Looking for a good Antivirus Program

Kapersky is great imo, it does the job for me. It removes files well, protects your mail, net and other things. Kaspersky and Sygate are a good double so i suggest that.
 
Richdog said:
Post a hijackthis log and i'll take a look for you.

Not sure how to do that, here's a log of what I get if it makes sence to you (I've put a space in the URL to stop anyone accidently clicking) :

Time Module Object Name Threat Action User Information
14/12/2006 17:05:23 AMON file C:\DOCUME~1\Jason\LOCALS~1\Temp\2.exe a variant of Win32/PSW.Agent.NBJ trojan quarantined - deleted THUNDERBIRDV\Jason Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
14/12/2006 17:05:17 IMON file h ttp://www.m369m.com/hjm/2.exe a variant of Win32/PSW.Agent.NBJ trojan THUNDERBIRDV\Jason
14/12/2006 17:05:04 AMON file C:\DOCUME~1\Jason\LOCALS~1\Temp\1.exe a variant of Win32/PSW.Agent.NBJ trojan quarantined - deleted THUNDERBIRDV\Jason Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
14/12/2006 17:05:00 IMON file h ttp://www.m369m.com/hjm/1.exe a variant of Win32/PSW.Agent.NBJ trojan THUNDERBIRDV\Jason
14/12/2006 17:02:12 AMON file C:\DOCUME~1\Jason\LOCALS~1\Temp\2.exe a variant of Win32/PSW.Agent.NBJ trojan quarantined - deleted THUNDERBIRDV\Jason Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
14/12/2006 17:02:07 IMON file h ttp://www.m369m.com/hjm/2.exe a variant of Win32/PSW.Agent.NBJ trojan THUNDERBIRDV\Jason
14/12/2006 17:01:48 AMON file C:\DOCUME~1\Jason\LOCALS~1\Temp\1.exe a variant of Win32/PSW.Agent.NBJ trojan quarantined - deleted THUNDERBIRDV\Jason Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
14/12/2006 17:01:44 IMON file h ttp://www.m369m.com/hjm/1.exe a variant of Win32/PSW.Agent.NBJ trojan THUNDERBIRDV\Jason

I tried a scan in safe mode but then no files found, guess that was because I didn't have net access or something...

I dont *** to do a fresh install but if that's what I takes :(
 
Last edited:
Thanks for replies.

I had logged in as Jason not administrator when I ran the scan.

I've done some more research and I've found the problem, it is related to a virus called WANGDLL (sometimes seen a 1.exe, 2.exe, 3,exe).. problem is as yet I haven't found a way to get rid of it..

Jase
 
Jase said:
Thanks for replies.

I had logged in as Jason not administrator when I ran the scan.

I've done some more research and I've found the problem, it is related to a virus called WANGDLL (sometimes seen a 1.exe, 2.exe, 3,exe).. problem is as yet I haven't found a way to get rid of it..

Jase

Hello... earth to Jase... read the link I posted and post a hijackthis log here...
 
:) Here's the Log I just saved, hope it makes some sence to you..


C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jason\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - AppInit_DLLs: KB455373M.LOG
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartGenie (LxrSGe10s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSge10s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 
Ok mate, disable windows system restore and then run hijackthis again and put a tick nin the box next to all the entries I lst and then click the "fix checked" button:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

O20 - AppInit_DLLs: KB455373M.LOG (a google shows up jack *** of a positive nature for this entry, if it was a nice legit entry you would get isntant hits in my opinion).

Superwebsearch is a known pest, and I am presuming you are not using it intentionally as it is considered a BHO (Browser Helper Object) of a pesky nature.

That is all I can see in the log...

Now set google.co.uk as your homepage.

Now run the Kaspersky online scanner here and see if it picks anthing up http://www.kaspersky.com/virusscanner

You now need to download and install SpywareBlaster, update it, and enable all protection... it is the dogs nadgers in my eyes http://www.download.com/SpywareBlaster/3000-8022-10196637.html?part=dl-SpywareBl&subj=dl&tag=button

Let me know if any of that helps... :)
 
Last edited:
Many thanks for that, but unfortunatly I still have the problem.

On the web I've managed to find the exact same thing as I have however the HJT log is different as I don't have the 1.exe, 2.exe etc in my log file however those are the files NOD32 warn me about.. maybe it's because NOD32 are removing them as soon as they are written ?? if this is the case why are they written and what's doing it, and more important how do I stop it !!

Well thanks again..

Jase
 
Looks like I may have missed something when I did that scan (may have run out of disk space or something and it didn't complete).. Anyway did the online scan again and this time it found a few things. A load of Suspicious files that were locked (but guess that may have been system files) but also found files that contained the following :

Infected: Trojan-Downloader.Win32.Delf.auc
Infected: Backdoor.Win32.Hupigon.aqw
Infected: Trojan-Downloader.Win32.Delf.auc
Infected: Trojan-Downloader.VBS.Small.bv
Infected: Trojan-PSW.Win32.QQPass.rw

Unfortunatly in the Action taken by the checker was reported as "skipped". I manually deleted the files from a DOS prompt but the problem is still there.

May have to do a format/fresh install over the weekend and then put Kaspersky or NOD32 from the start :(

Thanks again for the help

Jase
 
Back
Top Bottom