An explanation

Discussion in 'Computers & Website Forum' started by Frogman, Apr 15, 2004.

  1. Frogman

    Frogman
    Expand Collapse
    <img src="http://www.churches.net/churches/fubc/Fr
    Moderator

    Joined:
    Jan 15, 2001
    Messages:
    5,492
    Likes Received:
    0
    I have grown suspicious of my computer. Last month I encountered a virus that prohibited me from getting online.

    when I would try to get online, I got a bogus page with links (like a search engine page) but none of the links would work.

    I had the McAfee anti-virus software with my computer. I was able to remove this virus , but somehow I lost the McAfee tools as well.

    So, I found out and downloaded a program from Avast! (called Avast found at avast.com).

    Now, this gives me a scanner for email and any file on open as well as internet scan of websites. I also have a 'virus' cleaner program with this.

    Once again my computer is acting odd. Although Avast runs in the background, and it has identified a trojan virus on my computer the virus cleaner cannot seem to deal with it.

    the virus name is; W:32SCKeylog[trj]

    Is there anyway I can access these four folders and manually clean them?

    They are:

    C:\ProgramFiles\Soft-Central\SC-Keylog\KlenA...folder could not be scanned
    C:\WINDOWS\cxotmx.exe.tmp...file could not be scanned
    C:\WINDOWS\Imhebwx.exe...file could not be scanned
    C:\WINDOWS\mteb.exe...file could not be scanned
    No virus body found
    Files scanning finished (73544 0 infected)
    Drives scanned:C:

    At the same time this scan was occurring, the avast shield was working; and it identified three infected files;

    I deleted the files, restarted the system, and the avast program immediately identified another file, all of them were 'keylog' trj with differing file names usually just lowercase alphabet and different extensions.

    I turned my 'backup' utility off during the scan and it is still off.

    Any suggestions?

    Even though the program identifies and deletes the virus, each time I restart it tells me my computer is infected.


    Bro. Dallas :confused:
     
  2. SpiritualMadMan

    SpiritualMadMan
    Expand Collapse
    New Member

    Joined:
    Nov 10, 2003
    Messages:
    2,734
    Likes Received:
    0
    The anti-virus software is not finding the root source of the trojan/virus on your system and it is also not finding the Registry Entries that reload/reinfect your system each time you boot.

    I use a combination of tools to protect my systems at home.

    I use ZoneAlarm to help keep my low profile while on line.

    I use NAV for viruses and trojans.

    I have turned off Active-X support in my Browser... If you happen to drop-in at a hostile site... Chances are they will use an Active-X control to download and install their trojan.

    I also have my Cookies set to ask each time a new one is requested.

    I only accept cookies from sites I am familiar with and plan to re-visit. All others gets a permanent 'NO'.

    Ad-Aware and Pest Patrol may also be of help.

    I would be suspicious of any games or utilities you may have downloaded recently...

    If a virus or trojan was included in such a program... You can be sure that the un-install will not delete all files, folders, or Registry Entries...

    From what you've shared... You need hands on help...

    Symantec has some trialware on it's site that may help.

    If your version of Windows allows it and the Anti-Virus software will run in safe mode try that.

    Make sure your virus definitions are up to date, though.

    If possible boot to a known 'Clean' CD or Floppy and run the Anti-Virus software from the CD it came on. Most can do that.

    Do run Ad-Aware and/or Pest Patrol. They may know of a program on your system that does not have an identifiable virus or trojan until it is re-installed. (Of course then it is too late, again.)

    There is also the possibility of 'false positives'. Where an Anti-Virus Program identifies a 'friendly' program as a Virus or Trojan because of it's 'signature' in 'code'.

    NOrton Anti-Virus (Symantec) has the ability to 'Inoculate' your boot sector (once it's cleaned).

    Also, make sure that your Anti-Virus software is set to scan *ALL* files. And, *Inside Compressed Files*. This *is* important. It will take a lot longer but, hopefully, may be the ONLY way to find the culprit.

    Hope this helps.
     
  3. Frogman

    Frogman
    Expand Collapse
    <img src="http://www.churches.net/churches/fubc/Fr
    Moderator

    Joined:
    Jan 15, 2001
    Messages:
    5,492
    Likes Received:
    0
    Thanks, I will follow your suggestions.

    bro. Dallas [​IMG]
     

Share This Page

Loading...