8 replies to this topic

[mattbot78]

hey. lots of people told me lots of things to download. which is great, but i am wondering if some of the programs i have are conflicting with each other. or if i have one, do i need the other? cw-shredder, spysweeper, spybot snd, ad-aware, HT, anti-vir. i think thats it... also not sure the definition of a firewall, and are any of the above considered as such? thanks... matt.

['KotaGuy]

Hi mattbot78.

Unfortunately, protecting your computer from both Virus and Malware infections, are a must. If your computer connects to the Internet in any way, it will get hit. It's just a matter of when.

Protecting your computer in layers(multiple programs), is, in my opinion, the best way of minimizing infection. Of course, because of the quickness in which Virus and Malware mutates, there are always vulnerabilities that will be taken advantage of. Anti-Virus and Anti-Malware programmers try to keep up with the new strains/mutations as best they can by releasing new definition or reference files as fast as they can. That is why updating your protection programs regualarily is a must.

A Firewall is also important(none of what you mentioned are Firewalls). These basically block unsolicited access to your computer from the Internet. There are hardware and software Firewalls. Check out ZoneAlarm. There is a free version of the firewall.

You do have a point though, some things will interfere with others. Anti-Virus programs, for instance. Having 2, or more, Anti-Virus programs active can cause conflicts between the software. It's usually a good idea to stick with one program in that sense.

Anti-Malware programs(such as Ad-Aware, Spybot S&D, Spysweeper,etc) rarely conflict with each other, but their resident programs can bombard you with pop-up warnings if more than one is active.

To let you know, on my machine I use Norton Anti-Virus 2005 as my resident and active scanner. I use Trojan Hunter as a backup and to scan for Trojans Norton doesn't detect. I aslo have Ad-Aware SE, Spybot S&D, SpywareBlaster, SpywareGuard, and IE-SPYAD installed. I recently had Spysweeper and Pest Patrol installed with the others as I hadn't tried the two programs. I had no conflicts between any of the Anti-Malware programs, and having them installed didn't conflict with my Anti-Virus programs.

I also use Kerio Personal Firewall as my Firewall. My home network is behind a NAT/Router(a hardware Firewall).

And even with all that, I still got hit recently with a nasty bit of code that Ad-Aware and Spybot and such, weren't able to clean. Was only able to finally purge my system of it when I stumbled across HijackThis.

Different infections need different tools to clean. Some are specific to certain infections. For example, you mentioned CWShredder. CWShredder is a specific tool that fixes a variety of CoolWebSearch infections. The Peper Trojan requires a different tool to fix it.

The tools were developed to help people fix the infections with as little effort as possible. It may seem like its a lot extra "running around", but if the tools are there, you might as well use them. Thats what they were developed for.

Hope this helps.
Surf Safe!

[mattbot78]

KG: hey. thanks for the informative reply. will check out that zone alarm website and get a firewall up and runnin. are you any good reading HT logs? i haven't had any luck with people getting any one to check mine out... thanks, matt.

[ddeerrff]

Mattbot78, I peaked at your log and you have a browser hijacker that is generically refered to as About:Blank. This is a very difficult item to remove and there are only a few experts here on this board that are trained to tackle it. You only posted the log a couple days ago, give it a couple more and hopefully someone will post you a fix.

['KotaGuy]

Ewww.... About:Blank.... can't go near those yet, haven't had the training. Otherwise I would. As ddeerrff said, give it a couple days, someone should get back to you.

[mattbot78]

thanks ddeerrff and KG for the replies. do you know if about:blank messes with hotmail sign in/inbox access? that is the only real pisser of a problem i still can't get rid of. thanks, matt.

['KotaGuy]

Not sure.. may be.

I've peeked at your log as well. Your log was generated by an old version of HijackThis.

Delete the old version, and download the new version here.

Unzip it to its own folder(don't run it from the zip, and not from a temp folder either), eg: C:\Program Files\HijackThis\HijackThis.exe.

Rescan and post the new log using the Reply button in your most recently started thread. Please don't start a new one.

The expert may also want you to download DllCompare.

And GetServices

Someone should get back to you soon.

Thanks!

[mattbot78]

kota:
here is an updated HT log:

Logfile of HijackThis v1.97.7
Scan saved at 12:12:57 PM, on 10/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tiert.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unitelc.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tiert.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unitelc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tiert.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tiert.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Unitel Communications
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.unitelc.com/
F1 - win.ini: run=C:\WINDOWS\INETFIH\SERVICES.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {CF75D53A-5303-4888-9DAF-CC8E9EB09717} - C:\WINDOWS\SYSTEM\MSDOH.DLL (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {E7D961DF-2ED7-0D81-86BF-69B1F3AC4663} - C:\WINDOWS\IENW32.DLL (file missing)
O2 - BHO: (no name) - {67AF3B50-B44E-56B7-8753-60550DA82A4E} - C:\WINDOWS\SYSTEM\ZBC.DLL (file missing)
O2 - BHO: (no name) - {4D81B117-4EFE-8B81-F4A4-C68C2A9AC97C} - C:\WINDOWS\SYSTEM\IEZF32.DLL (file missing)
O2 - BHO: (no name) - {BFD83CA2-CBB3-0220-5E39-3D03516A6741} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {59F8BABF-3C1F-C683-643B-BAA6EFD30E42} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {177D8DED-3389-6538-A987-C086D0210C15} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {7FE6F238-ED9A-D9AD-6B9A-EBAC5600E97F} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {5957032D-4F84-B593-61B9-C5F1C646EB4C} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {5EBDA727-1BD8-EF0F-2E11-C95AF831A4A7} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\SYSTEM\AANTX.DLL (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL (file missing)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL (file missing)
O2 - BHO: (no name) - {3BD452FF-82F6-425A-B849-A45986A41E0D} - C:\WINDOWS\SYSTEM\NTWB32.DLL (file missing)
O2 - BHO: (no name) - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL (file missing)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\program files\support.com\bin\tgcmd.exe /server /nosystray
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SYSGC.EXE] C:\WINDOWS\SYSGC.EXE
O4 - HKLM\..\Run: [amcaueindjizh] C:\WINDOWS\SYSTEM\jcnamo.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INETFIH\SERVICES.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [CRTC32.EXE] C:\WINDOWS\CRTC32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETFIH\SERVICES.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Click to Remove Spyware.lnk = C:\WINDOWS\Desktop\sd.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.unitelc.com
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.s...nhlst8246_x.cab


thanks,
matt.

['KotaGuy]

Hehe... no mattbot78....

By updating HijackThis... I meant the program. The version you are using is an old one.

Logfile of HijackThis v1.97.7
Scan saved at 12:12:57 PM, on 10/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

You should delete the old version of HijackThis, download the new one(ver. 1.98.2) and rescan with that. Download it here. Remember to put HijackThis in it's own folder. Don't run it from the zip or a temp folder.

Also, post the new log to the HijackThis forum, not here. Just use the reply button to the last post you made in that forum.

And as I said, I can't help you with this. Haven't had the training. One of the experts here that have had the training will reply to your post in the other forum.

Edited by 'KotaGuy, 16 October 2004 - 06:40 PM.