Spyware, viruses, & security : Estalive
Estalive
by Olliegaa - 8/15/07 3:31 AMOut of all my 6 Spyware Applications, only AOL Spyware finds Estalive. Trouble is it only blocks it and does not remove it permanently, and in no time it's back. It describes Estalive as a nuisence, but if it's responsible for all the sudden computer-shutdowns it is more than a nuisence.
I have tried Safe Mode scans using all 6 Spyware applications that I have. Have also tried two online scanners in Safe Mode: Bitdefender and Ewido, (also have that as AVG 7.5 Anti-malware on my computer). None of them have even detected Estalive, let alone remove it.
I even re-installed my Windows XP operating system two days ago, but in the process of downloading applications from the internet I have Estalive back again. I was notified that it had been blocked again after installing the Google-Pack. Not saying that was responsible though.
I am not always notified When Estalive is there and sometimes only find it when I do a quick-scan whith AOL Spyware.
What can I do to remove it permenantly. I have lost hours of work due to the sudden shutdowns.
Re: Estalive
by Marianna Schmudlach
- 8/15/07 8:18 AM
In reply to: Estalive by Olliegaa
Here is a write-up:
estAlive
Type Adware
Type Description Adware, also known as advertising software, displays third-party advertising on the computer. The ads can take several forms, including pop-ups, pop-unders, banners, or links embedded within web pages or parts of the Windows interface. Some adware advertising might consists of text ads shown within the application itself or within side bars, search bars, and search results. Adware is often contextually or behaviorally based and tracks browsing habits in order to display ads that are meant to be relevant to the user.
http://research.sunbelt-software.com/threatdisplay.aspx?name=estAlive&threatid=138485
Give AVG Anti-Spyware a try:
First download AVG Anti-Spyware from HERE and save that file to your desktop.
After the installation, a free 30-day trial version containing all the extensions of the full version will be activated. At the end of the trial, these extensions will be deactivated and the program will turn into a feature-limited freeware version.
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found".
Close AVG Anti-spyware, do NOT run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions".
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
AVG scan to remove Estalive.
by Olliegaa - 8/15/07 12:06 PM In reply to: Re: Estalive by Marianna Schmudlach
Thank you for your reply.
I downloaded AVG Spyware and ran it in Safe Mode as explained. It only found three tracking-cookies, not Estalive.
A shot in the dark..
by Carol~ - 8/15/07 11:24 AM
In reply to: Estalive by Olliegaa
Are you using PC Tool's Spyware Doctor? If so, you might want to read this thread at their forum. And this at AOL's forum. Also "Estalive false positive detection ", which is a "sticky" at another forum.
The only reason I thought it was a "shot in the dark", was due to your computer shutdowns. I'm only posting this as a "just in case". Just in case you do have Spyware Doctor and it's contributing to your problems. If not.. forget about it! 
Carol
A shot in the dark..
by Olliegaa - 8/15/07 12:27 PM In reply to: A shot in the dark.. by Carol~
AAAH, good shot, that explains why AOL-spyware is detecting Estalive. Like they said in one of those links you gave me, AOL should get their act together.
I have no hope that AOL will ever get their act together though. Their 'Live-Help' is beyond a joke. If you telephone their technical department they are useless as well... even if you can understand their English. In the past they have hung up on me four times in one night.
Another trick they use is to give any solution that sounds plausable just to get you off the line. They can then log that event as resoved... what a farse.
Their complaints procedure is a waste of time as well. They make it as difficult as possible to make a complaint.
After four years as my ISP I have had enough of them. I will be cancelling my subscription with them from next month. I advise everybody who reads this to steer well clear of them.
Thank you very much Curcat,,,, finally a solution to the Estalive problem. Now, I wonder why my computer so often suddenly shuts down. After all the tests I've done looking for Estalive, nothing else has shown up...... any ideas what might be causing the shutdowns?
You're welcome, Olliegaa...
by Carol~ - 8/15/07 1:05 PM
In reply to: A shot in the dark.. by Olliegaa
I've heard many similiar complaints. Yet, there are also people who swear by AOL. All I can say is.. "go figure"!
I don't know what to tell you about the shutdowns. Have you tried any online scans? See this sticky at the top of the forum. It doesn't necessarily mean it's a "malware" problem, but it's worth ruling out by trying an online scanner. Have you looked in the Event Viewer to see if you're getting any error messages?
There are many reasons for shutdowns, which also includes hardware problems. Is it possible to give us a little more details? I can't promise I'll be the one to have an answer, but maybe some addtional information will help.
Carol
An additional thought..
by Carol~ - 8/15/07 2:35 PM
In reply to: You're welcome, Olliegaa... by Carol~
Olliegaa..
Sorry I hadn't noticed you said in your original post, you already tried a couple of online scanners. You said you've lost hours of work due to shutdowns. If you only reinstalled your os two days ago, it sounds like maybe this was going on prior to the reinstall. Or so it "seems". IF you've ruled out any viruses or malware, and have experienced the shutdowns for an extended amount of time, you might consider either posting at the Windows XP Forum, or Computer Help Forum. Not looking to "send you packing", but it is something to consider. 
Carol
An additional thought.
by Olliegaa - 8/16/07 12:00 AM In reply to: An additional thought.. by Carol~
Yes the shutdowns were happening before I re-installed the OS. For some reason they have stopped now, and I can never remember my hard-drive so calm.... or maybe I'm just aware of it now after the storm of the past week.
Thank you very much for all the links you showed me. I'm sure they will come in very handy for the future.
You are not sending me packing... you have eased my mind about Estalive... now I know that it's nothing to worry about and that Spyware Doctor is taking care of it.;-)
An additional thought 2
by Olliegaa - 8/16/07 2:11 AM In reply to: An additional thought.. by Carol~
I will have to use the links you gave me Carol. The expletive thing is shutting down again...
Seems ok now
by Olliegaa - 8/15/07 11:44 PM In reply to: You're welcome, Olliegaa... by Carol~
For most of yesterday and this morning, so far there hasn't been any shutdowns. Spyware and Antivirus applications have not found anything, but I did download and run CCleaner from CNET. Really don't know why the problem has gone away.
In addition.
by Olliegaa - 8/16/07 2:07 AM In reply to: In addition by tomronThank you for the link Tom.
I spoke too soon about the shutdowns. I've had three since I wrote the above. One of them while writing a reply to you.
I will use your link to Majorgeeks to try and solve the problem.
One thing that I'm confused about, and hope that you or Carol could clear up. I've just had another warning from AOL-Spyware, that it has blocked Estalive. This time I did not tell it to delete it.... want to see what happens if I don't delete it.
I get this warning soon after every reboot, when I've deleted Estalive or it's Spyware-Doctor-immunization after the previous start-up.... if you see what I mean?
If Spyware-Doctor has immunised the computer against Estalive, does AOL-Spyware block that immunisation? Seems to me that the two of them are battling against each other?
i have a similar problem
by drglnprao - 8/16/07 5:31 AM In reply to: In addition. by OlliegaaCan somebody see my Hijack this log and tell me if a spyware is active in my system?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:49 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186658035046
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 3860 bytes
Thanks
Drglnprao
drglnprao
by tomron - 8/16/07 5:53 AM In reply to: i have a similar problem by drglnpraoCNET doesn't analyze HJT logs,check this link for instructions FYI - PLEASE do NOT post any HJT logs in this forum!
Tom
Your welcome
by tomron - 8/16/07 6:02 AM In reply to: In addition. by OlliegaaI wouldn't have anything to do with AOL,check this LINK
Tom
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
