Check out the Dell Store on CNET
Spyware, viruses, & security : PLEASE assist with possible virus/Registry key modification
PLEASE assist with possible virus/Registry key modification
by sprng2rn - 10/12/05 9:45 AMCompaq Intel Pentium III
MS Windows Me 4.90.2000
511 MB RAM
System Resources 57% free
Norton Internet Security 2005
AdAware SEPlus
have added since problems began:
HiJack This
Spybot Search & Destory
SpywareGuard
Much to my chagrin, only became aware of NAV's inability to play nice w/WinME following a recent update.
That said, AdAware detects a ''Critical'' Vulnerability described as a possible virus that despite removal, returns everytime I start my computer (Norton never detects):
HKEY_CLASSES_ROOT:exefile/shell/open/command''''c:\windows\system\iexplored.exe ''%'' %*
therefore, I begin each day with the following:
AdAware - ck for updates
AdAware - system scan, removal of stated vulnerability (and a host of other tracking cookies/items)
NAV - live update
NAV - system scan
Windows Update
Upon installation, Spybot initially cleared several items but has come up clean every scan since. Posted a thread with a HijackThis log on the Tom Coyote forums 2 wks. ago, have had no response. And several free scans have returned what looked like some pretty serious stuff, but was it just ''scare-ware''? (pay for removal)
On occasion the system will run pretty smoothly, the following are the most significant problems encountered:
-windows will freeze, interestingly enough, with a pattern... 1st freeze lasts ~ 30 seconds, momentarily releases and immediately freezes again for up to 1 min. OR permanantly and must reboot
-unable to ''minimize'' windows from systray
-receive an ''Runtime 91'' error when closing system down, which appears once desktop has cleared itself
-Windows Update consistently returns a Critial Update for Outlook Express (which I don't even use) despite daily downloads noted as ''Successful'' in my ''Installation History'' as well as removal via the Personalization Settings
Time wise, have lost ability to use System Restore as I thought I had beat the problem, only to have it return.
I feel as if I know only enough to be dangerous (lol) therefore treading carefully - any assistance and/or redirection to a more appropriate thread would be greatly appreciated!
Hi sprng2rn
by roddy32
- 10/12/05 10:47 AM
In reply to: PLEASE assist with possible virus/Registry key modification by sprng2rn
We don't do those logs here and normally I would NEVER suggest to post a log in a second HJT forum because they frown on multiple forums but if you have waited 2 weeks without a response, perhaps you should post in another one also but PLEASE, JUST ONE of them. Thy one of these.
- http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
- http://forums.spywareinfo.com/index.php?showforum=18
- http://forums.subratam.org/index.php?showforum=7
Assist
by sprng2rn - 10/12/05 1:28 PM In reply to: Hi sprng2rn by roddy32
Thanks Roddy! Appreciate the insight and suggestions!
Your Help
by sprng2rn - 10/19/05 4:03 PM In reply to: (NT) Good luck to you. :) by roddy32
Hey Roddy - the mentioned forum did come back and diligently stick with me to see it through, so I'm back on track now. But did want to thank you for your thorough effort in assisting.
You take care!
startup control panel and startup monitor
by a__l__a__n - 10/12/05 11:21 AM In reply to: PLEASE assist with possible virus/Registry key modification by sprng2rnHere are two free tools that have helped me extract some of these kinds of things:
http://www.mlin.net/StartupCPL.shtml
http://www.mlin.net/StartupMonitor.shtml
The Startup Control Panel (CPL) tool adds a Startup icon in your control panel window. Launching this gives a tool you can use to temporarily (or permanently) disable things from starting when you boot your pc. There are multiple places in the registry where these kinds of things can be hidden, and this tool has a page for each of those places. After installing, just look through the pages and uncheck anything you don't want to start. Of course you need to know what you want to disable. Maybe you could post the things that are starting and someone here could suggest what to disable. Or you could google for each one to see which if any are possibly related to a virus. Or just use trial and error (you can always re-enable things later).
Startup Monitor recognizes when a program attempts to insert something new in the startup areas of the registry, and prompts you for your approval before allowing it. That won't remove what's already in your registry, but it can stop a program from being re-inserted in the startup sequence.
Hope these help.
Assist
by sprng2rn - 10/12/05 1:32 PM In reply to: startup control panel and startup monitor by a__l__a__nThanks a_l_a_n, will give that a look, interested to see if anything shows up in those hiding places! Aprreciate it!
You might also try these
by steve11375 - 10/12/05 2:10 PM In reply to: PLEASE assist with possible virus/Registry key modification by sprng2rnHi sprng2rn,
The moderators parasite suite:
http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=1313&messageID=15002
I think Roddy gets a kickback from Ewido as he always pushes this one... (Just kidding Roddy I like this one also :-))
http://www.ewido.net/en/download/
Microsoft anti-spyware beta is also good:
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
Try these things & report back
Hope That Helps,
Steve
LOL Steve, Let me explain
by roddy32 - 10/12/05 3:18 PM
In reply to: You might also try these by steve11375
a little about ewido and why I'm pushing it. It gets rid of some real nasty things that some of the others don't. They all do different jobs so I push the ones that I feel will work for that particular job. The HJT forums are using ewido a lot lately which is another reason why I push it. If anybody knows what works, it would be them. It was the FIRST program that got rid of qoologic for starters which was when the HJT forums started using it more. Unfortunately the malware changes every day so lets hope the programs we are all using will keep working for us. 
Roddy I agree Ewido is Great!
by steve11375 - 10/12/05 3:33 PM In reply to: LOL Steve, Let me explain by roddy32
Hey Roddy,
Ewido also found a couple things on my computer which nothing else found, I was just kidding with you on the pushing it, I hope you understand that, you (the moderators all inclusive) provide a GREAT service to the CNET community.
Thanks ALL Mod's for your dedication to the forums you have helped so many people with issues ME included!
Steve
No problem at all Steve, I knew
by roddy32 - 10/12/05 3:54 PM
In reply to: Roddy I agree Ewido is Great! by steve11375
you were kidding around but you were correct, I DO push it so I just felt I should explain as to why.
Roddy!
by sprng2rn - 10/19/05 4:17 PM In reply to: LOL Steve, Let me explain by roddy32
Speaking of Malware... following my recent problems, could you suggest a top site/program for Malware - would like to be sure I'm covered in that respect as well.
Thanks!
Sprng2n
Here are some free ones and
by roddy32 - 10/20/05 5:27 PM
In reply to: Roddy! by sprng2rn
sorry I was so slow to respond. I haven been here for a day or so. These are all free.
Spybot S&D (download, check for updates, read the tutorial and scan often, it also does some blocking)
http://www.safer-networking.org/en/home/index.html
SpywareBlaster (a blocker only, download it, check for updates, enable it and leave it alone except for checking for updates occasionally)
http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard (similiar to SpywareBlaster but works in a different way and does not update as often for that reason.
http://www.javacoolsoftware.com/spywareguard.html
Ad-Aware SE (a scanner, download, check for updates, read the directions and scan.
http://www.lavasoftusa.com/
cwshredder (stand alone unit)(another small scanner for certain things, ALL other windows should be closed)
http://www.intermute.com/spysubtract/cwshredder_download.html
links
by sprng2rn - 10/27/05 3:16 PM In reply to: Here are some free ones and by roddy32
Great! Thanks again - you are awesome! 
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
