Reading mode: Light Dark

HELP ! - anybody - virus problem

  • Thread starter Thread starter EJN
  • Start date Start date
Go to last post
Leo G said:
Leo G
EJN said:
Kanji said:
Had the same thing happened to my machine. Don't panic, I just did
a Google search for the virus and and found an answer on a forum.
All you have to do is to remove a .exe file in the Windows system
folder I believe it was. I know that it is driving you nuts,but it
was easy to remove.
Click to expand...
Yes - but WHAT .exe ??? that's the big question - I've looked
in Win\System for any 'odd' ones but nothing seems very obvious as
'odd' ...if you follow..
--
EJN
Click to expand...
--
Leo G
C-750 -- Vivitar 550FD -- Vision Optics 0.48x Wide/Macro
Minolta X-700 film -- Tokina 28-70mm -- Gemini 80-205mm



I came, I saw(ed), I left everything beautiful !!

http://www.fototime.com/ftweb/bin/ft.dll/pictures?userid= {C22B84EE-59F9-40C8-B940-0FD2E03568D3}&tio=0
Click to expand...
Leo -

Much appreciate your response and I realise that this thread has got so big that any late-comer can hardly pick up on everything... but I've had and run Spybot MANY MANY times..does nothing, except come up with the usual 5 files known by a popular name I just cannot recall now...but you CANNOT get rid of them and it's an accepted bug IN THE PROGRAM they are hoping to cure sometime. (give no trouble by the way).
As to this one - zilch !

--
EJN
 
stereotaxic said:
wymjym said:
I should warn you however....I have read that those residing in mac
world will not be as safe as they once were.....the nasty little
virus writers have already done the dirty and are starting to
spread their wares.
Click to expand...
There are thousands of viruses for Windows.

Thousands!

The problems you refer to above (two I think?) for the Macintosh OS
X have not affected any users.

I am sorry if I come across as a Mac zealot in this forum. Just
realize I look at the situation much like a person who was born
into a safe country and not one constantly besieged with turmoil.

I thank my lucky stars that I decided to use the Macintosh when I
did and mean no disrespect to my Windows friends.

But I repeat, it is astonishing, that in the presence of an
alternative so many continue to struggle.
Click to expand...
I feel quite touched in a way - the concern that seems to have been expressed for my problem -but it seems overlooked by the thread length that I've got some satisfactory answer from myself sorting out a 'block' in the Registrer and now I just don't know it exists - I'm certainly neither re-instaling NOR buying any new computer !!

As to the Mac suggestion -well I ask you ...does it really sound practical to spend what for my purpose would need to be AT LEAST a $2000 computer just to have Mac on ?? The question must also be asked - if Mac are that wonderful ...I wonder why it is that hardly any big businesses of note use other than PCs/Windows ??? If this was so poor , why do they...because it's more compatible of course with umpteen progs and things that you simply cannot get for Mac...

--
EJN
 
Don Spencer said:
I have to look after about 50 PC's in our office, I've followed
this thread with interest. It would appear you have "something" at
least that has been modified, or altered/replaced with a trigger
that keeps relaunching. Have you tried completely uninstalling and
reinstalling TCP/IP? If something has been changed in your TCP/IP
stack or winsock, what the heck, I'd give it a shot.

--
http://www.pbase.com/galleries/donald_spencer (pbase supporter)
Click to expand...
Don -

I honestly cannot remember if it has been there always - worn my finger out on HiJack I think , so many times, but in the latest I have noted this and in view of YOUR remarks I wondered if you could give me any idea whether this entry is OK ...if I 'Fix' it , it will of course possibly scrub it altogether...not sure if THAT is a good thing!!! want to know what I'm doling first...any thoughts..

O17-HKLM\System\CCS\Services\Tcpip\..\{5C801119-B172-4BA8-931A-22235220A474}:Name Server = 195.92.195.95.195.92.195.94

I cannolt honestly recall this earlier but I've SO many new progs on this last week or so - checkers etc - that it may well just be reference to a genuine one ? , not on, to be logged in HiJack originally ??

--
EJN
 
tsiya said:
http://www.bitdefender.com/bd/site/downloads.php?menu_id=21#

Online scan, works for Me.
--
tsiya
Click to expand...
Of the very many that have been suggested on here..and a lot I already have anyway, this BitDefender I hadn't got or heard of ..so ...as it's a 9Meg prog I thought it seemed good enough...did a d/load, installed and run it.

Hear this ! .. it scanned 347,000 files and took 54 minutes to do it (P4, 3Gig too) ...and came up with ABSOLUTELY ZERO Viruses...NOTHING ... just the same as al others. Crazy !!
--
EJN
 
I've tried so many other suggested progs that the machine was suffering by having TOO many on...so I've just decided to unload both BitDefender (did nothing) and also Zone Alarm...good as it , it hasn't made me feel as though it's worth it...I've got others on and will still stick with those.

But...after taking off ZoneAlarm (the earlier install) that above entry in HiJack has now gone...so it must have been to do with ZA I guess

EJN
EJN said:
Don Spencer said:
I have to look after about 50 PC's in our office, I've followed
this thread with interest. It would appear you have "something" at
least that has been modified, or altered/replaced with a trigger
that keeps relaunching. Have you tried completely uninstalling and
reinstalling TCP/IP? If something has been changed in your TCP/IP
stack or winsock, what the heck, I'd give it a shot.

--
http://www.pbase.com/galleries/donald_spencer (pbase supporter)
Click to expand...
Don -
I honestly cannot remember if it has been there always - worn my
finger out on HiJack I think , so many times, but in the latest I
have noted this and in view of YOUR remarks I wondered if you could
give me any idea whether this entry is OK ...if I 'Fix' it , it
will of course possibly scrub it altogether...not sure if THAT is a
good thing!!! want to know what I'm doling first...any thoughts..

O17-HKLM\System\CCS\Services\Tcpip\..\{5C801119-B172-4BA8-931A-22235220A474}:Name Server = 195.92.195.95.195.92.195.94
I cannolt honestly recall this earlier but I've SO many new progs
on this last week or so - checkers etc - that it may well just be
reference to a genuine one ? , not on, to be logged in HiJack
originally ??

--
EJN
Click to expand...
--
EJN
 
EJN said:
I've tried so many other suggested progs that the machine was
suffering by having TOO many on...so I've just decided to unload
both BitDefender (did nothing) and also Zone Alarm...good as it ,
it hasn't made me feel as though it's worth it...I've got others on
and will still stick with those.
But...after taking off ZoneAlarm (the earlier install) that above
entry in HiJack has now gone...so it must have been to do with ZA I
guess

EJN
Click to expand...
Don -

Just had a break - went off-line then just returned and online again...that O-17 line is there again in HiJack list ..just as it was..so it doesn't seem to have anything to do with my uninstalls. Must note though that this 'thing' of mine does NOT depend on being online (I use Dial-up I have to say) - it appears to happen whether on or off - only shows (or did show) when online...but 'Spy Weeder' reports the 'change of home page' at any time in its screen messages .. although I asked it to do it (revert to Google) without confirmation so I just don't normally see anything , it just does it. In fact since I put my 'blocker' in the Register it says in the message 'Home page changed') but in fact NOW, it doesn't even give a name of the 'new' page as of course it hasn't actually been allowed to do it - so the message for changed name is devoid of a name, but it 'does' or 'tries' to revert it to Google and says so.. dumb as it is, doesn't realise it hasn't in fact been changed .

DON'T tell me to reinstall to clear it it isn't affecting me now (other than being a curse to know something's there) and NO WAY do I want the aggravation for little effect. It just nags me that NOTHING seems to find it or give a clue.

EJN
 
Inigo Montoya said:
..since moving to a Unix base in their OS,
Macs are subject to all kinds of security issues as well, and Apple
seems to be just as (un)responsive as Microsoft in addressing them.
Click to expand...
I would suggest that this is more of a Mac/Unix integration problem than a Unix security issue. Unix/Linux security problems usually get fixed a lot faster than any Microsoft hole.
 
If you have the latest Spy Bot you should be in luck...I also use registry mechanic afterwards to clean up the registry.

If spy bot does not work then maybe the good ol search it out yourself. If worst comes to worst then quarantine it through your antivirus and delete through that.

Good luck!!
EJN said:
UK-Kev said:
I didn't bother reading the whole thread but have you tried

spybot search and destroy from here....

http://www.safer-networking.org/
Click to expand...
Yes - tried many times. Referenced above in the MANY posts too
difficult for anyone to wade through now I realise
--
EJN
Click to expand...
--
http://mantis-illumination.deviantart.com/
 
Mantis_Illumination said:
If spy bot does not work then maybe the good ol search it out
yourself. If worst comes to worst then quarantine it through your
antivirus and delete through that.

Good luck!!
EJN said:
UK-Kev said:
I didn't bother reading the whole thread but have you tried

spybot search and destroy from here....

http://www.safer-networking.org/
Click to expand...
Yes - tried many times. Referenced above in the MANY posts too
difficult for anyone to wade through now I realise
--
EJN
Click to expand...
--
http://mantis-illumination.deviantart.com/
Click to expand...
I've gone online to Spybot and there are no updates on mine - only put on last week.

As to finding it myself - easier said... I've looked at everything I can think of (inspired a bit by HiJack ) but NOTHING I can find seems amiss. NO sign of CoolWeb or anything like that , I've set and blocked 'Home' page and others in the Reg (that is what is now stopping it) but find the darned elusive thing that triggers it ...no way can I get a lead !

--
EJN
 
EJN said:
EJN said:
I've tried so many other suggested progs that the machine was
suffering by having TOO many on...so I've just decided to unload
both BitDefender (did nothing) and also Zone Alarm...good as it ,
it hasn't made me feel as though it's worth it...I've got others on
and will still stick with those.
But...after taking off ZoneAlarm (the earlier install) that above
entry in HiJack has now gone...so it must have been to do with ZA I
guess

EJN
Click to expand...
Click to expand...
That Hijack line that I quoted in a message or so ago - the one that went on one HiJack Scan then came back next time...I now find is the site ref it quotes as MY SERVER DNS. Just cannot recall it in much earlier Scans when this all started so it really doesn't seem to relate to the origin..maybe for some reaon it's just NOW including that DNS , but whether it is OK or not I really don't know. It could be opening the door...or it could be quite OK ...I don't know and really don't feel safe or happy enough to Fix)probably Delete) that .. so ...

EJN
 
wymjym said:
Maybe well all need to go to lenix and then the v-writers will follow.
wj
Click to expand...
Uh, no, because in Linux you have to be logged on as root for the virus code to launch. IOW, that is tantamount to actually installing the virus yourself. And who would want to do that? Any Linux user worth his salt would never, ever be online and logged on as root simultaneously.

This fundamental emphasis on security is what makes Unix/Linux so different.
 
and cookies?

Also change your default home page when you open up your Web Browser.

To do this, Click on START---> Control Panel---> Internet Options. You can then delete temp files and cookies. Then change your default Home Page to your favourite - maybe this forum.

Open your web browser and see if the prob has gone.

Simple but it might work. Has for me and my clients numerous times.

Enekey
EJN said:
Well, guys, if nobody can come up with a solution I really think
this might be the last you hear from me - really ...
About 22 hours ago I foolishly logged onto what I knew was maybe a
dodgy site and in less than 1/2 hour I'd got 7 viruses.
Fortunately, most were of a nature that I sorted them out but right
now I'm plagued incessantly witrh this blasted 'Cool Web Search'
thing ...and CANNOT find a way to rid it - just changes my Home
Page EVERY time , even though I've done all in my power to stop it.
Had for years on my machines - AVG (excellent overall) - Triojan
Remover and Pest Patrol. Funnily , just a few hours before this
episode I d/loaded and setup Ad-Aware6. It found one or two things
but has done NOTHING to sort out the Cool Web Search thing. Got
'HiJackThis' which is a superb thing...it shows immediately the
entries giving this Cool Web page but although I clear them they
just auto return instantly. Got a super prog called CWShredder -
that found at first the 'AboutBlank' entry that had been popped in
, but within the last hour or two I've clearly done something and
CWShredder now tells me I've got a clean machine...which I haven't
of course.
Did NOT have before, Spybot, so d/loaded that this morning. It
found a few things but again done NOTHING to shift Cool Web ...and
in spite of numerous searches in Google , plenty of ideas on
shifting it but none work,.
This is on a two-month old new P4 3Gig laptop, on XP, my latest
pride and joy and have been piling tons of progs on it that I want
to use - NO WAY am I going to re-install to scratch and have to
start over again. Don't really know how to start and I don't know
where I'd find half the progs, keys etc to do that without a month
or more searches.
Frankly I'm just about fed up..spent 22 hours now trying to sort it
, apart from 6 hours restless night, and getting nowhere
I'd rather just give up the Internet if THIS is going to persist -
anyway, I believe that it can in fact open the door to allow
anything in ...so how on earth do I shift it after trying all this ?
Unlocked SysRestore just in case something was in there, nothing,
so I've now lost all my Restores too !!! and still no better off.
No problems in going into the Register but again, try as I may I
cannot find any clue as to WHERE is the kick-off...well, I DO find
the entry in 'Exolorer-Main' key , but that's obviously not where
it's triggered..as I change that but iyt just comes back.
It's thanks or gooodbye mates - I've about had it !

--
EJN
Click to expand...
 
Enekey said:
and cookies?

Also change your default home page when you open up your Web Browser.

To do this, Click on START---> Control Panel---> Internet Options.
You can then delete temp files and cookies. Then change your
default Home Page to your favourite - maybe this forum.

Open your web browser and see if the prob has gone.

Simple but it might work. Has for me and my clients numerous times.

Enekey
Click to expand...
All 'old hat' stuff I'm afraid. Tried that and so many other progs time and time again.

It really needs reading through the many helpful suggestions I've had to get the full story - no simple one is this But I've blocked it 'my way' and my favourite Home page IS Google, which it can no longer access...although it's still lurking. THAT is the problem now - the frustration of not being able to locate just WHERE or WHAT is 'the thing' .. with progs that seem to work for everybody else. Best suggestion from one expert was that it could be a new (varied) strain that has not been common before so far ?

EJN
 
Inigo Montoya said:
Sacrificing a chicken, and/or consulting a voodoo witch doctor?

Just a thought. :-)

Hang in there.
Click to expand...
Honestrly , I've just got a bit immune to it now as I blocked it and it doesn't cause any practical bother - except mentally I'm really annoyed as I've put on , used and checked, about 6 new progs of quality that I never knew about before. NONE have done any more than good old AVG which STILL gives best results...but NOTHING finds a thing ! Crazy isn't it !! Everybody else seems to sail through with simple old CWShredder or such .. I'm fated !!!!
--
EJN
 
You must log in or register to reply here.

Keyboard shortcuts

f
Forum
m
My threads
Mobile site
About
Editorial content
Cameras & Lenses
Community
All content, design, and layout are Copyright © 1998–2025 Digital Photography Review All Rights Reserved.
Reproduction in whole or part in any form or medium without specific written permission is prohibited.
When you use DPReview links to buy products, the site may earn a commission.
©GPS Media - Guides, Products, Services.
Back
Top