Jump to content

Slava12

Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by Slava12

  1. OK, I can buy Malwarebyrtes and have areal-time protection. But, is it advisable to keep Malwarebytes and Norton 360 on the same PC? What about the conflict between two programs?
  2. Thank you! MBAM doesn't have a Real time protection for me, I am using free version. But, Norton 360 -got it busted, Blocked Rogue Antivirus! I already e-mailed Microsoft secure@ microsoft.com, but I don't know whether they will reply.
  3. Intrusion attempt by localhost was blocked Application Path\DEVICE\HARDDISKVOLUME3\PROGRAMFILES(X86)\MOZILLAFIREFOX\FIREFOX.EXE Attacker
  4. Here's the name of picture from google.com image: Estelle Parsons 369 x 594 - 47k - jpg tourdevietnam.com Find similar images Below results of my Norton 360 Scan: Category: Intrusion Prevention Date & Time,Severity,Activity,Status,Recommended Action,Risk Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description,Category 3/8/2010 9:22 AM,High,"An intrusion attempt by localhost was blocked. Application path <path>\DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,HTTP Fake Antivirus Install Request 4,"localhost (127.0.0.1, 49191)",93.186.127.201/hitin.php?land=20&affid=95202,"localhost (127.0.0.1, 50398)",127.0.0.1 (127.0.0.1),"TCP, Port 49191", 3/8/2010 8:47 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,,Intrusion Prevention 3/8/2010 8:47 AM,Info,Intrusion Prevention is monitoring 1535 signatures. Driver version: 9.1.2.5,Detected,No Action Required,,,,,,,Intrusion Prevention 3/8/2010 8:47 AM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20100224.002,Detected,No Action Required,,,,,,,Intrusion Prevention Intrusion attempt by localhost was blocked Application Path\DEVICE\HARDDISKVOLUME3\PROGRAMFILES(X68)\MOZILLAFIREFOX\FIREFOX.EXE Attacker URL: 93.186.127.201/hitin.php?land=20&affid=95202 Traffic Description: TCP Port 49191 Risk Name: HTTP Fake Antivirus Install Request 4
  5. Greetings, I was browsing through google for my favorite actress now I clicked on this site tourdevietnam.com and I got message prompted that my machine wants to install Antivirus program. I trminated firefox using Task manager, I didn't click yes or no on the Firefox window. I scanned my PC with Norton 360 and malwareBytes, that rogue antivirus hasn't been installed. Here's the link hxxp://images.google.com/images?um=1&h...=84&ndsp=21 properties of the picture hxxp://t0.gstatic.com/images?q=tbn:lckYsmB...EzDffQDJv8l.jpg There's a picture of Estelle Parsons, there's a photo of Jim parsons, where the rogue antivirus message prompts to install. Is there a way to report this site on the internet, so they can shot it down? Thanks
  6. Thank you so much!!!!! Since my PC is a new one, Bought it this january 2010, I will hold to your instructions for now. Will definitely apply the softwares you mentioned when I see that my PC goes a little kuku.:-) Since, I heard about these programs on a radio show, I wanted to ask experts, such as you, whether you have used such programs (e.g reliability and validity)!
  7. Greetings! Well, I don't know where to post my question , which is related to security of flashdrive (USB Drive) and PC Pitstop Optimize. Now, I don't know if heard about Kim Komando radio show? Its all about latest gadgets and electronics. She recommends to install this program , so it disables autoran, pereventing flashdrive, CD D drive from malwares-Panda USB Vaccine http://research.pandasecurity.com/panda-us...utorun-vaccine/ and another one is PC Pitstop Optimize, http://pcpitstop.com/store/optimize3_kimwhy.asp?which supposed to get rid off unnecessary files, registries, and clean up mess from Microsoft latest updates installation. Would you recommend to install these two programs? I have Windows 7. 64x PC. I Have NORTON 360 Installed on my PC. Will this Panda additional antivirus interfere with Norton? Thanking you in advance!
  8. I had some guts to delete quarantined items from NORTON and MBAM. MCAfee Antiphishing BHO--MCAfee came pre-installed on my PC 30 days trial. The store Easy Tech support got remotely hold of my PC , and uninstalled McAfee, and Installed NORTON 360-- 1 years subscription. PC is ok, I guess! NORTON 360: Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name 2/6/2010 7:08 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.06.021,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 2/1/2010 10:21 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.033,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 2/1/2010 4:28 PM,High,Trojan.ByteVerify detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.009,,Trojan.ByteVerify,Virus,Compressed File,Fully removed, 2/1/2010 4:28 PM,High,Trojan.ByteVerify detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.009,,Trojan.ByteVerify,Virus,Compressed File,Fully removed, 2/1/2010 3:54 PM,High,Auto-Protect has detected Bloodhound.Exploit.193,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.02.01.009,,,Heuristic Virus,,,c:\users\slava\appdata\local\mozilla\firefox\profiles\mjudkvtg.default\cache\ff4c325ad01 1/30/2010 7:45 PM,High,Auto-Protect has detected Bloodhound.Exploit.193,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.01.30.021,,,Heuristic Virus,,,c:\users\slava\appdata\local\mozilla\firefox\profiles\mjudkvtg.default\cache\5cb20798d01 1/15/2010 10:46 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.15.019,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/13/2010 8:02 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.13.009,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/12/2010 11:20 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.12.005,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/11/2010 10:26 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.11.003,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/9/2010 5:22 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.08.055,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/8/2010 8:29 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.08.002,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/7/2010 4:54 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.07.006,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/7/2010 4:15 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.07.006,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/7/2010 4:13 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.07.006,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:37:26 PM, on 2/7/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe C:\Program Files (x86)\Digital Line Detect\DLG.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Orbitdownloader\orbitdm.exe C:\Program Files (x86)\Orbitdownloader\orbitnet.exe C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\downloads\hijackthis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\vdeck.exe O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10094 bytes and now---beautiful MBAM reports: Malwarebytes' Anti-Malware 1.44 Database version: 3713 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/9/2010 10:41:34 AM mbam-log-2010-02-09 (10-41-30).txt Scan type: Quick Scan Objects scanned: 100038 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. I read all about the removal tools and what to do, and I am still confused. I have Norton 360 Antivirus 3.0 and I have 2 viruses in quarantine.(Trojan . Byte and Blood Hound. Exploit 193). When I go to a History of scans, I see the items under quarantine, but there's no option of deleting. I went like this:1. Opened Norton 2, Clicked on task, 3. See monthly report 4. click Under Viruses and spyware (they are under Resolved security risk) Security History. 5 Highlight quarantined item. 6. I also view quarantined item in the box of Security history, On the right side I have 3 choices: 1.More Details, 2.add to quarantine. 3. Clear entries. More details has these:Restore, remove from history, and submit to Symantec. That's all. CLEAR Entries-only clears entry from the view, i t doesn't really delete the item, I think Here's the scan of Norton: Category: Resolved Security Risks Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name 2/6/2010 7:08 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.06.021,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 2/1/2010 10:21 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.033,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 2/1/2010 4:28 PM,High,Trojan.ByteVerify detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.009,,Trojan.ByteVerify,Virus,Compressed File,Fully removed, 2/1/2010 4:28 PM,High,Trojan.ByteVerify detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.02.01.009,,Trojan.ByteVerify,Virus,Compressed File,Fully removed, 2/1/2010 3:54 PM,High,Auto-Protect has detected Bloodhound.Exploit.193,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.02.01.009,,,Heuristic Virus,,,c:\users\slava\appdata\local\mozilla\firefox\profiles\mjudkvtg.default\cache\ff4c325ad01 1/30/2010 7:45 PM,High,Auto-Protect has detected Bloodhound.Exploit.193,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.01.30.021,,,Heuristic Virus,,,c:\users\slava\appdata\local\mozilla\firefox\profiles\mjudkvtg.default\cache\5cb20798d01 1/15/2010 10:46 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.15.019,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/13/2010 8:02 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.13.009,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/12/2010 11:20 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.12.005,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/11/2010 10:26 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.11.003,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/9/2010 5:22 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.08.055,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/8/2010 8:29 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.08.002,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/7/2010 4:54 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.07.006,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/7/2010 4:15 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.07.006,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, 1/7/2010 4:13 PM,Low,Tracking Cookie detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.01.07.006,109.2.3.12,Tracking Cookie,Cookie,File Based,Fully removed, slava37 is online now Add to slava37's Reputation Report Post
  10. Greetings! Well, here I am again with these new fresh, nasty things. It stays in my Quarantined list of malwarebytes. What do I do with them? Although scans says quarantined and deleted. it is shown on my Quarantine list. Were they already deleted or I have to delete them? Malwarebytes' Anti-Malware 1.44 Database version: 3695 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/6/2010 4:21:54 PM mbam-log-2010-02-06 (16-21-54).txt Scan type: Quick Scan Objects scanned: 99898 Time elapsed: 2 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Not selected for removal. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
  11. Thanks!! still got one little question!!! Since, I have uninstalled BitSpirit, and it is not shows on any scan, and the second entry I had MBAM as a False positive, do i really need to do Restore point? Nope, system restore isn't exactly works per direcrtion as for Vista, but I kind of figured out where to do it on my PC. Thanks
  12. So, then I guess I shouldn't use a restore point for now! Thank you so much for a direction re: Restore point!!!!!!!!
  13. One more question! Do I need to make a Restore point? Some of the malware I picked up could have been saved in System Restore. Since this is a protected directory my tools cannot access to delete these files, they sometimes can reinfect a system if I accidentally use an old restore point. Setting a new restore point AFTER cleaning my system will help prevent this and enable my computer to "roll-back" to a clean working state. What do you think?
  14. One more question! Do I need to create a Restore point on my PC, to prevent from infection, if so, how? Thanks
  15. I am also having the same problem on my windows 7, 64 bit PC. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. What do I do with it, should I delete it , ignore it? To be precise, here the complete scan: Malwarebytes' Anti-Malware 1.44 Database version: 3681 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/2/2010 7:22:16 PM mbam-log-2010-02-02 (19-22-13).txt Scan type: Full Scan (C:\|) Objects scanned: 196047 Time elapsed: 20 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  16. What about this entry? Is this a False Positive? Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
  17. I have scanned my PC with MalwareBytes Antimalware. It found this:Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good Norton 360 technical support confirmed that it is a False Positive. I put this item on MalwareBytes 'ignore list' part of the program interface. There are two buttons: "remove" and "remove all", part of Ignore interface. Just to be sure, does that take the items off of the ignore list and still leave them on the computer, or does it remove the items from the computer? I just want to make sure because I really, really don't want to mess anything up on my system. I am 99.9% sure it's a false positive report, so I would like to keep the items there. Hello I am new here! I have scanned my PC with MalwareBytes Antimalware. It found this:Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good Norton 360 confirmed that it is a False Positive. I put this item on MalwareBytes 'ignore list' part of the program interface. There are two buttons: "remove" and "remove all", part of Ignore interface. Just to be sure, does that take the items off of the ignore list and still leave them on the computer, or does it remove the items from the computer? I just want to make sure because I really, really don't want to mess anything up on my system. I am 99.9% sure it's a false positive report, so I would like to keep the items there. This should be fixed .
  18. Greetings everyone! I am new here! Well, I have windows 7, x 64, Dell Computer with Norton 360 installed and actively working. I don't see anything wrong with my PC. However, I decided to run MalwareBytes antimalware program, just in case. I just scanned my PC with malwareBytes antimalware, and it has found Pup.Bitspirit and Hijack properties. Now, I do have BitSpirit legitimate one installed on my PC as a Torrent downloader. Norton 360 hasn't detected anything. MalwareBytes found these, which I posted below. Please help! Do I delete these two items? What's my next step?Please see below: Malwarebytes' Anti-Malware 1.44 Database version: 3674 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/1/2010 5:12:14 PM mbam-log-2010-02-01 (17-12-08).txt Scan type: Quick Scan Objects scanned: 98827 Time elapsed: 1 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.