|
Possible virus problem Yeah, you read that right. It's been such a long time since I've had a serious infection on my home PC that I had almost come to believe it could never happen again. Well, here's the problem: I've been experiencing repeated errors with Explorer. It would either terminate unexpectedly, or fail to load when logging in. I am able to launch it manually, but sometimes the screen goes black and the OS freezes solid. Examples of these errors as they appear in the Event Log are as follows: Faulting application explorer.exe, version 6.0.2900.3156, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x00010aec. Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426f. I didn't suspect a virus until later, when Ad-Aware found traces of it. Also, when I started Internet Explorer (I normally use Firefox), Avast! popped up with a message saying: Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\Documents and Settings\Venom\Local Settings\Temp\vista.exe" file. I am running Windows XP Pro SP2. No part of Windows Vista has ever been on this machine in any form. Clearly, such a file has no business being there. My first action was to "Move to chest", the option advised by Avast! However, it seemed no matter how many times Avast! removed it, the file continued to replace itself. After opting to permanently delete the file and remove on startup if necessary, it appears to have stayed gone for the time being. I've run a thorough scan now with Avast! and there doesn't appear to be any further trace of malware, but I'm not entirely sure. Bottom line: I need information, and advice on what to do next, if anything. Edit: Hijackthis log Spoiler: |
Win32: Trojano - 1165...Please Help! - PC Pitstop Forums Not sure it's exactly the same Virus / Trojan.. but the topic name is Win32: Trojano - 1165 Hope it helps.. especially that the issue was solved in that case. Good luck |
Good that you're using Ad-Aware, Avast, and HighjackThis, though I recommend as well CCleaner (Slim version only!), Spybot (has trojan detection support now), Windows Defender (don't use Explorer without it!) and of course a decent firewall with a backtrace feature, I use Sygate Personal (free). Make sure SpyBot is updated and immunized BEFORE you scan with it. This is good practice of course with ANY security program and ones such as SpyBot and Windows Defender that run in the background realtime should be set to update themselves. I ran a quick check of your HjT log in this auto analyzer and there are only two entries in it that are flagged, though one with an X, which is cause for concern. This is the more suspect of the two: "O2 - BHO: (no name) - {5E9755A1-314A-4ae6-99E1-B9F7DC7C7CF0} - C:\WINDOWS\system32\17.tmp Must be fixed! **.tmp (* = random char or digit) - Unidentified parasite - should you have any information about this application, [xs4] - if you actually have a copy of the file, please attach it to your email for analysis. Thanks!" As you can see, the 17.tmp appears to refer to a temp file that may have come with a download. I suspect it may have been associated with the vista.exe reference. It could be just a false positive, meaning no actual spyware. It could even be something MS uses for those upgrading from XP to vista. Try Googling vista.exe and 17.tmp and see if there have been any files with those designations asssociated with malware. My guess is if there has it was false positives, mere glitches in the security programs not updated fully for vista and/or vista related features compatibility. I would say it is most likely safe to remove that entry containing the 17.tmp though. If HjT cannot do it you can probably do an Edit\Find search in the registry to do it manually. The only other flag in the HjT log bearing the lowest ? warning is a one involving Winlogon Notify. However as you can see it also has the 17.tmp designation, so they appear to be related somehow. O20 - Winlogon Notify: 17 - C:\WINDOWS\system32\17.tmp I seriously doubt removing either of these entires will cause any harm but if you want reassurance of that from techs consult the WhatTheTech forum to get your log analyzed by experts. http://forums.whatthetech.com/forums.html |
Yeah, I also use, Spybot, ccleaner, and Spywareblaster. I've never used Windows Defender, but I'll give that a try now. Quote:
On the subject of Firewalls, is it really necessary to use a third party one, or is the Windows Firewall sufficient? I use Kerio Firewall on my older computer, but I never bothered to put one on this machine because I'm an avid gamer and firewalls seem like such a resource hog, as well as being a hassle to configure. |
Quote:
|
Quote:
Though I doubt it would really be hogging any noticable resources you can always disable it while online gaming and of course it's not necessary gaming offline if you disable your net connection. |
You might want to try to boot into Safe Mode and run some more scans. |
This is all nice,I use some of the above mentioned programs but donīt you think having all together 50 anti-malware,adware,spyware,virus programs can actually prevent you from gaming ? Itīs good to have this if you have some really important information/data on your PC....most of these viruses are yet unknown to me....where did you pick them up anyway ? Heavy porn sites ? :Puzzled: Um...more then 3 anti-virus programs are a potentional threat of having your PC completely erased. Protection is good,but donīt overdue it. |
No one here is advocating 50 security programs and certainly not more than one AV on a system at a time. The programs I recommend, only 4 of which run in the background and only 2 of which are needed as startup programs (Avast and Sygate), are as follows: CCleaner Ad Aware SpyBot HijackThis Windows Defender Sygate Avast If you're familiar with and trust the server you're gaming on you can disable the AV and firewall and leave only SpyBot and Windows Defender running realtime, or just SpyBot if you're not using Explorer. Neither of them are anywhere near being resource hogs and even Avast and Sygate rarely conflict with any software or do any noticible resource hogging in my experience. There are actually some game browsers and anticheat software that are far more intrusive, such as Xfire and Securom. |
Hm,maybe I will download some of those/or buy them if I must. So far I only have AOL active virus shield,AVG,Spyware Begone. Blocks most of the harmfull things. Damn, I must get informed...;) |
| All times are GMT -7. |
Powered by vBulletin®
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.