1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

General Trojan Horse Virus

Discussion in 'Virus & Other Malware Removal' started by soc1031, Sep 24, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    Hi, I've had some big problems with my comp lately and it seems that no matter what i do, it fails to completely rid me of these viruses. I've scanned these forums quite a bit and even though i haven't downloaded the hijack this program, i have downloaded spybot search and destroy and i have adware 6.0, both updated, along with norton. First of all, in Outlook Express, my dad's email account is bugged to where the frontpage is altered and has ads that aren't suppose to be there. We just recently delt with the removal of the new W32.Swen virus and even though it looks as if we removed it, I think that some of it is still on our comp because the email containing the virus is spamming my dad's mailbox everyday and Norton detects all this and we delete the messages but they just come back. Now we got a general Trojan Horse (I think) because at random times 6 messages pop up saying Norton has detected a "Trojan Horse" and the messages are in 3 groups of 2, the first saying access denied and the second saying unable to repair. All of this loops around to me searching google and finding these forums, where i downloaded spybot and even that doesn't work on my comp because it goes so far and stops once it starts to scan C2.lop and it freezes and doesn't respond afterwards. Despite this, it did remove a lot of spyware i did have but i'd like it to go through the full scan. We're completely stumped so pls make suggestions. I'm sure that the first thing i should do is download the Hijack This program so I'll do that and wait for your reply. Thx alot.
     
  2. dragoonsgl

    dragoonsgl

    Joined:
    Aug 25, 2003
    Messages:
    106
    Once you download the Hijack This program scan your computer, save the log then post it here for help :)
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,192
    First Name:
    Derek
  4. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    okie dokie, just got back from eating so i still gotta fix my spybot with that link you provided, but here's the Hijack This log for my comp:

    Logfile of HijackThis v1.97.2
    Scan saved at 5:52:53 PM, on 9/24/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.newsexgate.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = autoconfig server
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://193.125.201.50
    O1 - Hosts: 193.125.201.50 ie.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1211.dll (file missing)
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Video Poker - http://download.yahoo.com/games/clients/y/vps1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.yahoo.com/games/clients/y/grrq_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.7749768519
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

    Also one more thing to add, i think i might have found out what the trojan is spawning from because everytime i select this winmain.exe file the norton pops up the trojan thing, and if i try to modify it norton just spams my comp with trojan horse messages. Thx for the help.
     
  5. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    i was reading another link that had the same virus that i had and did a norton scan. For some reason this time it found 4 infected files and i don't know why it didn't find them the one time i did the scan, who knows. Here's the scan results:

    C:\System Volume Information\_restore{19B58392-252F-4748-9E12-FB1358C593A3}\RP1\A0000139.exe is infected with Trojan Horse
    C:\System Volume Information\_restore{19B58392-252F-4748-9E12-FB1358C593A3}\RP1\A0000163.exe is infected with Trojan Horse
    C:\System Volume Information\_restore{19B58392-252F-4748-9E12-FB1358C593A3}\RP1\A0001170.exe is infected with Trojan Horse
    C:\WINDOWS\winmain.exe is infected with Trojan Horse

    Other than performing the scan I read through some more posts and downloaded the ZoneAlarm firewall if that has any importance. I'll wait for a reply from you before i do anything else. Thx
     
  6. dragoonsgl

    dragoonsgl

    Joined:
    Aug 25, 2003
    Messages:
    106
    I'm most likely guessing Norton deleted the viruses? Just to make sure, you can post the Hijack This log someone will be able to assist you in finding/deleting your virus problems :)
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  8. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    well currently the answer to your question is yes and no. Yes, norton deleted one of the trojans but i still have 3 left that i haven't found yet. And it really didn't delete it but rather quarentined whatever thats spelled. The full system scan on Norton is not picking up any viruses for some reason and im having to just look for files that might be infected and do individual scans on em. Yes, i have posted the Hijack This log I'm just waiting for some help now.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.newsexgate.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://193.125.201.50

    O1 - Hosts: 193.125.201.50 ie.search.msn.com
    O1 - Hosts: 216.93.168.167 sitefinder.verisign.com

    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1211.dll (file missing)

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O9 - Extra button: Sidesearch (HKLM)

    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB

    O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

    Restart your computer and delete:

    The C:\Program Files\Lycos\Sidesearch folder.

    Go here http://www.lavasoftusa.com/software/adaware/ and download Adaware 6

    Install the program and launch it.

    I strongly recommend that you read the help file to familiarize yourself with the program.

    Before running the scan look at the top of the main window and you will see a Gear Icon. This is where you configure the settings. Click on that and then in the next window that pops up click on the "Scanning" tab on the left side. Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.
    The click on the "Tweak" tab and under "Scanning engine" put a check by "Unload recognized processes during scanning" ...........then......under "Cleaning engine" put a ckeck by "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot" then click "Proceed"

    Next in the main window look in the bottom right corner and click on "Check for updates now" and get the latest referencefiles.
    After getting the latest referencefiles you are ready to scan.

    Click "Start" and in the next window make sure "Active in depth scanning" is checked then click "Next" and the scan will begin.

    When it is finished let it fix everything it finds.

    Restart your computer.

    Be sure and take advantage of the "Immunize" feature in Spybot.

    Finally go here http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 for info on how this happens and how to help prevent future attacks.
    On this page you will find a link to Javacool's SpywareBlaster and Spyware Guard. Get them both and check for updates frequently.
    The Immunize feature in Spybot used in conjunction with SpywareBlaster and SpywareGuard and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

    Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster and SpywareGuard on a weekly basis.
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  11. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    flrman1, that was something i was unsure of because i have had it off when i fixed the swen.a worm. I turned it back on thinking thats what was causing my comp to be infected. I'll wait for you to tell me what to do with hijack but ill run another scan and restart because spybot was suppose to delete some spyware that was on my comp at restart. Thx for you help.
     
  12. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    ahh, im late on my posts :( ill reply back once ive done all of what you said, thank you very much for the help.
     
  13. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    Me again, i checked and fixed what you said to do on hijack this and heres my new log:

    Logfile of HijackThis v1.97.2
    Scan saved at 7:54:47 PM, on 9/24/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = autoconfig server
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Video Poker - http://download.yahoo.com/games/clients/y/vps1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.yahoo.com/games/clients/y/grrq_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.7749768519
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    I didn't find the lycos folder because im pretty sure i deleted it awhile ago when i started to acquire spyware on my comp. So is this suppose to fix the 4 viruses that the free norton scan found? Like i said before, the norton program that we bought and installed isn't catching these files for some reason and so i don't know if they are deleted. I've read the documents and its on the settings to scan all files also. I'll run it one more time afterwards and see if i can get anything out of it now that all this other stuff is done with. I just ran Adware 6.0 and just got 2 tracking cookies so thats pretty much clean. Hope I'm not too much of a pain for you, thx again.
     
  14. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
  15. soc1031

    soc1031 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    18
    Ok, im currently running the scan as i speak, and one more thing that i seem to not be able to get rid of, we have four Outlook Express email accounts and 3 of em work fine, but my dad, the one who d/l viruses all the time, has his main page altered to pop up ads and links that lead to a search engine when you click on show address book. Any idea on how i can fix that? Thx
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167158

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice