|
-
August 26th, 2004, 07:12 AM
#1
Junior Member
Downloader.lstbar.4.G
i run a scan and this comes up
Downloader.lstbar.4.G
i can not get rid of it.
can any one help me with this problem?
thank you.
3nails
-
August 26th, 2004, 10:20 AM
#2
What did the scan..?
What research have you done?
Have you tried the holy trio?
Adaware se - install, update, scan, clean
Spybot S&D - install, update, scan, clean
HiJackthis - post the log (only remove items under advice)
oh and the assumption is that you are useing WinXP Home ..unless you tell us otherwise.. it does help if you tell us that at some time..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 26th, 2004, 10:42 AM
#3
Hi Undies......................I think that he is running AVG  ................at least that is the name they use.
3nails
Please go to this forum and read it carefully:
http://computercops.biz/postt65123.html
You will also find links there to the software that has been mentioned. Remember to run it in SAFE MODE  Cleaning tools have a much better chance of getting rid of things that have not activated.
Good luck, and please answer Und3ertak3r's questions
-
August 26th, 2004, 04:00 PM
#4
Junior Member
holy trio
i have not used them all..yet.. adaware doesn't detect it. the avg detects it but can not clean/delete it. will get spy bot s&d and use it. will post results.
thank you.
OS is xp pro sp2.
anti-virus is avg 7.0 professional.
3nails
-
August 26th, 2004, 07:36 PM
#5
Junior Member
way too much...
i have definitely entered an area where i do not know what is what....... i guess i'll just have to work it out until i can't.. then i'll at least have some valid questions...
thank you.
3nails
-
August 26th, 2004, 09:04 PM
#6
Most downloader. trojans are in the System Volume Information Folder (System Protected Folder). Since you don't have access to the folder by default AVG can not remove the virus/trojan.
In this thread you will most likely find the answer:
http://www.antionline.com/showthread...me+information
-
September 1st, 2004, 11:49 PM
#7
Junior Member
to all that have helped...
thanks for the replies..
i'll just have to keep at it
3nails
-
September 2nd, 2004, 12:26 AM
#8
Try posting a HijackThis log if you're still having problems. Maybe one of us will see something usefull....
If you don't have that you can get it free at http://www.downloads.subratam.org/hijackthis.zip
Just be careful!!! It's easy to mess things up if you fix the wrong thing!!
-
September 2nd, 2004, 06:39 PM
#9
Junior Member
HiJackthis log result
Logfile of HijackThis v1.98.2
Scan saved at 9:46:24 AM, on 9/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\system32\Server.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry] C:\WINDOWS\system32\Server.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ImInstaller] C:\DOCUME~1\Helen\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -product IncrediMail
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0408d439...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
-
September 2nd, 2004, 06:51 PM
#10
I don't see anything for the istbar.... what is the exact nature of the warnings you are getting? Include where AVG says it is located.
A few other things....
O4 - HKLM\..\Run: [Registry] C:\WINDOWS\system32\Server.exe Looks suspicious. Navigate to file in question and look at the properties. See what it says. If you recognize it for something good leave it alone. If you don't then rename it and move it to your desktop and see what happens when you boot without it.
You have the Sygate firewall running (good choice) but it also seems that you have the Windows firewall running too. I would turn off the Windows firewall. Having two running, IMO, could lead to conflicts.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
