0

I have just ran pandasoftware scan on my computer www.pandasoftware.com
& it has told me that I have spyware, hacking tools & potentially unwanted tools & 1 dialler :eek:
Anyone know of a good software to remove this?:mad:

PS> I have Windows Defender but it hasn't detected them.:rolleyes:

4
Contributors
8
Replies
9
Views
11 Years
Discussion Span
Last Post by DMR
0

From your last hijackthis log we didn't see any hacking tools. The dialer it's supposed to try to use your dial-up modem everytime you turn the computer on. Has that happened?

There are two possibilities: 1. they are on your computer but they are not active, just stored on the hard drive in some location.
2. the panda software is wrong.

Does it say which are the infected files?

0

I don't normally look at the dialling number when I connect to the internet so I cannot say if it has happened, I assume that it;s my ISP connecting, however, it's quite unlikely.
I think you are right, it's sitting somewhere in my hard drive but how do I locate it?
I don't know if Panda is wrong!
But thank you for your feedback.

0

Can you post the results of the Panda scan? That report could give us some details of what infections you have and where they are located.

Also- For a more thorough check of your system, you can do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the following utilities:

Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en
CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/
When installing ewido, under "Additional Options" uncheck..

    • Install background guard
    • Install scan via context menu
  1. Launch ewido, there should be an icon on your desktop, double-click it.
  2. The program will now open to the main screen.
  3. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  4. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  5. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run a scan with ewido yet; just close the program once the updates are installed.

* Open your anti-virus program and check for/install the most current updates. Again- don't run a scan; just close the program once the updates are installed.


* Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Run CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
- Click on Run Cleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.

* Run a full system scan with your anti-virus utility, and then run Windows Defender and ewido; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

* Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

-
-

0

OK, I will do that but this is the Panda report for now (but now Im running another spyware program, I'll send you the details)
This is the Panda report:

Incident Status Location
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Kiana\Desktop\Registry Cleaner.lnk
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Dialer:dialer.db Not disinfected hkey_current_user\software\Matrix_HTML
Adware:adware/otx Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\ADM25.ADM25.1
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/mshtmpre Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@adrevolver[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@apmebf[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@bs.serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@casalemedia[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@clickbank[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@stats1.reliablestats[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@webpower[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@winfixer[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@www.myaffiliateprogram[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@xmts[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@zedo[1].txt

0

This is the report from Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:11:15, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Kiana\LOCALS~1\Temp\Rar$EX05.062\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125426848903
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A42912-7F3C-4D13-ADF4-233B9686FF8B}: NameServer = 212.67.96.129 212.67.120.148
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

0

Thank you, that;s another one to try!
I have so many to download now......My computer will be squeaky clean....

0

The Panda log you posted appears to be just a scan; it doesn't indicate that it actually cleaned anything. If you didn't choose to have Panda disinfect when it scan, do the scan again, making sure that the "autoclean" box is checked.

Post the new Panda scan results and a new HJT log (do the HJT scan after the Panda scan).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.