Acmlm's Board - I2 Archive - Hardware/Software - spyware.....
| User | Post |
HyperLamer
Posts: 961/8210 |
That's probably the problem then. Mine wasn't pro (didn't know they even made that), in fact it was some trial edition. (But if I reinstalled it, the trial restared too, hehe.  ) Not a good way to get a positive reputation, making trial versions suck like that.  All I ever got was "The file soandso.js is infected with the w32.soandso virus".  |
Elric
Posts: 213/687 |
Originally posted by HyperHacker
Sure, WinME sucks, but either way McAfee did not make any sort of attempt at all to remove the viruses. Quite stupid, really. (And mine didn't come with a firewall.  )
Heh. I had the exact opposite problem: Notron either never found the viruses, or the few it did, when it tried to remove them, it crashed windows. McAfee, on the other hand, not only found them, it asked me what to do with them, and when I said remove them, it did, no problems.
I have McAfee Professional Edition, which comes with a firewall (which I didn't use). It also installed a File Shredder, Safe & Sound (which works like the WinXP rollback feature), Script Blocker, and HAWK for e-mail. No LiveUpdate crap, no expiration of virus def updating services, etc. That was one thing I have ALWAYS hate about Norton: Having to pay them to subscribe to get their updated virus definitions. I don't pay to get viruses, so I will NOT pay to get rid of them. |
Sokarhacd
Posts: 284/1757 |
atievxx.exe is ATI related, so its related to the people who made the video card for this computer, although, a website says its useless to 99.9% of users, and is sometimes a resource hog, so I can probably get rid of it,
mdm.exe is Machine Debug Manager, so I can most likely get rid of it also....
I got rid of the eogbkaa when I first saw it, but, it keeps coming back as something else....so I keep deleting it with hijackthis....and I did a search, but no results
the alberta and hostile space things are ok, I put those there...
the zsearch bar wont go away, ill have to do a safe mode restart later to get rid of everything....including the eogbkaa |
Drag
Posts: 143/254 |
I see a few questionable items on that list. MAKE SURE you GOOGLE these questionable items in Google first, because although I'm a bit familiar with HijackThis, I am NOTHING like an expert.
Originally posted by Chaosflare
Running processes:
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\mdm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alberta.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
O2 - BHO: (no name) - {7AFB62B2-EF52-4852-A007-DF452BE15C88} - C:\WINDOWS\System32\eogbkaa.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\System32\Windows.exeOd
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alberta.com SEE NOTE 1
O15 - Trusted Zone: http://*.hostilespace.com SEE NOTE 1
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02acdde62ecc85b15721/netzip/RdxIE601.cab
NOTE 1: I am not familiar with that alberta.com thing or that hostilespace thing at all. If you didn't put those pages there in those settings, get rid of them. IERESET.INF is very suspicious.
To fix, just check the check boxes of the list items I listed above, and hit FIX CHECKED.
As always, google all of the files I suggested BEFORE you delete them, because I'm no expert.
|
HyperLamer
Posts: 940/8210 |
Sure, WinME sucks, but either way McAfee did not make any sort of attempt at all to remove the viruses. Quite stupid, really. (And mine didn't come with a firewall. ) |
Elric
Posts: 209/687 |
Originally posted by HyperHacker
Well, they are RAM hogs. 
Originally posted by Elric
get either McAfee or Kaspersky.
No, NOT McAfee. It sucks a lot. I had it for a while (legit full version, came with the PC), it's basically like "OMG THIS FILE R TEH VRIUS GO KILL IT ONO". (That is to say, it never once removed or cleaned an infected file, just left it up to me to delete it.) Plus, after I reinstalled Windoze (ME  ) and did NOT install it again, after a few days, it somehow managed to install itself! (It was on the system restore CD which was in the drive, but still, WTF?)
Get AVG, it's free and it pwns.
That's funny. I have McAfee installed, and I have no problems with it.
I think you're problem was WinME. Now THAT's a useless pile of code.
Anyway, McAfee comes with a personal firewall. |
Sokarhacd
Posts: 280/1757 |
well, the norton firewall works fine, only thing it stops from working while its on is Gunbound..then I just turn the firewall off, thats when I did play it... |
ErkDog
Posts: 603/982 |
I have never in my life used a firewall, firewalls are for people that install stuipd shit on their computer and can't keep it running right
the firewall stops more thing sfrom working, than it keeps from getting messed up |
Sokarhacd
Posts: 277/1757 |
if I do that, I need to find a different firewall aswell...anyone know of a good one? |
HyperLamer
Posts: 937/8210 |
Well, they are RAM hogs.
Originally posted by Elric
get either McAfee or Kaspersky.
No, NOT McAfee. It sucks a lot. I had it for a while (legit full version, came with the PC), it's basically like "OMG THIS FILE R TEH VRIUS GO KILL IT ONO". (That is to say, it never once removed or cleaned an infected file, just left it up to me to delete it.) Plus, after I reinstalled Windoze (ME ) and did NOT install it again, after a few days, it somehow managed to install itself! (It was on the system restore CD which was in the drive, but still, WTF?)
Get AVG, it's free and it pwns. |
Sokarhacd
Posts: 274/1757 |
so far, norton has been a lifesaver...no real problems for me....and it doesnt seem to hog up the pc.....but I might get something different later on or something..
well it seemed that eogbkaa.dll was the problem with IE....but i still dont know whats causing IE, and sometimes Explorer, or other applications to use so much memory....right now, EXPLORER is using 45000k and iexplorer is taking 34000k...so its very weird, but I got rid of the eogbkaa with hijack this....hopefully it wont come back. |
Elric
Posts: 202/687 |
Most of that means nothing to me. 
However, I do see that you're using Norton. You need to get rid of that, and get either McAfee or Kaspersky. Symantic is no good. They're currently under investigation for creating viruses just to make sure that Norton has something to do.
Once I got rid of Norton, I had more free resources, my PC stopped crashing all the time, and, most importantly, it stopped trying to go online on it's own. Turns out it was Norton trying to go online to download who knows what. It got so bad that I had set my dialup connection to NOT autodial. The worst thing is that it would do it everytime I booted up, or after I had left the computer alone for awhile. |
Sokarhacd
Posts: 273/1757 |
Heres all of it, ive deleted a few things already, but I did a virus scan, no viruses, except a trojan, got rid of it....and it seems like my CPU usage, is still as bad as ever..... the commit charge is : 765020k
and its never that high....it use to be at 180500k before, but no higher......
Logfile of HijackThis v1.97.7
Scan saved at 9:16:40 PM, on 09/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alberta.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\eogbkaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by telus.net |
Elric
Posts: 193/687 |
I had that problem once. No matter what I tried, NO spyware program detected it. I had to manually go into the registry and reset everything myself. Luckily for me, I've messed with the registry before, so I had some clue of what I was doing.
Hopefully, one of the posted links in here will work for you, so that you can avoid having to do that. |
Emptyeye
Posts: 191/2273 |
If memory serves, the formus at Computer Cops has a thread to help you make sense of the HijackThis output. I had to use it to get rid of a particularly pesky trojan thing.
EDIT: I R TEH GOOD AT HTML. |
Surlent
Posts: 352/1077 |
Besides Spybot Search & Destroy and Ad-Aware the little, but very useful tool HiJack This! might help too.
Run it, and post the entries, like in a .txt file which you link into a post from; someone who has knowledge about the entries might help you to sort out all unneeded information from the Windows registry. |
Ran-chan
Posts: 1289/12781 |
It |
HyperLamer
Posts: 926/8210 |
It's spyware alright, though it might not be detected. Run msconfig and look for suspicious-looking entries. |
Xkeeper
Posts: -4207/-863 |
You -DID- update the definitions, right? 
Oh, and if you're not using the latest version of IE, get that. Otherwise I'd suggest either using a diffrent browser or trying a diffrent version of IE.
*Xkeeper shrugs
I never liked IE much anyway Never had THAT problem, though |
Sokarhacd
Posts: 271/1757 |
for some reason. internet explorer(I dont use it much) but it seems to slow down anything that connects to the internet, including AIM, but what it does is change my homepage on IE to about:blank but instead its like a search thing, and if I try to change it, it goes back everytime I reopen IE, that and no matter what, my computer is taking way to much cpu usage, the IE thing I thought was spyware until I did a scan with ad-aware, and spybot, neither finding anything, so right now im running a virus scan, so we will see what it turns up, but anyone know why this is happening, just incase the virus scan doesnt reveal anything aswell. |
|
