1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anti-virus

Discussion in 'Windows - Software discussion' started by ravens1, Oct 12, 2006.

  1. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    My computer has a few viruses on it, and i was just wondering what the best, low cost solution to an antivirus program is. But if theres a very good program thats know to detect and remove viruses that costs some money, its absolutely worth it.I have Zonealarm and Bitdefender 10, and they both scan for viruses and detect the same 4, but are unable to delete them. Also is there a program that lets me delete a virus manually, because when i try to delete a virus file like isnotify.exe,(which is a virus) it will say "error, access denied," or something like that.


    Thanks.
     
  2. Krazymale

    Krazymale Regular member

    Joined:
    Jun 11, 2013
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    26
    Last edited: Oct 12, 2006
  3. borhan9

    borhan9 Active member

    Joined:
    May 25, 2005
    Messages:
    2,877
    Likes Received:
    2
    Trophy Points:
    68
    try avg free its a great antivirus and free and will sureley get rid of the viruses.
     
  4. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    Thanks for the suggestions.
    I installed AVG free successfully, and it seems like a pretty good program. Ill see if it can remove the viruses from my pc.
     
  5. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    WOW!!! I ran a virus scan with AVG. It took a long time but it deleted the bad files. I had ran scans with like 9 different programs and they couldnt delete those viruses. Well AVG did!!
     
  6. borhan9

    borhan9 Active member

    Joined:
    May 25, 2005
    Messages:
    2,877
    Likes Received:
    2
    Trophy Points:
    68
    Glad it all worked out for you mate. Teach and learn :)
     
  7. kent909

    kent909 Member

    Joined:
    Mar 10, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Just a notice about files you cant remove.
    I open the most files in notpad, and then delet line after line, becouse sometimes the file dont allow you to delete everything at the same time....
    Oterwise, download KILLBOX, it's a freeware, and it take away most things, first it stop a running process,and then it delet the file.
     
  8. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    But the viruses say that when i try to heal them, or remove, or open with notepad, "access denied."
     
  9. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    Delete them in safe mode.
     
  10. aabbccdd

    aabbccdd Guest

    ravens1 , yes run your program(anti virse) in safe mode

    run "Spysweeper" in safe mode and see what you come up with

    also run "SmithfraudFix"v2.106 and post a logfile

    a couple of the better anti virse programs are "Trend Micro Internet Security 2007" and NOD32 well worth the money
     
  11. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    So i run my computer in safe mode or antivirus in safe mode? And antivirus in safe how?
    Ok, ill first try starting my computer in safemode as Niobis said. But all the viruses on my computer (4), end with .ddl. When i try to open the files windows says something like: "these files keep your computer running, if you delete them it could ruin your computer." Its not like the files or .exe, where i could delete them.
     
  12. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    I meant to delete the files in safe mode since access was denied in normal mode. aabbccdd suggested you run your anti-programs in safe mode, which will give you best riding results.

    You do not need to open the .dll files or any viruses for that matter. I just hope your not trying to delete legit system files since Windows is prompting you. I hope you know they are in fact bad...what are their names?

    If access of deletion is still denied in safe mode then you will need to get KillBox. If you need help finding or using KillBox, ask.
     
    Last edited: Oct 16, 2006
  13. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    ok, now 5 instead of 4. They just keep coming. Avg declares them as virus klones. Also Zone alarm says also detects the same files. Exceot it calls them Win32 Darksma, or something.

    The virus names are:

    C:\WINDOWS\system32\tlteaglw.dll
    C:\WINDOWS\system32\xqpdkylv.dll
    C:\WINDOWS\system32\ytmpcdwy.dll
    C:\Documents and Settings\my name\local settings\temp\rmkettig.dll

    And 1 more, but i didnt write it down.

    So to start windows in safe mode i tap F8 at windows startup, right?
     
    Last edited: Oct 16, 2006
  14. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    Yeah, those are bad. :) They are randomly named files so they all may be linked to one infection. It may have infected the restore folder also. After manually deleting the files empty System Restore.
    Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".

    Restart and turn it back on. Then, download HijackThis.
    Extract the file to a folder.
    Run a scan and save a log file.
    Post the log.

    I see one of those is in a temp folder. You can delete it manually, but I'll also suggest using CCleaner often. Saves time with having to clean all the temp files manually. Plus, it's free. :)

    Yes, enter safe mode using F8 or F5.

    Edited...oh Darksma is not nice. It's also known as Conhook, not the worse but bad none the less. I suggest you post a HijackThis log 'cause this thing can hook your LSP's and slow internet.
     
    Last edited: Oct 16, 2006
  15. kent909

    kent909 Member

    Joined:
    Mar 10, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Hi Ravens.....

    Oki, it's a big differense between .exefiles and .dll files.
    dll files are very problematic to just remowe, but insted you can open sys32 take the dll file and drag it to your desktop, and then open with note or wordpad, and then delete from inside, if this dont work, then try to rename them and open again.
    I had some of this problems long time ago, and I did just like I explain here.
    exefiles I delete with killbox, try this, it's a good littleprog, but at the same time, becareful, becouse killbox can remowe more then you want, so read before use !!!
    Hope it works for you !!!
    " will check up a few more things, to help you "
     
  16. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    Yeah there are a lot of Darksma viruses, like 10 or more. But when i try to start in safe mode, my computer reboots to advanced options(F8), and then i will try to go to safe mode again, and it takes me back to advanced options again.

     
  17. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    Post a HijackThis log.
     
  18. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    Ok, here it is.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:44:21 PM, on 10/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alex\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O15 - Trusted IP range: http://66.230.*.*
    O15 - Trusted IP range: http://66.235.*.*
    O15 - Trusted IP range: http://69.31.*.*
    O15 - Trusted IP range: http://69.50.*.*
    O15 - Trusted IP range: http://205.177.*.*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140209414083
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146943814406
    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
    O16 - DPF: {FBAA44A9-2AF3-450D-9881-BFE7BE67D852} - http://www.geoplayer.com/downloads/GeoPlayerX.cab
    O18 - Filter: text/html - (no CLSID) - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  19. Niobis

    Niobis Regular member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    46
    I assume you haven't removed the files you listed, so I will include those. If there were more you didn't mention do the same for them with KillBox.

    First, download this 018RegFix to your desktop.
    Double click it and click Yes when prompted to merge with the registry.

    Go here and download KillBox.
    Do not run it yet, will later in safe mode.

    Go to Add/Remove Programs and uninstall(if there):
    [bold]VSToolBar
    Frontier Search Helper[/bold] <--If you did not install.

    Run a scan only with HijackThis, check these(if there):

    [bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll[/bold] <--Only if you uninstalled Frontier Search Helper.
    [bold]O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 C:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S [/bold] <--Only if you uninstalled Frontier Search Helper.
    [bold]
    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe [/bold]

    If you didn't add these IP's check these also.
    [bold]O15 - Trusted IP range: http://66.230.*.*
    O15 - Trusted IP range: http://66.235.*.*
    O15 - Trusted IP range: http://69.31.*.*
    O15 - Trusted IP range: http://69.50.*.*
    O15 - Trusted IP range: http://205.177.*.*[/bold]

    Close all windows except HijackThis then click "Fix checked".
    Close HijackThis.

    [bold]Note[/bold]: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

    Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
    Open Killbox.exe.
    Check "Standard File Kill".
    In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file.
    You will be prompted to confirm, click Yes.

    [bold]C:\WINDOWS\system32\tlteaglw.dll
    C:\WINDOWS\System32\xqpdkylv.dll
    C:\WINDOWS\System32\ytmpcdwy.dll
    C:\Documents and Settings\*your name here*\local settings\temp\rmkettig.dll [/bold]
    Any others you didn't mention.

    Note: KillBox may prompt "File does not seem to exist". If so, continue with next file, but do not miss any.

    Find and delete these folders:
    C:\Program Files\[bold]VSToolbar[/bold]
    C:\Program Files\[bold]FrontierSH[/bold] <--Only if you uninstalled Frontier Search Helper.

    Restart in normal mode.
    I suspect Vundo because there are no 02 or 020 entires so, rename HijackThis to any name of your choice.
    Run a new scan and post the new log.

    Edit 2: lol, nevermind, the 023 I seen is legit. I just spoke out too soon. :)
     
    Last edited: Oct 16, 2006
  20. ravens1

    ravens1 Regular member

    Joined:
    Aug 26, 2006
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    26
    Thank you very much!! I will post back tommorow.
     

Share This Page