Anti-virus

My computer has a few viruses on it, and i was just wondering what the best, low cost solution to an antivirus program is. But if theres a very good program thats know to detect and remove viruses that costs some money, its absolutely worth it.I have Zonealarm and Bitdefender 10, and they both scan for viruses and detect the same 4, but are unable to delete them. Also is there a program that lets me delete a virus manually, because when i try to delete a virus file like isnotify.exe,(which is a virus) it will say "error, access denied," or something like that.


Thanks.

 

You need to check this link & it will help you a lot:
http://forums.afterdawn.com/thread_view.cfm/292257

 

try avg free its a great antivirus and free and will sureley get rid of the viruses.

 

Thanks for the suggestions.
I installed AVG free successfully, and it seems like a pretty good program. Ill see if it can remove the viruses from my pc.

 

WOW!!! I ran a virus scan with AVG. It took a long time but it deleted the bad files. I had ran scans with like 9 different programs and they couldnt delete those viruses. Well AVG did!!

 

Glad it all worked out for you mate. Teach and learn

 

Just a notice about files you cant remove.
I open the most files in notpad, and then delet line after line, becouse sometimes the file dont allow you to delete everything at the same time....
Oterwise, download KILLBOX, it's a freeware, and it take away most things, first it stop a running process,and then it delet the file.

 

But the viruses say that when i try to heal them, or remove, or open with notepad, "access denied."

 

Delete them in safe mode.

 

ravens1 , yes run your program(anti virse) in safe mode

run "Spysweeper" in safe mode and see what you come up with

also run "SmithfraudFix"v2.106 and post a logfile

a couple of the better anti virse programs are "Trend Micro Internet Security 2007" and NOD32 well worth the money

 

So i run my computer in safe mode or antivirus in safe mode? And antivirus in safe how?
Ok, ill first try starting my computer in safemode as Niobis said. But all the viruses on my computer (4), end with .ddl. When i try to open the files windows says something like: "these files keep your computer running, if you delete them it could ruin your computer." Its not like the files or .exe, where i could delete them.

 

I meant to delete the files in safe mode since access was denied in normal mode. aabbccdd suggested you run your anti-programs in safe mode, which will give you best riding results.

You do not need to open the .dll files or any viruses for that matter. I just hope your not trying to delete legit system files since Windows is prompting you. I hope you know they are in fact bad...what are their names?

If access of deletion is still denied in safe mode then you will need to get KillBox. If you need help finding or using KillBox, ask.

 

ok, now 5 instead of 4. They just keep coming. Avg declares them as virus klones. Also Zone alarm says also detects the same files. Exceot it calls them Win32 Darksma, or something.

The virus names are:

C:\WINDOWS\system32\tlteaglw.dll
C:\WINDOWS\system32\xqpdkylv.dll
C:\WINDOWS\system32\ytmpcdwy.dll
C:\Documents and Settings\my name\local settings\temp\rmkettig.dll

And 1 more, but i didnt write it down.

So to start windows in safe mode i tap F8 at windows startup, right?

 

Yeah, those are bad. They are randomly named files so they all may be linked to one infection. It may have infected the restore folder also. After manually deleting the files empty System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".

Restart and turn it back on. Then, download HijackThis.
Extract the file to a folder.
Run a scan and save a log file.
Post the log.

I see one of those is in a temp folder. You can delete it manually, but I'll also suggest using CCleaner often. Saves time with having to clean all the temp files manually. Plus, it's free.

Yes, enter safe mode using F8 or F5.

Edited...oh Darksma is not nice. It's also known as Conhook, not the worse but bad none the less. I suggest you post a HijackThis log 'cause this thing can hook your LSP's and slow internet.

 

Hi Ravens.....

Oki, it's a big differense between .exefiles and .dll files.
dll files are very problematic to just remowe, but insted you can open sys32 take the dll file and drag it to your desktop, and then open with note or wordpad, and then delete from inside, if this dont work, then try to rename them and open again.
I had some of this problems long time ago, and I did just like I explain here.
exefiles I delete with killbox, try this, it's a good littleprog, but at the same time, becareful, becouse killbox can remowe more then you want, so read before use !!!
Hope it works for you !!!
" will check up a few more things, to help you "

 

Yeah there are a lot of Darksma viruses, like 10 or more. But when i try to start in safe mode, my computer reboots to advanced options(F8), and then i will try to go to safe mode again, and it takes me back to advanced options again.

 

Post a HijackThis log.

 

Ok, here it is.

Logfile of HijackThis v1.99.1
Scan saved at 8:44:21 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140209414083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146943814406
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - http://www.geoplayer.com/downloads/GeoPlayerX.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

I assume you haven't removed the files you listed, so I will include those. If there were more you didn't mention do the same for them with KillBox.

First, download this 018RegFix to your desktop.
Double click it and click Yes when prompted to merge with the registry.

Go here and download KillBox.
Do not run it yet, will later in safe mode.

Go to Add/Remove Programs and uninstall(if there):
[bold]VSToolBar
Frontier Search Helper[/bold] <--If you did not install.

Run a scan only with HijackThis, check these(if there):

[bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll[/bold] <--Only if you uninstalled Frontier Search Helper.
[bold]O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S [/bold] <--Only if you uninstalled Frontier Search Helper.
[bold]
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe [/bold]

If you didn't add these IP's check these also.
[bold]O15 - Trusted IP range: http://66.230.*.*
O15 - Trusted IP range: http://66.235.*.*
O15 - Trusted IP range: http://69.31.*.*
O15 - Trusted IP range: http://69.50.*.*
O15 - Trusted IP range: http://205.177.*.*[/bold]

Close all windows except HijackThis then click "Fix checked".
Close HijackThis.

[bold]Note[/bold]: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file.
You will be prompted to confirm, click Yes.

[bold]C:\WINDOWS\system32\tlteaglw.dll
C:\WINDOWS\System32\xqpdkylv.dll
C:\WINDOWS\System32\ytmpcdwy.dll
C:\Documents and Settings\*your name here*\local settings\temp\rmkettig.dll [/bold]
Any others you didn't mention.

Note: KillBox may prompt "File does not seem to exist". If so, continue with next file, but do not miss any.

Find and delete these folders:
C:\Program Files\[bold]VSToolbar[/bold]
C:\Program Files\[bold]FrontierSH[/bold] <--Only if you uninstalled Frontier Search Helper.

Restart in normal mode.
I suspect Vundo because there are no 02 or 020 entires so, rename HijackThis to any name of your choice.
Run a new scan and post the new log.

Edit 2: lol, nevermind, the 023 I seen is legit. I just spoke out too soon.

 

Thank you very much!! I will post back tommorow.