i keep getting this when i run spybot s&d Error during check!: Z-Demon (Ungültiger Datentyp für '') () Altnet: Settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Altnet Im running norton and Ad-aware aswel and my system is fine im just curious if anyone knows whats up with it (spybot) before i do a re-install.
yeah sorry should have made that clearer, iv used Ad-aware to clean the system but when i run spyboy again it finds the same thing but cant remove it (crashes when i select fix problems). As im writing this im now thinking maybe ad-aware isnt really removing it?
try running both programs in safe mode to see if fixes the problem. also download from www.ccleaner.com ccleaner to clean the crap out of your windows temp & such folders & your registry
Also Run hijackthis. I have run across this problem with Spybot. After running hijackthis and removing the unkown BHOs, as well as unfamiliar entries, the scan runs fine. You must have an understanding of the REG to use hijackthis. http://www.download.com/HijackThis/3000-8022_4-10307556.html?tag=lst-0-1 . -Del
Hiya again, Tried running them both in safe mode with the same results S&d finds the problem and crashes when trying to remove. Ad-aware finds and removes it but when you run it again it's still there. So i went onto spybots home site to download it again just incase there was a problem with it and i came across this... False Positives (invalid detection of clean files) seems to have increased in the whole malware sector over the past months. Worse, there are more and more cases where files of competing products are detected etc etc.. The newest occasion is LavaSoft, whose AdAware detected our main application file, SpybotSD.exe, as malware belonging to 180solutions. Our detectives confirmed to me that there should be no mistaking possible as from file names, sizes etc. 180solutions up to their newest versions is fundamentally different. So mabye running the 2 isnt a good idea? Anyway im just about to try hijackthis as Mr_del suggested. I do have a program called regalyzer which is ment to be able to del reg keys but didnt do much. Anyway i will keep you posted.
ok tried hijackthis but couldnt see anything relating to Altnet, this was the scan result, can anyone see something i cant? As i said in my first post this problem isnt really effecting my comp but you know whats its like when you start trying to fix one of these things gets under your skin!!! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\tools\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe O4 - HKLM\..\Run: [Isass] C:\WINDOWS\system32\Isass.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe O4 - HKLM\..\RunServices: [Isass] C:\WINDOWS\system32\Isass.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029AYGB_ZCxdm426XXGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107373083040 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA8561D-FE95-4D46-86D6-3DA114A73232}: NameServer = 194.74.65.87 194.72.9.38 ddp - i also had a look in msconfig/startup but again couldnt see anything unusual the startup items in msconfig are same as above. EDIT> opps pasted that twice
Ok I saw some stuff. O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe --->unless you know what this is dump it. O4 - HKLM\..\Run: [Isass] C:\WINDOWS\system32\Isass.exe -----> this is the Bropia worm virus. Do not know why norton missed it unless you are not updating it. O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe ---> this is not a threat but would free resources if removed. O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe --->unsure of what this is. If you dont know then dump it. O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ---> I dont know what this is. Look it up. O4 - HKLM\..\RunServices: [Isass] C:\WINDOWS\system32\Isass.exe ---->Bropia again O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE ----> this is not a threat but would free some resources if removed. It is not needed. O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029AYGB_ZCxdm426XXGB ---->Spyware. Remove in windows ADD/REMOVE programs. There is one reg key that hijackthis does not check and since you have bropia up there you need to make sure it does not have an entry in this location. Click start\run type regedit then ok. Navigate to this key: HKEY_USERS\S-1-5-21-1078081533-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run. The stuborn ones hide in here. IF you do find a Bropia entry remove it. If cleared elsewhere bsides here then they will be recreated in the other locations. (Notice this is not the HKKEY_CURRENT_USERS key). You must have a USB DSL modem. Bropia worm information http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.m.html . -Del
cheers for that del - loads of info there.Some family members use MSN so thats must be where i got Bropia. I ran norton again and didnt find anything which is strange - iv got norton 03 but its fully updated. Maybe i should get 04 or 05 will that make a difference? Iv not went through all the other things you picked out but il have a look at it tomorrow. cheers again
i have a customer with norton 2003 with all the updates & avg7 free edition found 13 viruses. goto www.antivirus.com free housecall to do an online virus & spyware scan
Just so you know NAV 02, 03, 04, and 05 use the same virus detection. They have different additional features. For some reason 04 slows your system down by a hair. That was fixed in 05. Let us know if you get it fixed. -Del
I have a problem similar to that described by hiamback. I get AltNetBDE. I remove it with Ad-Aware SE and also run Spybot S&D only to have it back when I restart. I did run the Ccleaner and it removed quite a number of items. I have not restarted since running Ccleaner. I have only a greenhorn’s understanding of the registry. Can a novice clean this off or do I risk serious trouble to my machine?
