Free Reg cleaner for XP? An AV program that works?

[Bjorn Simonsen]

Looks pretty suspicious. I'd shoot it on sight.

Nice catch Karen (omega). Obvious suspicious looking name,
should have noticed it when looking at the list she (the other
Karen posted.

All the best,
Bjorn Simonsen

 

[Susan Bugher]

## The above one is $19.00 :-(

ermmmmmm........ please see:

http://www.winpatrol.com/

<q>
WinPatrol is free and fully functional with the exception of full access
to our PLUS online database. The free version continues to be both; a
utility to help you safely clean up sensitive areas on your system and a
system monitor that will alert you to changes that occur to those
sensitive areas and resources.
</q>

Susan

 

[Karen]

I see your Google web hits for Oberon. I doubt very much it's something you
have. http://www.bodley.ox.ac.uk/erl/wattcp/install.txt

| Installation of PC-Spirs for Waterloo Packet Driver TCP
|
|
| ERLCLNT.CFG
| INSTALL.EXE
| SYSTEM1.EXE
| SYSTEM2.EXE
| PING.EXE
| TCPINFO.EXE
| WATTCP.CFG
|
| You will be prompted for a directory in which the search software
| should be installed - the default is C:\SPIRS and this would normally
| be acceptable.

Not only is it more or less obscure, this packet driver stack, but mainly
this: Note how the legit set of files go into their own directory.

You probably won't find many of those other filenames mentioned as part of
that group on your system (minus ping and install). Also, right-click on
System2.exe and I see that the properties (file headers) probaby won't say
Oberon or Spirs.

It is the habit of trojans and malware to try to hide in your system
directory, and use names they think you'd be less likely to notice, such
as system.com, windows.exe, etc.

Instead of the Google web search, try a Google groups search. There are
only a few threads that get hits on that filename. But notice that in those
threads, it is the same symptoms you have described earlier in this thread.

It sounds like it is a simple trojan, and not a virus. Not a virus would
explain the failure of your AV sw.

================================
I deleted it and the Key found by HiJackThis. Then dumped the recycle bin
in hops the s.o.b is gone for good. I agree that it was surely a trojan
from somewhere.

Karen

 

[Karen]

=============================================
I was a little vague. It's where you can check into what gets put in your
startup. Sort of as msconfig, only msconfig is only meant to toggle things
off temporarily. With a startup utility you can learn if new programs,
including malware, have decided to load whenever you boot up. And you
use that utility to remove unwanted, and suspicious, entries.

## OK... I boned up and downloaded one called "CodeStuff Starter."

Three startup utilities made it to Pricelessware 2004. Two of these will also
hang out and monitor things for you. The third you launch just to look things
over yourself. You should install at least one of these. Winpatrol sounds
like it would offer you the most protection; and I notice Bjorn S. advocates
its use fairly regularly. The other two are small, so you might consider
going ahead and downloading all three, to take a look.

## I'll definately check them out as well.

I'll go ahead and quote the whole entries in full...
http://www.pricelessware.org/PL2004SYSTEMUTILITIES.htm#ProcessMonitor:Start-Up

## The above page is not working (Cannot be found) so I'll search the
pricelessware site for these.
.........................................................................

WinPatrol

Description: WinPatrol with Scotty the Windows Watch Dog will sniff out
Worms, Adware, Spyware, Cookies, Trojan horses and other virus type,
malicious, nasty programs that may attack your computer. WinPatrol puts you
back in control of your computer with no need for constant updates.
WinPatrol's goal is to help you better understand what programs are running
on your computer, and alert you to any new programs added without your
permission. Scotty lets you confirm any new programs set up to run on your
computer.

Home Page:
http://www.winpatrol.com/
download page (English) v 7.0.0.5 (2004-03-22) (wpsetup.exe) (779 KB)
http://www.winpatrol.com/winpatrol.html

## The above one is $19.00 :-(

.........................................................................

Start-Up Monitor

Description: StartupMonitor is a small utility that runs transparently (it
doesn't even use a tray icon) and notifies you when any program registers
itself to run at system startup. It prevents those utterly useless tray
applications from registering themselves behind your back, and it acts as a
security tool against trojans like BackOrifice or Netbus.

Author: Mike Lin Company: --
Home Page:
http://www.mlin.net/StartupMonitor.shtml
download v 1.02 (StartupMonitor.zip) (60 KB)
http://www.mlin.net/files/StartupMonitor.zip

## I downloaded this one to check out and my husband is now downloading it
as well (for his W98SE PC).
.........................................................................

Startup Control Panel

Description: Startup Control Panel is a nifty control panel applet that
allows you to easily configure which programs run when your computer starts.
It's simple to use and, like all my programs, is very small and won't burden
your system. A valuable tool for system administrators!

Author: Mike Lin Company: --
Home Page:
http://www.mlin.net/StartupCPL.shtml
download v 2.8 (StartupCPL.zip) (59 KB)
http://www.mlin.net/files/StartupCPL.zip
download v 2.8 (StartupCPL_EXE.zip) (34kb)
http://www.mlin.net/files/StartupCPL_EXE.zip
.........................................................................

## I downloaded them all to try and will keep the one I like the best and
which is most suitable.

Karen S.

 

[Karen]

Nice catch Karen (omega). Obvious suspicious looking name,
should have noticed it when looking at the list she (the other
Karen posted.

All the best,
Bjorn Simonsen

======================
I am the same Karen. I hope! Omega FOUND the culprit and I got rid of
that sucker pronto. Everything works again now. It was disabling
msconfig, regedit and TankMonitor (XP-home)

Karen....

 

[Karen]

sorry - may have missed this - but have you tried a repair install ?
You don't need to reinstall programmes and drivers etc, but it should
put all key windows components back where they should be - things may
work then ?

=====================
Thanks. No I hadn't tried a "repair install." Once the trojan was removed
my PC works fine again.

Karen....

 

[Alastair Smeaton]

=====================
Thanks. No I hadn't tried a "repair install." Once the trojan was removed
my PC works fine again.

Karen....

Good - from the sound of it, you were struggling to find the trojan -
I wondered if there actually was one or whether your windows was bust


Glad to hear all is well

 

[Susan Bugher]

## The above one is $19.00

ermmmmmm........ please see:

http://www.winpatrol.com/

<q>
WinPatrol is free and fully functional with the exception of full access
to our PLUS online database. The free version continues to be both; a
utility to help you safely clean up sensitive areas on your system and a
system monitor that will alert you to changes that occur to those
sensitive areas and resources.
</q>

Susan

 

[omega]

More Security measures: A new hosts file. (WinXP comes with a one-liner -
sheesh!) Easy to do. Instructions on the site.
http://www.mvps.org/winhelp2002/hosts.htm

You already have an Anti-virus for your system... So to check again,
probably the most thorough online scan in the world (I'm not joking!)
Kaspersky Labs SuperLite on demand antivirus scanner using KAV scan engine
http://home.epix.net/~artnpeg/
It won't clean or disinfect your files for you. But if there is a nasty
in there *will* find it.

You might want to think twice about this one. On my wife's XP blue smoke
comes out of the back of the computer. Just kidding!
A lot of people recommend it and I use it when I'm in Win98. You would
probably need a couple more opinions. But it's for those start-up blues
and nasties and only runs when it is needed: SpywareBlaster (Donationware)
OS: Windows 98/ME/NT/2000/XP
Languages: English
http://www.pricelessware.org/2004/PL2004SECURITY.htm

[OT]
Now for immediate iradication if Superlite finds a Trojan:
http://tds.diamondcs.com.au/index.php?page=download
TDS-3 "the most advanced anti-trojan system in the world" 30 days
There is not a good free Trojan detector out there. And this will run in
the background or on-demand.

Dammit, Responded to the wrong post. Sorry Omega

Nah, it was the right post, thanks, as I'd asked folks to come up with
anti-trojan solutions. I have only a payware at this time, and have not
searched much into the subject. The quest for anti-trojan software comes
up regularly here, and I assumed that, while scarce as that landscape is,
there were occasionally at least a couple of possible freeware candidates.
Your answer says not to have the hopes too wide. That while there is
freeware to hunt down things, one one might have to turn to shareware for
full anti-trojan cleaning capabilities.

I'll repeat for the OP, in the meantime. At least we do have that freeware
startup monitors give some level of warning. Since trojans as a group take
that habit, the attempt to inject themselves into the system startup routine.

 

[omega]

Nice catch Karen (omega). Obvious suspicious looking name,
should have noticed it when looking at the list she (the other
Karen posted.

Yeah, its appearance doesn't give one the sunny feeling. Seeing
it in that old black trenchcoat and dark glasses, and skulking about
in places it doesn't belong.

 

[omega]

## OK... I boned up and downloaded one called "CodeStuff Starter."

http://codestuff.mirrorz.com/
http://www.spywareinfo.com/articles/ed/2003/05/1.php

I haven't tried this, but a Google showed positive feeback. I think you
might do well to keep two kinds of startup utilities. The first being
like the one above. To review, analyze, remove the things that are in
your startup.

Then, to meet the need for malware protection, keep a running startup
monitor, which will alert you the moment something new tries to sneak
into your startup. Examples: RegistryProt; Start-up Monitor; Winpatrol.

http://www.pricelessware.org/PL2004SYSTEMUTILITIES.htm#ProcessMonitor:Start-Up

## The above page is not working (Cannot be found) so I'll search the
pricelessware site for these.

Ooops! While I'm used to having trouble with things like recalling my
phone number...this error, geez, that's more like having lost my way to
my neighborhood pub. :< Anyway, here's now the correct URL.

http://www.pricelessware.org/2004/PL2004SYSTEMUTILITIES.htm#Start-UpTool

## The above one is $19.00 :-(

I see that Susan answered that in followup <[email protected]>.

For general rule of thumb, one would have a real challenge finding payware
in a Pricelessware list.

## I downloaded them all to try and will keep the one I like the best and
which is most suitable.

Sounds good. It's for "other people" to just download a single utility.
It's for true ACF'ers, part of the fun and spirit, to try out a whole group
of progs, before settling on favorites. When you get some feeling of what
you like best out of the ones you try, it'd be appreciated if you post your
impressions...

 

[dszady]

[...]
Dammit, Responded to the wrong post. Sorry Omega

Nah, it was the right post, thanks, as I'd asked folks to come up with
anti-trojan solutions. I have only a payware at this time, and have not
searched much into the subject. The quest for anti-trojan software comes
up regularly here, and I assumed that, while scarce as that landscape is,
there were occasionally at least a couple of possible freeware candidates.
Your answer says not to have the hopes too wide. That while there is
freeware to hunt down things, one one might have to turn to shareware for
full anti-trojan cleaning capabilities.

I'll repeat for the OP, in the meantime. At least we do have that freeware
startup monitors give some level of warning. Since trojans as a group take
that habit, the attempt to inject themselves into the system startup
routine.

Phew... I thought you were going to run me over with a 1974 Ford Pinto.

 

[omega]

Phew... I thought you were going to run me over with a 1974 Ford Pinto.

I'd have no chance. Even with pedal to the metal. You might start jogging,
and then you'd get away. My poor Pinto, it does not believe in speed.