Hi,
I’ve been having a couple virus/spyware problems. I first used adaware and spybot search and destroy to get rid of a bunch of spyware that was on my computer. This was after I suddenly received the message that windows firewall had been disabled. Security Center couldn’t re-enable it and so the message advised me to go straight to firewall settings in control panel, but “due to an unidentified problem...” or something of the sort, that applet wouldn’t even load. So no way to re-enable my firewall. I then removed a bunch of spyware from my pc (from safe-mode, with restarts, etc…). This didn’t work cos my McAfee viruscan 7 pro kept on detecting viruses (spy-agent.an, proxy-agent.k.gen, etc) but couldn’t remove them as they kept coming back. Then I also found this file “tool3.exe” in my root folder which I couldn’t delete. Then with the help of a little utility smitrem.exe and doing this in safe mode I was able to get rid of the tool3.exe and some other stuff. I also scanned with CWShredder, XoftSpy and hijackthis but they found nothing. Also used mcAfee’s stinger.exe utility, also nothing.
Eventually I was able to get my firewall back online with SharedAccess.reg http://windowsxp.mvps.org/sharedaccess.htm
Then I installed ZoneAlarm’s latest virusscan/firewall, cos my mcAfee virusscan 7 found the spy-agent.an on every scan, but couldn’t remove it. This spy-agent.an kept on trying to access the internet. I don’t know if this is actually so, but it seemed that everytime I scanned my computer (and the virus was detected by mcAfee) it would activate. At that time it creates a process with a different name every time, something like “C4D3.tmp”. This file showed up in a list of processes that connect to the internet. I found these files in my windows/temp folder and also in a windows/prefetch folder. There’s also an executable called ym11[1].exe that found a home in my “local settings\temporary internet files\content.ie5\CHMFG5IJ” folder. I also used Complete Internet Cleanup to try and empty all that, but it’s no use, it stays there (or maybe is copied there from somewhere else).
Anyway, a normal scan with zonealarm’s latest software doesn’t detect any virus, although its firewall does report the processes trying to access the internet zone and the trusted zone. I’m performing a byte by byte virusscan now.
Also, after I installed zonealarm I couldn’t access the internet any longer: Limited or no connectivity error. I found the answer to that here https://www.pcreview.co.uk/forums/thread-1701201.php
This solved that problem:
1. from cmd: netsh int ip reset resetlog.txt
2. From cmd: netsh winsock reset
3. Reboot
So all that seems to be remaining is this “virus” or whatever it is, that creates processes…
Does anyone recognize this?
Thanks,
Vincent
I’ve been having a couple virus/spyware problems. I first used adaware and spybot search and destroy to get rid of a bunch of spyware that was on my computer. This was after I suddenly received the message that windows firewall had been disabled. Security Center couldn’t re-enable it and so the message advised me to go straight to firewall settings in control panel, but “due to an unidentified problem...” or something of the sort, that applet wouldn’t even load. So no way to re-enable my firewall. I then removed a bunch of spyware from my pc (from safe-mode, with restarts, etc…). This didn’t work cos my McAfee viruscan 7 pro kept on detecting viruses (spy-agent.an, proxy-agent.k.gen, etc) but couldn’t remove them as they kept coming back. Then I also found this file “tool3.exe” in my root folder which I couldn’t delete. Then with the help of a little utility smitrem.exe and doing this in safe mode I was able to get rid of the tool3.exe and some other stuff. I also scanned with CWShredder, XoftSpy and hijackthis but they found nothing. Also used mcAfee’s stinger.exe utility, also nothing.
Eventually I was able to get my firewall back online with SharedAccess.reg http://windowsxp.mvps.org/sharedaccess.htm
Then I installed ZoneAlarm’s latest virusscan/firewall, cos my mcAfee virusscan 7 found the spy-agent.an on every scan, but couldn’t remove it. This spy-agent.an kept on trying to access the internet. I don’t know if this is actually so, but it seemed that everytime I scanned my computer (and the virus was detected by mcAfee) it would activate. At that time it creates a process with a different name every time, something like “C4D3.tmp”. This file showed up in a list of processes that connect to the internet. I found these files in my windows/temp folder and also in a windows/prefetch folder. There’s also an executable called ym11[1].exe that found a home in my “local settings\temporary internet files\content.ie5\CHMFG5IJ” folder. I also used Complete Internet Cleanup to try and empty all that, but it’s no use, it stays there (or maybe is copied there from somewhere else).
Anyway, a normal scan with zonealarm’s latest software doesn’t detect any virus, although its firewall does report the processes trying to access the internet zone and the trusted zone. I’m performing a byte by byte virusscan now.
Also, after I installed zonealarm I couldn’t access the internet any longer: Limited or no connectivity error. I found the answer to that here https://www.pcreview.co.uk/forums/thread-1701201.php
This solved that problem:
1. from cmd: netsh int ip reset resetlog.txt
2. From cmd: netsh winsock reset
3. Reboot
So all that seems to be remaining is this “virus” or whatever it is, that creates processes…
Does anyone recognize this?
Thanks,
Vincent