is something wrong?

Discussion in 'Malware Help (A Specialist Will Reply)' started by rhaneski, Jan 8, 2006.

  1. rhaneski

    rhaneski Private E-2

    I/ve done all the scans

    user says yahoo popups and shell.exe hang at shutdown are problems

    bit defender, panda and hjt logs are attached,

    WINDOWS ME 4.90.3000
    Compaq presario
    1200mhz amd
    128 mb ram
    80 gb hd

    Any help is appreciated.

    Thank you
    Ray
     

    Attached Files:

    rhaneski, Jan 8, 2006
    #1
  2. rhaneski

    rhaneski Private E-2

    ok bit defender wont post nor will panda
    panda txt is below
    thanks

    Incident Status Location

    Adware:adware/popmonster Not disinfected C:\WINDOWS\Favorites\SHOPPING\Ebay.url
    Adware:adware/startpage.amb Not disinfected C:\WINDOWS\Favorites\Health
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Cookies\default@ask[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\default@tribalfusion[2].txt
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Cookies\default@ask[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\default@tribalfusion[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf
     
    rhaneski, Jan 8, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How large is the BitDefender log?

    What about the CounterSpy log since you are using WinMe and cannot use MS Antispyware?
     
    chaslang, Jan 8, 2006
    #3
  4. rhaneski

    rhaneski Private E-2

    counter spy removed ieplugin amd now shows a tribal fusion cookie as the only event.

    bit defender log is 19.9 kb and is html in a txt file it mainly showed one_half.3591 as an infection.

    now when I run hjt to scan and save a log file the scan runs but before the logfile appears it says "hijack this is already running"

    Thanks
     
    rhaneski, Jan 8, 2006
    #4
  5. rhaneski

    rhaneski Private E-2

    hjt log attached
    can
    Adware:adware/popmonster Not disinfected C:\WINDOWS\Favorites\SHOPPING\Ebay.url
    Adware:adware/startpage.amb


    be removed?

    Thanks
     

    Attached Files:

    rhaneski, Jan 8, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your HJT log does not show any malware. Yes you can remove those URLs unless they are something you added yourself to your Favorites. Did you check?

    Are you still having any malware problems? If so, what.

    If you are having shutdown problems, that is not a malware issue. It is just a well known problem with WinMe. You can find lots to do to help with that in MSKB (Microsoft Knowledge Base).
     
    chaslang, Jan 8, 2006
    #6
  7. rhaneski

    rhaneski Private E-2

    Ok good to know hjt is ok. I think everything is ok, but I can't find the startpage.amb at the path specified by panda scan.
    thanks gotta go,
    14 windows critical updates to install and 42 me updates
     
    rhaneski, Jan 8, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is complaing about C:\WINDOWS\Favorites\Health that is a folder within your Favorites. If you delete the Health folder, it will probably go away. It is very possible the the Health folder is something you created. If so, Panda is giving you a false positive based on the name alone.
     
    chaslang, Jan 8, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds