I think it is a virus

Topic

New Reply

Hi All
Hope I am in the correct section
I think I may have a vius on a friends pc that I have received.

OS Win Xp with SP 3
Symptoms
IE 8 flashs and quits
malware bytes and hijack this does the same
Cannot get into safe mode just goes straight to boot up. The person can access their files. but not browse the internet.
the error message that comes up is that “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item”

I have run TDSS rootkit. that has not solved the problem.
and also reset IE 8

your help in finding a solution would be very grateful.
Dougie

Reply | Quote

Replies

Are there any security apps running?

Reply | Quote

I might try to put Malwarebytes on a flash in a known good PC then try to run on suspected infected PC.

Reply | Quote

thanks for prompt reply

There was a security app running but it was not paid for so was out of date. App was ca security. It is now deleted of pc.

Tried to run malwarebytes from memory stick but same result.
I am trying to avoid a clean install but if it has to be done so be it

Reply | Quote

On your memory stick, change the mbam.exe file to anything that suits your fancy (i’ve used aaa.exe). Then try to run it . Malwarebyte should fire up & run

John

Reply | Quote

I asked, because this looks very much the result of a security app malfunctioning. Did this happen after you deleted it, or is there no relationship?

Reply | Quote

You can also try either or both of these and see if it helps:

http://live.sunbeltsoftware.com/ – It is an exe, you can execute it from a command prompt and see if it helps

http://www.avira.com/en/support-download-avira-antivir-rescue-system – it will allow you to create a bootable CD, that you can use to scan the problematic system.

Reply | Quote

Hi Dougie : Would recommend you ask for help from an experienced, trained, certified, VOLUNTEER “Malware Removal Specialist” found on many Advanced malware removal forums . There are no such Specialists on these Windows Secrets Forums . The one I recommend is at http://www.geekstogo.com/forum . Eventually you would follow the Advice in their “Malware and Spyware Cleaning Guide”

Reply | Quote

Doc thanks so much for your “specialized” response to a difficult situation. Perhaps using this free tool from, guess who, Microsoft, Dougie will not have to resort to the

experienced, trained, certified, VOLUNTEER “Malware Removal Specialists”

since

There are no such Specialists on these Windows Secrets Forums.

All of us non-specialists do sincerely thank you for this excellent post.

Note: By the way I have already made the CD in case this ever happens to me or mine.

Reply | Quote

I strongly disagree. There are several very experienced security troubleshooters here at The Lounge. If you want to post an ad, please pay for it!

-- rc primak

Reply | Quote

Hi Dougie : Would recommend you ask for help from an experienced, trained, certified, VOLUNTEER “Malware Removal Specialist” found on many Advanced malware removal forums . There are no such Specialists on these Windows Secrets Forums . The one I recommend is at http://www.geekstogo.com/forum . Eventually you would follow the Advice in their “Malware and Spyware Cleaning Guide”

I strongly disagree. There are at least several very experienced contributors to The Lounge who have helped solve numerous security issues. Virus cleanup is not a Microsoft or SANS Certified specialty.

I don’t care what “schools” or “certifications” someone has invented, there is no official sanction for these “schools” or “certifications”. People just pay money and get “certificates” — there is no oversight by Microsoft or SANS or any other responsible party.

If you want to post ads for paid help, please submit your ad to the Windows Secrets Advertising staff, not in Lounge threads.

-- rc primak

Reply | Quote

I just went through this exact issue with my daughter’s XP laptop. From a non-infected PC, download the Microsoft Standalone Security Sweeper. You will will need a blank CD. It takes a bit to download and burn the CD. Boot the infected machine from the CD. It will launch automatically, but you will have to click the Scan button. It can take a really long time to scan everything, in fact it warns you that it may take hours. It found and cleaned something like 35 malicious files/infections on her laptop. This should get you to the point of being able to run programs without them shutting down. Next boot the laptop normally and install MalwareBytes. Run a full scan, which will also take a long time. Very likely it will find everything that Security Sweeper missed. Next, since it doesn’t sound like you have any A/V scanning running, download Microsoft Security Essentials. Even if you don’t want it permanently, install it, update it, and run it. Go to Windows updates and install the latest patches. Finally, download, install, and run Secunia’s Personal Software Inspector, it will check the 3rd party software for security issues. Patch or update those that are showing a risk. Most likely it will flag the Acrobat Reader, Flash Player, and Shockwave player if they are installed. Most likely the infection came from an infected file that took advantage of the vulnerabilities in on of these.

Hi Dougie : Would recommend you ask for help from an experienced, trained, certified, VOLUNTEER “Malware Removal Specialist” found on many Advanced malware removal forums . There are no such Specialists on these Windows Secrets Forums . The one I recommend is at http://www.geekstogo.com/forum . Eventually you would follow the Advice in their “Malware and Spyware Cleaning Guide”

“Malware Removal Specialist”? That’s a good one. No such thing except for those who are self proclaimed. Actually I think SANS was looking to do something like this a few years ago, but it never materialized AFAIK. Malware changes so fast any certification would be outdated weeks after it was issued. Realistically if you are looking for a malware expert, someone who isGIAC certified is closest to what you are looking for. However, the forum you link to is excellent and is a great resource for Systems Admins, PC techs, and serious hobbyists.

Reply | Quote

“Finally, download, install, and run Secunia’s Personal Software Inspector, it will check the 3rd party software for security issues. Patch or update those that are showing a risk.”

I used Secunia’s online scanner for a long time before going to PSI, while it seemed to work just fine, after a couple years with it, a couple months back, I noticed a typing issue. Lag, I’d type and nothing would show for several seconds, then it would pop in. I looked at task manager and noticed my cpu spiking from 1% to 45% which did make me sit up and take notice. Since my machine was still under warranty, I went to its home site and had a systems pro remote in, looking through everything, he found that PSI was generating hundreds of Windows Update errors and logging them dutifully. His advice was to dump it, that no system needs 24/7 monitoring the way PSI does. I did and the typing problem disappeared immediately as did the cpu spikes. I am back to using the online Secunia Scanner only. I do have MSE and Comodo too, but neither cause any performance issues. I also run Malwarebytes once a week or so and have never had a virus on any machine in more than 20 years of happy computing. Just fyi. The online scanner will also send you an email when patch Tuesday comes about and will find the same issues PSI does as well as offer downloadable solutions. I’m happy with that, the typing lag was driving me nuts! Oh, and my system is Win7 64 bit, with 4GB Ram. :^)

Reply | Quote

You’re very welcome Ted!

Reply | Quote

Ted and Doc, while most cases of malware infection can be removed with programs like Malwarebytes and Microsoft’s standalone security sweeper, some of the more recent and svere cases will not be removed by them. Spiritwind may be a little over the top in his explanation, but several Malware forums do specialize in frre removal advice and do train specialists with lengthy courses. Geekstogo is one and the one I use is Bleepingcomputer . It can be very useful to post to one of these forums if you are unable to remove malware on your own. I don’t know for sure but I suspect Spiritwind has invested a lot of time being trained at Geekstogo and is one of thier specialists that offers free assistance.

Jerry

Reply | Quote

Ted and Doc, while most cases of malware infection can be removed with programs like Malwarebytes and Microsoft’s standalone security sweeper, some of the more recent and svere cases will not be removed by them.
Jerry

Point well taken. Which is why I think its important to run more than one program. In the steps I outlined above, notice I suggested not one or two programs, but three. Even a second pass by MalwareBytes after the fact may not be a bad idea either. Another boot disk that could be used is the Kasperky TDSSKiller, as well as a few other root kit detectors out there. When attempting virus/malware removal one has to weigh out the time involved vs. the time of a complete rebuild. There have been times when I’ve been comfortable with the removal process, and times when I haven’t and have chosen to rebuild. For my own stuff, I maintain images which makes that choice a lot easier.

Hi All : For those who possibly may be interested, a “Malware Removal Specialist” is one who is a member of either “U.N.I.T.E. ( Unified Network of Instructors and Trained Eliminators ) and/or “A.S.A.P. ( Alliance of Security Analysis Professionals ) . There are Training “Schools” available if interested in joining either .

Thank you for posting that info. There are some very good links on the U.N.I.T.E. site. Keep in mind that like the lounge, these folks are all volunteers who’s expertise varies widely. These sites are just more focused than the lounge. Much of the info in my post came from snippets derived from member sites of U.N.I.T.E. My experiences in removing viruses/malware is like searching Microsoft for a direct technical answer on an operating system issue. There isn’t one. But little pieces parts from various posts found by strategic Google searches, coupled with a knowledge of how things work, is the way to get things fixed.

Note: By the way I have already made the CD in case this ever happens to me or mine.

One thing to keep in mind is that it may be better to make the CD when you actually need it. Like any other A/V-Anti-malware program it depends on current signatures. I suspect that within a month a given CD is out of date.

Reply | Quote

Thank you for posting that info. There are some very good links on the U.N.I.T.E. site. Keep in mind that like the lounge, these folks are all volunteers who’s expertise varies widely. These sites are just more focused than the lounge.

Please disregard the negative views that Doc has of volunteer Experts.

Unlike this lounge, there are sites such as the Piriform/CCleaner which hosts “Spyware Hell”,
where untrained “volunteer experts” such as Doc and myself are excluded and barred from giving advice,
and only those with skills recognised by the site administrators will advise.

I also recognise Bleeping Computer and MajorGeeks as having good malware fighting forums with, I believe, restriction against untrained “volunteer experts” that is similar to Piriform.

I believe these sites, and probably others, have volunteers with more patience than most,
who can scan through pages of “hijack logs” and recognise which items might merit attention and with what tools.

I have no experience with the MalwareBytes forum, but I recognise their software has good capability,
and they also probably block self-appointed untrained “volunteer experts”.
I think that $25 is a reasonable premium to pay if you wish to jump the queue formed by people like me who want everything for free.

Reply | Quote

Please disregard the negative views that Doc has of volunteer Experts.

Not negative. I’m a realist, not a pessimist. Volunteers are great and I appreciate everything that people do to help others. But the experience and expertise varies widely among groups of volunteers in any vocation. If you go back and read all posts I’ve made on this subject as a whole instead of latching onto one line, you’ll see that I’m not dismissing those forums or those that have knowledge. But I certainly take exception to the dismissal of this forum as being “lower” with less expertise. There are a lot of people here that I would venture to say have more knowledge and experience that many of the expert volunteers on those restricted forums. What I’m saying is, don’t dismiss people’s knowledge and experience based on how some forums rank thier users.

As someone who has been in IT for many years, I can appreciate the REAL REASON why the forums you cited have certain restrictions. Of course having a demonstrated expertise in the area is one criteria. But more important, its basic troubleshooting methodology. Work it one step at a time. If I’m working on a critical support issue and other people in my department are trying their own approaches and solutions at the same time, serious problems can arise. Too many cooks spoil the broth so to speak. Make sense? Troubleshooting isn’t an exact science. However, being that Windows Secrets doesn’t have that same formality doesn’t make the advice here any less useful. Just harder for user’s to follow and to know what order to take the recommended steps to remedy a problem.

Reply | Quote

(Ted Myers) One thing to keep in mind is that it may be better to make the CD when you actually need it. Like any other A/V-Anti-malware program it depends on current signatures. I suspect that within a month a given CD is out of date.

Actually, the program can be updated on the fly, if Networking in the infected computer is still working. Not guaranteed, however. Yes, it is best to create the CD on an as-needed basis, but it can be updated.

-- rc primak

Reply | Quote

Actually, the program can be updated on the fly, if Networking in the infected computer is still working. Not guaranteed, however. Yes, it is best to create the CD on an as-needed basis, but it can be updated.

Thanks Bob! I was not aware of that.

Reply | Quote

So does any flavor of UBCD disks that contain Super Antispyware and/or ClamWin portable. I’m sure there are other ones as well, but those are the two I use most.

Reply | Quote

Some very good answers. I use much of what has been posted but there are also many other tools. One I like that can work wonders on some problems is the Avira Rescue CD that can also be installed on a bootable flash drive. It is Linux based and allows repair of a system that would not otherwise boot. It also does a scan and clean.
http://www.avira.com/en/support-download-avira-antivir-rescue-system

Reply | Quote

This is something I experienced recently that seems very similar. If you haven’t already, check your user account status. I picked up a virus at work that changed my account from a “standard user” to a “User-Debugger”, and left me in a condition very much like what you are experiencing. Hope this helps.

Reply | Quote

Ted and Doc, while most cases of malware infection can be removed with programs like Malwarebytes and Microsoft’s standalone security sweeper, some of the more recent and svere cases will not be removed by them. Spiritwind may be a little over the top in his explanation, but several Malware forums do specialize in frre removal advice and do train specialists with lengthy courses. Geekstogo is one and the one I use is Bleepingcomputer . It can be very useful to post to one of these forums if you are unable to remove malware on your own. I don’t know for sure but I suspect Spiritwind has invested a lot of time being trained at Geekstogo and is one of thier specialists that offers free assistance.

Jerry

Bleepingcomputer was the forum I used and it was recommended here at WS. A guy there took me through several stages and had me double check everything. He then had me get spyware blaster and malwarebytes. I have had no problems since.

Reply | Quote

The subject of training and certification in relation to malware has been controversial because many professionals feel that once infected, you can never know your system is clean unless you rebuild it from scratch. I think there was a lot of news when someone from Microsoft took that position. From that perspective, since full security cannot be guaranteed without rebuilding, allowing even a thorough cleaning to be described as “removal” could provide a false sense of security. Hence, the major certificating organizations did not create a program for this, and others apparently have stepped in with their own programs. The training might be excellent, and the cleaning state of the art, but you’ll never be certain your PC is as safe as the moment you first connected it to the internet.

Reply | Quote

Hi All : For those who possibly may be interested, a “Malware Removal Specialist” is one who is a member of either “U.N.I.T.E. ( Unified Network of Instructors and Trained Eliminators ) and/or “A.S.A.P. ( Alliance of Security Analysis Professionals ) . There are Training “Schools” available if interested in joining either .

Reply | Quote

Gentlemen

Sorry for not replying sooner but was away working. I will now try the various solutions posted. It is great to have a place like this to call on when it trouble.
I am extremely grateful for the ideas and I will post back the results.

Dougie

Reply | Quote

Gentlemen

Sorry for not replying sooner but was away working. I will now try the various solutions posted. It is great to have a place like this to call on when it trouble.
I am extremely grateful for the ideas and I will post back the results.

Dougie

I had a problem like this on my daughters lappy, did the things recommended here (MS SSS, MB etc) and I did get a more stable system, ie I could run firefox but not ie, couldn’t run media player but could run WinLiveMail. But after a while it went back to the original state.

Spent 3 days on two of the “expert” sites, doing the same thing over & over. I was about to reinstall Vista when I decided I’d try some more single shot scanners – Avira, Symantec, Trend Micro & McAfee. The first two didn’t find anything but Trend Micros Housecall sure did.

This is not a plug for Trend Micro Housecall. It seems that modern computer parasites evolve differently on each machine they infect.

I guess my message is – just because the high reputation bug busters don’t find the crap, that doesn’t mean you shouldn’t try those with a lesser reputation. You might get lucky like I did.

cheers

Reply | Quote

Hi,

I had a problem much like this on my XP machine, and nothing I did on my own was effective. Believe me, I tried a few things too.

I read the Bleeping Computer and Malwarebytes forums, and decided it would be a good idea to go to the head of the queue by paying $25 for Malwarebytes Pro, the one which is resident instead of swooping from the clouds. Now, I have no connection with them, this is just my little story.

I took a ticket as they say, and was immediately contacted by Tom Mercado. If he isn’t an expert he must be close. He got me to run a number of tools which I had never heard of, and send him the logfiles.

My machine had a rootkit in it, some new variant of TDSS, and it had spread itself all over. He eventually got rid of it, but it was very difficult. The then current MWB did not touch it because it was so very new. I think that may be the case here too.

So that was well worth $25 for me, and he was even able to say how I got it in the first place, about which I am too self-conscious to tell you LOL.

Cheers

Reply | Quote

Hi,

I had a problem much like this on my XP machine, and nothing I did on my own was effective. Believe me, I tried a few things too.

I read the Bleeping Computer and Malwarebytes forums, and decided it would be a good idea to go to the head of the queue by paying $25 for Malwarebytes Pro, the one which is resident instead of swooping from the clouds. Now, I have no connection with them, this is just my little story.

I took a ticket as they say, and was immediately contacted by Tom Mercado. If he isn’t an expert he must be close. He got me to run a number of tools which I had never heard of, and send him the logfiles.

My machine had a rootkit in it, some new variant of TDSS, and it had spread itself all over. He eventually got rid of it, but it was very difficult. The then current MWB did not touch it because it was so very new. I think that may be the case here too.

So that was well worth $25 for me, and he was even able to say how I got it in the first place, about which I am too self-conscious to tell you LOL.

Cheers

Kaspersky TDSS killer would probably have gotten this rootkit disabled.

-- rc primak

Reply | Quote

The subject of training and certification in relation to malware has been controversial because many professionals feel that once infected, you can never know your system is clean unless you rebuild it from scratch. I think there was a lot of news when someone from Microsoft took that position. From that perspective, since full security cannot be guaranteed without rebuilding, allowing even a thorough cleaning to be described as “removal” could provide a false sense of security. Hence, the major certificating organizations did not create a program for this, and others apparently have stepped in with their own programs. The training might be excellent, and the cleaning state of the art, but you’ll never be certain your PC is as safe as the moment you first connected it to the internet.

The main issue I see in The Lounge with regard to a clean reinstall is that most folks who post seem not to have a System Image the first time they encounter a virus. This leaves them in a very difficult situation, as valuable programs and data may be lost if they simply reformat and reinstall. Even a system rollback is not an option for them, because before their first major encounter with malware, they never thought about system or image backup schemes.

After the fact, sure everybody wants to back up everything. But until the mess is cleaned up, we have to help recover the system with as little damage as possible, so that data can be recovered and safely backed up after the virus cleanup.

@scaisson —

Virtualization does not work with Windows XP Home Premium. And older XP hardware usually has far less than 2GB of RAM and other needed system resources. This method, while good, does not prevent the host OS (except Linux) from becoming infected through the guest OS. No documentation anywhere I have seen makes this claim.

For most Home Users, virtualiziing an old Windows XP system does not make any sense. You will still need drivers which work on the host computer and its peripherals — in Windows 7 systems, the old Windows XP VM simply won’t have these.

And for a lot of folks, setting up and maintaining VMs is not trivial. There is a learning curve.

So while it is nice to be able to do virtualization, this is not the right solution for most of us.

-- rc primak

Reply | Quote

I’ve used both the Grisoft AV (AVG Free) and Kaspersky boot CD scanners. The Kaspersky comes with ZoneLabs ZoneAlarm Internet Security, which costs bucks. Both of t hese progs go on the web from the OS on the optical drive, and update the virus signatures that are on the CD. It’s still a good idea to update the boot CD pretty often, but some detection and removal programs (like these two) do update from the web before proceeding. (I’ve found a few machines the Kaspersky won’t run on, but none that AVG will not.) It’s also true that if there are several partitions on the computer, and many are full, it can take well over 24 hours to do a scan. The machine this is being composed on has well over 6M files on it.

Reply | Quote

Concur with Doc Brown’s approach and choice of tools. Have a friend that spends 10 hours per day at his job doing nothing but attempting to write Malware discovering techniques for Unca S’s security agencies. There is no perfect solution other than never opening emails or going on line and letting no USB attachments for memory cards on your machine… and even then, nothing is guaranteed. I spend many hours on UseNet d/l’ing loads of offerings (some 41 TB’s so far) and 96% of them are always infected but so far after fifteen years of doing this, learning how to deal with most infections’ actions on my machine(s) and having locked it down from any writes to either executable memory locations or disc drives until the scanners have read the files I have been able to overcome everyone of them over the past four or five years using just the tools listed above. It took many reloads getting to this stage in my fight with Malware and am getting pretty good at it, but I do not recommend following my lead unless you have 18 hours per day to do it and have backups and proper rebuilding tools at hand. lol.

Reply | Quote

This thread is very interesting to me as I have been roped into malware removal as a consequence of being the go-to guy among my friends. At one time I cleaned these infections for free, but the average charge is now $100-$150.
I have formatted PCs in the past when an infection was particularly bad, but it’s been quite a while since I had to do that. The wealth of information online from people who have removed a particular infection often makes this easy. My favorite tools are Malwarebytes, Super Anti Spyware and TDSS.
It’s not unusual to find a proxy installed, and most infected machines have out of date AV, Adobe, Java and Windows update is off or not used. Parents who let their children use the single account on the machine or have assigned their kids to admin accounts often write checks. Parents who gamble or watch porn are frequent visitors as well.
As for “experts”, I have run into many at Tech Support Guy, and some are very, very good and devote a lot of time to this pursuit. They rely on Hijack This logs, which I have never found very useful, but they have all taken advanced courses in how to use them. I was going to take this “Expert” course, which seemed very comprehensive, but didn’t have the time to devote to it.
As for the MS removal tool, it doesn’t run properly on my Win7 x64 machine (No definition updates) so I haven’t found it helpful.
I know for a fact that people have replaced infected machines after giving up on cleaning them, and I have actually talked a couple of people into using Linux after being infected multiple times.
It would be interesting to know how much money malware has cost consumers in terms of lost productivity, frustration and out of pocket payments. It’s bound to be a big number.

Reply | Quote

Forget about fighting virus. Use virtualization. Start today if you can.

I used to spent umpty of my time in virus fighting, updating, learning, and upkeeping my knowledge, etc. Then one day, a guest said to me, while walking into our bathroom, “I only want to use the bathroom. I don’t wanna fix the plumbing every time I flush the toilet!”

From that day on, I enjoy working and playing with the PC (including tech and tinkering), than to keeping up with the virus.

Today, hardware is much cheaper and much faster. A PC with 4-6G memory, dual core (or better, 4-core) is quite cheap. With it, you can use virtualization with no noticeable loss of speed. If you don’t run anti-virus and firewall software, it more than compensates the tiny slight loss of speed by virtualization.

A virtualized XP can run quite well with 2G memory assigned to it, or even 1.5G if you’re not using XP heavily.
Let’s say you use Virtualbox for virtualization. You can make a few backups, called snapshots, in under a minute to a few minutes. If the current snapshot is infected, don’t clean it. Delete the OS entirely. Copy the last snapshot to as current. Voila! Completely new and fresh. No virus. No more long-hour cleaning.
Better still, also install a virtual Linux OS. Let your kid, or yourself, surf the web under Linux: virtually no threat from infection.
You can make multiple copies of virtualized XP. Keep one for banking only. That’ll be even safer.

Let’s face it. anti-virus is all defense and no offense. You’re being attacked first. Or the attacker surfaces first. You’re always on the defensive, a losing proposition.
As in any game or war plan, you must have offense as well. In fact, the best defense is offense.
Anti-virus is like an arms race. Virus ups the ante and you have to busy keeping up, forever, tiring, and costly (monthly and yearly forever).

In anti-virus, we do not have offense. The OS has built-in holes. It is by design. Like a telephone, it must be able to be eavesdropped. If not, the government demands it. Ironically, total security is anti-security. Selfish, incompetent, or not, all OSes have holes. Again, if not, the government demands it/them, for security reasons. (As well, the OS creator wants back doors, maybe for recovery, or maybe a selfish motive: a secret entry.)

The only way is complete destruction and wipe out (not unlike a human’d rather die than to be a cancer living thing). Virtualization gives us the tool against virus. And let us enjoy using the PC, than to spend most of the time fix its ‘plumbing’.

Reply | Quote

If someone wants to try removing malware on their own, I have found an excellent resource here. (http://www.calendarofupdates.com/updates/index.php?showtopic=34674). I have had success using their intructions for removing malware using their guide. I’m also one that likes to learn new methods of malware removal since I am called upon by family and friends to help them when they run into problems or get infected.

D.

Reply | Quote

Excuse me for posting OT, but; this deserves some recognition before all are lost to another subject.

It is very refreshing to see some that have a bit of a difference in opinions on how to do some trick or work with computers and being polite to each other. Most of the forums I have been privileged to be a member the ‘helper posters’ are very ‘thin skinned’ and take offense very easly and ‘flamming’ starts. This is the difference between Gentlemen and Ladies compared to people that think they know it all and all other people are stupid.

This site has Gentlemen that are very HELPFUL and know how to conduct themselves appropriately, Thank you so very muchly for being . . . I hope no-one is offended.

Thank you for reading my posty . . [/FONT]

"Infinite CREATOR" cast "Loving Light" upon thee
TIA, CU L8R, 'd' "LoneWanderer"
"Only you can control your future." Dr. Seuss
NOT a leader,
NOT a BLIND follower,
Join US and LIVE this LIFE as ONE!
Original author Unknown

Reply | Quote

I would like to add my $0.01.5 worth of advice, if I may be so bold?

My system is on a Dell Inspiron 1564 Win7 SP1 AutoUpdates from µSoft and several other features that have been posted here with some additionals. #1. The antivirus software used is mostly up to the individual, which ever you are most comforable with, mine is Alwil’s Avast! that is the most feature rich I have been able to find. RootKit scan feature at your becken call, called ‘Boot Time Scan’ before Windows starts. Several ‘Real Time Shields’ including e-mail, program monitoring, IM, et cteras, Additional Protection in SandBox for unknown programs until you find out if they are safe. AND is FREE along with automatic updates to their database several times per day and it talks to you to inform you when a scan is completed, if any virus or PUP is discovered and when the DB is updated.

#2. SuperAntiSpyWare FREE will not run in Real Time nor do automatic updates lest you purchase a licsense, not a problem it is very effecient and thorough and can be run at your request any time. Plus you can do manual updates just prior to running a scan.

#3. Micorsoft Security Client, after v2.0 came out but they still call it MSE when updates come in. I have been told and threatened if I continue to boast that I run these all at the same time, my system is 64 bit Dual Core processor and can handle this without any problem. I feel those that are on a 32bit OS are the ones that will be restricted to running these only one at a time because they are rather processor demanding and will get into an arguement over which should be using what and when.

These can also be run individually through out the day or several times a week, especially at night when you are asleep scheduling them by Windows if you like.

I am a User only and do not give out advice just post what I have done and how my system is running with what software. This is not the only features I have, just cannot remember them all at this time, if any one would like more send me a PM and I will be willing to share.

"Infinite CREATOR" cast "Loving Light" upon thee
TIA, CU L8R, 'd' "LoneWanderer"
"Only you can control your future." Dr. Seuss
NOT a leader,
NOT a BLIND follower,
Join US and LIVE this LIFE as ONE!
Original author Unknown

Reply | Quote

Dougie,

I feel sure you know about the CC (CCleaner) that also has a very good Registry cleaner tool built-in and some of what you are posting could also be a problem with a corrupted registry file. In Win7 there seems to be very little of a problem with the registry files, there are several actually, Win7 takes very good care of itself. If at all possible for you as well as your friend’s computer, doing a search on the web for Win7 Home Premium, even the 32bit version is very stable, moving on to the newer and better updated software may be the best option. I had Vista 32bit on my desktop (Inspiron 531s 64bit Dual Core Athlon) and ran across a copy of 64bit Win7 and did the update myself and was back on the web in less than an hour, more like 40 min.

Be gentle on me as this is the first time to really give any advice,

"Infinite CREATOR" cast "Loving Light" upon thee
TIA, CU L8R, 'd' "LoneWanderer"
"Only you can control your future." Dr. Seuss
NOT a leader,
NOT a BLIND follower,
Join US and LIVE this LIFE as ONE!
Original author Unknown

Reply | Quote

Doc Brown,

That advice given by bobprimak can be applied to just about any software you put onto a CD or Memory stick, the main trick is knowing where to go to get the update. NEVER EVER use a link from an unknown webpage nor maybe even a known webpage. Always go to the original creator’s link to do any updates otherwise you may just be tricked into downloading a virus, trojan, rootkit, PUP or any other malware. Remember what the SANS dot Org is promoting, ‘Secure The Human’ because that is getting to be, or is already, the weakest link in your system’s security.

Be Wise and well protected . .

P.S. No one has mentioned the Windows Secrets Newsletter and one of the best advices that could be given is to subscribe to either the FREE version or the Paid and get some very important information as well as some very informative advice on software and how to use much of this on your system.

"Infinite CREATOR" cast "Loving Light" upon thee
TIA, CU L8R, 'd' "LoneWanderer"
"Only you can control your future." Dr. Seuss
NOT a leader,
NOT a BLIND follower,
Join US and LIVE this LIFE as ONE!
Original author Unknown

Reply | Quote

Best AV thread I have seen. Thank yo Doc Spiritwind and the rest!

Reply | Quote

genej313,

I too have had some what of a problem with typing and nothing taking place for several seconds. I had another software that was doing some of the same as what you foudn to be with PSI, so far that has not happened with my 64bit system, plus dual core processors.

Are you running in x32 or x64? I feel from what you are saying it is 32 bit OS and that seems to be a bit of a problem with some of the newer software. I have PSI on my system and not having any problems with the operation. Have not checked the TM to see how the processors are doing. Also have some of Mark Russonivich’s tools on here but not installed just available when I want to work with them.

Just checked and Secunia PSI is not on this computer, I thought it was. Need to find it and get here.

"Infinite CREATOR" cast "Loving Light" upon thee
TIA, CU L8R, 'd' "LoneWanderer"
"Only you can control your future." Dr. Seuss
NOT a leader,
NOT a BLIND follower,
Join US and LIVE this LIFE as ONE!
Original author Unknown

Reply | Quote

Since i am in this field on a regular basis i have seen these symptoms and will refer you to a link i think will help recognize the rootkit : http://www.youtube.com/watch?v=aoplNh3kT2Y[/url] this rootkit at this time is a 50% chance of being cured and the easiest way of detection is a process in task manager running which is alpha numeric like: 697446278:2043702742.exe and also there could be a svchost.exe file runing an unknown file called PING.exe[/FONT][/COLOR]. you may have to run process explorer to find the hooked svchost but you will see those 2 files. at this time my company recommends reinstalling windows at this time as this is the most advanced rootkit yet but we have had success with combofix at times. once its removed you have to reset the permissions on all the files and folders to default . i hope this helps.

Hi All
Hope I am in the correct section
I think I may have a vius on a friends pc that I have received.

OS Win Xp with SP 3
Symptoms
IE 8 flashs and quits
malware bytes and hijack this does the same
Cannot get into safe mode just goes straight to boot up. The person can access their files. but not browse the internet.
the error message that comes up is that “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item”

I have run TDSS rootkit. that has not solved the problem.
and also reset IE 8

your help in finding a solution would be very grateful.
Dougie

Reply | Quote

Another good program is “flashcookiecleaner” this clears the LSO cookies that most cookie cleaners miss. {http://www.cnet.co.uk/search/downloads/n-6cb/flashcookie+cleaner.htm} . Also “Superantispyware ” is another that run after “malwarebytes” does find even more things. Can get from Cnet.com as well as the UK site.

Reply | Quote

You might try the “Microsoft Standalone System Sweeper”. It boots and runs off a USB pen drive (requires 1GB).
On Windows 7 hitting the F12 key when booting puts the boot into the select device menu. There you just select USB device.
Installing it will erase the USB Pen Drive so use a blank USB drive.
If you are unable to log on to the internet from your computer you can download and install the Microsoft Standalone System Sweeper on another computer and run it on your computer. Make sure to download the proper program, mssstool32 or mssstool64, for your computer.

Reply | Quote

Hi ladies and Gentlemen
I must admit that I was overwhelmed with suggestions that I got. I am afraid that I had to bite the bullit and do a fresh install to many errors and corrupt files appeared after trying the majority of suggestions. If you wish to close this thread by all means.
I wish to sincerely thank all those who have contributed. I have learned a lot not necessarily to do with computers.
May you all have a peaceful and happy 2012 and beyond.
Dougie:o

Reply | Quote

Dougie,

Read the various posts on Imaging and start NOW! I have lost count on the number of times imaging has saved my bacon when my “playing” with my OS has rendered it useless. I simply plug in my Image media (Ext USB HD in my case) , insert the Imaging app boot media (CD) and in 10 minutes my PC is back where it was when I created the Image. I create new Images when I make changes on my PC so that restoration is very quick.

Have a happy and safe New Year!

Reply | Quote