Problems And Security ?
Started by
Daman
, Feb 03 2005 10:33 PM
2 replies to this topic
#1
Posted 03 February 2005 - 10:33 PM
Register to Remove
#2
Posted 14 February 2005 - 11:19 PM
Tonight I found a 180searchassistant with bitdefender, an online scanner. It was installed with rosoft sound recorder. I searched the modified/create date and deleted suspect files. In the process I noticed a .sbe file, it's an exclude list for spybot s&d. I checked the exclude list in spybot and there were items as exclude, 5 items to be exact. The rosoft prog probably added the excludes on install. I don't know what registry keys were affected though. The offender was 180searchassistant 5.11 the file it operated from was rmturad.exe.tfc, a double extention. After deselecting the exclude items I ran spybot and it found the bugger. Sonsab_t_hes.
What is desktop.ini and why do I have 111 instances of it?
Why did I have a russian windows media player 6.4 as an installed component in my registry?
I had searched using *.exe and looked for files that looked like they did not belong, googled them to find out what they were tied to and if it came back unknown I took note for possible deletion. In the process the anomalys downloads/uploads have stopped, well at least the upload portion. I deleted the registry entry in installed components for the wmp 6.4 and the wmiwmpsv.exe and other exe's, inadvertently deleting the component for the cd rom. I was able to reinstall it by uninstalling the driver, reinstall driver and deleting the upper filters and lower filters in the registry and rebooting.
Apparently to stop a problem after a program install and when you notice something awry, is by using a baseline or footprint of your registry and windows/system32 areas. From what I read, propper footprinting includes a footprint from your virgin computer, a footprint before program install, and a footprint after a program install. This allows you to see where the changes are taking place so you can undo if you determine you have a problem, because add/remove progs does not get rid of everything.
#3
Posted 17 February 2005 - 10:16 PM
Hi and welcome to the forums. It looks like you do have some problems on your computer. Look at my signature below and download hijack this. Please extract it to its OWN folder. A good place to put it would be to make a folder called HJT here: C:\program files
IMPORTANT: MCAFFEE INCORECTLY IDENTIFIES THIS PROGRAM AS A VIRUS UNLESS YOU HAVE THE ABSOLUTE LATEST DATS (4429 OR UP)
Post a log here and we will see what shows up
Thanks wng
IMPORTANT: MCAFFEE INCORECTLY IDENTIFIES THIS PROGRAM AS A VIRUS UNLESS YOU HAVE THE ABSOLUTE LATEST DATS (4429 OR UP)
Post a log here and we will see what shows up
Thanks wng
There are 10 kinds of people in this world, those who understand binary #'s & those who dont
Just my 10 cents
Proud member of Alliance of Security Analysis Professionals since 2005
Just my 10 cents
Proud member of Alliance of Security Analysis Professionals since 2005
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users