Anti Virus Gold and Spy Axe....

Ok I am going to run a new Kaspersky scan and Ill try to post the results again tomorrow.

Thanks a million for the help.

Doesnt seem like Norton is too relevant anymore, or as relevant as they used to be....compared to the competition (as also noted in this week's Businessweek).

Or perhaps Panda and Kaspersky are throwing in the detection of minor threats to get one to buy their products?

 

Nah, If they detect something it's there.

 

I have no idea why I cant upload or paste my Kaspersky text when its only 16 kb and I was able to successfully upload earlier Kaspersky logs earlier in this thread.

Any suggestions?

When I try to upload or paste and hit "submit reply" the connection ultimately timeouts after many minutes of "submitting response to MajorGeeks.com" or "waiting for response to MajorGeeks.com" or whatever it says.

 

Almost had it

 

Thanks. I will do.

 

Got it...Firewalls can be tricky

 

Here's the attachement.

Yeah I recently installed a firewall between the post in which I first uploaded my Kaspersky log......

Thanks ahead of time for any replies.

 

Download Pocket KillBox

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

C:\callpall.chm
C:\nalimxsp.chm
C:\nikoxxsp.chm
C:\WINDOWS\msn.hta
C:\WINDOWS\win32.dat
C:\WINDOWS\_default.pif
C:\WINDOWS\system32\O.BAT
C:\WINDOWS\Prairie Wind.bmp
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\VAIO DeepSea Wallpaper TrueColor 1400x1050.bmp
C:\Documents and Settings\josh\Local Settings\Application Data\93716336850316.exe.php

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, attach a fresh Kaspersky Log & Panda Log.

 

Why am I saving the garbage?

Good question...too lazy to completely get rid of them.

In regards to pocketkiller......

So I can proceed with Garrick's recomendation EXCEPT those 3 lines that Chaslang indicates?

Thankyou very much for the help.

 

Yep but after I "emptied" the quarantine there weres still 380 virus/adware/trpjan garbage under "backup items" which have appeared in my scan logs.

So back to my question.....

Can I still use Pocketkill to delete all of the lines except the 3 mentioned in the last few threads? Or no?

Thanks for the education and sticking with me for 50 replies!

 

Ok I have completed what you advise EXCEPT I did not delete the 3 lines Chaslang referred to.

Here's a copy of my latest Kaspersky and Panda scan

note: alo my bad but I didnt close my browser (and in particular this thread as I was reading from it) while running Killbox, which may or may not be why there seems to be adware/ virus garbage with a killbox reference to it.

Again, I cant say it enough, but big time thanks for all the help.

 

Please download ADS Spy, save to your desktop.

Once you have downloaded this utility, extract the contents and double click "ADSSpy.exe" to run the utility. Once the utility has loaded, make sure the first 2 boxes are checked. Now click ""Scan the system for alternate data streams" and remove any that refer to those 3 files.

Afterwards navigate to the folder below and delete everything in there...

D:\system works\Norton Antivirus\Quarantine

C:\KILLBOX! <-- Delete this folder also!


After you complete all of the above, attach a new Kaspersky & Panda logs to confirm your clean!

 

Done.

Kaspersky indicates everything clean but still 2 issues in Panda log.

 

Manually locate these two files...

C:\WINDOWS\system32\drivers\etc\hosts

C:\WINDOWS\system32\O.bat

Delete once found, afterwards reboot and run the Panda scan once more.

 

I had no problem finding the first file you mention but I couldnt find the second file (C:\Windows\system32\O.bat)

I tried both manually locating and searching within System 32.....Can it be under another name?

Thanks!

 

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

ow, Copy and Paste C:\WINDOWS\system32\O.bat into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

 

I did as you advised above, as well as trying to manually delete the indicated files by navigating to them, a few times but upon multiple reboots the spyware is still there.

Here's a copy of my latest Panda scan.

Thanks

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Run CCleaner, reboot and attach a new Panda log.

 

Getting closer.

It now appears there is just one Ad-ware issue remaining.

Log attached.

Thanks for the help!

 

Did you HOSTER as previously requested?

First, I want you to manually locate the folder below...

C:\WINDOWS\system32\drivers\etc

Let me know every file in this folder, if you have a file "hosts" attach this to your next post as a ZIP file.

 

Yeah I did the HOSTER thing as you requested and followed your directions.

Here's whats in the folder "etc":

HOSTS
File
32 kb

networks
file
1 kb

services
file
1 kb

ImHosts.sam
SAM file
4 kb

protocol
file
1 kb

and after your last request about making HOSTS in a zipfile....

HOSTS.zip
6kb

and....

Im including the zip file you want as an attachement.

Thanks!

 

As Chaslang previously stated your HOSTS file is locked, uninstall the below programs:

Ewido

Spy Sweeper

TrojanHunter 4.2

After you uninstall, run HOSTER again as requested before.

 

I didnt uninstall the above programs but I did uncheck the Hosts box in Spysweeper, and shut it down, and then went ahead and ran HOSTER again.

And.....nothing is showing up in either Panda or Kaspersky anymore.

Does this mean Im done and my system is all clean?

Thanks!

 

If nothing shows up your clean!

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

Allrighty then.

HUGE THANKS TO BJGARRICK AND CHASLANG FOR THE HELP (78 PLUS THREAD) AND EDUCATION. LOTS OF GOOD KARMA COMING YOUR WAY(S)!.

HAPPY HOLIDAYS

LARIUM

 

Glad we could help!

Surf Safely!