|
|
|
|
Hi,
Go back and try to run the other scan, can't be too careful and here are other free ones to
try. Seems you managed to catch a rootkit that was just discovered.
Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
----------------------
This may sound strange but you have too many resident spyware programs unless you have turned
resident modes off. Please remove Adaware, Spybot, Spyware Doctor, and SpyBlaster by checking
on their site for removal tools and special instructions. You can also use the Revo Uninstaller. Later
you can reinstall these as needed however I would stop their resident modes - i.e. for SpyBot you
disable TeaTimer in its settings and STOP the SBSD Service and set it to MANUAL - then you can use
it as an on-demand scanner. Too many resident programs actually interfere with each other and can
cause strange issues to show up. Be sure to uninstall fully as remnants also cause bizarre happenings.
I would also ditch Advanced System Care if you continue with AVG, you should not have more than
one resident antivirus programs on the machine and most have remnants even when not in use.
Be sure to look for removal instructions and/or use Revo.
Ever had any other antivirus - security products on machine like Norton, McAfee and others? If so
we need to make sure their remnants are gone.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
SpyDLL Remover - Free
http://securityxploded.com/spydllremover.php
Advanced Windows Service Manager
http://securityxploded.com/winservicemanager.php
Run Rootkit Revealer - Free
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
UnHackme - trial
http://www.greatis.com/unhackme/
This tells you how to use UnHackme and has a link to version 2.5 - use it as a guideline and
the current version available as above is 5.99+
http://www.oit.umn.edu/safe-computing/topics/rootkits/
IceSword - Free
http://www.antirootkit.com/software/IceSword.htm
Instructions and Pictorial
http://securityxploded.com/icesword.php
Tutorial for using IceSword
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://soft.zol.com.cn/2004/0803/145163.shtml&prev=/search%3Fq%3Dicesword%26hl%3Den%26lr%3D
Revo Uninstaller - Free
http://www.revouninstaller.com/revo_uninstaller_free_download.html
You need to run SFC and CheckDisk to clean up if you can.
Hope this helps.
Rob - Bicycle - Mark Twain said it right.
I would scan with Malwarebytes and add Prevx to be sure it is gone.
Malwarebytes - free - use as scanner only. If you ever suspect malware, and that would be unusual with
Malwarebytes - free
http://www.malwarebytes.org/products/malwarebytes_free
SuperAntiSpyware Portable Scanner - Free
http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp?prevx=Y <-- download
PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Try the trial version of Hitman Pro :
Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro
--------------------------------------------------------
If needed here are some online free scanners to help
http://www.eset.com/onlinescan/
-----------------------------------
Original version is now replaced by the Microsoft Safety Scanner
http://onecare.live.com/site/en-us/default.htm
Microsoft Safety Scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx
----------------------------------
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------------------------------
Also do these to cleanup general corruption.
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
Hope this helps.
Avast and Prevx have proven extremely reliable and compatible with everything I have thrown at them.
Avast Home Free - stop any shields you do not need except leave Standard, Wed, and Network running.
Prevx - Home - Free
Windows Firewall
Windows Defender
IE - Protected Mode
IE 8 - SmartScreen Filter ON (IE 7 Phishing Filter)
I also have IE to always start with InPrivate Filter active if IE 8.
(You occasionally have to turn it temporarily off with the little Icon on LEFT of the + bottom right of IE)
Avast - Home - Free - stop any shields you do not need except leave Standard, Web, and Network running.
(Double Click Blue icon - details next to OK. - upper left Shields - Terminate those you do not use.)
http://www.avast.com/eng/avast_4_home.html
Prevx - Home - Free small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/
PCmag - Prevx - Editor'a Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Also get Malwarebytes - free - use as scanner only. If you ever suspect malware, and that would be unsual with
Avast and Prevx running except for an occasional low level cookie (no big deal), UPDATE it and then run it as
a scanner. I have many scanners and they never find anything of note since I started using this setup.
I would scan with Malwarebytes and add Prevx to be sure it is gone.
Malwarebytes - free - use as scanner only. If you ever suspect malware, and that would be unusual with
Avast and Prevx running except for an occasional low level cookie (no big deal), UPDATE it and then run it as
a scanner. I have many scanners and they never find anything of note since I started using this setup.
http://www.malwarebytes.org/
Prevx - Home - Free small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/
!!!!!!!!Prevx found the following 4 items:
1. ROOTKIT kbiwkmyumwxbev.dll in c:\windows\system32
2. THREAT kbiwkmbcqssiwm.dll in c:\windows\system32
3. ROOKIT kbiwkmvarocvpo.sys in c:\windows\system32\drivers
4. Threat \REGISTRY\Machine\system\ControlSet001\Services\kbiwkkmiddqrvnu
Could these be the culprits?
PCmag - Prevx - Editor'a Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Here are some online free scanners to help
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
--------------------------------------------------------------------
Also do these to cleanup general corruption.
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
I Will try both the ESET and Kaspersky scans as well, and let you know the results if they are different. Now how do I remove these pests?Thank you again for your time-Zaphod
Hi,
Go back and try to run the other scan, can't be too careful and here are other free ones to
try. Seems you managed to catch a rootkit that was just discovered.
Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
----------------------
This may sound strange but you have too many resident spyware programs unless you have turned
resident modes off. Please remove Adaware, Spybot, Spyware Doctor, and SpyBlaster by checking
on their site for removal tools and special instructions. You can also use the Revo Uninstaller. Later
you can reinstall these as needed however I would stop their resident modes - i.e. for SpyBot you
disable TeaTimer in its settings and STOP the SBSD Service and set it to MANUAL - then you can use
it as an on-demand scanner. Too many resident programs actually interfere with each other and can
cause strange issues to show up. Be sure to uninstall fully as remnants also cause bizarre happenings.
I would also ditch Advanced System Care if you continue with AVG, you should not have more than
one resident antivirus programs on the machine and most have remnants even when not in use.
Be sure to look for removal instructions and/or use Revo.
Ever had any other antivirus - security products on machine like Norton, McAfee and others? If so
we need to make sure their remnants are gone.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
SpyDLL Remover - Free
http://securityxploded.com/spydllremover.php
Advanced Windows Service Manager
http://securityxploded.com/winservicemanager.php
Run Rootkit Revealer - Free
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
UnHackme - trial
http://www.greatis.com/unhackme/
This tells you how to use UnHackme and has a link to version 2.5 - use it as a guideline and
the current version available as above is 5.99+
http://www.oit.umn.edu/safe-computing/topics/rootkits/
IceSword - Free
http://www.antirootkit.com/software/IceSword.htm
Instructions and Pictorial
http://securityxploded.com/icesword.php
Tutorial for using IceSword
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://soft.zol.com.cn/2004/0803/145163.shtml&prev=/search%3Fq%3Dicesword%26hl%3Den%26lr%3D
Revo Uninstaller - Free
http://www.revouninstaller.com/revo_uninstaller_free_download.html
You need to run SFC and CheckDisk to clean up if you can.
Hope this helps.
Rob - Bicycle - Mark Twain said it right.
Enter the thread ID of the thread you are merging into
To report abuse, sign in or continue without signing in
Thank you.
|
|
|
Don't have one of the above accounts?
