Lorna:)


Xoftspy response

Posted On: 18 Apr 2007 01:44 PM

--------------------------------------------------------------------------------
Hello Lorna,

Thank you for your email and the information you have provided.

We have identified this item as a false positive and this item will be removed from out definitions database in the near future.

In the meantime, please add it to your XoftSpy ignore list to prevent further detection. Should we make the decision to leave it in our database, it is your choice to leave it on your XoftSpy ignore list to prevent further detection or to have it detected.

**Please note that XoftSpy is now discontinued. We recommend copying the product to CD should you wish to continue using as the below link will only be available for a small period of time.

http://support.paretologic.com/xoftspy_setup.exe

However, updates and support for our legacy package will continue until May 1, 2007.

ParetoLogic is pleased to announce the next generation of XoftSpy, XoftSpySE. Built on the platform of our popular legacy product, XoftSpy, XoftSpySE features the effectiveness and ease of use that characterizes ParetoLogic products, while employing the latest advances in technology and innovation.
Powered by our groundbreaking Zheng Research Technology, XoftSpySE provides you with unparalleled anti-spyware protection at the fastest scan and remove speeds available.

XoftSpySE is an advanced anti-spyware program designed to scan the user's complete computer system including running processes, registry entries, files and folders. Fast, powerful and easy to use, XoftSpySE detects and removes adware, spyware, trojans, browser hijackers, spyware pop-ups, malware, and keyloggers. Subscribers receive automatic spyware definition updates, program feature updates and comprehensive customer support.

As our valued XoftSpy customer, we wish to offer a complementary one-year subscription to our new XoftSpySE anti-spyware application. After your first year has expired, you may renew your subscription for the low price of $14.95 USD.

In order to take advantage of this time-limited offer, please respond to this email, ensuring that you include:
First name:
Last name:
Valid email address:
State/Province:
Country of Residence:

We look forward to serving you as a new XoftSpySE subscriber!

We appreciate your business and the opportunity to be of assistance to you. Should you require further assistance or information, please don't hesitate to contact us.
 
Thankyou for the info on Xoftspy, it really is very much appreciated.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

WSBar

Close control panel.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\PROGRA~1\Wanadoo\WSBar<Delete the entire folder.

Reboot your system.

Other than the above, your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of duracell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you lots and lots

Hi Howard,

I've completed all the instructions and have a nice clean computer. :giddy: I don't use Windows restore as it contributed to a viral reinfection last year, but I do back up all my files at least once a week and have backups of any software installed. So a dumb mum - but smart enough to back up.

I am so glad I found this site and have learned quite a bit through both the advice given and reading some of the forum entries.

I've now installed Spyware Detector and dumped Xoftspy and have installed ZoneAlarm and disabled Windows Firewall to try and improve my protection.

Give yourself a big pat on the back:wave:

Thank you lots and lots and lots ......................

Best regards,

Lorna
xx
 
No problem, I`m glad I could help.

I hope you don`t mind, but I quoted your reply from the makers of Xoftspy in this thread HERE, see my last reply and update in that thread.

Once again, thanks for the invaluable info.

Regards Howard :)

This thread is for the use of duracell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

midian182
Bugs in Fujitsu accounting software that led to false convictions were known "from the...
Replies
18
Views
367
Aus spot
A
midian182
Chinese smugglers caught with $137,000 worth of Intel processors hidden in bus engine
Replies
7
Views
360
The Talking Tech
T
midian182
Amazon employees rage against return-to-office mandate as exec pleads for calm
2
Replies
29
Views
1K
rsmith222
R

Latest posts

Back