Unremovable viruses-help!!

[Guest]

On running Norton SystemWorks the following are detected but cannot be fixed,
quarantined or deleted
MediaGateway.exe - Adware.MediaPass
Update-sp2.html - Adware.CDT
Update-sp3.html - Adware.CDT
Update-sp5.html Adware.Istbar
Vidctrl.exe - Trojan.LowZones
Ra.req - Trojan.LowZones!req
y.exe - Trojan.LowZones
And on Microsoft AntiSpyware
WindUpdates (Browser Plug-in) and WindUpdates Media.Access (Adware)
My computer clock is often turned back by 13 hours - related??
Many thanks in anticipation!!

 

[Malke]

On running Norton SystemWorks the following are detected but cannot be
fixed, quarantined or deleted
MediaGateway.exe - Adware.MediaPass
Update-sp2.html - Adware.CDT
Update-sp3.html - Adware.CDT
Update-sp5.html Adware.Istbar
Vidctrl.exe - Trojan.LowZones
Ra.req - Trojan.LowZones!req
y.exe - Trojan.LowZones
And on Microsoft AntiSpyware
WindUpdates (Browser Plug-in) and WindUpdates Media.Access (Adware)
My computer clock is often turned back by 13 hours - related??
Many thanks in anticipation!!

Make sure your NSW is a current version (not earlier than 2004) and your
virus definitions are updated. Then do your virus scan in Safe Mode.
Follow your virus scan with scans for non-viral malware (because you
also have quite a bit of that), also in Safe Mode. Complete
instructions, how to get into Safe Mode, links, etc. are here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke

 

[David H. Lipman]

From: "Bill Stevenson" <[email protected]>

| On running Norton SystemWorks the following are detected but cannot be fixed,
| quarantined or deleted
| MediaGateway.exe - Adware.MediaPass
| Update-sp2.html - Adware.CDT
| Update-sp3.html - Adware.CDT
| Update-sp5.html Adware.Istbar
| Vidctrl.exe - Trojan.LowZones
| Ra.req - Trojan.LowZones!req
| y.exe - Trojan.LowZones
| And on Microsoft AntiSpyware
| WindUpdates (Browser Plug-in) and WindUpdates Media.Access (Adware)
| My computer clock is often turned back by 13 hours - related??
| Many thanks in anticipation!!
| --
| Bill Stevenson

For non-viral malware...

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[Guest]

In addition to Malke's suggestions,you can download McAfee command line
scanner and use it in "Safe Mode with command prompt"


Download the ZIP file for Windows.It contains the definitions that should be
unzipped in the scanners folder
http://www.mcafee.com/us/downloads/updates/dat.asp


Download the trial of the command line scanner ,it is called "McAfee
VirusScan Command Line Scanners"

http://www.mcafee.com/us/downloads/evals/

You can also perform my malware removal instructions:
http://free.hit.bg/fightmalware/MRI.txt



Panda_man
" Let's beat malware black and blue "
" No new epidemics of all kind of malware -> Panda TruPrevent "

 

[David H. Lipman]

From: "Panda_man" <[email protected]>

| In addition to Malke's suggestions,you can download McAfee command line
| scanner and use it in "Safe Mode with command prompt"
|
| Download the ZIP file for Windows.It contains the definitions that should be
| unzipped in the scanners folder
| http://www.mcafee.com/us/downloads/updates/dat.asp
|
| Download the trial of the command line scanner ,it is called "McAfee
| VirusScan Command Line Scanners"
|
| http://www.mcafee.com/us/downloads/evals/
|
| You can also perform my malware removal instructions:
| http://free.hit.bg/fightmalware/MRI.txt
|
| Panda_man
| " Let's beat malware black and blue "
| " No new epidemics of all kind of malware -> Panda TruPrevent "

Panda_Man:

The Multi AV command line scanner automates the process of downloading extracting and
running the McAfee Command Line Scanner. Plus it add the scanners from Kaspersky, Sophos
and the Trend Micro Sysclean utility. All are doewnloaded and executed in an autimated
front end to running each scanner in an agressive manner.

If you are interested in learning HOW to to download the McAfee command Line Scanner and
execute it in the most effective manner, please email me at one or both of the following
email addresses. Just remove ~nospam~.

[email protected]
[email protected]

 

[Guest]

Sorry , ,I did not read you post.
I just read the first one-Malke's and then replied,sorry !

I think I 'll not email you because I read the instrctions you always
give to the users and these instructions are good. I like your Multi_AV
utility ,but don't like Sophos things.

Enjoy the day !

Panda_man
" Let's beat malware black and blue "
" No new epidemics of all kind of malware -> Panda TruPrevent "

 

[David H. Lipman]

From: "Panda_man" <[email protected]>

| Sorry , ,I did not read you post.
| I just read the first one-Malke's and then replied,sorry !
|
| I think I 'll not email you because I read the instrctions you always
| give to the users and these instructions are good. I like your Multi_AV
| utility ,but don't like Sophos things.
|
| Enjoy the day !
|
| Panda_man
| " Let's beat malware black and blue "
| " No new epidemics of all kind of malware -> Panda TruPrevent "
|

Panda_man:

The information I would provide is specific to using the McAfee Command Line Scanner and is
specific to what files to download, how to extract the needed files and the command line
options.

Thanx if your tried the Multi AV Scanning Tool and thought it was a good utility !

 

[Guest]

Yes,I tried it .Downloaded it from the link you offer in your posts.
It is very good .The combination you offer is useful

Panda_man

 

[David H. Lipman]

From: "Panda_man" <[email protected]>

| Yes,I tried it .Downloaded it from the link you offer in your posts.
| It is very good .The combination you offer is useful
|
| Panda_man

Thank you,
Thank you very much !

 

[Guest]

Thank you for your reply - I have now had a chance to try out your
suggestions but the viruses remained (Norton Systemworks is 2005 version and
completely up to date) - however having consolidated all replies and tried
them out I appear to have rid my system of the worst of the infections -
thank you again

 

[Guest]

David
Apologies for the delay in replying, however I have now had a chance to
install and run the various suggestions received and am very pleased to
report that all the troublesome problems seem to have been overcome - many
thanks for your help
regards
--
Bill Stevenson

From: "Bill Stevenson" <[email protected]>

| On running Norton SystemWorks the following are detected but cannot be fixed,
| quarantined or deleted
| MediaGateway.exe - Adware.MediaPass
| Update-sp2.html - Adware.CDT
| Update-sp3.html - Adware.CDT
| Update-sp5.html Adware.Istbar
| Vidctrl.exe - Trojan.LowZones
| Ra.req - Trojan.LowZones!req
| y.exe - Trojan.LowZones
| And on Microsoft AntiSpyware
| WindUpdates (Browser Plug-in) and WindUpdates Media.Access (Adware)
| My computer clock is often turned back by 13 hours - related??
| Many thanks in anticipation!!
| --
| Bill Stevenson

For non-viral malware...

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[Guest]

Thank you for your assistance in sorting my problems out - a combination of
actions as suggested have resulted in my system being hopefully rid of these
problems

 

[David H. Lipman]

From: "Bill Stevenson" <[email protected]>

| David
| Apologies for the delay in replying, however I have now had a chance to
| install and run the various suggestions received and am very pleased to
| report that all the troublesome problems seem to have been overcome - many
| thanks for your help
| regards

Fantastic !

Thanx for updating the thread.