WiredWX Hobby Weather ToolsLog in

 


Help! That Fake Virus Scan icon is back on my computer

2 posters

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200003d

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B97000 \WINDOWS\system32\KDCOM.DLL
0xF7AA7000 \WINDOWS\system32\BOOTVID.dll
0xF7648000 ACPI.sys
0xF7B99000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7637000 pci.sys
0xF7697000 isapnp.sys
0xF76A7000 ohci1394.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7C5F000 PCIIde.sys
0xF7917000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7B9B000 intelide.sys
0xF76C7000 MountMgr.sys
0xF7618000 ftdisk.sys
0xF7B9D000 dmload.sys
0xF75F2000 dmio.sys
0xF791F000 PartMgr.sys
0xF76D7000 VolSnap.sys
0xF75DA000 atapi.sys
0xF76E7000 disk.sys
0xF76F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75BA000 fltmgr.sys
0xF7564000 SYMDS.SYS
0xF7552000 sr.sys
0xF7525000 SYMEFA.SYS
0xF7707000 PxHelp20.sys
0xF750E000 KSecDD.sys
0xF7481000 Ntfs.sys
0xF7454000 NDIS.sys
0xF743A000 Mup.sys
0xF7717000 agp440.sys
0xF7747000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6DAA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF69AA000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6996000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF696E000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF694A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6D9A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6D8A000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B8F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6902000 \SystemRoot\system32\DRIVERS\parport.sys
0xF68EA000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF6D7A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7767000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF68C7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A07000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6887000 \SystemRoot\system32\drivers\smwdm.sys
0xF6863000 \SystemRoot\system32\drivers\portcls.sys
0xF7777000 \SystemRoot\system32\drivers\drmk.sys
0xF6843000 \SystemRoot\system32\drivers\aeaudio.sys
0xF67E5000 \SystemRoot\system32\drivers\senfilt.sys
0xF7A0F000 \SystemRoot\system32\drivers\sf.sys
0xF7D43000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7847000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B27000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5CBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7877000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7897000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5CAB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78A7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A87000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5C7B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BC3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5B75000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B4B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF56A7000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF2C75000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0xF2C56000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0xF77C7000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0xF2AE5000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF7BB1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DD3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BB3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF56BF000 \SystemRoot\System32\drivers\vga.sys
0xF7BB5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BB7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF56C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF56B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6068000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2A9E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF2A45000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF29EE000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
0xF29C8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7907000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7757000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF294B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF2929000 \SystemRoot\System32\drivers\afd.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF28FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7CE4000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xF288E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7867000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7967000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xF2830000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF2813000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF2794000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0xF26E8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys
0xF2D0C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF26D0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C33000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF740E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A57000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9C24000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB99D3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7C37000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB988C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB92B7000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9BF8000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8D32000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8C44000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB67D3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF5697000 \??\C:\DOCUME~1\lcdig\LOCALS~1\Temp\catchme.sys
0xF7C0B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF79BF000 \??\C:\DOCUME~1\lcdig\LOCALS~1\Temp\mbr.sys
0xAEA1D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100930.005\IDSxpx86.sys
0xAE8CF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101001.002\NAVEX15.SYS
0xAE8BB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101001.002\NAVENG.SYS
0xADF23000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
724 csrss.exe
756 C:\WINDOWS\system32\winlogon.exe
800 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1200 C:\WINDOWS\system32\svchost.exe
1324 svchost.exe
1448 svchost.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1672 svchost.exe
1704 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1716 C:\Program Files\Bonjour\mDNSResponder.exe
1764 C:\Program Files\Java\jre6\bin\jqs.exe
1928 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
2044 C:\WINDOWS\system32\nvsvc32.exe
168 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
320 C:\WINDOWS\system32\svchost.exe
444 wdfmgr.exe
484 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1924 alg.exe
2604 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
3620 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3632 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
3952 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
3960 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3976 C:\Program Files\iTunes\iTunesHelper.exe
948 C:\WINDOWS\system32\ctfmon.exe
1140 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
804 C:\Program Files\AIM7\aim.exe
2116 C:\Program Files\iPod\bin\iPodService.exe
2320 C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
1180 C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
2416 C:\WINDOWS\explorer.exe
728 C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
2552 C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
3180 C:\Program Files\Mozilla Firefox\firefox.exe
3116 C:\Program Files\Outlook Express\msimn.exe
2944 C:\Program Files\Mozilla Firefox\plugin-container.exe
2688 C:\Program Files\Mozilla Firefox\plugin-container.exe
3816 C:\Documents and Settings\lcdig\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)

PhysicalDrive1 Model Number: WDCWD2000JB-00EVA0, Rev: 15.05R15
PhysicalDrive2 Model Number: WDCWD3200SB-01KMA0, Rev: 08.05J08
PhysicalDrive0 Model Number: WDCWD2500JB-00EVA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
Excellent.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
drat. an hour into the scan, my computer shut itself off.
must start again...... argh!

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cf967ff653b59e44a5812ac923b9228a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-02 01:17:41
# local_time=2010-10-01 06:17:41 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777174 85 88 0 24632513 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=69847
# found=0
# cleaned=0
# scan_time=8177

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
And the fake icon is still there?

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
nope! it's gone. thanks so much.
do i have to uninstall or undo any of the programs used in this exercise?

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
Let's clean up.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
OK!
I've got the Clean System Restore. All previous restores are removed.
I ran OTC and TFC. There were still many things on my desktop, so i moved them to the recycle bin and cleaned it out.
The Root Kit/Uninstaller was still on my Start>Programs list, but i couldn't find the actual exectuables, so i guess i must have deleted them.
Here's the detales from Security ChecK:
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Rootkit Unhooker LE 3.8 SR 2
CCleaner
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.3.4
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


So, Am i good?
thanks again... really appreciate it.
b

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
Just update these, and keep yourself safe on the Internet. Smile...

Update Firefox

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.


Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
I uninstalled/reinstalled the updated JAVA, but the Firefox tells me that i'm using the most up-to-date version. Both when I check for updates and when I visit the Mozilla site to verify what is current.

but the oddest thing has happened since all this cleaning etc. Now, when I click on a link inside my email client (Outlook Express) it opens in IE instead of Firefox. I've checked in both mail and browser options and i don't find a place where that has become instruction. Does this sound peculiar?

thanks as always
b

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
You probably set IE as Default.

Go in to Firefox, click Tools > Options.

Choose the Advanced Tab.

Under System Defaults, click the Check Now button and confirm prompts.

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
gEniuS!!!
thanks so much
i'll kick down another donation soon.

descriptionHelp! That Fake Virus Scan icon is back on my computer - Page 2 EmptyRe: Help! That Fake Virus Scan icon is back on my computer

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum