By RogerRampant ยท 15 replies
Apr 11, 2009
  1. Hello again :)

    This is not a major problem, in the sense that it is only listed by the Trend Micro free online scan as malware, but when I run the scan it tells me it is there, I tell it to delete it but apparently it doesn't, and when I do a windows search of my PC that file name doesn't show up. My windows search has including hidden files and system files selected by default. It presumably is still there, as Trend Micro keeps highlighting it.

    Does anyone have any more info about this malware? I tried a Google search but found nothing useful about it.

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

  3. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    OK my broadband usage has increased dramatically, had an email from my ISP to say that I am almost at my 15gb limit for this month (which has never happened before), and a lot of HD activity occurring that I don't usually have, so things don't look too promising. :(

    Here is the first log:

    Moderator Edit:
    Pasted logs removed
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Logs should be attached, not pasted./ The moderator will remove the log.

    Attach the requested logs- all three please.
    1) Malwarebytes Anti Malware log
    2) SuperAntiSpyware log
    3) Hijackthis log

    Attachment Instructions
  5. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    Sorry / thanks. Here they are. Really appreciate the fact that you guys give this advice out for nothing.

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    RR, I am reviewing your logs and listing entries to be removed. I will be back a bit later and will EDIT this post with the information.
  7. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    The first time I ran ComboFix it deleted four things, including a FireFox extension called NPMYGISH.dll

    Unfortunately I ran ComboFix again in order to have it install the Windows Recovery Console for me, but I think that it has saved the new log over the top of the previous one. So here are the two logs (ComboFix and HJT), but the ComboFix log might not be so much use as the previous one would have been. Is there a way to recover it?
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    File Sharing Programs found in logs: Limewire

    Info on using P2P Programs =>

    Quote from 8-Step Removal Guide:

    You may have not realized but your Firefox has also allowed bittorrent as a pluggin too
  9. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    OK Limewre has been uninstalled, and that bit torrent plugin. Also found another plugin that I didn't know was there, something about printing coupons, so I deleted that as well. Do I need to run anything again after deleting these things out?
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Yes go through Add\Remove programs and remove all P2P programs (just in case we find another ; 2 is bad enough :D)
    Then restart to confirm they are gone from subsequent logs
    Then run another ComboFix and supply the log, hopefully it then shows the missing entries
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please include a rescan with HijackThis after updating and running Combofix again. Attach log and report.
  12. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    OK let's try again. :)
  13. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    After I have sorted out my PC, presumably I need to turn my attention to my teenage daughter's laptop. :(
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    THE most important thing to do right now if to get an antivirus program running!

    Online scans are AFTER the fact>> they find viruses, Worms, Trojans AFTER they have gotten on the system.They do not offer any ongoing protectionYou must run an antivirus program ALL the time to prevent the malware from getting you the system!

    Per Step 1 in the Virus and Malware Removal:
    Everyone of the poker entries you have-and there are many- is a potential for malware. Games sites frequently load adware or spyware. For instance, this is current or ongoing activity:
    The Combofix log also still shows:
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

    So it time to come to terms with yourself for the security of your system:
    1. P2P file sharing? Don't even bother removing malware because this allows a steady stream of it!
    2. Multiple, frequent gaming activities in poker? Keep them all but take a few hours each week to remove the trash they bring!

    I will help in whatever you decide- unless you want to keep the P2P programs plugin.
  15. RogerRampant

    RogerRampant TS Rookie Topic Starter Posts: 25

    I have Comodo firewall, but I removed my antivirus checker because it slowed my PC down too much. :p I'll try to find one that doesn't slow the PC down too much, Avast slowed it down substantially...

    Firefox told me that it had deleted the bittorrent thing, but I'll have another go at removing that. I assume the bittorrent arrived because I play a game called Age of Wonders Shadow Magic, and an enormous mod for the game was available on Pando. Maybe Pando installed the bittorrent plug-in, and when I uninstalled Pando it wasn't removed?

    Most of the poker sites run some stuff called IESnare or MPSnare, which is there to check that you aren't opening multiple accounts, and presumably some sites will have their own proprietary systems to do the same thing. It is very hard to know what they are doing, because they don't run in my browser and they use stuff like flash cookies. Anyway, some poker sites need to stay, but I will delete the non-core ones...

    My daughter installed Limewire when I was at work and her laptop was out of action, but that has gone now from my PC - I would guess that it will still be on her laptop, though.

    Thanks for the advice, I'll post some more logs once I have made a few changes.

    EDIT: FireFox shows that the bittorrent plugin is disabled, but it doesn't give the option to remove it, only disable it or enable it. So I'll have to do a bit more research on that. OK I went to C:\Program Files\Mozilla Firefox\plugins and deleted it, so that bit's sorted (hopefully) :p
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Did you download Pando from a torrent site?

    To the best of my knowledge, even high resource users like the Norton/Symantec programs don't use so much of the resources that a user would remove them. Something else is going on with your system You NEED a current, updated, active antivirus program. It might be that you are setting the program to do a virus scan every time you boot. That can be stopped.

    Pando itself is peer-to-peer software. It is NOT BitTorrent . And the only was torrent is going to get on from Age of Wonders Shadow Magic is if it's pirated from a torrent site!

    Advise you read comment here about the use of IPSnare/MPSnare:
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...