1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: virus, tojan, and html thing

Discussion in 'Virus & Other Malware Removal' started by barncat, Feb 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. barncat

    barncat Thread Starter

    Joined:
    Jan 11, 2005
    Messages:
    253
    avg found no viri......

    avast set at maximum sensitivity found 2:
    Matyas in -sys\Activescan\pav.sig, and

    Kuang2 in -sys\ActiveScan\IMscan.dll ,,,

    could not put these in "vault"..would get "RPC Server is unavailable. cannot process "c:\win\sys\activescan\pav.sig"file or -IMscan.dll...

    Is activescan folder part of the "trend housecall"?
    i couldn't find it.

    Kapersk online would not work for me......

    Panda online scan found and fixed 2 viri:gendel.A in -sys\gendel32.exe and TrjD in -\unzippid\hijackthis backup-20050104-212557....

    Trend online scan found HTML ADVER.A which it could not fix, but said it was not dangerous.


    Logfile of HijackThis v1.99.0
    Scan saved at 5:10:36 PM, on 2/5/05
    Platform: Windows 95 B (Win9x 4.00.1111)
    MSIE: Internet Explorer v4.70 SP1 (4.70.0000.1155)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ANALOGX\COOKIEWALL\COOKIE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\tapiexe.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = {BROWSER_HOMEPAGE}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab



    THANKS FOR ANY SUGGESTIONS!.....
     
  2. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
  3. barncat

    barncat Thread Starter

    Joined:
    Jan 11, 2005
    Messages:
    253
    thank you.....first scan was avg 7 w/ current update......it missed everything!

    was surprized when avast started finding things, but suspected it was looking at another av program....is that what it did?
     
  4. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
    Hi Barncat It is quite possible as they are both installed on your system Shut one down completely and run the other and see if it comes up clean You should choose which one you like Update it and to be safe uninstall the other .

    For a second opinion you can always run Housecall or Panda as well .
     
  5. barncat

    barncat Thread Starter

    Joined:
    Jan 11, 2005
    Messages:
    253
    Dust Sailor, thanks....interesting handle...what does it refer to?

    i only have one av running at a time, though spybot may look for things...not sure what it is doing...it fights with excite when i try to look at my mail,,,and looses....still get popunders....

    i suspect everything found by all av scans was a false positive except for the html thing and it may be too.......avast av was set on "high sensitivity", so i'll not do that again....thanks again.....
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327186

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice