BitDefender & AdAware Updates failing

Sorry, at least for Bit, I got it by rebooting. I think my Java was turned off. Ignore this!

Been trying to work throught the READ & RUN ME file and started out of habit by updating Spybot S&D and AdAware. AdAware couldn't update, so I entered the Lavasoft.com site and when I connected I was met with a collage kind of window and the message "This is not malware" or something to that effect, with a message in a window in the middle of the page that to get to the new Lavasoft website I should click on this window. I did and downloaded a newer version of AdAware, but with the same effect that I couldn't get the updates.

I then continued on without AdAware, since I don't think it's listed in the READ & RUN ME anymore anyway and got as far as the online BitDefender scan and ... it won't give me the updates either. I will now try Panda.

Any suggestions, possible explanations?

Edit: Oh, and I am using IE6 for the scan and allowed active X and scripting.
Thanks!
abri

 

For now skip Ad-Aware and Spboy S&D, be sure you run Panda and attach that log with a current HJT log.

What malware related problems are you having?

 

Hi bjgarrick!
My computer's slowed down. Don't know if it's me installing too many new programs or what. I had to back up a couple of restore programs and would be grateful if you could look at the logs. The BitDefender stuff is very[/] old. I've never been able to locate it, because I don't know how. I get it on every scan. I don't know that it's active. The Panda stuff looks new though.

I'm running XP SP2 Home, AVG free, Sygate, Spyware Blaster and Trojan Check 6. My last AVG scan was 10/29; I'll run that again as soon as I post the READ ME logs.

My computer is German. The BitDefender log refers to the inbox of my Outlook Express. Don't know if I stored that one right.

Thanks for your time.
abri

 

The other two...

abri

 

Your logs look ok, I would check the file below. If your familiar with this then it's ok but I'm not sure about it. Check it out and if you like you can upload to check it's status at the online malware scan.

I would recommend your running CCleaner to cleanup any junk files.

 

thanks bjgarrick,
The Mousometer has been running for a couple of years on my son's comp. I think it's probably fine. It keeps track of how many kilometers your mouse has done.

Edit added: I located the cookie listed as adware in the Panda scan, but when I go to the place it's stored, it says to use the cookie manager to edit it. Can you tell me how to get to the cookie manager for Firefox? I never tried that before. It's not something that CCleaner gets rid of.
abri

 

Okay! As long as you know what it is then it's fine.

 

Dang ... I lost my edit ...
I'll try again:

I located one of the things in the Panda scan which took me to the cookies.default of Firefox. It says not to edit directly there but to go to the cookie manager. I went to FF settings and set a new rule to see if that will work. Do you know if that is the cookie manager being referred to?
abri

 

I don't understand what your talking about? If your talking about the detection that Panda has in ref. to cookies, running CCleaner will take care of that.

 

hi bjgarrick,
I'm not completely understanding either. In the Panda scan it shows cws, wupd and elitebar. Do you mean that CCleaner will get rid of all these? I mean, I know it gets rid of the cookies. I think the reason the cookie was in there, was because I had some trouble getting things to work while MG was switching servers, so I had already run CCleaner a day before I ran the other scans. I forgot there was that lag between running CCleaner and doing the scans.
abri

 

Adware:adware/cws
C:\Dokumente und Einstellungen\ab\Favoriten\Health

Delete the folder, will be removed.

Spyware:Cookie/YieldManager
C:\Dokumente und
Einstellungen\ab\Anwendungsdaten\Mozilla\Firefox\Profiles\o5bipsbk.default\cookies.txt[ad.yieldmanager.com/]

Run CCleaner, will be removed.

Adware:adware/wupd
WindowsRegistry

Adware:adware/elitebar
Windows Registry

The two above are hard to remove because Panda does not give the registry key being detected. The only easy way to remove these is to buy Panda and have it fix them. The only other way would be to research Panda's database to see what all registry entries they have flagged for each infection.

 

can I run cwshredder for the cws??

or alternatively for the cws infection:

If it gives the pathway, C:\Dokumente und Einstellungen\ab\Favoriten\Health, is it possible for me to assume that it does not refer to one of the subfolders under the Health folder, but is rather in one of the loose bookmarks placed directly under the Health folder?

I don't want to delete all the subfolders. I can delete the loose bookmarks directly under health and rerun Panda to see if that would help, but if cwshredder would work, I'd prefer doing that.

Thanks
abri

 

Did you create the folder "Health" and add favorites here? If so, then this isn't a worry but if you did not then I would delete the folder.

CWShredder is for CWS infections, this is for from a true CWS infection. You can if you like but I do not believe it will do much good if any as it's pretty useless today.

 

I created a folder Health myself, and underneath it around 10 subfolders. Since the pathway doesn't go to a subfolder, I'm hoping it's one of the early links I put in directly under Health. I don't know if Panda scans selected folders, but if so, I could make a new folder and just put in all the links one at
a time and see which one it's in.

I think I don't understand the difference between the detection of a virus and an infection. I expect this is why I keep trying to get my computer clean, when in fact, it may not be showing any infections, only the presence of things that look to me like things that shouldn't be there.

Would you have the same opinion about the two registry entries, the wupd and the elitebar, that they are not real infections? When I first came to MG, I think it was to get help removing the EliteBar. Could the registry entry be a remnant of this? I don't really know the difference between a virus appearing on a scan and it being active or not.

Thanks.
abri

 

If you created a the folder and added the links I wouldnt worrry about this detection.

When it comes to online scanners, they are good in detecting things however some of the detections are false positives and some of them are actual infections. A virus is file that replicates itself, a WORM is exactly is it says "WORM" (Write-Once, Read-Many). Most of the time when an online scanner picks up something it's a detection of something malicious. I've been doing this so long IMO a true virus is something that infects and continuously infects adding more files and causing system instability.

It's just about impossible to remove everything trace of an infection. I can't prove they are not real infections, what I can say is I don't know what's being detected as the log doesn't show. The only thing we can do for this is to run a reg fix based on different databases of antispy vendors.

 

Thanks bj
abri

 

I've made a registry fix, I can't promise it will remove what Panda is detecting. This patch is based on 3 different antispy databases for those two adware infections so it may or may not remove these Panda detections.

Download the attached ZIP file and save to your desktop. Once downloaded, extract the contents, double click "fix.reg" and click OK to merge. Afterwards reboot, run CCleaner and then try a Panda scan to see if they were removed. Let me know!

 

Hi bj,
Hmm. I tried this and it didn't work. With my follow-up scan (attached), Panda identified your fix.reg as a malware called "Bridge". Is Bridge a name of one of the three you used? Anyway, I started Panda scanning individual folders. It found nothing in the Favorites/Health folder, even though that's where cws keeps popping up. It found nothing under Windows. Then I noticed the recyle bin and opened it and much to my surprise, I found an NPROTECT folder. I can scan that too. The reason I was surprised to find it is because I've done Everything I can think of to get Nortons out of my system. So I decided to empty it, because it's full, but I couldn't. I tried unlocker on it, but that doesn't help. Is it possible for me to simply delete the whole folder?
Sorry about the cookies under S. That's a separate primary partition I don't use much. I ran CCleaner on that partition after this log.
abri

 

The only other thing you can do about the Panda detections is to purchase the program and have it remove what it's finding. The patch I used had registry entries for the detections in the Panda scan from four different databases including Panda's so I'm not sure what it's detecting.

I would however not worry about those entries because as I've said before it's impossible to remove every single trace of any infection.

 

Thanks for your help!
Can I delete the NProtect folder including its entire contents? I don't used Nortons, only AVG and I don't want anything Symantec in my computer.
abri

 

Yeah, you can delete the entire folder.