|
-
February 13th, 2006, 07:46 PM
#11
The link wouldn't copy, but the one at the start of my hijack this log works
Sarcasm is a way of life 
-
February 13th, 2006, 08:18 PM
#12
Originally posted here by JonnyFrond
Flumps, what does all that stuff on the a-squared log mean then?
http://www.hijackfree.com/analyze/?...49-fbd004c1494a
I am up to date with everything as far as I am aware. I have to admit, I would rather learn about stuff to clear it all out than do a fresh install, as I have this running nicely at the moment, and I have had bad experiences with fresh installs in the past.
can anyone tell me how to deal with even just one of these, are the regestry entries that can be edited or deleted, or are they files that I can get rid of?
I'm starting to feel like part of a fern
If you think it's a Trojan then go to McAfee and download and run Stinger it will find the trojan and delete it.
Or...
CAUTION: We strongly recommend that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to back up the Windows Backup Registry guide for instructions.
1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value
Tweak UI "RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup"
4. Navigate to the key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
5. In the right pane, delete the value
Scheduling Agent "Scheduler.exe"
6. Click Registry, and click Exit.
this is from the link I provided in an earlier post (trojan removal)
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
February 13th, 2006, 09:40 PM
#13
Thanks, I have a starting point again.
Jon..J..J...J.Jo...Jonny Fron...Fro.....Frond
Sarcasm is a way of life
-
February 13th, 2006, 10:47 PM
#14
Hi Jonny,
Get the A-Squared application, update it and run it should do a better job, and it will let you save an HTML report.
I think the issue is that a-squared looks for "traces" and that could be what it is reporting.
The tool you are using comes up with a lot of "unknowns" so I wouldn't put too much faith in it unless you can actually find the malware.
-
February 13th, 2006, 11:04 PM
#15
Jon..J..J...J.Jo...Jonny Fron...Fro.....Frond
Is it just me that wonders if Jonny is always stoned?
Jonny... Rule one when troubleshooting an issue in computer software is "confirm". Running a single app that tells you one thing is useless. Running a second that does nothing to confirm or deny does notjing and, in this case, seems to be causing you more stress... Google Ad-Aware, Spybot and any other anti spyware program you can think of that is trustable. Run them all and compare the results. If you find similarities then there may be an issue... If there aren't it's called a "False Positive" and can usually be ignored.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 13th, 2006, 11:55 PM
#16
Right, I get it now nihil, that makes a lot more sense to me now.
Tiger this is what I need to know too, I have heard of the "False Positive" here before, and never know what it was, I take it to mean like ghosts in the machine. In that case, my computer is sparkling, and a little Mr Sheen on the screen should top it off.
Ok, I think I have all the info I need now, this thread can close thankyou.
And Tiger, the drugs don't work.....anymore.
Slpondgy Frondles 
Sarcasm is a way of life
-
February 14th, 2006, 12:08 AM
#17
And Tiger, the drugs don't work.....anymore.
LOL.... They sure seem to be....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 14th, 2006, 04:08 AM
#18
OK Folks, I think that I have cracked it. 
The application scans for stuff and produces a report. Where it reports something it will say something like Good = 1, Bad = 2 and will then name the malware that might have dropped it.
This DOES NOT mean that you actually have malware.
I just checked a couple and I only found the legitimate file in the correct access path. What it is saying is that you might have a problem and should check it out, either by seeing what the malware does or by confirming the access path and single instance of the file.
It is designed as an aid to manual analysis by advanced users, so it works a bit like HJT but with a built in interpreter. These are not true "false positives" just recommendations to look at certain items.
I guess if it reports all "Bad" it thinks it has found a definite malware.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
