fixwareout\FindT\nircmd.exe & tribalfusion malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dtheb, Jun 28, 2007.

  1. dtheb

    dtheb Private E-2

    Could anyone assist me with these items? Showed up on PandaActiveScan.

    I ran through the "Read & Run Me First" procedures, step by step. I have Norton Internet Security but in Step 1 I have been unable to locate the Norton Protected Recycle Bin and therefore unable to empty it.

    Installed CounterSpy but when I ran it in safe mode, there was no option on the box for saving the log scan. No "View" option was visible on the screen showing. However, it showed nothing found. I went ahead and ran AVG and will attach the log from it.

    When running Bitdefender in safe mode, it has ALWAYS caused an error in IE and the program closes. So, no scan report there.

    I will attach logs from getrunkey, shownew, activescan, AVG, and HJT in two separate posts.

    Thank you for your assistance. MG rules!
     

    Attached Files:

  2. dtheb

    dtheb Private E-2

    Here is the HJT log. I couldn't locate the AVG scan report. Sorry. The scan did not find any infected files though.
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Cookies are not malware! Nor are they problems. Didn't you read the info in the link TimW gave you in message number 8 of this thread:

    http://forums.majorgeeks.com/showthread.php?t=129243

    In addition in that same thread, Tim had you run FixWareOut. That is what the nircmd.exe file is from as your log from Panda shows. It is also not a problem and Panda just says it is a Potentially unwanted tool:Application/NirCmd.A

    You can delete the file since you don't need it, but it is not a problem.

    You don't have any malware problems, but one minor item Tim had you remove last time is back.


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/

    Did you reinstall something that put MyWay back on your PC? Or did it get put back in by Windows Defender? You can fix this line with HJT but you will have to uninstall CounterSpy (you need to uninstall it anyway) and then disable Windows Defender before trying to fix it.


    To Disable Windows Defender:
    • Open Windows Defender
    • Click Tools
    • Click General Settings
    • Scroll down to Real Time Protection Options
    • Uncheck Turn on Real Time Protection (recommended)
    • Close Windows Defender
    Once your log is clean you can re-enable Windows Defender Real Time Protection.
     
  4. dtheb

    dtheb Private E-2

    My bad. Apparently I don't know a cookie from malware. I knew I had run FixWareOut but thought what Panda pointed out might be some evil twist on that program. The tools I have used to try and protect myself reveal things that I do not recognize and anything added to my PC that was uninvited makes me paranoid.

    I do my best, chaslang, to protect myself but I think I fall into the group of 10 that does not understand binary code. Ask me something horticulturally related and I may have an answer - but if you aren't educated in that area then you may not know if the answer I would give were true or not!

    I update Windows regularly. I gather it isn't maybe the best but I do employ and regularly run Norton's AV in their Internet Security suite. I started using a-squared recently on the advise of TimW. I employee a firewall through Norton, too. I have used CCleaner since I came acrossed it on this site. Norton told me AVG wasn't compatible with their product and so I quit using it for realtime protection. I use Windows Defender and SpyBot and Ad-Aware.
    I have had my security settings adjusted as recommended for some time. To date, I am still using IE. I will try using Mozilla FireFox instead. I am and have been using Sun Java. I have a password on my user account but not on the default Administrator or other user accounts. How do you disable the Guest account? I do try to be careful what I download or open, believe it or not. I think my latest trouble came when I downloaded a free version of an old game.

    I do look at online porn occasionnally but NEVER download codecs. If a popup occurs unwanted or suspiciously, I turn off my modem and then I hit control, alt, delete and end task. If I don't recognize an email sender, I delete the email. I have one email for online purchasing and correspondence with what I hope are trusted strangers, one for work and one for family and friends. I run CCleaner after closing my browser almost everytime and use the Delete Browsing History in XP Tools. Then, I turn off my modem.

    I run scans like a mo-fo. But, I make mistakes and I don't understand computers that well. That's why I am especially grateful for MG and people like you. Thanks for looking out for me - just don't try and make me feel like an ignoid, okay?

    MyWay.com is the browser page I subscribed to through Dell when I bought my computer. Is that problematic and in what way? That's who I have one of my email accounts through and would be reluctant to give it up.

    Again, thanks for helping me with my problems and putting my mind at ease. I imagine it is frustrating helping people like myself who aren't computer-savvy yet insist on putting themselves in harm's way. Am I still welcome to use your services or would you rather I seek assistance elsewhere?
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure if that is true or not. But onte that AVG Antispyware does not give you realtime protection unless you purchase it.


    It is very dangerous not to have the Administrator account passowrd protected. Open Control Panel and select User Accounts. From there you can see how the Guest account is set.

    Sounds like you are doing all the right things to try and keep yourself clean.

    That was a very stupid thing for Dell to associate themselves with; however it is not a major issue. If you wish to keep using it that is fine. But I recommend that anytime you post in a forum for help that you mentioned this same information and that you want to keep that. In reality though, you don't need to make it your Home Page. You could just put it into your Favorites and connect to it when you need it.

    Of course!! :) You can come for help at anytime.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds