AVG free test results

fred_7038 · Jan 4, 2007

Hi, I am running avg free when I scan I get a green check with no
viruses but under virus results I get 3 items
C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\drivers\etc\hosts . result on all 3 change status
changed also running windows defender and its not finding anything was
gettng 1's in text of messanger that I didnt type and got some kind of
error on screen that somthing was stoped from executing in memory .Any
idea whats going on?Thanks in advance

Dustbin · Jan 4, 2007

Hi, I am running avg free when I scan I get a green check with no
viruses but under virus results I get 3 items
C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\drivers\etc\hosts . result on all 3 change status
changed also running windows defender and its not finding anything was
gettng 1's in text of messanger that I didnt type and got some kind of
error on screen that somthing was stoped from executing in memory
.Any idea whats going on?Thanks in advance

Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!
Never believe AVG!

Now, get rid of it.

David H. Lipman · Jan 4, 2007

From: <[email protected]>

| Hi, I am running avg free when I scan I get a green check with no
| viruses but under virus results I get 3 items
| C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\shell32.dll
| C:\WINDOWS\system32\drivers\etc\hosts . result on all 3 change status
| changed also running windows defender and its not finding anything was
| gettng 1's in text of messanger that I didnt type and got some kind of
| error on screen that somthing was stoped from executing in memory .Any
| idea whats going on?Thanks in advance

Look to see if the Hosts files has catually changed...

notepad C:\WINDOWS\system32\drivers\etc\hosts

KERNEL32.DLL and SHELL32.DLL may have changed by installing a MS Critical Update (HotFix).

fred_7038 · Jan 5, 2007

Hi, I uninstalled avg and put in a trial version of Kaspersky It only
found 2 ad aware and no viruses 1I had it scan password protected
archives and get a few odd ones like this File
C:\...\Recovery\WarezPP7.zip/sbRecovery.ini
C:\...\Recovery\FunWebProducts.zip.ini any Idea what these are? if you
noticed the 1 in my text above it wasnt typed by me this is what it is
doing besides that seems like all is running fairly good.I noticed on
my first screen that it is not displaying Hyperthreading as being
on.When I put thi1s in notepad notepad
C:\WINDOWS\system32\drivers\etc\hosts I get the following text
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host
name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

Thanks with any help.

David H. Lipman · Jan 5, 2007

From: <[email protected]>

| Hi, I uninstalled avg and put in a trial version of Kaspersky It only
| found 2 ad aware and no viruses 1I had it scan password protected
| archives and get a few odd ones like this File
| C:\...\Recovery\WarezPP7.zip/sbRecovery.ini
| C:\...\Recovery\FunWebProducts.zip.ini any Idea what these are? if you
| noticed the 1 in my text above it wasnt typed by me this is what it is
| doing besides that seems like all is running fairly good.I noticed on
| my first screen that it is not displaying Hyperthreading as being
| on.When I put thi1s in notepad notepad
| C:\WINDOWS\system32\drivers\etc\hosts I get the following text

Warez files -- D'oh !

What did you expect ?

fred_7038 · Jan 5, 2007

My daughter has been using this pc will have a talk with her but that
doesnt solve my problem I have my search in programs but I cant delete
it I know this is spyware also ran spyware blaster.Just need to
straighten this thing out.

fred_7038 · Jan 5, 2007

My daughter has been using this pc will have a talk with her but that
doesnt solve my problem I have my search in programs but I cant delete
it I know this is spyware also ran spyware blaster.Just need to
straighten this thing out.

David H. Lipman · Jan 5, 2007

From: <[email protected]>

| My daughter has been using this pc will have a talk with her but that
| doesnt solve my problem I have my search in programs but I cant delete
| it I know this is spyware also ran spyware blaster.Just need to
| straighten this thing out.

If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1

For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

William · Jan 5, 2007

[placed top-post on bottom for easier reply]

Hi, I uninstalled avg and put in a trial version of Kaspersky It only
found 2 ad aware and no viruses 1I had it scan password protected
archives and get a few odd ones like this File
C:\...\Recovery\WarezPP7.zip/sbRecovery.ini
C:\...\Recovery\FunWebProducts.zip.ini any Idea what these are? if you
noticed the 1 in my text above it wasnt typed by me this is what it is
doing besides that seems like all is running fairly good.I noticed on
my first screen that it is not displaying Hyperthreading as being
on.When I put thi1s in notepad notepad
C:\WINDOWS\system32\drivers\etc\hosts I get the following text
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host
name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

Thanks with any help.

That appears to be an unedited hosts file. The purpose of the hosts
file is a reference of IP addresses for certain domains before seeking
the IP dress from a DNS Server. A lot of people use the hosts file to
block certain domains from accessing their PC by redirecting a domain
name to localhost IP 127.0.0.1 (i.e. 127.0.0.1
www.doubleclick.com). Notice that there are no # symbols in that entry,
as the # symbol tells the OS to ignore that line for the purposes of
web-filtering/routing, as the usage of the # symbol is often used for
comments to the administrator.

While the hosts file can be used for purposes of web-filtering, or to
speed up loading certain domains by cutting out the DNS server for those
domains, it has been known to be used for malicious purposes (i.e.
redirecting google to coolwebsearch, etc.). Since your hosts file
appears to have never been touched, that is not appear to be the source
of any of your present problems.

One more thing about the hosts file is that while it works for IE and
even for OE and WMP, it doesn't work for certain overlaying applications
such as Firefox or Thunderbird (but there is a way to configure these to
bad sites).

Now, about your other problems. With 1s randomly being inserted, this
could very well be just a bad keyboard. However, if you suspect
malware, than I'd recommend following David Lipman's instructions from
previous posts with his multi-AV utility. Good luck and I hope thing
work out.

Regards,

Will

fred_7038 · Jan 5, 2007

Hi, was older version of Java removed it completly now running a
program called spyhunter 2.8 lists alot of cookies and zlob.trojan in
Registery to get rid of it however I have to purchase full version.
Also cant uninstall ICQ toolbar not showing up in internet explorer but
still in list of programs also my search says module missing when i try
to dump that.I notice your spyware link do you think this would get rid
of zlob?Or any adive on removal?Thanks in advance

From: <[email protected]>

| My daughter has been using this pc will have a talk with her but that
| doesnt solve my problem I have my search in programs but I cant delete
| it I know this is spyware also ran spyware blaster.Just need to
| straighten this thing out.

If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1

For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

fred_7038 · Jan 5, 2007

Hi, was older version of Java removed it completly now running a
program called spyhunter 2.8 lists alot of cookies and zlob.trojan in
Registery to get rid of it however I have to purchase full version.
Also cant uninstall ICQ toolbar not showing up in internet explorer but
still in list of programs also my search says module missing when i try
to dump that.I notice your spyware link do you think this would get rid
of zlob?Or any adive on removal?Thanks in advance

From: <[email protected]>

| My daughter has been using this pc will have a talk with her but that
| doesnt solve my problem I have my search in programs but I cant delete
| it I know this is spyware also ran spyware blaster.Just need to
| straighten this thing out.

If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1

For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

fred_7038 · Jan 5, 2007

Sorry for the double posts

William said:
[placed top-post on bottom for easier reply]

Hi, I uninstalled avg and put in a trial version of Kaspersky It only
found 2 ad aware and no viruses 1I had it scan password protected
archives and get a few odd ones like this File
C:\...\Recovery\WarezPP7.zip/sbRecovery.ini
C:\...\Recovery\FunWebProducts.zip.ini any Idea what these are? if you
noticed the 1 in my text above it wasnt typed by me this is what it is
doing besides that seems like all is running fairly good.I noticed on
my first screen that it is not displaying Hyperthreading as being
on.When I put thi1s in notepad notepad
C:\WINDOWS\system32\drivers\etc\hosts I get the following text
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host
name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

Thanks with any help.

Click to expand...

That appears to be an unedited hosts file. The purpose of the hosts
file is a reference of IP addresses for certain domains before seeking
the IP dress from a DNS Server. A lot of people use the hosts file to
block certain domains from accessing their PC by redirecting a domain
name to localhost IP 127.0.0.1 (i.e. 127.0.0.1
www.doubleclick.com). Notice that there are no # symbols in that entry,
as the # symbol tells the OS to ignore that line for the purposes of
web-filtering/routing, as the usage of the # symbol is often used for
comments to the administrator.

While the hosts file can be used for purposes of web-filtering, or to
speed up loading certain domains by cutting out the DNS server for those
domains, it has been known to be used for malicious purposes (i.e.
redirecting google to coolwebsearch, etc.). Since your hosts file
appears to have never been touched, that is not appear to be the source
of any of your present problems.

One more thing about the hosts file is that while it works for IE and
even for OE and WMP, it doesn't work for certain overlaying applications
such as Firefox or Thunderbird (but there is a way to configure these to
bad sites).

Now, about your other problems. With 1s randomly being inserted, this
could very well be just a bad keyboard. However, if you suspect
malware, than I'd recommend following David Lipman's instructions from
previous posts with his multi-AV utility. Good luck and I hope thing
work out.

Regards,

Will

William · Jan 5, 2007

Hi, was older version of Java removed it completly now running a
program called spyhunter 2.8 lists alot of cookies and zlob.trojan in
Registery to get rid of it however I have to purchase full version.
Also cant uninstall ICQ toolbar not showing up in internet explorer
but still in list of programs also my search says module missing when
i try to dump that.I notice your spyware link do you think this would
get rid of zlob?Or any adive on removal?Thanks in advance

From: <[email protected]>

| My daughter has been using this pc will have a talk with her but
| that doesnt solve my problem I have my search in programs but I
| cant delete it I know this is spyware also ran spyware blaster.Just
| need to straighten this thing out.

If you are using any version of Sun Java that is prior to JRE Version
6.0, then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being
exploited.

It is highly suggested that you update to the latest version which is
Sun Java JRE/JSE Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1

For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe
Mode.

I also suggest downloading, installing and updating BHODemon for any
Browser Helper Objects that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a8753
9eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder
C:\AV-CLS } Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow
WGET.EXE to go through your FireWall to allow it to download the
needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
C:\AV-CLS} This will bring up the initial menu of choices and should
be executed in Normal Mode. This way all the components can be
downloaded from each AV vendor's web site. The choices are; Sophos,
Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed
files or you can download the files and perform a scan in Normal
Mode. Once you have downloaded the files needed for each scanner you
want to use, you should reboot the PC into Safe Mode [F8 key during
boot] and re-run the menu again and choose which scanner you want to
run in Safe Mode. It is suggested to run the scanners in both Safe
Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

Click to expand...

Here's a note for you on spyhunter. It used to be classified as a
rogue/suspect anti spyware program. I still, personally, wouldn't trust
anything from enigmasoft.

Regards,

Will

William · Jan 5, 2007

Hi, was older version of Java removed it completly now running a
program called spyhunter 2.8 lists alot of cookies and zlob.trojan in
Registery to get rid of it however I have to purchase full version.
Also cant uninstall ICQ toolbar not showing up in internet explorer
but still in list of programs also my search says module missing when
i try to dump that.I notice your spyware link do you think this would
get rid of zlob?Or any adive on removal?Thanks in advance

From: <[email protected]>

| My daughter has been using this pc will have a talk with her but
| that doesnt solve my problem I have my search in programs but I
| cant delete it I know this is spyware also ran spyware blaster.Just
| need to straighten this thing out.

If you are using any version of Sun Java that is prior to JRE Version
6.0, then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being
exploited.

It is highly suggested that you update to the latest version which is
Sun Java JRE/JSE Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1

For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe
Mode.

I also suggest downloading, installing and updating BHODemon for any
Browser Helper Objects that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a8753
9eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder
C:\AV-CLS } Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow
WGET.EXE to go through your FireWall to allow it to download the
needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
C:\AV-CLS} This will bring up the initial menu of choices and should
be executed in Normal Mode. This way all the components can be
downloaded from each AV vendor's web site. The choices are; Sophos,
Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed
files or you can download the files and perform a scan in Normal
Mode. Once you have downloaded the files needed for each scanner you
want to use, you should reboot the PC into Safe Mode [F8 key during
boot] and re-run the menu again and choose which scanner you want to
run in Safe Mode. It is suggested to run the scanners in both Safe
Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

Click to expand...

I should have included some trusted applications. While I haven't been
keeping up to date with some of the new names I've seen, lavasoft adware
and spybot s&d are still at the top of my list. Also, a nice commercial
product is Webroot Spysweeper, which, AFAIK, is fully functional during
it's 30-day trial period. Finally, you mentioned that it was some kind
of Trojan. If that's the case, than if David Lipan's tools don't find
it, another commercial trial-ware product you may wish to consider is
Moosofts anti-trojan utility called The Cleaner (downloadable from
moosoft.com).

Once again, cheers and good luck,

Will

Frazer Jolly Goodfellow · Jan 5, 2007

latest version which is Sun Java JRE/JSE Version 6.0

Confused. The latest is version 5 update 10, according to your second
reference <http://www.java.com/en/download/manual.jsp>, and that's
the version that gets downloaded if you run the Java updater from a
Windows PC.

William · Jan 5, 2007

Confused. The latest is version 5 update 10, according to your second
reference <http://www.java.com/en/download/manual.jsp>, and that's
the version that gets downloaded if you run the Java updater from a
Windows PC.

Ya, sun is kind of messed up right now on clearly stating what products
they offer. The latest version is Sun Java 6.0.

Regards,

Will

David H. Lipman · Jan 5, 2007

From: <[email protected]>

| Hi, was older version of Java removed it completly now running a
| program called spyhunter 2.8 lists alot of cookies and zlob.trojan in
| Registery to get rid of it however I have to purchase full version.
| Also cant uninstall ICQ toolbar not showing up in internet explorer but
| still in list of programs also my search says module missing when i try
| to dump that.I notice your spyware link do you think this would get rid
| of zlob?Or any adive on removal?Thanks in advance
|

Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html

Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

ALTERNATE:

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *

David H. Lipman · Jan 5, 2007

From: "Frazer Jolly Goodfellow" <[email protected]>

| Confused. The latest is version 5 update 10, according to your second
| reference <http://www.java.com/en/download/manual.jsp>, and that's
| the version that gets downloaded if you run the Java updater from a
| Windows PC.

In the center of the page...
"Java Runtime Environment (JRE) 6"
http://java.sun.com/javase/downloads/index.jsp

David W. Hodgins · Jan 5, 2007

Confused. The latest is version 5 update 10, according to your second
reference <http://www.java.com/en/download/manual.jsp>, and that's

Select Download for "Java Runtime Environment (JRE) 6" from
http://java.sun.com/javase/downloads/index.jsp

Regards, Dave Hodgins

ICU · Jan 9, 2007

David or anyone else:
A couple of days, in a reply to (e-mail address removed) about a error problem
that he was having with installing AVG, you suggested he look in c:
\windows\system32\drivers\etc\hosts for two files KERNEL32.DLL and
SHELL32.DLL to see if they had been changes.

Today after running AVG (free) I got a message in the test results that
said "reading error c:\windows\system32\drivers\etc\hosts" .

No other problems were noted, no virus detected.

When I looked in c:\windows\system32\drivers\etc\hosts, neither of the
two files you mentioned were present, folder was comletely empty.

You also mentioned to (e-mail address removed) to check his java verson to see
if it was up todate...I don't have java installed.

I use Firefox 2.0, this I mention because at the Java site you posted it
doesn't refer to FireFox 2 only 1.5 , I think I'm correct on that.(G)

My question is about the two *.DLL files that apparently are missing and
the read error for the folder that you say they should be in?

Any help on this would be appreciated.

ICU

AVG - false poisitve?	2	Feb 18, 2007
Problema AVG e file "hosts"	2	Feb 1, 2008
AVG result explanation	4	Jan 18, 2006
Computer freezes	13	Feb 19, 2010
AVG free 8.5 warning	20	Sep 1, 2009
no virus found, but shell32.dll changed	6	Oct 19, 2005
Disappearing HOSTS File in XP Pro SP2	11	Aug 7, 2009
shell32.dll change?	5	Feb 25, 2007

AVG free test results

fred_7038

Dustbin

David H. Lipman

fred_7038

David H. Lipman

fred_7038

fred_7038

David H. Lipman

William

fred_7038

fred_7038

fred_7038

William

William

Frazer Jolly Goodfellow

William

David H. Lipman

David H. Lipman

David W. Hodgins

ICU

Ask a Question

Similar Threads