Golden Eye 3.01

Discussion in 'Malware Help (A Specialist Will Reply)' started by Chris24, Mar 21, 2006.

  1. Chris24

    Chris24 Private E-2

    About an hour ago i was notified by my firewall (Outpost Firewall Pro) that i had a watch program called golden eye 3.01 on my computer. It gave me the option to remove it so i did, later on i found out that it actually quarantined it instead but about 5 min after this another pop up appeared saying it found golden eye running again. I'm not sure if it is removing or quarantining this properly so im wondering if i can do anything further to make sure this is completly removed.Also,i ran a scan with the built in spyware protection in outpost pro and it detected and quarantined spyware called aws. Please let me know if there's anything more i can do. thanks
     
    Chris24, Mar 21, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Mar 21, 2006
    #2
  3. Chris24

    Chris24 Private E-2

    I just found out that whenever i start up microsoft antispyware i get the message from outpost and also it brings up a box that looked like it was going to install something, for no more than a second, and when its done it leaves an icon to microsoft antispyware on my desktop.( I'm going to reinstall MAS soon) This is what the outpost message box says about golden eye:




    Object: Process C:\WINDOWS\system32\mscomctl.ocx

    Location: Internet Explorer Third-Party Cookies
     
    Chris24, Mar 21, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is a valid Windows file.

    You did not respond to what I said in my previous message.

    MS Antispyware is no longer the supported by Microsoft. It has been replaced by MS Windows Defender.
     
    chaslang, Mar 21, 2006
    #4
  5. Chris24

    Chris24 Private E-2


    it was not installed by someone on my computer. it's not in my add or remove programs and i have a p/w on my computer. nobody has ever used it before because i watch it all the time and no body in my house knows anything about computers anyway.
     
    Chris24, Mar 21, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Many programs like this are stealth (totally hidden). I'm not sure at this point what you really have. The only way to tell is to have you work thru our cleaning steps so we can be sure what your malware status is.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Mar 21, 2006
    #6
  7. Chris24

    Chris24 Private E-2

    I did everything except for the Panda scan because i couldnt get it to start. Something was detected in the bitdefender scan,i think it was a trojan,and it removed it.After running all of the adaware, spybot s&d, and windows defender scans nothing more was found than a couple of tracking cookies that i removed.
     

    Attached Files:

    Chris24, Mar 22, 2006
    #7
  8. Chris24

    Chris24 Private E-2

    when i was running cwshredder it found and fixed cws.msconfig
     
    Chris24, Mar 22, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs do not show any problems. If you are still having problems with Outpost, you need more clearly show exactly what it is finding and complaining about. mscomctl.ocx is a valid Windows file unless someone has replace it with another file (I doubt it).
     
    chaslang, Mar 22, 2006
    #9
  10. Chris24

    Chris24 Private E-2


    i was running a search for mscomctl.ocx and i found it but i dont think it was a windows file because the location was C:\Documents and Settings\Chris\Desktop\Aim Programs\all in one seven aim subterforge [8869]\Subterfuge and it said it was an active x control. Also, aim subterfuge is an aim program that i have and im pretty sure it uses this ocx file because its in the same folder so im gonna get rid of the program and try to scan my computer again using outpost and see if this helps.
     
    Chris24, Mar 22, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The proper location for mscomctl.ocx is in C:\windows\system32
    The one in the system32 folder is a Microsoft file and it should be the only one you are using. See: http://www.liutilities.com/products/wintaskspro/dlllibrary/mscomctl/
     
    chaslang, Mar 23, 2006
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds