New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Prime Choice
· TechTV!
· Head Lines
· CCSP News Ltrs
· Dnld of the Week!
· Find a Cure!

· Ian T's (AR 16)
· Marcia's (QA1)
· Bill G's (CO3)
· Paul's (AR 5)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· Recommend Us
· RegChat
· Reviews
· Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
Which Anti-Virus product do you use?

Computer Associates
Eset (NOD32)
F-Secure
Frisk (F-Prot)
Grisoft (AVG)
Kaspersky
Network Associates (McAfee)
Panda
Sophos
Symantec (NAV)
Trend Micro
Other



Results
Polls

Votes: 15011
Comments: 124
image
Donations
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
Hosted By
Computer Cops is a satisfied customer of [ JaguarPC ]
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

HELP!!Getting worms/Trojans/viruses, etc. DESPITE McAfee!!!!

 
Post new topic   Reply to topic       Computer Cops Forum Index -> Viruses, Worms, Trojans Oh My
View previous topic :: View next topic  
Author Message
mbvetnet

Cadet
Cadet



Joined: Apr 02, 2004
Posts: 6
Location: USA

PostPosted: Sat Apr 03, 2004 3:31 pm    Post subject: HELP!!Getting worms/Trojans/viruses, etc. DESPITE McAfee!!!!
Reply with quote

I have McAfee virus scan (although, apparently I was only given it for a trial period) and it only runs when I tell it to or at scheduled times. I have been getting worms and Trojans after visiting random websites WITHOUT downloading anything from them. I downloaded “HijackThis” as a tool to help get rid of these programs and I’ve deleted everything I know to be a Trojan, worm, or virus. It gives me a log file and there may be more I can delete, but since I’m not sure what is bad and what is not… I have left them alone. I also do my best to never open unknown emails. But… I keep getting junk! Recommendations? I’ve now got a problem where when I open Internet Explorer, I get porn sites!!!! When I close the site it opens others! I tried to change the IE properties to change the Home Page to www.yahoo.com, but it won’t allow me to change it. (It’s in gray.) I went into HijackThis and deleted what I thought was the setting to start my IE with the porn page. I opened IE and it opened to “about:blank,” but when I went to set my homepage it still won't allow me to do it!! I used McAfee Scan and it didn’t pick up any problems (that was before I did the HijackThis). I can hardly ever use the internet without getting junk dropped onto my computer!!!!! I’m going crazy!!!!! Can you help me or direct me to someone who can?
Back to top
View users profile Send private message
illukka

1st Responder
1st Responder



Joined: Feb 27, 2004
Posts: 275
Location: Finland

PostPosted: Sun Apr 04, 2004 8:18 am    Post subject:
Reply with quote

post your hijackthis log here. remember that you should never attempt to fix anything with hjt unless you really know what you're doing...it's a powerful tool and misusing it can seriously mess up your system..
Back to top
View users profile Send private message
mbvetnet

Cadet
Cadet



Joined: Apr 02, 2004
Posts: 6
Location: USA

PostPosted: Sun Apr 04, 2004 10:15 pm    Post subject:
Reply with quote

I only attempted to clean up house myself becuase I needed to access the internet and there was no one around to help me. I only erased what I knew was not part of a real program, etc. As for posting my HijackThis log... is it safe to do in a public forum? Will it identify anything about me, etc?
Back to top
View users profile Send private message
mbvetnet

Cadet
Cadet



Joined: Apr 02, 2004
Posts: 6
Location: USA

PostPosted: Sun Apr 04, 2004 11:02 pm    Post subject:
Reply with quote

Ok... I was finally able to find a system restore point that would actually work!!!!! I've got my Internet Explorer working correctly again, but I would love to go over my HijackThis file (if it is safe to post) and see what else could be purged. Also, why is it that McAfee Virus Scan is not picking up these worms/Trojans/viruses?
Back to top
View users profile Send private message
illukka

1st Responder
1st Responder



Joined: Feb 27, 2004
Posts: 275
Location: Finland

PostPosted: Mon Apr 05, 2004 12:49 am    Post subject:
Reply with quote

you can edit your hjt log to not show any idenfiable information( your name ip addy etc), it's just a txt file
i can't really say anythign about mcafee not being able to identify, as long as i don't see a log.
one reason is that those could have been more like spyware items than actual viruses.

about system restore: clear all restore points except the one that is good, malware often hides in system restore--it is restored along with anything else.
Back to top
View users profile Send private message
mbvetnet

Cadet
Cadet



Joined: Apr 02, 2004
Posts: 6
Location: USA

PostPosted: Mon Apr 05, 2004 1:54 am    Post subject:
Reply with quote

I don't know how to delete restore points. Unfortunately, when I wanted to restore to a point BEFORE any malware infiltrated my computer, it wouldn't let me. I restored it to a point between infections. I don't know why it wouldn't restore to where I wanted it to. Many restore points I tried didn't work. I will actually create a new restore point again soon... anew "healthy" point. Anyway, I'm not sure what kind of data may be personal in my log file. Would any of the numeric values I see be addresses to anything personal? ...Note I'm asking a complete stranger... for all I know I could be getting hacked again for using this site! Confused (I'm hoping it's regulated or something.)
Back to top
View users profile Send private message
illukka

1st Responder
1st Responder



Joined: Feb 27, 2004
Posts: 275
Location: Finland

PostPosted: Mon Apr 05, 2004 4:40 am    Post subject:
Reply with quote

the only things identifiable in a hjt log would be you documents and settings\xxxx file name, and possibly some name server ip address, or your pc's name

edit your hjt log and remove your name, put xxx in it,

you can edit your name server info if you're absolutely sure it is legitimate, if you're in doubt, let it stay..

we'll clear the restore points after we've finished with your log. a restore points functionality is limited, so if you really have important data on your hd i suggest regular backups, for exmple norton ghost or similar backup utility

note that some malwares are able to disable system restore and clear restore points.

ok edit your log( mask personal data with xxx) and post it here
Back to top
View users profile Send private message
mbvetnet

Cadet
Cadet



Joined: Apr 02, 2004
Posts: 6
Location: USA

PostPosted: Mon Apr 05, 2004 6:57 pm    Post subject:
Reply with quote

Let me know what I should delete. I think most, if not all, of the bad stuff is gone.

Last edited by mbvetnet on Tue Apr 06, 2004 2:56 pm, edited 1 time in total
Back to top
View users profile Send private message
illukka

1st Responder
1st Responder



Joined: Feb 27, 2004
Posts: 275
Location: Finland

PostPosted: Tue Apr 06, 2004 7:59 am    Post subject:
Reply with quote

there's some fixable entries:
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\calsdr.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

you have been able to do a full system scan with updated mcaffee av? no infected files found? i have found mcafee to be a very reliable av..
Back to top
View users profile Send private message
mbvetnet

Cadet
Cadet



Joined: Apr 02, 2004
Posts: 6
Location: USA

PostPosted: Tue Apr 06, 2004 3:05 pm    Post subject:
Reply with quote

Done. I hope this works. Unfortunately, with McAfee, it is only scanning files when I tell it to scan. It is supposed to scan as things try to come into my computer, but it is not. It is updated and everything. It's just not doing its job.
Back to top
View users profile Send private message
illukka

1st Responder
1st Responder



Joined: Feb 27, 2004
Posts: 275
Location: Finland

PostPosted: Tue Apr 06, 2004 5:02 pm    Post subject:
Reply with quote

you could try reinstalling it, as some viruses are able to screw up the install of av's, looks like it has disabled your real time component of it(or your trial has ended, in which case reinstall won't work)

there are some free av choices available:
http://wwww.grisoft.com/us/us_index.php
www.free-av.de just to name a few

then i suggest getting spywareblaster and spywareguard from www.javacoolsoftware.com
both free
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       Computer Cops Forum Index -> Viruses, Worms, Trojans Oh My All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops