virus detection

View previous topic View next topic Go down

virus detection

Post by thesaurus on 2nd March 2010, 1:53 am

I am concern about the possibility of virus or malware in my computer. I would deeply appreciate your guidance on helping me check this.

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 2nd March 2010, 7:19 am

Hello. We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] and Save it to your desktop
  • Double click it to start the tool.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download [You must be registered and logged in to see this link.] to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

3. Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 4th March 2010, 10:15 pm

I am posting the logs you asked my:
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..

.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 10, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18882
.
C:\ [Fixed-NTFS] .. ( Total:215 Go - Free:158 Go )
D:\ [Fixed-NTFS] .. ( Total:14 Go - Free:9 Go )
E:\ [CD_Rom]
.
Scan : 16:44.48
Path : C:\Users\Natalia\Desktop\Rooter.exe
User : Natalia ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (456)
Locked csrss.exe (592)
Locked wininit.exe (636)
Locked csrss.exe (648)
Locked services.exe (680)
Locked lsass.exe (692)
Locked lsm.exe (704)
Locked winlogon.exe (780)
Locked svchost.exe (896)
Locked svchost.exe (960)
Locked svchost.exe (1000)
Locked svchost.exe (1092)
Locked svchost.exe (1136)
Locked svchost.exe (1152)
Locked audiodg.exe (1264)
Locked svchost.exe (1292)
Locked SLsvc.exe (1308)
Locked svchost.exe (1360)
Locked DockLogin.exe (1484)
Locked svchost.exe (1572)
Locked WLTRYSVC.EXE (1692)
Locked wlanext.exe (1700)
Locked BCMWLTRY.EXE (1712)
Locked spoolsv.exe (1832)
Locked svchost.exe (1884)
Locked taskeng.exe (632)
Locked AEstSrv.exe (944)
______ C:\Program Files\Dell\DellDock\DellDock.exe (1008)
Locked svchost.exe (1252)
______ C:\Windows\system32\Dwm.exe (1468)
Locked IAANTmon.exe (2060)
______ C:\Windows\Explorer.EXE (2108)
Locked EngineServer.exe (2116)
Locked FrameworkService.exe (2156)
Locked VsTskMgr.exe (2344)
______ C:\Program Files\Windows Defender\MSASCui.exe (2388)
Locked mdm.exe (2408)
______ C:\Windows\System32\mobsync.exe (2484)
Locked mfevtps.exe (2588)
______ C:\Program Files\DellTPad\Apoint.exe (2604)
______ C:\Windows\OEM02Mon.exe (2620)
______ C:\Windows\system32\taskeng.exe (2640)
______ C:\Windows\System32\igfxtray.exe (2648)
______ C:\Windows\System32\hkcmd.exe (2656)
______ C:\Windows\System32\igfxpers.exe (2668)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2676)
______ C:\Windows\System32\WLTRAY.EXE (2692)
Locked svchost.exe (2724)
______ C:\Program Files\Dell\MediaDirect\PCMService.exe (2732)
Locked SeaPort.exe (2748)
______ C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe (2768)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2784)
______ C:\Program Files\McAfee\Common Framework\UdaterUI.exe (2796)
Locked shstat.exe (2820)
Locked stacsv.exe (2856)
______ C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (2864)
Locked naPrdMgr.exe (2884)
______ C:\Program Files\Windows Sidebar\sidebar.exe (2924)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (2968)
______ C:\Windows\system32\igfxsrvc.exe (3216)
Locked svchost.exe (3260)
Locked svchost.exe (3316)
Locked WLIDSVC.EXE (3352)
Locked SearchIndexer.exe (3388)
Locked XAudio.exe (3436)
Locked Mcshield.exe (3484)
Locked mfeann.exe (3624)
______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3836)
______ C:\Program Files\Digital Line Detect\DLG.exe (3988)
______ C:\Program Files\Dell\QuickSet\quickset.exe (4060)
Locked WLIDSVCM.EXE (1952)
Locked WmiPrvSE.exe (2688)
______ C:\Program Files\McAfee\Common Framework\McTray.exe (3616)
Locked wmpnetwk.exe (4648)
Locked ApMsgFwd.exe (4992)
______ C:\Program Files\DellTPad\HidFind.exe (5072)
______ C:\Program Files\DellTPad\Apntex.exe (5104)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (1564)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (5200)
______ C:\Program Files\Internet Explorer\iexplore.exe (6012)
______ C:\Program Files\Internet Explorer\iexplore.exe (3300)
Locked sprtsvc.exe (2844)
______ C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (3148)
______ C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe (3908)
______ C:\Program Files\Internet Explorer\iexplore.exe (5920)
______ C:\Windows\system32\SearchProtocolHost.exe (5488)
Locked SearchProtocolHost.exe (5996)
Locked SearchFilterHost.exe (2632)
______ C:\Users\Natalia\Desktop\Rooter.exe (5036)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 (Start_Offset:41943040 | Length:15728640000)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:15770583040 | Length:231603359744)
\Device\Harddisk0\Partition0 (Start_Offset:247374807040 | Length:2683305984)
\Device\Harddisk0\Partition4 (Start_Offset:247375855616 | Length:2682257408)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423795590-2956447752-87144194-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423795590-2956447752-87144194-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{82CF52B2-2009-45D2-8A11-FB306AEEFBAC}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:44.50
.
C:\Rooter$\Rooter_1.txt - (04/03/2010 | 16:44.50)

LockSearch by jpshortstuff (05.11.09.1)
Log created at 16:51 on 04/03/2010 (Natalia)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------

-=E.O.F=-

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows [Versi¢n 6.0.6002]
Date: 04/03/2010 - Time: 17:13:11 - Arch.: x86


-- Malware removal tools check --


-- Known infection --



Extra message: Detection only.


EOF

What else should I do?
Thanks for your help.

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 4th March 2010, 10:45 pm

Hmm...something might be hiding in there.

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 4th March 2010, 10:54 pm

The log was the following,
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
kernel: error reading MBR

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 4th March 2010, 11:03 pm

Try top right click on it and click Run as Administrator.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 4th March 2010, 11:13 pm

Hi,
I have tried to run it several times but it says that mbr.exe have stop working and it will get closed

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 5th March 2010, 2:13 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 5th March 2010, 5:05 pm

Hello,
I haven't done what you last suggested me to because even though the mbr.exe stopped working, I just find out that the log said
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
I would like to know what should I do now.
Thanks

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 6th March 2010, 3:15 am

Please run ComboFix.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 9th March 2010, 11:15 pm

Hello,
The log was as followos, but I am not sure I did it right.
ComboFix 10-03-09.04 - Natalia 09/03/2010 17:55:33.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.57.3082.18.3573.2292 [GMT -5:00]
Running from: c:\users\Natalia\Desktop\commy.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 22:59 . 2010-03-09 22:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-09 22:59 . 2010-03-09 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-04 21:44 . 2010-03-04 21:44 -------- d-----w- C:\Rooter$
2010-02-10 21:05 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 21:05 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 21:05 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 21:05 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 22:45 . 2009-03-01 03:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-09 18:10 . 2009-04-13 16:05 -------- d-----w- c:\users\Natalia\AppData\Roaming\Skype
2010-03-09 17:15 . 2009-04-13 16:09 -------- d-----w- c:\users\Natalia\AppData\Roaming\skypePM
2010-02-24 14:36 . 2009-03-16 22:52 102424 ----a-w- c:\users\Natalia\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-10-02 20:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 15:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 22:59 . 2009-03-18 15:18 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 17:37 . 2009-04-05 13:28 5972 ----a-w- c:\users\Natalia\AppData\Local\d3d9caps.dat
2010-02-05 21:56 . 2009-03-01 10:14 -------- d-----w- c:\program files\Dell DataSafe Online
2010-02-05 21:46 . 2009-07-21 22:03 8653312 ----a-w- c:\users\Natalia\AppData\Roaming\DataSafeDotNet.exe
2010-02-05 21:46 . 2009-07-21 22:03 8653312 ----a-w- c:\users\Natalia\AppData\Roaming\DataSafeDotNet.exe
2010-02-05 15:39 . 2010-02-05 15:39 251376 ----a-w- c:\users\Natalia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-01 15:15 . 2009-04-13 16:05 -------- d-----w- c:\program files\Google
2010-02-01 14:38 . 2010-02-01 14:38 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE551.tmp.exe
2010-01-26 16:42 . 2010-01-26 16:42 -------- d-----w- c:\program files\Microsoft ATS
2010-01-25 12:00 . 2010-02-23 19:20 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 19:20 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 19:20 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 19:20 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 19:20 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 19:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 19:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 19:20 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 19:20 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 19:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-20 20:48 . 2009-03-18 17:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-06 15:39 . 2010-02-23 19:20 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 19:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-23 19:20 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:20 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:20 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 19:20 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-23 19:20 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-23 20:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 20:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-23 20:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-23 20:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-01 09:54 . 2009-03-01 09:54 75 --sh--r- c:\windows\CT4CET.bin
2009-03-01 11:11 . 2009-03-01 11:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Natalia\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-24 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

c:\users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-1 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-01 10:11 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):34,e3,de,ca,d2,0f,ca,01

R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-08-06 54632]
R3 fsssvc;Servicio de Windows Live Protección infantil;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:15]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:15]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423795590-2956447752-87144194-1000Core.job
- c:\users\Natalia\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-24 02:13]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423795590-2956447752-87144194-1000UA.job
- c:\users\Natalia\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-24 02:13]

2010-03-09 c:\windows\Tasks\User_Feed_Synchronization-{82CF52B2-2009-45D2-8A11-FB306AEEFBAC}.job
- c:\windows\system32\msfeedssync.exe [2010-01-23 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {78C2CF3F-D07D-4930-8760-E3D8C143DC3C} = 200.75.51.132,200.75.51.133
TCP: {9C54A922-74A8-4652-89EF-5D0155A2558F} = 200.75.51.132 200.75.51.133
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-09 17:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-09 18:01:42
ComboFix-quarantined-files.txt 2010-03-09 23:01
ComboFix2.txt 2010-03-09 22:28

Pre-Run: 168.530.386.944 bytes libres
Post-Run: 168.502.247.424 bytes libres

- - End Of File - - B1FA1E8D549684D67C93C0A588959EC8

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 10th March 2010, 3:22 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 11th March 2010, 8:21 pm

Hello,
the log is as follows; sorry it is in Spanish, because I have asked to. To sum up, it was nothing detected as infected
Malwarebytes' Anti-Malware 1.44
Versión de la Base de Datos: 3854
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

11/03/2010 03:15:26 p.m.
mbam-log-2010-03-11 (15-15-26).txt

Tipo de examen : Examen Completo (C:\|D:\|E:\|)
Objetos examinados: 235527
Tiempo transcurrido: 1 hour(s), 2 minute(s), 8 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 11th March 2010, 9:27 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 12th March 2010, 2:29 pm

Hello,
I have installed ESET Online, but I have some questions:
- Enable Anti-Stealth technology is checked; should I leave it as it is or should I uncheck it?
- It says that another antivirus was detected that may affect the performance and scan; when I display show list it shows up Windows Defender; should I disable it and if that is the case, how do I do it? Should I disabe McAffee too?

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 12th March 2010, 3:23 pm

Keep Anti-Stealth checked, and yes disable Windows Defender and McAfee for now.

How to disable security programs: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 12th March 2010, 4:37 pm

Hello,
The scanning process finished and it says that no threats had been found. I have traied to open the logfile, but I could't find it.
May I enable Windows Defender and McAffee now?

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 12th March 2010, 5:33 pm

Yes. Re-enable them.

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 12th March 2010, 5:55 pm

Hello,
I can't find "performance information and tools"

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 12th March 2010, 6:02 pm

Sorry, I think I have finally found it, so I will continue with th instroctions you gave me

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 12th March 2010, 6:27 pm

Hello,
the document contents was
Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
McAfee VirusScan Enterprise
McAfee AntiSpyware Enterprise Module
McAfee Agent
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

McAfee AntiSpyware Enterprise Module
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3 - Español
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Does it mean it was no infctions at my computer?
Is there anything else I should perform?

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 12th March 2010, 8:23 pm

No infections.

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

====

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 12th March 2010, 10:32 pm

Hello,
thanks for all your help, I followed your recomendations, except SpywareBlaster because it said it was not available for this country and the one on hpHosts, because I did not know what exactly to download.
One more question: Should I remove from my computer SecurityCheck and TFC?

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 13th March 2010, 2:18 am

Yes you can remove those.

For hpHosts, look on the download page, you will see and Installer for Windows.

Download and install that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 27th March 2010, 4:05 pm

Hello,
Thanks for the tip; I would like to know whether there is anything missing in your last post, before "Installer for Windows".
Thanks

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 27th March 2010, 5:32 pm

Did you see the Installer for Windows?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 28th March 2010, 1:43 pm

No, I can not find it, sorry

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 29th March 2010, 2:59 am

Download link: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 29th March 2010, 1:42 pm

Hello,
I downloded and clicked in "save" -though I have no idea where it get saved-, should I click in "clean list" or just close the window that showed up?
Is there anything else I should do?

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 29th March 2010, 2:42 pm

Try to download and run it, instead of saving it.

It probably got saved to a temporary folder.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 31st March 2010, 5:20 pm

Hello,
When I click on the link it only gives me to options: to save the file or cancel, it does not allow me to run it and I would not know how to find it on a temporary folder (I clicked twice on save)

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by thesaurus on 31st March 2010, 5:48 pm

I could finally run it, and the post was
Program : hpHosts
Version : 16-03-2010
Released : 16th March 2010
Licence : Freeware
Author : Steven Burn
Company : Ur I.T. Mate Group
Website : [You must be registered and logged in to see this link.]
Download : [You must be registered and logged in to see this link.]
Support : [You must be registered and logged in to see this link.]

***********************************************************************
In this document
***********************************************************************

1. Overview
2. System Requirements
3. Known Issues
4. Updates
5. Updates Planned
6. Release Notes

- Update notes
- General Information
- DNS Client

7. Installation
8. Installation Notes
9. Uninstallation
10. Automated Installation
11. Automated Uninstallation
12. Alternative hosts file providers
13. Conditions of use

***********************************************************************

1. Overview:

hpHOSTS is a community managed hosts file. What that means to you is that you have a key role to play in improving hpHOSTS by submitting undesirable sites you think should be listed or by requesting removal of sites you think may have been added in error. This process is performed in our public forums and all decisions to add or remove sites are subject to public criticism and ongoing re-evaluation.

If you would like to get involved, please register* at the hpHosts File Support Forum (see the Support URL above)

2. System Requirements:

NOTE: These are MINIMUM recommendations and should be taken as a guide ONLY*.

- Microsoft Windows 95 or above
- MAC
- Linux

3. Known Issues:

None

4. Updates:

Modified: General HOSTS updates

5. Updates planned:

Suggestions/contributions welcome

6. Release Notes:

**************************************************************
Update Notes
**************************************************************

None

**************************************************************
General Information
**************************************************************

To allow for easier access for those using hpHosts that still
require Yahoo access, the Yahoo hosts is available as a
seperate download for those that still wish to block them.

PGP Signature

The HOSTS.TXT.sig file is a cryptographic signature and not a
part of the hosts file. If you are not running some 32bit
version of PGP then you don't need it and may discard it.
The purpose of the PGP sig is to allow PGP users who have
added my public key block to their keyrings to verify the
HOSTS.TXT came from me and has not been tampered with or
altered by a third party. If you download a hosts file
purported to be from me which fails a signature check, don't
use it!! Report the incident to me at [You must be registered and logged in to see this link.]

My public key block may be downloaded from the hpHosts
homepage.

**************************************************************
DNS Client
**************************************************************

Users of Microsoft Windows 2000 and above, may want to disable
the Windows built in DNS service if experiencing a slowdown as
a result of using the HOSTS file for advert and malicious
site blocks.

To do this;

I . Click Start > Run
II . Type CMD and press enter
III. Type each of the lines, EXACTLY as they appear
below.

net stop dnscache
sc config dnscache start= disabled

IV . Type EXIT to close the CMD window

Alternatively, you can download a batch file that will disable
and enable this for you, from the hpHosts download page.

You can read more detailed information about the DNS Client
Service at;

http://www.blackviper.com/WinXP/Services/DNS_Client.htm
http://www.blackviper.com/WIN2K/win2kservice411.htm#DNS_Client
http://www.blackviper.com/WinVista/Services/DNS_Client.htm

7. Installation:

No-install (manual installation):

Extract HOSTS.TXT to the correct folder for your operating system.

- Windows XP/2003/Vista

%systemroot%\system32\Drivers\Etc

- Windows NT/2000

%systemroot%\system32\Drivers\Etc

- Windows 95/98/Me

%windir%

- Linux

./etc/

- Macintosh

/private/etc/

Notes:

%systemroot% is a system variable and will usually be C:\Windows or C:\WinNT

%windir% is a system variable and will usually be C:\Windows

Full Install:

1. Double click hpHosts-Setup-Win32.exe
2. Run through the steps to install the program
3. Run the program

8. Installation Notes:

See System Requirements

9. Uninstallation:

No-install:

1. Delete HOSTS file (if ONLY hpHosts installed)
2. Rename "hosts_Win_Original" to "HOSTS"

Full Install:

1. Go to the Add/Remove Programs applet

- Start > Run, enter:

appwiz.cpl

2. Scroll down the list of items until you come to hpHosts
3. Highlight hpHosts and click Remove

10. Automated Installation:

The Setup program accepts optional command line parameters. These can be useful to system administrators,
and to other programs calling the Setup program.

/SP

Disables the This will install... Do you wish to continue? prompt at the beginning of Setup.

/SILENT
/VERYSILENT

Instructs Setup to be silent or very silent. When Setup is silent the wizard and the background
window are not displayed but the installation progress window is. When a setup is very silent
this installation progress window is not displayed. Everything else is normal so for example
error messages during installation are displayed and the startup prompt is (if you haven't
disabled it with DisableStartupPrompt or the '/SP-' command line option explained above)

If a restart is necessary and the '/NORESTART' command isn't used (see below) and Setup is silent,
it will display a Reboot now? message box. If it's very silent it will reboot without asking.

/LOG

Causes Setup to create a log file in the user's TEMP directory detailing file installation actions
taken during the installation process. This can be a helpful debugging aid. For example, if you
suspect a file isn't being replaced when you believe it should be (or vice versa), the log file
will tell you if the file was really skipped, and why.

The log file is created with a unique name based on the current date. (It will not overwrite or
append to existing files.) Currently, it is not possible to customize the filename.

The information contained in the log file is technical in nature and therefore not intended to
be understandable by end users. Nor is it designed to be machine-parseable; the format of the
file is subject to change without notice.

/NOCANCEL

Prevents the user from cancelling during the installation process, by disabling the Cancel button
and ignoring clicks on the close button. Useful along with /SILENT.

/NORESTART

Instructs Setup not to reboot even if it's necessary.

/LOADINF="filename"

Instructs Setup to load the settings from the specified file after having checked the command line.
This file can be prepared using the '/SAVEINF=' command as explained below. Don't forget to use quotes
if the filename contains spaces.

/SAVEINF="filename"

Instructs Setup to save installation settings to the specified file.
Don't forget to use quotes if the filename contains spaces.

/DIR="x:\dirname"

Overrides the default directory name displayed on the Select Destination Location wizard page.
A fully qualified pathname must be specified.

/GROUP="folder name"

Overrides the default folder name displayed on the Select Start Menu Folder wizard page.
If the [Setup] section directive DisableProgramGroupPage was set to yes, this command line
parameter is ignored.

/NOICONS

Instructs Setup to initially check the Don't create any icons check box on the Select Start Menu
Folder wizard page.

/COMPONENTS="comma separated list of component names"

Overrides the default components settings. Using this command line parameter causes Setup to
automatically select a custom type.

* The automated installation notes were taken from the Inno Setup help file

11. Automated Uninstallation

The uninstaller program (unins???.exe) accepts optional command line parameters. These can be useful to
system administrators, and to other programs calling the uninstaller program.

/SILENT

When specified, the uninstaller will not ask the user any questions or display a message stating
that uninstall is complete. Shared files that are no longer in use are deleted automatically without
prompting. Any critical error messages will still be shown on the screen.

/NORESTART

Instructs the uninstaller not to reboot even if it's necessary.

* The automated uninstallation notes were taken from the Inno Setup help file

12. Alternative hosts file providers

MVPS - [You must be registered and logged in to see this link.]
McRae - [You must be registered and logged in to see this link.]
Mike Skallas - [You must be registered and logged in to see this link.]

13. Conditions of Use

See enclosed EULA.txt
Does it mean the process is done or should I follow all the above instructions?

thesaurus
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24998
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus detection

Post by Dr Jay on 1st April 2010, 4:10 am

ok...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum