Malware/Spyware question

**soup** · 30 Nov 2008, 05:46 AM

All I use on my XP64 side is Comodo for 2-way firewall & Avira AntiVir (free) with the occasional scan with Malwarebytes, which I keep updated or Windows Live One Care.

**rago88** · 30 Nov 2008, 05:50 AM

Avast virus and Malware are both free here.
Webroot is the pay software...

Think I will can Webroot...
seems like it and Malware are going after the same stuff..

**Chewy** · 30 Nov 2008, 07:55 AM

Post some of the malwarebyte's logs

there's some real nasty stuff going around the last few weeks

**rago88** · 30 Nov 2008, 09:53 AM

[I][B]here's a partial list......... \

Malwarebytes' Anti-Malware 1.30
Database version: 1434
Windows 5.1.2600 Service Pack 3
11/29/2008 12:32:39 PM
mbam-log-2008-11-29 (12-32-39).txt
Scan type: Quick Scan
Objects scanned: 53272
Time elapsed: 4 minute(s), 31 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 42
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 293
Memory Processes Infected:
C:\Documents and Settings\tony\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\tony\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\gid326 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\gid326\cid1 094 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\gid326\cid1 094\AOL1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\gid326\cid1 094\AOL1\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\im ages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\me ssages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Updater\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\tony\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\VideoEgg\Loader\2817\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\tony\Application Data\VideoEgg\Publisher\3461\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

**blutach** · 30 Nov 2008, 10:36 AM

The infected files are (thankfully) temp files. The other issues appear to be in your appdata folder (where, usually you do not find dlls).

Just let it repair (as you have done) and you'll be right. Run another test (full scan) and then reboot. Then do another quickie.

Regards

**rago88** · 30 Nov 2008, 01:30 PM

That's what I did Blutach.
Ran the 1st quick scan, dumped the bad files then ran a 35 minute full scan, then re-booted..

last but not least, the original question was, do I still need webroot spyware along with Avast and malwarebytes.
I really don't think I do myself.

**Chewy** · 30 Nov 2008, 02:17 PM

Avast has a suite of components, av, firewall, etc so I would just use MBAM to supplement avast

Just to be safe I would run a good safemode scanner

Antivirus Xp? - Am I infected? What do I do?

http://www.bleepingcomputer.com/forums/index.php?showtopic=163316&st=0&p=913381&#entry913381

Antivirus Xp? - posted in Am I infected? What do I do?: My computer was recently infected with antivirus xp. I seemed to have uninstalled the program itself, but i think whatever came with it is still there. I've tried running norton, adaware and avg, and they've all crashed or are denied access to certain folders. When i try to look in the registry or go looking around in windows explorer, it also closes with no error message. So i'm not entirely sure what I should be posti...

**doctorhardware** · 30 Nov 2008, 02:49 PM

Also turn off system restore and when you are done and have no more problems turn system and create a new restore point.

**rago88** · 30 Nov 2008, 04:22 PM

good tips... thanx............

**blutach** · 30 Nov 2008, 05:03 PM

Yeah -0 turning off System Restore gets rid of all the restore points (including the malware in the saved system volume information).

Regards

**Chewy** · 30 Nov 2008, 09:38 PM

As a general rule, the safest approach, is create a new restore point when you think the infection is all gone, then delete all but the newest one

tricky

disk cleanup more options

**rago88** · 1 Dec 2008, 04:36 AM

did that...
turned off Restore which deleted all past backups then made a restore point as of today...

Malware/Spyware question

Malware/Spyware question

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment