0

Hello,

Recently my anti virus subscription ran out. I have really got the cash to renew, so I was wondering if there was a free anti-virus (as good as norton) available, because recently i discovered quite a few worms and trojans when i did an online scan from Trendmicro. Please help.

rgds, cn :o

5
Contributors
16
Replies
17
Views
12 Years
Discussion Span
Last Post by Complete novice
0

Yep, there is, AVG
Anti-Virus Guard

http://www.grisoft.com

Its free and powerfull and even has a smaller memory footprint than those pretty looking Norton .. things. *vomits*
oh yeah, and its much 'lighter' meaning faster.
Updates are very regular too
There is a purchasable version, but that pretty much just looks better.

0

Cheers redux.....

I d/loaded it and ran a scan....i have one file it wont get rid of

C:\WINDOWS\atmupdate.dll Virus identified I-Worm/Mabutu.A

Can i just delete the file....? How can i get rid?

regards,

cn

0

Delete the file manually and rescan.

cheers chrunchie....i did that.....no probs so far. Will the file i deleted be present in the system restore points or would that have been picked up on the scan? :mrgreen: cheers for the help guys+gals

0

That's a good question. I believe that it will not be there though. I reckon if you created a restore point whilst the virus was on your comp, then yes, it would be in the system restore folder. Also, your AV should pick it up in there too.

0

That's a good question. I believe that it will not be there though. I reckon if you created a restore point whilst the virus was on your comp, then yes, it would be in the system restore folder. Also, your AV should pick it up in there too.

Yes.....it is in my system restore point but AVG anti virus doesn't pick it up on the full scan, only on a scheduled scan. And now when i start up my desktop I getr an error reading (Error Loading c:\windows\atmupdate.dll. Specified module could not be found.
Do i need to restore to an earlier time ,then turn sys restore on and off to set it right. Please help.

Rgds,

Cn

0

The registry entry is still there I reckon. Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop (in a folder on the desktop is fine) & not directly on your hard drive). If you prefer an executable file, then download from here.
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

0

Ok....here you go.

Logfile of HijackThis v1.98.2
Scan saved at 15:04:02, on 26/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
D:\Norton Anti Virus\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Norton personal firewall\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\Norton personal firewall\ccPxySvc.exe
D:\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\atmupdate.dll,_mainRD
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_37.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab

cheers, cn

0

Crunchie, this is my guess. How close am I?
Complete Novice, please wait for Crunchie or some other knowledgable person to repsond here before following these instructions.
Check the following:
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\atmupdate.dll,_mainRD

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab

if you're not a gamer then take these off too:
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tuk...0.20/tukati.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

0

Crunchie, this is my guess. How close am I?
Complete Novice, please wait for Crunchie or some other knowledgable person to repsond here before following these instructions.
Check the following:
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\atmupdate.dll,_mainRD

Should i leave this one untouched then?

Cheers for the help, but i still have the I-Worm Mubatu.A virus in a system restore point.

rgds,

cn :confused:

0

I think Crunchie means that only that one of the 016 entries needs to go. So the 04 entry needs to go.

With the restore point, I would normally turn off system restore to remove the virus. However this will leave you without a system restore point, so you can probably turn it off and then turn it back on again, and create a new system restore point on your hopefully clean pc.

0

avg is a good one what is hijackthis

Hijackthis is a tool used to scan your PC. You then post it on the security web site and an experienced techie can determine if you have problems with your pc.......at first i found it difficult to grasp but as each post goes on, understanding evolves. I'll get there some day.
You'll find a link to hijackthis in most threads on the security forum

rgds,cn :cool:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.