|
Possible virus problem Yeah, you read that right. It's been such a long time since I've had a serious infection on my home PC that I had almost come to believe it could never happen again. Well, here's the problem: I've been experiencing repeated errors with Explorer. It would either terminate unexpectedly, or fail to load when logging in. I am able to launch it manually, but sometimes the screen goes black and the OS freezes solid. Examples of these errors as they appear in the Event Log are as follows: Faulting application explorer.exe, version 6.0.2900.3156, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x00010aec. Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426f. I didn't suspect a virus until later, when Ad-Aware found traces of it. Also, when I started Internet Explorer (I normally use Firefox), Avast! popped up with a message saying: Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\Documents and Settings\Venom\Local Settings\Temp\vista.exe" file. I am running Windows XP Pro SP2. No part of Windows Vista has ever been on this machine in any form. Clearly, such a file has no business being there. My first action was to "Move to chest", the option advised by Avast! However, it seemed no matter how many times Avast! removed it, the file continued to replace itself. After opting to permanently delete the file and remove on startup if necessary, it appears to have stayed gone for the time being. I've run a thorough scan now with Avast! and there doesn't appear to be any further trace of malware, but I'm not entirely sure. Bottom line: I need information, and advice on what to do next, if anything. Edit: Hijackthis log Spoiler: |
Win32: Trojano - 1165...Please Help! - PC Pitstop Forums Not sure it's exactly the same Virus / Trojan.. but the topic name is Win32: Trojano - 1165 Hope it helps.. especially that the issue was solved in that case. Good luck |
Good that you're using Ad-Aware, Avast, and HighjackThis, though I recommend as well CCleaner (Slim version only!), Spybot (has trojan detection support now), Windows Defender (don't use Explorer without it!) and of course a decent firewall with a backtrace feature, I use Sygate Personal (free). Make sure SpyBot is updated and immunized BEFORE you scan with it. This is good practice of course with ANY security program and ones such as SpyBot and Windows Defender that run in the background realtime should be set to update themselves. I ran a quick check of your HjT log in this auto analyzer and there are only two entries in it that are flagged, though one with an X, which is cause for concern. This is the more suspect of the two: "O2 - BHO: (no name) - {5E9755A1-314A-4ae6-99E1-B9F7DC7C7CF0} - C:\WINDOWS\system32\17.tmp Must be fixed! **.tmp (* = random char or digit) - Unidentified parasite - should you have any information about this application, [xs4] - if you actually have a copy of the file, please attach it to your email for analysis. Thanks!" As you can see, the 17.tmp appears to refer to a temp file that may have come with a download. I suspect it may have been associated with the vista.exe reference. It could be just a false positive, meaning no actual spyware. It could even be something MS uses for those upgrading from XP to vista. Try Googling vista.exe and 17.tmp and see if there have been any files with those designations asssociated with malware. My guess is if there has it was false positives, mere glitches in the security programs not updated fully for vista and/or vista related features compatibility. I would say it is most likely safe to remove that entry containing the 17.tmp though. If HjT cannot do it you can probably do an Edit\Find search in the registry to do it manually. The only other flag in the HjT log bearing the lowest ? warning is a one involving Winlogon Notify. However as you can see it also has the 17.tmp designation, so they appear to be related somehow. O20 - Winlogon Notify: 17 - C:\WINDOWS\system32\17.tmp I seriously doubt removing either of these entires will cause any harm but if you want reassurance of that from techs consult the WhatTheTech forum to get your log analyzed by experts. http://forums.whatthetech.com/forums.html |
Yeah, I also use, Spybot, ccleaner, and Spywareblaster. I've never used Windows Defender, but I'll give that a try now. Quote:
On the subject of Firewalls, is it really necessary to use a third party one, or is the Windows Firewall sufficient? I use Kerio Firewall on my older computer, but I never bothered to put one on this machine because I'm an avid gamer and firewalls seem like such a resource hog, as well as being a hassle to configure. |
Quote:
|
Quote:
Though I doubt it would really be hogging any noticable resources you can always disable it while online gaming and of course it's not necessary gaming offline if you disable your net connection. |
You might want to try to boot into Safe Mode and run some more scans. |
This is all nice,I use some of the above mentioned programs but donīt you think having all together 50 anti-malware,adware,spyware,virus programs can actually prevent you from gaming ? Itīs good to have this if you have some really important information/data on your PC....most of these viruses are yet unknown to me....where did you pick them up anyway ? Heavy porn sites ? :Puzzled: Um...more then 3 anti-virus programs are a potentional threat of having your PC completely erased. Protection is good,but donīt overdue it. |
No one here is advocating 50 security programs and certainly not more than one AV on a system at a time. The programs I recommend, only 4 of which run in the background and only 2 of which are needed as startup programs (Avast and Sygate), are as follows: CCleaner Ad Aware SpyBot HijackThis Windows Defender Sygate Avast If you're familiar with and trust the server you're gaming on you can disable the AV and firewall and leave only SpyBot and Windows Defender running realtime, or just SpyBot if you're not using Explorer. Neither of them are anywhere near being resource hogs and even Avast and Sygate rarely conflict with any software or do any noticible resource hogging in my experience. There are actually some game browsers and anticheat software that are far more intrusive, such as Xfire and Securom. |
Hm,maybe I will download some of those/or buy them if I must. So far I only have AOL active virus shield,AVG,Spyware Begone. Blocks most of the harmfull things. Damn, I must get informed...;) |
All of what I mentioned is free, and for the record, I personally would never pay AOL for anything. I've heard too many horror stories about how they don't stop billing you when you cancel service with them. They are also heavily ad based and don't give any better protection than you can get free. I've never heard of Spyware Begone but AVG is pretty good. What I don't get is if AOL is giving you an "active virus shield" why you have AVG? As I said AVG can be had free and you should NEVER have more than one antivirus program installed. Maybe they're just packaging AVG with their ISP if that's what your connection is. Wouldn't surprise me that they'd try and make that look like a great deal. Anyway, as long as you have some kind of protection and it's keeping the junk away, better than nothing. I did help a friend once though that had Trend Micro AV/Firewall and a Registry Pro registry cleaner. He had it all paid for and updated but had lots of junk it wasn't catching. I uninstalled it all after verifying myself that it's manual scans weren't helping and installed all the above I mentioned and caught over 200 items it had missed. He now uses that same set of freeware on the new rig I built for him and even the old email address he had that I advised him not to and still he's had no more problems. Don't be fooled into thinking a good set of security progs is all it takes though. Once you start downloading stuff you leave yourself vulnerable to what you allow on your system. The one type of security progs that remain pay only are dedicated anti-trojan software. Trojans are some of the nastiest bugs you can get. It often takes a specific tool written just for each bad trojan to get rid of them and if it's a complex bug it can take a while for such a tool to be written. Some of the worst trojans are called "polymorphic". These are rare but highly advanced trojans that can change code with each server mutating into thousands or even millions of states making them very hard to detect. |
Really ? I downloaded AVG myself just in case AOL avs doesnīt catch something. Check out Spyware Begone,itīs also a good progy. I once got Trojan Downloader.I have read something about it that he " keeps the gates opened " letting hundreds of other Trojans on my PC. Is this what Trojan Downloader does ? P.S. Why in gods name do people make Trojans ?!?!?!?! Get a life you scumbags ! Do not make viruses ! :mad: |
I think I just found out why AOL's "Active Virus Shield" is not conflicting with AVG, it no longer exists, LOL: http://www.activevirusshield.com/antivirus/freeav/index.adp? Smart of you to install AVG then. Just don't get sucked into McAfee. Avast or AVG are probably better protection and free. Trojan Downloader does indeed do what you asked and big names such as Symantec and others have issued alerts about it. If you are using a p2p service and\or surfing porn sites, etc, that is likely how you got it. I agree that the ones that write such crap are scum. You never can tell if it's someone just playing pranks, someone paid by those trying to push their ads, or some lunatics thinking they can save the world from sin by putting little "booby" traps in certain places. We'll never be totally rid of them, but we can to some degree minimize their success by taking precautions. The more that don't know how to protect themselves the easier it is for them. |
Indeed.My worst nightmare was when I first got Trojan Downloader and few minutes after that I got hundred of pop-ups and those little anoying messages in my bottom right corner of my desktop " Threat detected ! " .Omg I was scanning and scanning and no matter what I did more and more of those came onto my PC.But,that was a year ago when I had nothing that could protect my data.;) Just a second off the topic here,that movie with Angelina Jolie and that guy(forgot his name) where they compete who will do " nastier sh** " is just utter bull****.I mean,leave the half of the city without light/electricity,messing with bank accounts......those hard core hackers/or any other possible threat.should be cought by police and higher authority,taken to interogation room and there beat the crap out of them. Canīt people just leave normally,make money as other people do ? Whatīs the point in hacking ? If I want a money Iīll organise a proffessional bank robbery as in movie " Heat "(never going to do that).:nodding: And I totally agree with the thing you said: Quote:
|
I am now using Kaspersky Internet Security Suite which is awesome IMO. I was looking for a good 3 in 1 (Anti Virus, Anti Spyware and Firewall) few weeks ago and a friend suggested Kaspersky. I haven't get any kind of virus or spyware since I installed it. I really suggest it to anybody looking to improve their security.. Unfortunately it's not free but there's a 30 days trial (which I am still using.. only 1 week left though :( ) and it's a bit annoying at first when it asks for permission for every program trying to access the internet. |
OK this thread has gotten derailed a bit, but I'd like to address a few things. Quote:
Quote:
For all other programs you can choose to enable or disable real-time protection, but it's very important to keep it enabled for your main anti-virus program, such as Avast! or AVG. Using multiple programs to scan for malware is not a bad thing, because each specializes in certain areas. Avast! is for the prevention and removal of viruses. Ad-Aware and Spybot for prevention and removal of spyware/adware. Spywareblaster takes measures to protect your browser(s) from things like dangerous websites (that perform drive-by downloads, for instance), tracking cookies, and ActiveX controls. CCleaner and Hijackthis are special tools used for a very specific purpose. What CCleaner does is instantly cleans up various stuff that is no longer needed or could be used to collect personal information about you: memory dumps, old logs and broken registry entries or files from programs that are no longer installed, and can clear MRU lists, browsing history and other temporary files. Lastly, Hijackthis is a tool mostly used to generate a log file listing such things as active processes and services so that you can immediately check for suspicious stuff, or upload it to a tech forum like the one at spywareinfo.com so that they can analyze it and assist you. Only attempt to remove something with it if you are instructed to do so by a professional or are an expert yourself. Quote:
Quote:
Quote:
Just be sure that whatever program(s) you use are from a reputable source. This site has a great list of known rogue anti-virus programs and other fraudulent products and websites. Everyone should see this: Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites |
SpyBot also does some trojan and worm checking, though of course not as thoroughly as dedicated anti trojan programs. The main things that keep me from not recommending Kaspersky are the testimonials I've heard of software conflicts and being a bit harder to understand for beginners than some aside from no free version for extended trial purposes or those on a budget. Avast and AVG are easy to use, have minimal intrusion, and of course can be had free. WiC, I read your PM, don't worry about the sig unless FF tells you it's too big. Looks pretty good btw. Don't worry about me offering help either, though I'm not sure if you were joking about that. I offer help to anyone whom asks if I can as long as they respect others on the forum. It's something more out of doing my part to keep the net communities I visit in the know rather than vulnerable and is in no way anything personal. The more we help one another the less a a feeeding frenzy for those writing bugs. Anyways, back to the subject at hand. I just want to say one more thing about AV use. Some people I've met choose to use what they feel is one of the better AV progs in yet another way. Rather than buying one that cannot be had free they use their automated free online scan service regularly. I must say this is really a bad idea and tempting fate. It is ALWAYS best to have an AV prog installed on your system for real time protection. |
Quote:
Anyway,back to the subject. I noticed that almost every anti-virus program after scanning puts all found infections to the Virus Vault.What happens if I remove them from the Virus Vault ? Do they get back to my PC or something........? |
This will help you understand it more in detail: The AVG Virus Vault: When AVG detects a virus that cannot be removed by healing, it uses a special way of deleting the infected file - AVG moves it to the AVG Virus Vault. What is the AVG Virus Vault? The AVG Virus Vault is a special directory that stores infected files. The name of the files are changed and their content is encrypted so they cannot be used and virus infection cannot spread. It is almost the same as ordinary deleting techniques; however, the AVG Virus Vault gives you the ability to restore the files, if necessary. � Delete File � deletes � finally removes the file. It cannot be restored later. � The AVG Virus Vault has its own automatic maintenance - files stored in the AVG Virus Vault are deleted automatically depending on the parameters set. |
OK,I see. Thx.;) I know when I was just a little kid I thought computer viruses are something like, " eats " all of your data/system files and your PC is practicly useless. Is there a virus like this ? Lethal for PC ? What is the maximum damage that new(todayīs) viruses can do ? |
Quote:
One of the most deadly computer viruses ever created. It destroys data on the hard drive, and in many cases corrupts the BIOS, rendering the system completely inoperable. I was one of the many victims of the CIH (Chernobyl) virus when it made its "debut" on April 26th 1999. I'll never forget that day. |
Quote:
Some of the worst cases I've heard of, one in particular from a close chat friend from Australia, was a case of total identity theft. There are actually bots written that can do that too. He had to change all his accounts and start from scratch. Once something like that happens it changes the way you think about computers for life. He is now armed with a myriad of security software piggy backed on top of one other, many of which I've never heard of. I tried to tell him in security software sometimes more is less, but he insists on going overkill after that traumatic experience. I suppose in a way it is better to risk conflicts between security progs than risk having ones that will let something slip by, but I'd only recommend it in extreme cases. |
Quote:
|
Quote:
fortunately, most anti-virus detects Keyloggers and they aren't too hard to remove. |
Seriously,do this guys have a life ? What drives them to make viruses(which were in the past) to totally mess up your computer and even eats all data ? Do they have some benefit out of it ? Except for admireing their sick acomplishment,that they made something lethal for PC.Sick bastards. Chen Ing Hau should have been killed. |
Well there may not be as many destructive viruses but those aimed at identify theft can destroy much more than just your PC. |
Quote:
|
Thanks for the info. Now,this Trojan Downloaders and other Trojans,what exactly is their effect once they manage to get onto our computers ? |
Quote:
|
Quote:
|
What's ironic too is you can't count on ad based spyware to be merely malicious advertising. Often hackers use existing ads, without permission of course, to deliver bugs with other intentions, such as identity theft. Such types of masking are key elements clever hackers use to divert attention away from themselves. We are way beyond mere hardware destruction intent hackers whom use proxy servers. Many are now using corporate disguises. This has caused quite a bit of concern in recent years about how ads are displayed because if used in this way by hackers it can hurt the reputation of those that don't encrypt them. The problem is not all businesses are big enough and/or willing to spend the money to do that. When you add international circulation into the mix, it's really hard to make and enforce advertisement encryption laws globally. |
| All times are GMT -7. |
Powered by vBulletin®
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.