|
Anti-virus
|
|
|
ravens1
Member
|
12. October 2006 @ 12:06 |
Link to this message
|
My computer has a few viruses on it, and i was just wondering what the best, low cost solution to an antivirus program is. But if theres a very good program thats know to detect and remove viruses that costs some money, its absolutely worth it.I have ZoneAlarm and Bitdefender 10, and they both scan for viruses and detect the same 4, but are unable to delete them. Also is there a program that lets me delete a virus manually, because when i try to delete a virus file like isnotify.exe,(which is a virus) it will say "error, access denied," or something like that.
Thanks.
|
|
Advertisement
|
|
|
|
Member
|
12. October 2006 @ 12:33 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 12. October 2006 @ 12:34
|
AfterDawn Addict
6 product reviews
|
13. October 2006 @ 03:01 |
Link to this message
|
try AVG free its a great antivirus and free and will sureley get rid of the viruses.
Edited by DVDBack23
"the mediocre teacher tells. the good teacher explains. the superior teacher demonstrates. the great teacher inspires."- William Aruthur Ward
Website: http://www.ampleblaze.com |
|
ravens1
Member
|
13. October 2006 @ 12:38 |
Link to this message
|
Thanks for the suggestions.
I installed AVG free successfully, and it seems like a pretty good program. Ill see if it can remove the viruses from my pc.
|
|
ravens1
Member
|
13. October 2006 @ 14:23 |
Link to this message
|
WOW!!! I ran a virus scan with AVG. It took a long time but it deleted the bad files. I had ran scans with like 9 different programs and they couldnt delete those viruses. Well AVG did!!
|
AfterDawn Addict
6 product reviews
|
13. October 2006 @ 14:30 |
Link to this message
|
|
Glad it all worked out for you mate. Teach and learn :)
Edited by DVDBack23
"the mediocre teacher tells. the good teacher explains. the superior teacher demonstrates. the great teacher inspires."- William Aruthur Ward
Website: http://www.ampleblaze.com |
|
kent909
Newbie
|
15. October 2006 @ 12:57 |
Link to this message
|
|
Just a notice about files you cant remove.
I open the most files in notpad, and then delet line after line, becouse sometimes the file dont allow you to delete everything at the same time....
Oterwise, download KILLBOX, it's a freeware, and it take away most things, first it stop a running process,and then it delet the file.
|
|
ravens1
Member
|
15. October 2006 @ 15:26 |
Link to this message
|
|
But the viruses say that when i try to heal them, or remove, or open with notepad, "access denied."
|
Senior Member
|
15. October 2006 @ 23:52 |
Link to this message
|
|
Delete them in safe mode.
|
|
aabbccdd
Suspended permanently
|
16. October 2006 @ 01:06 |
Link to this message
|
|
ravens1 , yes run your program(anti virse) in safe mode
run "Spysweeper" in safe mode and see what you come up with
also run "SmithfraudFix"v2.106 and post a logfile
a couple of the better anti virse programs are "Trend Micro Internet Security 2007" and NOD32 well worth the money
|
|
ravens1
Member
|
16. October 2006 @ 12:54 |
Link to this message
|
|
So i run my computer in safe mode or antivirus in safe mode? And antivirus in safe how?
Ok, ill first try starting my computer in safemode as Niobis said. But all the viruses on my computer (4), end with .ddl. When i try to open the files windows says something like: "these files keep your computer running, if you delete them it could ruin your computer." Its not like the files or .exe, where i could delete them.
|
Senior Member
|
16. October 2006 @ 13:26 |
Link to this message
|
|
I meant to delete the files in safe mode since access was denied in normal mode. aabbccdd suggested you run your anti-programs in safe mode, which will give you best riding results.
You do not need to open the .dll files or any viruses for that matter. I just hope your not trying to delete legit system files since Windows is prompting you. I hope you know they are in fact bad...what are their names?
If access of deletion is still denied in safe mode then you will need to get KillBox. If you need help finding or using KillBox, ask.
This message has been edited since posting. Last time this message was edited on 16. October 2006 @ 13:27
|
|
ravens1
Member
|
16. October 2006 @ 13:36 |
Link to this message
|
ok, now 5 instead of 4. They just keep coming. AVG declares them as virus klones. Also Zone Alarm says also detects the same files. Exceot it calls them Win32 Darksma, or something.
The virus names are:
C:\WINDOWS\system32\tlteaglw.dll
C:\WINDOWS\system32\xqpdkylv.dll
C:\WINDOWS\system32\ytmpcdwy.dll
C:\Documents and Settings\my name\local settings\temp\rmkettig.dll
And 1 more, but i didnt write it down.
So to start windows in safe mode i tap F8 at windows startup, right?
This message has been edited since posting. Last time this message was edited on 16. October 2006 @ 13:48
|
Senior Member
|
16. October 2006 @ 13:48 |
Link to this message
|
Yeah, those are bad. :) They are randomly named files so they all may be linked to one infection. It may have infected the restore folder also. After manually deleting the files empty System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Restart and turn it back on. Then, download HijackThis.
Extract the file to a folder.
Run a scan and save a log file.
Post the log.
I see one of those is in a temp folder. You can delete it manually, but I'll also suggest using CCleaner often. Saves time with having to clean all the temp files manually. Plus, it's free. :)
Yes, enter safe mode using F8 or F5.
Edited...oh Darksma is not nice. It's also known as Conhook, not the worse but bad none the less. I suggest you post a HijackThis log 'cause this thing can hook your LSP's and slow internet.
This message has been edited since posting. Last time this message was edited on 16. October 2006 @ 13:57
|
|
kent909
Newbie
|
16. October 2006 @ 14:29 |
Link to this message
|
|
Hi Ravens.....
Oki, it's a big differense between .exefiles and .dll files.
dll files are very problematic to just remowe, but insted you can open sys32 take the dll file and drag it to your desktop, and then open with note or wordpad, and then delete from inside, if this dont work, then try to rename them and open again.
I had some of this problems long time ago, and I did just like I explain here.
exefiles I delete with killbox, try this, it's a good littleprog, but at the same time, becareful, becouse killbox can remowe more then you want, so read before use !!!
Hope it works for you !!!
" will check up a few more things, to help you "
|
|
ravens1
Member
|
16. October 2006 @ 14:31 |
Link to this message
|
|
Yeah there are a lot of Darksma viruses, like 10 or more. But when i try to start in safe mode, my computer reboots to advanced options(F8), and then i will try to go to safe mode again, and it takes me back to advanced options again.
|
Senior Member
|
16. October 2006 @ 14:33 |
Link to this message
|
|
|
ravens1
Member
|
16. October 2006 @ 16:45 |
Link to this message
|
Ok, here it is.
Logfile of HijackThis v1.99.1
Scan saved at 8:44:21 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1140209414083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1146943814406
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - http://www.geoplayer.com/downloads/GeoPlayerX.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Senior Member
|
16. October 2006 @ 18:10 |
Link to this message
|
I assume you haven't removed the files you listed, so I will include those. If there were more you didn't mention do the same for them with KillBox.
First, download this 018RegFix to your desktop.
Double click it and click Yes when prompted to merge with the registry.
Go here and download KillBox.
Do not run it yet, will later in safe mode.
Go to Add/Remove Programs and uninstall(if there):
VSToolBar
Frontier Search Helper <--If you did not install.
Run a scan only with HijackThis, check these(if there):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll <--Only if you uninstalled Frontier Search Helper.
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S <--Only if you uninstalled Frontier Search Helper.
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
If you didn't add these IP's check these also.
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
Close all windows except HijackThis then click "Fix checked".
Close HijackThis.
Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines below one at a time. Then click the red button with a white X after you enter each file.
You will be prompted to confirm, click Yes.
C:\WINDOWS\system32\tlteaglw.dll
C:\WINDOWS\System32\xqpdkylv.dll
C:\WINDOWS\System32\ytmpcdwy.dll
C:\Documents and Settings\*your name here*\local settings\temp\rmkettig.dll
Any others you didn't mention.
Note: KillBox may prompt "File does not seem to exist". If so, continue with next file, but do not miss any.
Find and delete these folders:
C:\Program Files\VSToolbar
C:\Program Files\FrontierSH <--Only if you uninstalled Frontier Search Helper.
Restart in normal mode.
I suspect Vundo because there are no 02 or 020 entires so, rename HijackThis to any name of your choice.
Run a new scan and post the new log.
Edit 2: lol, nevermind, the 023 I seen is legit. I just spoke out too soon. :)
This message has been edited since posting. Last time this message was edited on 16. October 2006 @ 18:33
|
|
ravens1
Member
|
16. October 2006 @ 18:26 |
Link to this message
|
|
Thank you very much!! I will post back tommorow.
|
|
aabbccdd
Suspended permanently
|
16. October 2006 @ 21:08 |
Link to this message
|
|
ravens1, if you can't start your PC in safemode by pressing F8 do this..
click start click run type in msconfig click ok click the BOOT.INI tab and check the /SAFEBOOT box click apply then ok and your machine will reboot to safemode
|
|
ravens1
Member
|
18. October 2006 @ 08:44 |
Link to this message
|
|
Im typing this from a library computer. You know what that means huh?
you know how i said that i couldnt get in safe mode, how my pc would get back to advanced mode? Well, i checked the box in boot.ini, so when i started to get in safe mode, it wouldnt let me log on. No matter which option i select, like safe mode, start windows normally, or anything, it restarts the pc. So I CANT LOGON! MY COMPUTER IS BEANED UNLESS SOMEONE KNOWS HOW TO GET OUT!!!! (like press a button upon startup.
|
|
aabbccdd
Suspended permanently
|
18. October 2006 @ 09:53 |
Link to this message
|
|
only other thing i know you could try to start it in safe mode is to crash windows on startup
do this start your machine when it gets to loading the windows screen turn off the power from the back of the PC or unplug it from the wall .plug it back it and restart it should go to safe mode then
|
AfterDawn Addict
6 product reviews
|
20. October 2006 @ 03:39 |
Link to this message
|
The only other way besides what was mentioned above i can think of is to. Download a windows 98 boot disk from http://www.bootdisk.com/ and then boot your computer up with the disk and then try to start windows up via dos mode. C:\win
Type that command in.
I hope that helps. :)
Edited by DVDBack23
"the mediocre teacher tells. the good teacher explains. the superior teacher demonstrates. the great teacher inspires."- William Aruthur Ward
Website: http://www.ampleblaze.com |
|
Advertisement
|
|
|
|
ravens1
Member
|
20. October 2006 @ 16:52 |
Link to this message
|
|
Thanks for everyones suggestions and help.(borhan9, aabbccdd, kent909, and niobis)I appreciated it.
After 113$ gone removing somehow about 3 pages full of lists of viruses from my computer, my computer is fresh and like new. The reason why i coulnt logon, is because my ram was absolutely full. The person who fixed it installed a big new ram. He also installed spywareblaster, which seems like a descent program. But again,there were like 200 viruses which were all like "your computer is affectede. It has blah many infections, download our new tools to remove." - like winantiviruspro, and a lot of spyware virus, viruses.
|
