Greetings, jetdrvr!
Unfortunately, your computer has been infested by a nasty Trojan virus
called Scrambler. This Trojan is most commonly spread by attachments
sent via e-mail and IRC (Internet Relay Chat) programs such as MSN
Messenger and AOL Messenger.
You can read a little bit about it at Boston University's website:
http://www.bu.edu/computing/virus/scrambler.html
Please download, install, and run the following free utilities:
Spybot Search & Destroy
http://security.kolla.de/index.php?lang=en&page=download
AdAware
http://www.lavasoft.de/support/download
*** IMPORTANT ***
The first time you run them, or if you already have Spybot and/or
AdAware installed on your PC, be sure to download the latest updates
first **each time you run them**.
*****************
Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.
You don't say what AntiVirus program you are running. You will want to
be sure to get the latest detection updates for your AntiVirus program
by running your system's LiveUpdate process.
In addition, here are instructions for making sure you've eradicated
the virus from your system:
If you've got Norton AntiVirus:
http://www.symantec.com/avcenter/venc/data/w32.hllp.scrambler.html
If you've got McAfee AntiVirus:
http://vil.nai.com/vil/content/v_98665.htm
Scrambler is an old virus (circa 2000), and I'd say it's pretty likely
that your operating system needs to have some security patches
applied. Go to the following site and download and install any
critical updates which it may say that you need:
http://v4.windowsupdate.microsoft.com/en/default.asp
It's VERY important to continue to check with Microsoft periodically
and make sure that you have installed any new security-related patches
that have been released.
Before Rating my Answer, if you have any Questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.
Please let me know whether you are able to resolve your problem, or
whether you need more assistance.
I hope that this Answer provides exactly the information you were seeking!
Regards,
aceresearcher |
Request for Answer Clarification by
jetdrvr-ga
on
08 Jul 2004 20:12 PDT
Thanks for the help. I had Spybot and downloaded Ad-aware. Neither
detected the target files.
I also have a current version of Norton Anti Virus, updated through
today. This does not detect W32.HLLP. Scrambler or VBS.scrambler on
the machine.
I have all Windows patches and updates installed through yesterday.
Norton's page on W32.HLLP says the virus occupies 72,800 bytes. My
scrambler.sys file contains 151,552 bytes.
I have AntiKeylogger installed. This program occasionally fails to
load at startup. Prior to reinstalling it, I checked Security Task
Manager for running processes and scrambler.sys is not listed. After
reinstalling Anti-Keylogger, it is then listed. This occurs each time
I find it necessary to reinstall the keylogger. Is it possible that
scrambler.sys is a process of Anti-Keylogger instead of a trojan?
Many thanks for your information.
Fred Moore
Miami
|
Clarification of Answer by
aceresearcher-ga
on
08 Jul 2004 21:17 PDT
Fred,
It's possible that scrambler.sys is part of Anti-Keylogger, though I
would highly doubt it.
I have a minor in French, so I took a look at the pages which refer to
"scrambler.sys" (you can see the version at the time of Google's
indexing by clicking on "Cached":
://www.google.com/search?q=%22scrambler.sys%22
The posts on these pages are quite recent (the end of June); they call
scrambler.sys part of a virus, and the person having the problem
reports that AdAware 6.0 with the latest detection update will resolve
the problem.
Before you ran AdAware and Spybot, did you make sure that you have the
latest versions plus the latest updates?
Start up AdAware. In the bottom right-hand corner, it should say
"AdAware 6.0 Personal, Build 6.181". Up above, under "Initialization
Status", it should say "Reference file 01R331 08.07.2004 loaded". If
your settings for either of these do not match, click "Check for
updates now". Once the update has completed, if one or both of these
still doesn't match the settings I listed, you may need to uninstall
AdAware, and then download and install the latest version from
http://www.lavasoft.de/support/download
Once that's installed, be sure to click "Check for updates now" to get
the latest reference files.
Once you have the latest Build and Reference file, try running AdAware
again and remove any recommended items.
Then, start up Spybot Search & Destroy. Pull down the "Help" menu and
select "About". You should see
Spybot Search & Destroy 1.3
Latest detection update: 2004-06-23.
If your settings for either of these do not match, click the "Update"
icon menu on the left-hand side of the screen, and then click on
"Search for Updates" near the top of the page. You'll need to exit
Spybot and restart it to check the "About" information page. If this
doesn't work, you may need to uninstall Spybot, and then download and
install the latest version from
http://www.safer-networking.org/index.php?page=mirrors
Once you have the latest Version and Detection Update, try running
Spybot again and remove the recommended items.
*** IMPORTANT ***
Each time you run Spybot and/or AdAware, be sure to download the
latest updates first!
*****************
Then shut down your computer and restart.
Once you've done those, download and run CoolWebShredder (scroll down):
http://www.spywareinfo.com/~merijn/downloads.html
When you start up CoolWebShredder, it should say Version 1.59.1 .
Then shut down your computer and restart.
Once you've done that, download and run HijackThis!, and post your
scan log here. We'll go from there.
http://www.spywareinfo.com/~merijn/downloads.html
ace
|
Request for Answer Clarification by
jetdrvr-ga
on
09 Jul 2004 02:10 PDT
Ace...
Did as instructed. All program updates are installed and run.
While you were working on this, I did a complete uninstall on
Anti-Keylogger and rebooted. I then ran Safety Task Manager and
scrambler.sys was not listed as a running process.
I then checked the driver directory and the file was gone.
I then reinstalled Anti-Keylogger, performed the same checks, and
there she was. scrambler.sys is back in the driver directory and
shows as a running process on Safety Task Manager. This leads me to
believe that it is part of the Anti-Keylogger.
Here's the log:
Logfile of HijackThis v1.98.0
Scan saved at 4:53:50 AM, on 7/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG.001\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Anti-Keylogger 5.0] C:\Program Files\Anti-Keylogger\ak5_load.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp
center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp
center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA}
- C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser -
{17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
- c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight
Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
I really appreciate your efforts.
Fred
|
Request for Answer Clarification by
jetdrvr-ga
on
09 Jul 2004 12:32 PDT
Ace,
I just got an answer from Anti-Keylogger tech support, finally, after
three days. Scrambler.sys *is* a part of Anti-Keylogger. Thanks for
all the help. You get five stars.
Best,
Fred
|
Clarification of Answer by
aceresearcher-ga
on
09 Jul 2004 14:42 PDT
It looks to me as though your system is clean, although you may want
to consider using HijackThis! to remove the following optional items
if you don't use them frequently:
Microsoft Money Quick Launch Toolbar
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
- c:\Program Files\Microsoft Money\System\mnyviewer.dll
Windows Media Player
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
Norton Antivirus
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton Antivirus\NavShExt.dll
(I don't have either of the above 2 items in my setup, and my Media
Player and Norton AntiVirus work just fine.)
S3 Video card display configuration taskbar utility for S3 chipset
based graphics cards (can be run from the Control Panel "Display"
section if needed)
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
Ditto, for Intel 81x graphics chipset
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
Quick Time spyware (not necessary)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
Only needed if you use the special programmed keys on your HP keyboard
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
HP Printer Toolbox
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
MSN Messenger
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
HP Instant Support
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
User Interface for HP Center (a.k.a. HP's spyware)
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp
center\137903\Shadow\ShadowBar.exe
Automatically detects an internet connection and downloads any
available HP driver updates (I'd disable this, but if you do, you'll
need to remember to check for driver updates at the HP site a couple
of times a year)
O4 - Global Startup: hp center.lnk = C:\Program Files\hp
center\137903\Program\BackWeb-137903.exe
MS Office resource hogs which does not substantially improve searching
for files or starting programs on your system
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
MarketBrowser - get rid of if you don't use this often
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA}
- C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser -
{17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
Something else to consider is this:
If you use HP's Search function, you are probably getting results that
have been manipulated to give priority to websites which have paid for
higher placement. It's also possible that some of the HP programs
contain spyware (as alleged by various postings on the Internet). If
you want to get rid of HP's search, try removing:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://srch-us4.hpwis.com/
If you decide to remove any of these, afterwards shut down and restart
your computer; then please run and post a fresh version of your
HijackThis! log.
|
Request for Answer Clarification by
jetdrvr-ga
on
09 Jul 2004 21:16 PDT
Ace...
I deleted the files you indicated. Here's the current log after reboot.
You're doing a lot of work for twenty bucks. Wish I was rich but I'm
on disability and this computer is my lifeline. I'm sick of getting
attacked constantly, but I guess that's the way things are these days.
Logfile of HijackThis v1.98.0
Scan saved at 11:36:19 PM, on 7/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Documents and Settings\Owner.YOUR-W92P4BHLZG.001\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Anti-Keylogger 5.0] C:\Program Files\Anti-Keylogger\ak5_load.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp
center\137903\Shadow\ShadowBar.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight
Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Best,
Fred
|
Clarification of Answer by
aceresearcher-ga
on
10 Jul 2004 12:20 PDT
Fred,
It looks to me as though we've gotten most of the superfluous stuff
off of the list, so your system should hopefully be starting up faster
as well as processing a little faster.
I see that some of the HP stuff has come back; it's not terribly
malignant, just things you don't need using some system resources. I
don't want to attack the HP stuff any further though, because while my
research indicates that your system should work fine without them
running, there is a possibility we could cause problems with your
other HP functions if we insist on removing them.
Even if you know these things already, I'd like to give you a list of
"risky" activities associated with infection by adware, spyware,
Trojans, and viruses:
- not running behind a Firewall, such as Zone Alarm
- not running with a good AntiVirus program, such as Norton or McAfee
- not running the AntiVirus LiveUpdate once a week
- not periodically checking Microsoft's site for Critical Security
Updates for Windows
- opening an attachment to e-mails -- even from people you know -- if
you aren't expecting it without checking with the sender first
- setting Outlook's e-mail to preview e-mails (malicious scripts can
take advantage of this)
- opening Spam (these can contain blank hyperlinked gifs or scripts
which tip off the sender that your e-mail address is a valid one)
- not setting your Firewall to block pop-up ads
- clicking on pop-ups (never answer yes or no to a pop-up ad; close it
by going to the toolbar along the bottom of your screen,
right-clicking on the button for that window, and selecting "Close".
- clicking "Yes" or "No" on any dialog box which pops up without first
reading the dialog carefully
- surfing porn sites
- downloading any "helpful" programs such as calendars, download
"accelerators", programs to manage bookmarks/Favorites, any kind of
search toolbar other than Google Toolbar, etc., without first Googling
on the program name + spyware to see if it contains malware, for
example:
Gator spyware
://www.google.com/search?q=Gator+spyware
If you engage in an of these risky activities (and sometimes you have
to), you should probably run both AdAware and Spybot at least once a
week; if not, once or twice a month (make sure to check for updates
first).
Best Wishes!
ace
|
Request for Answer Clarification by
jetdrvr-ga
on
10 Jul 2004 19:45 PDT
ace...
|
Request for Answer Clarification by
jetdrvr-ga
on
10 Jul 2004 19:52 PDT
ace...
I've been running Zapro for years, although the current update locks
up every computer it's been installed on, so I'm running 4.5xxx. I
update my Norton definitions daily, check for Windows updates daily,
and run Spybot and Adaware daily.
I've been under attack since April and am aware of the other cautions
you mentioned, such as not opening attachments and the others.
Thanks for all your help. I spent 80 bucks with HP's tech people and
got nothing. Norton told me to reformat. They couldn't even come up
with what you did.
I sent AntiKeylogger a nastygram about naming one of their files the
same as a virus. Stupid, or unaware, to say the least.
Glad to know there are people like you out there to assist in
emergencies. My thanks again.
Best,
Fred
|
Clarification of Answer by
aceresearcher-ga
on
13 Jul 2004 10:34 PDT
Fred,
I'm *so* glad that you feel that I was able to help you. It sounds
like you are doing all the right things.
Anytime you have a question about what a specific program does, a good
place to start is at AnswersThatWorks' tasklist:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
and a Google on
"progname.ext" spyware
://www.google.com/search?q=%22progname.ext%22+spyware
OR
progname spyware
://www.google.com/search?q=progname+spyware
is often helpful.
Best wishes for a system that runs quickly and smoothly!
ace
|
,
0 Comments
)