1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus

Discussion in 'Virus & Other Malware Removal' started by sgb, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    hello
    How do I check if I have a virus on my computer , i am just a beginner at this. I have windows 98se thks sgb
     
  2. xgerryx

    xgerryx

    Joined:
    May 16, 2003
    Messages:
    4,092
    For a start you will need an AV. Anti virus program.
    Once you install your AV you will have to get its latest updates before you scan your computer.

    There are a number of programs available. Most of these programs are fairly good but it is never a good idea to think they are full proof. Your own vigilance is still your best protection. eg. not opening attachments that look suspect and being aware that any new software or download is a potential threat.

    Alot of people use a free program called AVG which you can download from here: http://www.grisoft.com/us/us_dwnl_free.php

    Whatever program you get I think the most important thing is to get to know the program and how to keep it up to date and then every once in a while do an online scan just for piece of mind.

    Here are a couple of online scans you can use for free:

    Housecall: http://housecall.trendmicro.com/housecall/start_corp.asp
    Panda online: http://www.pandasoftware.com/activescan/
     
  3. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    hello
    I did the house call virus scan and came up with 249 infected files the name came up as WORM netsky.DAM, scan was no cleanable file was windows\temp\nav1134.t... than i got wormnetsky.p c\program file\unstilled mgs came up unable to delete the infected entire file contents of compressed file. c\window\temp\nav1134.tmpja so i still went and deleted i don't know if that was write , so what do i do now (only beginner)????? tks sgb
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Reboot and scan once again.
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Let HouseCall quarantine or delete what it can; most infected files will not need to be replaced. Then reboot and post a HijackThis Scanlog folowing directions here:

    http://tomcoyote.com/hjt/

    Let us know what is said to remain that is undeletable, including the full path to it.
     
  6. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    hello ,
    i went to the site tomcoyote.com/hjt that you told me. I read the directions , i think i am doing something i went to download the file and I opened then in said weclome to winzip , didn't know what to do, i didn't want to buy it extra, and did not bring up like what the picture showed. what am i doing wrong please help i am a beginner. so i click use evaluation verison , then it started loading it , so i don't know if it is somewhere, I am sorry about this , i don't know what i am doing help!!!!! is this over my head ??? I hope not........ thks sgb
     
  7. xgerryx

    xgerryx

    Joined:
    May 16, 2003
    Messages:
    4,092
  8. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    please tell now what do i do , is this right , thank you very much for that other sight, i
    please look at this thank you again

    Logfile of HijackThis v1.97.7
    Scan saved at 7:43:56 AM, on 4/23/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMON32A.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\DESK98.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\9EJ17ZYP\HIJACKTHIS[1].EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.starpower.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.starpower.net/home/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUpld32.exe" -l
    O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMon32a.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.starpower.net/home/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/195a37fca505dffeb106/netzip/RdxIE.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37896.7640625
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The file you originally downloaded was a .zip file. That means the program you want is contained with the file, but you must "unzip" it using Winzip. Sounds like you have never done that before. Don't be afraid of Winzip, you don't have to buy it and you already have it installed. Just select the option to unzip any zipped file to its own folder.

    Anyway the Scanlog looks fine.

    Are you currently having problems with a virus? (I edited the multiple copies of the Scanlog that you inadvertantly posted).

    Is NAV recently installed, and have you updated your NAV definitions and run a full scan? That's all you really need to do unless you think you have a problem NAV isn't detecting.

    If this version of NAV is too old to be updated, you should probably uninstall it and install a new program. AVG is a decent freeware alternative.

    http://www.grisoft.com/us/us_dwnl_free.php
     
  10. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    I think so because I went to houecalls and said i had 249 virus and a virus called netsky.dam when i scan it with house call it came upas no cleanable. so thats why i did all this the file was windows\temp\nav1134.t....I guess its not there any more?????
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, well "not cleanable" simply means it isn't a file that can be "repaired". But most files like that are not windows files, or even legitimate software to begin with -- they are the virus files themselves. The scanner just quarantines or deletes them and you are good to go. If in doubt you have to let us know what the file name is.

    I don't see any problems in the Scanlog, so if you aren't experiencing any, don't worry!

    nav1134.t. isn't something that is either associated with Windows or Norton Antivirus, the name is probably intentionally designed to be misleading.
     
  12. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    THANK YOU ALL very much for helping me out with my problem so far i am not having any major problems now with my computer. but i guess i have to update my virus norton anti virus program. it did not pick up this virus when i scan is this not a good program??? again THANK YOU ALL very very much. you all are great.
    thks sgb
     
  13. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You need to update your virus program at least every few days in order to have the most current definition list, it can't protect you from what it doesn't know about ;)

    Why don't you just keep the auto update turned on?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222520

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice