Bearshare

Hey all, I'm back.

1. Plebs in the family downloaded Bearshare. I find it's put spyware on the PC.

Something called WhenU or Save.exe I think. I need concrete info on what it is Bearshare contains/brings with it and what it is doing to the PC.

2. I can use MS Antispyware; Spybot; and Ad-aware to locate and eradicate the spy/malware on the system no problem.

However, my first hurdle is what if bearshare stops working/needs to be uninstalled along with the spy/malware?

3. Can the program still run fine if I find and delete all the spy/malware?

4. If so, is there a chance of Bearshare re-installing the spyware?

If not, then I should uninstall Bearshare and spend time to make sure 110% that I've delete all the spyware that came with it. Tell me about Bearshare Lite.

5. I recently installed MS Antispyware and love it, but it saw fit to delete important components of Kazaa Lite and therefore it became inoperable. I have uninstalled K-Lite altogether but still wondered why the program said it contained spyware in the first place.

6. If I download and install Bearshare Lite; could I face the same problems with MS Antispyware?

Thanks guys!

 

Here is some info.

Bearshare
Bearshare2

We feel that most P2P programs are asking for trouble.

 

Hmmm, that hasn't helped me at all really.

I did get a Lavasoft thing for removing WhenU.

I don't want to start any attempts at removal until I know more about what I'm up against. Can I scrub the negative stuff away and keep this program? Deleting it is an absolute last resort at the moment.

 

I wholeheartedly agree that ps2 programs are bad news full stop. But like I said computer illiterates in the family got it and have been using it for a while without me knowing.

What do I need to know about emule?

Will I download and install spyware along with it?

Will it slow down the PC in anyway?

Will it irk my firewall (SP2's put a firewall on my PC, charming update it is), or any of my spyware programs?

I run my MS antispyware/spybot/adaware trio every three days. You guys helped me great last time but I can't be around every time other people who use the PC inadvertently put spyware/malware on the system. One the best things I can do is put preventative tools in place.

 

Thanks chaslang.

What is MGs' take on WinMX?

Or Shareaza?

I have given them both a trial run tonight and they seem fine. When I get a chance I will post a HJT log to help you guys help me get rid of WhenU/Bearshare - should I do that in here or start a new thread?

 

Stay in this thread. Post HJT when you have it.

 

Here it is. I know the dangers of rebooting the PC before I get help so I'll probably post another one when I am more ready.

WinMX seems to be fine - the reason I am asking so much is we are on dial-up, therefore need one for our modem. There are apparently ones which are geared towards broadband, and it is these ones which get more spy/malware protection.

 

We had people over who decided to clean the PC. I've done another log for you. Tell me if bearshare/whenU/save is still there please.

I'll do away with Norton 2002 I think.

I found Save in Add/Remove, and when I said remove it, it said that there was an error/it could already have been moved - do you want to remove it from the list? I said yes.

I don't know what the cma.exe is.

 

When I do downloads, I only do them from "MajorGeeks" or "Cnet.com" there are trusted sites. I like Cnet because there downloads are tested first,have good reviews and if they contain Spyware or Adware they tell you.
Always do research before you download,play it safe...

 

I will take care of the antivirus stuff once I know I have these outstanding issues taken care of.

HJT will eradicate whatever dcsresearch has on my PC right?

More importantly, this Desksite thing is completely alien to me. The only thing I'm prepared to let do anything like what you it is doing is WinMX.

How do I get rid of cma.exe?

 

Here's the log.

Tell me what I need to do to uninstall Norton - just go to add/remove programs?

I am reluctant because maybe there's something that Norton 2002 (old program it is) is doing something that AVG still isn't and therefore Norton's worthwhile keeping around. For now I'm happy to have AVG as the only one.

For example, Norton tells me that my MS Outlook emails are screened and checked as they come in and go out - AVG doesn't, all it does is add a small line to the bottom of received mail 'this has been checked by AVG.' Same thing I know, but the Norton one just seems more thorough. I could attribute this to its overtness (a pop-up dialog box and all) and the fact I've become attached the program over the long amount of time I've had it.

 

Just a little coment,personally I would stay with Norton's ( esp. 2002 the newer versions suck ) I've had Nortons for 8 years now and it's never let me down...Just putting in my two cents,,,,,I hope you guys don't mind.
Marlene,
Hugs

 

How does it look now?

 

Please update to Hijack This 1.99.1 and attach a new log using the new version.

 

Ah, I was wondering when that would come out.

This site's download pages aren't seeming to load for me all the way, can someone give me a direct link please?

The header loads fine but then all I get is a dark green background and the Loading Page....' message at the bottom of IE just stays there. Yes I'm on dial-up.

 

Its been out a while now, since the middle of Feb. I cant belive noone caught this

The direct link is below

http://216.180.233.162/~merijn/files/HijackThis.exe

 

Thanks.

 

Log is clean!

Have Hijack This fix the below entry:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Note: After removing this entry, reboot and do another scan with HJT. If it comes back follow the below steps.

Right click on My Computer and select Properties. Now click on the Advanced Tab, at the bottom locate Startup & Recovery and click Settings. Now, where it says "Write debugging information" you want it set at the following:

• Small memory dump (64 KB)

Note: If its already set at this before you change it, then set it to NONE.

Chaslang or Thug will check back when time permits

 

Did the first one, it was still there. So I set it to none. I immediately did HJT and it says it's still there. I haven't rebooted though.

Something strange happened when I rebooted, it isn't new either - I am not sure how long it's been happening but I can't remember it happening before the WhenU etc got on the PC. In the next post I shall try and post a screen capture.

 

Here:

 

Here #2:

 

Ah, a hardware issue. At least I've isolated the problem.

Log H:

 

Yes. It's unfeasible at this point in time. If it was software than it'd be no worries.

 

I can't do that kind of work (hardware removal/re-installation; fooling around with the computer's connection ports) at this point in time (perhaps around the end of April, I reckon should be able to) because of how many people use this particular computer and the way our office is set-up/computer is placed in and around our furniture.

I'll keep in mind that I am able to fix THIS issue by spending a little while with the hardware out all over the place but for now, are there any other problems I need to deal with?