| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 55595 | 2005-03-14 20:46:00 | How do I get Rid Of These Nasties | Vern (7592) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 334058 | 2005-03-14 20:46:00 | For the last 5 days when I scanned my computer with Nortons I have 2 items found which it recommends I delete. I do this, but the 2 items remain & I cannot seem to delete them. How do I find where they are to get rid of them please, as Nortons appears unable to do this. They are; C192911B-B98 Adware.Ndot NDNuninstall6 Adware.NDot |
Vern (7592) | ||
| 334059 | 2005-03-14 21:01:00 | Get hijackthis from here www.spywareinfo.com Then make a folder called HJT. Unzip hijackthis into this folder. Do a scan post the log here. |
Speedy Gonzales (78) | ||
| 334060 | 2005-03-14 21:02:00 | Hi, I've found that Nortons is not very good at removing adware. You best option would be to download and install Ad-Aware (www.lavasoft.com/) and Spybot (http:) Once installed, update both and run a scan with each one, one at a time. |
CYaBro (73) | ||
| 334061 | 2005-03-14 21:05:00 | Speedy, Im gonna throw my mouse at ya in a minute :D The idea being to do a HJT scan only after full system service,Otherwise your increasing the workload for no good reason. Get rid of all windows debris. Shutdown unwanted startup programs. Scan with spybot Scan with adawere 6 Then see if the offending objects are removed, You can garentee if Nortons has found 2 files,then there are hundreds of others resident on the machine. |
Metla (12) | ||
| 334062 | 2005-03-14 21:16:00 | Vern, you don't say what OS you have but if you have XP, ME, or any others with the "Restore feature" try turning it off and then running Nortons. | B.M. (505) | ||
| 334063 | 2005-03-14 21:24:00 | Speedy, Im gonna throw my mouse at ya in a minute :D The idea being to do a HJT scan only after full system service,Otherwise your increasing the workload for no good reason . Get rid of all windows debris . Shutdown unwanted startup programs . Scan with spybot Scan with adawere 6 Then see if the offending objects are removed, You can garentee if Nortons has found 2 files,then there are hundreds of others resident on the machine . lol well it maybe worse than u think . Adaware and Spybot are total crap . They take too long for updates, and by the time u do update, its too late ! You may have something already, that the previous updates didnt detect! And as already said, Nortons is just as bad . Altho it DOES detect some spyware, BUT not all . And its Adaware 1 . 05 SE not 6 . 6 is dead :D |
Speedy Gonzales (78) | ||
| 334064 | 2005-03-14 21:34:00 | Worse then i think? Nope, My recomendations are based on it being totally infected, which is why you need to go through the entire process before hitting it with HJT,which only shows a few possible hijacks.If you limit your actions to a HJT log then you can't expect it to be fixed at all. As for adawere 6, old habit, I'll cut off my finger to make amends. extended log. And Adawere and Spybot are excellent programs, but it would be silly to think that they alone are the entire answer.Spybot's toolset are a godsend, giving diect access to many of the issues that HJT scans for,allowing removal before trying to pinpoint nasties in an |
Metla (12) | ||
| 334065 | 2005-03-14 22:29:00 | Adaware and Spybot are total crap . They take too long for updates, and by the time u do update, its too late ! Rubbish . But the best procedure is to prevent these things in the first place . Install a good Firewall and configure it properly . Don't use software with tons of vulnerabilities such as IE and OE and that will cut the problesm by 99% . Unless, of course, you download this crap deliberately . |
pctek (84) | ||
| 334066 | 2005-03-14 22:38:00 | Guys, guys, guys... :rolleyes: This (pressf1.pcworld.co.nz 16) is the link you need - the Spyware, Adware and Virus FAQ. |
FoxyMX (5) | ||
| 334067 | 2005-03-15 03:29:00 | Get hijackthis from here www.spywareinfo.com Then make a folder called HJT. Unzip hijackthis into this folder. Do a scan post the log here. Logfile of HijackThis v1.99.1 Scan saved at 4:21:45 PM, on 15/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\mHotkey.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Error Nuker\bin\ErrorNuker.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Bouncer\bouncer.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\admin\My Documents\Downloads\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtramsn.co.nz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xtramsn.co.nz O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\ycomp5_5_5_0.d ll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\ycomp5_5_5_0.d ll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Program Files\Bouncer\LiveUpdate.exe 110 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ppctlcab - www.pestscan.com O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - www.errornuker.com O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - www.spywarestormer.com O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - 69.44.122.156 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - security.symantec.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD05D5F-7E1D-4C4A-BC35-E9060D60FB25}: NameServer = 210.55.24.8,210.55.24.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9278713-71D1-46C0-956D-26E9EA6CD7DA}: NameServer = 202.27.158.40 202.27.156.72 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
Vern (7592) | ||
| 1 2 | |||||