virus

[sgb]

hello
How do I check if I have a virus on my computer , i am just a beginner at this. I have windows 98se thks sgb

 

[xgerryx]

For a start you will need an AV. Anti virus program.
Once you install your AV you will have to get its latest updates before you scan your computer.

There are a number of programs available. Most of these programs are fairly good but it is never a good idea to think they are full proof. Your own vigilance is still your best protection. eg. not opening attachments that look suspect and being aware that any new software or download is a potential threat.

Alot of people use a free program called AVG which you can download from here: http://www.grisoft.com/us/us_dwnl_free.php

Whatever program you get I think the most important thing is to get to know the program and how to keep it up to date and then every once in a while do an online scan just for piece of mind.

Here are a couple of online scans you can use for free:

Housecall: http://housecall.trendmicro.com/housecall/start_corp.asp
Panda online: http://www.pandasoftware.com/activescan/

 

[sgb]

hello
I did the house call virus scan and came up with 249 infected files the name came up as WORM netsky.DAM, scan was no cleanable file was windows\temp\nav1134.t... than i got wormnetsky.p c\program file\unstilled mgs came up unable to delete the infected entire file contents of compressed file. c\window\temp\nav1134.tmpja so i still went and deleted i don't know if that was write , so what do i do now (only beginner)????? tks sgb

 

[~Candy~]

Reboot and scan once again.

 

[Rollin' Rog]

Let HouseCall quarantine or delete what it can; most infected files will not need to be replaced. Then reboot and post a HijackThis Scanlog folowing directions here:

http://tomcoyote.com/hjt/

Let us know what is said to remain that is undeletable, including the full path to it.

 

[sgb]

hello ,
i went to the site tomcoyote.com/hjt that you told me. I read the directions , i think i am doing something i went to download the file and I opened then in said weclome to winzip , didn't know what to do, i didn't want to buy it extra, and did not bring up like what the picture showed. what am i doing wrong please help i am a beginner. so i click use evaluation verison , then it started loading it , so i don't know if it is somewhere, I am sorry about this , i don't know what i am doing help!!!!! is this over my head ??? I hope not........ thks sgb

 

[xgerryx]

For an unzipped download try this site: http://www.spywareinfo.com/~merijn/downloads.html

 

[sgb]

please tell now what do i do , is this right , thank you very much for that other sight, i
please look at this thank you again

Logfile of HijackThis v1.97.7
Scan saved at 7:43:56 AM, on 4/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMON32A.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DESK98.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\9EJ17ZYP\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.starpower.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.starpower.net/home/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMon32a.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.starpower.net/home/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/195a37fca505dffeb106/netzip/RdxIE.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37896.7640625
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

 

[Rollin' Rog]

The file you originally downloaded was a .zip file. That means the program you want is contained with the file, but you must "unzip" it using Winzip. Sounds like you have never done that before. Don't be afraid of Winzip, you don't have to buy it and you already have it installed. Just select the option to unzip any zipped file to its own folder.

Anyway the Scanlog looks fine.

Are you currently having problems with a virus? (I edited the multiple copies of the Scanlog that you inadvertantly posted).

Is NAV recently installed, and have you updated your NAV definitions and run a full scan? That's all you really need to do unless you think you have a problem NAV isn't detecting.

If this version of NAV is too old to be updated, you should probably uninstall it and install a new program. AVG is a decent freeware alternative.

http://www.grisoft.com/us/us_dwnl_free.php

 

[sgb]

I think so because I went to houecalls and said i had 249 virus and a virus called netsky.dam when i scan it with house call it came upas no cleanable. so thats why i did all this the file was windows\temp\nav1134.t....I guess its not there any more?????

 

[Rollin' Rog]

Ok, well "not cleanable" simply means it isn't a file that can be "repaired". But most files like that are not windows files, or even legitimate software to begin with -- they are the virus files themselves. The scanner just quarantines or deletes them and you are good to go. If in doubt you have to let us know what the file name is.

I don't see any problems in the Scanlog, so if you aren't experiencing any, don't worry!

nav1134.t. isn't something that is either associated with Windows or Norton Antivirus, the name is probably intentionally designed to be misleading.

 

[sgb]

THANK YOU ALL very much for helping me out with my problem so far i am not having any major problems now with my computer. but i guess i have to update my virus norton anti virus program. it did not pick up this virus when i scan is this not a good program??? again THANK YOU ALL very very much. you all are great.
thks sgb

 

[~Candy~]

You need to update your virus program at least every few days in order to have the most current definition list, it can't protect you from what it doesn't know about

Why don't you just keep the auto update turned on?