KS-FINN Posted May 22, 2007 Share Posted May 22, 2007 I've been reading different posts about a-2 Squared FREE so I decided to give it a try. I'm very glad that I did because it detected 1-Trojan and 1-Riskware that my Bitdefender Antivirus v10 > AVG > SUPERAntiSpyware Professional did not dectect. To anyone interested give it a try. Why not It's FREE.? Link to comment Share on other sites More sharing options...
Moderators rridgely Posted May 22, 2007 Moderators Share Posted May 22, 2007 Just because it detected something doesn't mean it was really bad. A lot of times A-Squared will give false detections. What it detected may have actually been bad but chances are just as good that it wasn't. If you can give us more info on what was found we could give you a better judgement. Link to comment Share on other sites More sharing options...
KS-FINN Posted May 22, 2007 Author Share Posted May 22, 2007 Just because it detected something doesn't mean it was really bad. A lot of times A-Squared will give false detections. What it detected may have actually been bad but chances are just as good that it wasn't. If you can give us more info on what was found we could give you a better judgement. These are the 2 items that it detected: Trojan.Win32.RC5_Drop >>: Riskware.RiskTool.Win32. Do you think that these are false detections.? Link to comment Share on other sites More sharing options...
Moderators rridgely Posted May 22, 2007 Moderators Share Posted May 22, 2007 Just the name of the infection doesn't help. What were the file paths? Link to comment Share on other sites More sharing options...
KS-FINN Posted May 22, 2007 Author Share Posted May 22, 2007 Just the name of the infection doesn't help. What were the file paths? This is all the information that I have. I click on to them but it won't give me a file report. This is the only other information that I'm able to give you. I hope this is what your asking for. c:\hp\bin\corelWP\src\intro.exe: Trojan.Win32.RC5_Dropp c:\hp\bin\Killwind.exe: Riskware.RiskTool.Win32 Link to comment Share on other sites More sharing options...
Moderators rridgely Posted May 23, 2007 Moderators Share Posted May 23, 2007 Thats exactly what I'm talking about. Neither of those are really infections. Both were put on there by your pc maker (HP/Compaq) Link to comment Share on other sites More sharing options...
KS-FINN Posted May 23, 2007 Author Share Posted May 23, 2007 Thats exactly what I'm talking about. Neither of those are really infections. Both were put on there by your pc maker (HP/Compaq) Thanks you much for your help. !! Theirs really got a lot that I got to learn about computers. I'm completely self taught. So please excuse me for my ignorance. When I first got my computer I didn't even know how to turn it on and that's really bad.!! So you can take it from their. I learn a little each day and Piriform Forums has taught me alot. I never even took typing in High School which I deeply regret to this day. It just makes every thing that much more difficult. I have a question about False/Positives. How do you know if it's false/positive.? Where do you go to find out this information.? Any information you can send my way that would help me understand this would be greatly appreaciated.! Link to comment Share on other sites More sharing options...
KS-FINN Posted May 23, 2007 Author Share Posted May 23, 2007 Thats exactly what I'm talking about. Neither of those are really infections. Both were put on there by your pc maker (HP/Compaq) I just ran another scan with a-2 Squared and it detected a Worm. IS THIS ANOTHER FALSE/POSITIVE.? If it's a false/positive SHOULD I DELETE/ RETORE/OR QUARANTINE THEM.? If this continues I'm going to remove the program. Do you agree with removing a-2 Squared.? Their are 6 files infected all listed below. If I decide to remove a-2 Squared should I first retore all the items that it detected from Quarantine.? NET-WORM.Win32.Theals.b c:\WINDOWS\system32\dllcache\convert c:\WINDOWS\$NTServicePackUninstall$\cis c:\WINDOWS\$system32\dllcache\chglogon c:\WINDOWS\system32\convert.exe c:\WINDOWS\I386\AVTOFMT.EXE C:\WINDOWS\$NtServicePackUninstall$\au YOUR INPUT WILL BE GREATLY APPRECEIATED.!! Link to comment Share on other sites More sharing options...
Moderators rridgely Posted May 23, 2007 Moderators Share Posted May 23, 2007 Run Kaspersky WebScanner Please go HERE and click Kaspersky Online Scanner Read and Accept the Agreement You will be promted to install an ActiveX component from Kaspersky, Click Yes. If you see a Windows dialog asking if you want to install this software, click the Install button. The program will launch and then begin downloading the latest definition files, When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click on the Scan Settings button, and in the next window select the Extended database, and click Ok. Under "Please select a target to scan:", click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window. Paste kaspersky log onto forum. Its possible that those are real infections so its good to get a second opinion. I don't think they are though. Link to comment Share on other sites More sharing options...
KS-FINN Posted May 23, 2007 Author Share Posted May 23, 2007 Run Kaspersky WebScannerPlease go HERE and click Kaspersky Online Scanner Read and Accept the Agreement You will be promted to install an ActiveX component from Kaspersky, Click Yes. If you see a Windows dialog asking if you want to install this software, click the Install button. The program will launch and then begin downloading the latest definition files, When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click on the Scan Settings button, and in the next window select the Extended database, and click Ok. Under "Please select a target to scan:", click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window. Paste kaspersky log onto forum. Its possible that those are real infections so its good to get a second opinion. I don't think they are though. Thanks very much for your help. Link to comment Share on other sites More sharing options...
KS-FINN Posted May 23, 2007 Author Share Posted May 23, 2007 Run Kaspersky WebScannerPlease go HERE and click Kaspersky Online Scanner Read and Accept the Agreement You will be promted to install an ActiveX component from Kaspersky, Click Yes. If you see a Windows dialog asking if you want to install this software, click the Install button. The program will launch and then begin downloading the latest definition files, When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click on the Scan Settings button, and in the next window select the Extended database, and click Ok. Under "Please select a target to scan:", click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window. Paste kaspersky log onto forum. Its possible that those are real infections so its good to get a second opinion. I don't think they are though. I followed your instructions as you indicated but was unable to finish the task. Problem: I only got a far as do you want to install active x and I clicked yes and it wouldn't install active x. I tried 5 times and gave up. Do you think one of my programs is stopping active x from being installed.? Is their another way to try this.? Link to comment Share on other sites More sharing options...
KS-FINN Posted May 23, 2007 Author Share Posted May 23, 2007 Run Kaspersky WebScannerPlease go HERE and click Kaspersky Online Scanner Read and Accept the Agreement You will be promted to install an ActiveX component from Kaspersky, Click Yes. If you see a Windows dialog asking if you want to install this software, click the Install button. The program will launch and then begin downloading the latest definition files, When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click on the Scan Settings button, and in the next window select the Extended database, and click Ok. Under "Please select a target to scan:", click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window. Paste kaspersky log onto forum. Its possible that those are real infections so its good to get a second opinion. I don't think they are though. Unable to install ActiveX. I keep getting a warning message. Please read WARNING MESSAGE below. I don't recall ever installing Kaspersy Beta online scanner. This oviously must be the problem because it won't install ActiveX. Now what can we try.? PS: I went to my Add/Remove Programs and Kaspersky does not exit. Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free Warning: if you have installed Kaspersky Online Scanner BETA, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly. Benefits: Kaspersky Anti-Virus exceptional detection rates and thorough scanning Hourly AV database updates available each time the Online Scanner is launched Heuristic analysis to detect unknown viruses Simple installation (just click on a link) Requirements and limitations: Link to comment Share on other sites More sharing options...
Moderators rridgely Posted May 24, 2007 Moderators Share Posted May 24, 2007 I don't know why its not working for you. You can try this one instead: Run Panda Activescan from Here. Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When the download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back. If that wont work you can try trend micro's housecall scanner. Its java based and will even work with mozilla/firefox. Link to comment Share on other sites More sharing options...
KS-FINN Posted May 24, 2007 Author Share Posted May 24, 2007 I don't know why its not working for you. You can try this one instead: Run Panda Activescan from Here. Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When the download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back. If that wont work you can try trend micro's housecall scanner. Its java based and will even work with mozilla/firefox. SAME PROBLEM WITH BOTH Panda and House call. Unable yo install ActiveX. I GIVE UP TRYING. THANKS FOR ALL YOUR HELP ANYWAY.!! Link to comment Share on other sites More sharing options...
pip22 Posted May 24, 2007 Share Posted May 24, 2007 KS-FINN, are you trying to run the online scan using the Firefox or Opera web-browser? They won't work for that because you need to use an "ActiveX aware" web-browser, and that means using Internet Explorer. (PS. Don't reckon much to my forum status as a "newbie". I've been using and fixing computers for over 10 years!) Pip Link to comment Share on other sites More sharing options...
Anthony A Posted May 24, 2007 Share Posted May 24, 2007 If you use the Panda scan be prepared to have your a$$ spammed off. They require an e mail address and they use it. I wouldn't touch that scanner with a ten foot pole ever again. Link to comment Share on other sites More sharing options...
JDPower Posted May 24, 2007 Share Posted May 24, 2007 If you use the Panda scan be prepared to have your a$$ spammed off. They require an e mail address and they use it. I wouldn't touch that scanner with a ten foot pole ever again. Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable." Link to comment Share on other sites More sharing options...
KS-FINN Posted May 24, 2007 Author Share Posted May 24, 2007 KS-FINN, are you trying to run the online scan using the Firefox or Opera web-browser? They won't work for that because you need to use an "ActiveX aware" web-browser, and that means using Internet Explorer. (PS. Don't reckon much to my forum status as a "newbie". I've been using and fixing computers for over 10 years!) Pip I am using Internet Explorer 7 Link to comment Share on other sites More sharing options...
KS-FINN Posted May 24, 2007 Author Share Posted May 24, 2007 If you use the Panda scan be prepared to have your a$$ spammed off. They require an e mail address and they use it. I wouldn't touch that scanner with a ten foot pole ever again. That might expain why I was unable to Open Windows Updates, I had to do a system restore to fix it. PS: I first had to install ActiveX to install the Microsoft update page and it installed ActiveX just fine.? GO FIGURE.!! Link to comment Share on other sites More sharing options...
KS-FINN Posted May 24, 2007 Author Share Posted May 24, 2007 Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable." Too late now. Link to comment Share on other sites More sharing options...
JDPower Posted May 24, 2007 Share Posted May 24, 2007 Too late now. Lesson learned then - don't just automatically click next without reading the details. Wouldn't have killed Windows updates though. Link to comment Share on other sites More sharing options...
Anthony A Posted May 24, 2007 Share Posted May 24, 2007 Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable." Well I have to admit I didn't check that but I didn't see it either. When I blocked their address in Yahoo Mail they kept sending me stuff and using different Panda addresses. I swear I blocked like 7 different addresses before the spam stopped. Link to comment Share on other sites More sharing options...
KS-FINN Posted May 24, 2007 Author Share Posted May 24, 2007 Run Kaspersky WebScannerPlease go HERE and click Kaspersky Online Scanner Read and Accept the Agreement You will be promted to install an ActiveX component from Kaspersky, Click Yes. If you see a Windows dialog asking if you want to install this software, click the Install button. The program will launch and then begin downloading the latest definition files, When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click on the Scan Settings button, and in the next window select the Extended database, and click Ok. Under "Please select a target to scan:", click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window. Paste kaspersky log onto forum. Its possible that those are real infections so its good to get a second opinion. I don't think they are though. I had to do a sytem restore today because my Update Browzer wouldn't open. Well anyway my update browzer works again. I had to first install activex (Which worked) before I could get access to the updates. Since ActiveX installed here I figured I would try Housecall online scanner and it installed Activex successfully so I ran a scan and it found 2 (Two) items. They are as follows: ADWARE_BHOT_TEHELPER Aliasnames Adware-BHO-gen (McFee); IEHIpr (PestPatrol) ADWARE_MEMWATCHER Descripion Alias:Backdoor.VB.nb (PestControl) Advertising.Com(SpyBot) Adware.Quadro(Symantic)Classification Registry Key HKEY_LOCAL_MACHINE\%Registry Run Key %\4A5XRZW5NJ6@@ %System%\Ebg6yiN.exe " " " \Fya24W. " " " " \TGatr8. " " " " \GcoK1B4A. " " " " \bTPBts. " " " " \HswVd25s. " " " " \duvGY79j. " " " " \PqpGZ2P. " " " " \Sfze5IMu. " " " " \UdgrYPnp. " I was unable to copy and paste it. I tried but it didn't work so I did this manually. What does this tell you. Let me know. I deleted them. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted May 25, 2007 Moderators Share Posted May 25, 2007 Please just start a new topic with a hijackthis log. Link to comment Share on other sites More sharing options...
KS-FINN Posted May 25, 2007 Author Share Posted May 25, 2007 Please just start a new topic with a hijackthis log. Here's my log file from hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 4:18:53 PM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\NoAdware5.0\NoAdware5.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [RCAutoLiveUpdate] "C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" -AUTO O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023861750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023847671 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) NOTE: I noticed that that highjackthis log reads BitDefender10 (file missing) in different places so I emailed this hijackthis log to their tech. support and here's a copy below of their reponse. > Dear Kenneth, > > We assure you that there is no reason to worry, BitDefender runs (and will > continue to run) fine. > > On the HijackThis report, you can see that BitDefender is a running > application (in the first part of the report). If the specified files were > missing BitDefender would not have launched. > > Furthermore, the status 'file missing' do not actually refer to a missing > file > as such. HijackThis cannot by itself establish if an application is complete > or if some specific files are missing. > > Thank you for your interest in our BitDefender security solution. > > Best regards, > > Adrian Refca > BitDefender Technical Support Engineer > ------------------------------------- > e-mail: support@bitdefender.com > http://www.bitdefender.com > ------------------------------------- > secure your every bit > ------------------------------------- Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now