Downloader.lstbar.4.G

Printable View

Show 40 post(s) from this thread on one page

August 26th, 2004, 07:12 AM
3nails

Downloader.lstbar.4.G

i run a scan and this comes up
Downloader.lstbar.4.G
i can not get rid of it.
can any one help me with this problem?
thank you.
3nails
August 26th, 2004, 10:20 AM
Und3ertak3r

What did the scan..?
What research have you done?

Have you tried the holy trio?
Adaware se - install, update, scan, clean
Spybot S&D - install, update, scan, clean
HiJackthis - post the log (only remove items under advice)

oh and the assumption is that you are useing WinXP Home ..unless you tell us otherwise.. it does help if you tell us that at some time..

Cheers
August 26th, 2004, 10:42 AM
nihil

Hi Undies......................I think that he is running AVG ;) ................at least that is the name they use.

3nails

Please go to this forum and read it carefully:

http://computercops.biz/postt65123.html

You will also find links there to the software that has been mentioned. Remember to run it in SAFE MODE :) Cleaning tools have a much better chance of getting rid of things that have not activated.

Good luck, and please answer Und3ertak3r's questions
August 26th, 2004, 04:00 PM
3nails

holy trio

i have not used them all..yet.. adaware doesn't detect it. the avg detects it but can not clean/delete it. will get spy bot s&d and use it. will post results.
thank you.
OS is xp pro sp2.
anti-virus is avg 7.0 professional.
3nails
August 26th, 2004, 07:36 PM
3nails

way too much...

i have definitely entered an area where i do not know what is what....... i guess i'll just have to work it out until i can't.. then i'll at least have some valid questions...
thank you.
3nails
August 26th, 2004, 09:04 PM
©opy®ight

Most downloader. trojans are in the System Volume Information Folder (System Protected Folder). Since you don't have access to the folder by default AVG can not remove the virus/trojan.

In this thread you will most likely find the answer:

http://www.antionline.com/showthread...me+information
September 1st, 2004, 11:49 PM
3nails

to all that have helped...
thanks for the replies..
i'll just have to keep at it
3nails
September 2nd, 2004, 12:26 AM
meeeeeee

Try posting a HijackThis log if you're still having problems. Maybe one of us will see something usefull....

If you don't have that you can get it free at http://www.downloads.subratam.org/hijackthis.zip

Just be careful!!! It's easy to mess things up if you fix the wrong thing!!
September 2nd, 2004, 06:39 PM
3nails

HiJackthis log result

Logfile of HijackThis v1.98.2
Scan saved at 9:46:24 AM, on 9/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\system32\Server.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry] C:\WINDOWS\system32\Server.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ImInstaller] C:\DOCUME~1\Helen\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -product IncrediMail
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0408d439...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
September 2nd, 2004, 06:51 PM
meeeeeee

I don't see anything for the istbar.... what is the exact nature of the warnings you are getting? Include where AVG says it is located.

A few other things....

O4 - HKLM\..\Run: [Registry] C:\WINDOWS\system32\Server.exe Looks suspicious. Navigate to file in question and look at the properties. See what it says. If you recognize it for something good leave it alone. If you don't then rename it and move it to your desktop and see what happens when you boot without it.

You have the Sygate firewall running (good choice) but it also seems that you have the Windows firewall running too. I would turn off the Windows firewall. Having two running, IMO, could lead to conflicts.

:)

Show 40 post(s) from this thread on one page