Jump to content
CCleaner Community Forums
KS-FINN

a-2 Squared FREE

Recommended Posts

I've been reading different posts about a-2 Squared FREE so I decided to give it a try. I'm very glad that I did because it detected 1-Trojan and 1-Riskware that my Bitdefender Antivirus v10 > AVG > SUPERAntiSpyware Professional did not dectect. To anyone interested give it a try. Why not It's FREE.? :rolleyes:

Share this post


Link to post
Share on other sites

Just because it detected something doesn't mean it was really bad. ;)

A lot of times A-Squared will give false detections.

 

What it detected may have actually been bad but chances are just as good that it wasn't. If you can give us more info on what was found we could give you a better judgement.

Share this post


Link to post
Share on other sites
Just because it detected something doesn't mean it was really bad. ;)

A lot of times A-Squared will give false detections.

 

What it detected may have actually been bad but chances are just as good that it wasn't. If you can give us more info on what was found we could give you a better judgement.

 

These are the 2 items that it detected: Trojan.Win32.RC5_Drop >>: Riskware.RiskTool.Win32. Do you think that these are false detections.? :huh:

Share this post


Link to post
Share on other sites
Just the name of the infection doesn't help. What were the file paths?

 

This is all the information that I have. I click on to them but it won't give me a file report. This is the only other information that I'm able to give you. I hope this is what your asking for.

 

c:\hp\bin\corelWP\src\intro.exe: Trojan.Win32.RC5_Dropp

 

c:\hp\bin\Killwind.exe: Riskware.RiskTool.Win32

Share this post


Link to post
Share on other sites

Thats exactly what I'm talking about. Neither of those are really infections.

Both were put on there by your pc maker (HP/Compaq)

Share this post


Link to post
Share on other sites
Thats exactly what I'm talking about. Neither of those are really infections.

Both were put on there by your pc maker (HP/Compaq)

 

Thanks you much for your help. !! ;) Theirs really got a lot that I got to learn about computers. I'm completely self taught. So please excuse me for my ignorance. When I first got my computer I didn't even know how to turn it on and that's really bad.!! So you can take it from their. I learn a little each day and Piriform Forums has taught me alot. I never even took typing in High School which I deeply regret to this day. It just makes every thing that much more difficult.

I have a question about False/Positives. How do you know if it's false/positive.? Where do you go to find out this information.?

Any information you can send my way that would help me understand this would be greatly appreaciated.!

Share this post


Link to post
Share on other sites
Thats exactly what I'm talking about. Neither of those are really infections.

Both were put on there by your pc maker (HP/Compaq)

 

I just ran another scan with a-2 Squared and it detected a Worm. IS THIS ANOTHER FALSE/POSITIVE.? :huh: If it's a false/positive SHOULD I DELETE/ RETORE/OR QUARANTINE THEM.? If this continues I'm going to remove the program. Do you agree with removing a-2 Squared.? Their are 6 files infected all listed below. If I decide to remove a-2 Squared should I first retore all the items that it detected from Quarantine.?

 

NET-WORM.Win32.Theals.b

 

c:\WINDOWS\system32\dllcache\convert

 

c:\WINDOWS\$NTServicePackUninstall$\cis

 

c:\WINDOWS\$system32\dllcache\chglogon

 

c:\WINDOWS\system32\convert.exe

 

c:\WINDOWS\I386\AVTOFMT.EXE

 

C:\WINDOWS\$NtServicePackUninstall$\au

 

YOUR INPUT WILL BE GREATLY APPRECEIATED.!!

Share this post


Link to post
Share on other sites

Run Kaspersky WebScanner

  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

 

 

Its possible that those are real infections so its good to get a second opinion.

I don't think they are though.

Share this post


Link to post
Share on other sites
Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner

  • Read and Accept the Agreement

  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • If you see a Windows dialog asking if you want to install this software, click the Install button.

  • The program will launch and then begin downloading the latest definition files,

  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.

  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.

  • Under "Please select a target to scan:", click My Computer to start the scan.

  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

  • Paste kaspersky log onto forum.

Its possible that those are real infections so its good to get a second opinion.

I don't think they are though.

 

Thanks very much for your help. ;)

Share this post


Link to post
Share on other sites
Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner

  • Read and Accept the Agreement

  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • If you see a Windows dialog asking if you want to install this software, click the Install button.

  • The program will launch and then begin downloading the latest definition files,

  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.

  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.

  • Under "Please select a target to scan:", click My Computer to start the scan.

  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

  • Paste kaspersky log onto forum.

Its possible that those are real infections so its good to get a second opinion.

I don't think they are though.

 

I followed your instructions as you indicated but was unable to finish the task. Problem: I only got a far as do you want to install active x and I clicked yes and it wouldn't install active x. I tried 5 times and gave up. Do you think one of my programs is stopping active x from being installed.? Is their another way to try this.? :unsure:

Share this post


Link to post
Share on other sites
Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner

  • Read and Accept the Agreement

  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • If you see a Windows dialog asking if you want to install this software, click the Install button.

  • The program will launch and then begin downloading the latest definition files,

  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.

  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.

  • Under "Please select a target to scan:", click My Computer to start the scan.

  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

  • Paste kaspersky log onto forum.

Its possible that those are real infections so its good to get a second opinion.

I don't think they are though.

 

Unable to install ActiveX. I keep getting a warning message. Please read WARNING MESSAGE below. I don't recall ever installing Kaspersy Beta online scanner. This oviously must be the problem because it won't install ActiveX. Now what can we try.? PS: I went to my Add/Remove Programs and Kaspersky does not exit. :unsure:

Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free

Warning: if you have installed Kaspersky Online Scanner BETA, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly.

 

Benefits:

 

 

Kaspersky Anti-Virus exceptional detection rates and thorough scanning

Hourly AV database updates available each time the Online Scanner is launched

Heuristic analysis to detect unknown viruses

Simple installation (just click on a link)

 

Requirements and limitations:

Share this post


Link to post
Share on other sites

I don't know why its not working for you. You can try this one instead:

 

Run Panda Activescan from Here.

 

Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan

(Note: It may take a couple of minutes)

- When the download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

 

 

If that wont work you can try trend micro's housecall scanner. Its java based and will even work with mozilla/firefox.

Share this post


Link to post
Share on other sites
I don't know why its not working for you. You can try this one instead:

 

Run Panda Activescan from Here.

 

Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan

(Note: It may take a couple of minutes)

- When the download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

If that wont work you can try trend micro's housecall scanner. Its java based and will even work with mozilla/firefox.

 

SAME PROBLEM WITH BOTH Panda and House call. Unable yo install ActiveX. I GIVE UP TRYING. THANKS FOR ALL YOUR HELP ANYWAY.!!

Share this post


Link to post
Share on other sites

KS-FINN, are you trying to run the online scan using the Firefox or Opera web-browser? They won't work for that because you need to use an "ActiveX aware" web-browser, and that means using Internet Explorer.

 

(PS. Don't reckon much to my forum status as a "newbie". I've been using and fixing computers for over 10 years!)

 

Pip

Share this post


Link to post
Share on other sites

If you use the Panda scan be prepared to have your a$$ spammed off. They require an e mail address and they use it. I wouldn't touch that scanner with a ten foot pole ever again.

Share this post


Link to post
Share on other sites
If you use the Panda scan be prepared to have your a$$ spammed off. They require an e mail address and they use it. I wouldn't touch that scanner with a ten foot pole ever again.

Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable."

Share this post


Link to post
Share on other sites
KS-FINN, are you trying to run the online scan using the Firefox or Opera web-browser? They won't work for that because you need to use an "ActiveX aware" web-browser, and that means using Internet Explorer.

 

(PS. Don't reckon much to my forum status as a "newbie". I've been using and fixing computers for over 10 years!)

 

Pip

 

I am using Internet Explorer 7

Share this post


Link to post
Share on other sites
If you use the Panda scan be prepared to have your a$$ spammed off. They require an e mail address and they use it. I wouldn't touch that scanner with a ten foot pole ever again.

 

That might expain why I was unable to Open Windows Updates, I had to do a system restore to fix it. PS: I first had to install ActiveX to install the Microsoft update page and it installed ActiveX just fine.? GO FIGURE.!! :blink:

Share this post


Link to post
Share on other sites
Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable."

 

Too late now. :angry:

Share this post


Link to post
Share on other sites
Too late now. :angry:

Lesson learned then - don't just automatically click next without reading the details. Wouldn't have killed Windows updates though.

Share this post


Link to post
Share on other sites
Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable."

 

Well I have to admit I didn't check that but I didn't see it either. When I blocked their address in Yahoo Mail they kept sending me stuff and using different Panda addresses. I swear I blocked like 7 different addresses before the spam stopped.

Share this post


Link to post
Share on other sites
Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner

  • Read and Accept the Agreement

  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • If you see a Windows dialog asking if you want to install this software, click the Install button.

  • The program will launch and then begin downloading the latest definition files,

  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.

  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.

  • Under "Please select a target to scan:", click My Computer to start the scan.

  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

  • Paste kaspersky log onto forum.

Its possible that those are real infections so its good to get a second opinion.

I don't think they are though.

 

I had to do a sytem restore today because my Update Browzer wouldn't open. Well anyway my update browzer works again. I had to first install activex (Which worked) before I could get access to the updates. Since ActiveX installed here I figured I would try Housecall online scanner and it installed Activex successfully so I ran a scan and it found 2 (Two) items. They are as follows:

 

ADWARE_BHOT_TEHELPER

Aliasnames Adware-BHO-gen (McFee);

IEHIpr (PestPatrol)

 

ADWARE_MEMWATCHER

Descripion Alias:Backdoor.VB.nb

(PestControl) Advertising.Com(SpyBot)

Adware.Quadro(Symantic)Classification

Registry Key

HKEY_LOCAL_MACHINE\%Registry Run Key

%\4A5XRZW5NJ6@@

%System%\Ebg6yiN.exe

" " " \Fya24W. "

" " " \TGatr8. "

" " " \GcoK1B4A. "

" " " \bTPBts. "

" " " \HswVd25s. "

" " " \duvGY79j. "

" " " \PqpGZ2P. "

" " " \Sfze5IMu. "

" " " \UdgrYPnp. "

 

I was unable to copy and paste it. I tried but it didn't work so I did this manually. What does this tell you. Let me know. I deleted them.

Share this post


Link to post
Share on other sites
Please just start a new topic with a hijackthis log.

 

Here's my log file from hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 4:18:53 PM, on 5/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\NoAdware5.0\NoAdware5.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [RCAutoLiveUpdate] "C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" -AUTO

O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023861750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023847671

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

NOTE: I noticed that that highjackthis log reads BitDefender10 (file missing) in different places so I emailed this hijackthis log to their tech. support and here's a copy below of their reponse.

 

> Dear Kenneth,

>

> We assure you that there is no reason to worry, BitDefender runs (and will

> continue to run) fine.

>

> On the HijackThis report, you can see that BitDefender is a running

> application (in the first part of the report). If the specified files were

> missing BitDefender would not have launched.

>

> Furthermore, the status 'file missing' do not actually refer to a missing

> file

> as such. HijackThis cannot by itself establish if an application is complete

> or if some specific files are missing.

>

> Thank you for your interest in our BitDefender security solution.

>

> Best regards,

>

> Adrian Refca

> BitDefender Technical Support Engineer

> -------------------------------------

> e-mail: support@bitdefender.com

> http://www.bitdefender.com

> -------------------------------------

> secure your every bit

> -------------------------------------

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...