P
PA Bear [MS MVP]
[Scares me!]
Buffalo wrote:
Buffalo wrote:
Works like a charm.PA said:
I thought it was preferable to do these thing (e.g. anti virus scans)
in Safe Mode to prevent stealth virii from going into stealth mode.
The only thing safer than the Safe Mode is to boot up from a WIN PE or
BART PE CD ?
[snip]David said:The saga continues.After the initial cleanup using Malwarebytes Anti-Malware and
SUPERAntiSpyware,
MBAM found an additional Trojan.Downloader in a system restore
point. Next day, it found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows \iepinit_dlls (Spyware.Agent.H) ->
Quarantined and deleted successfully.
and C:\WINDOWS\system32\nvaux32.dll (Spyware.Agent.H)Next day,
my Computer Associates AntiVirus v8 reported a couple of instances
of: Win32/Pruserinf.Y
on the infected laptop, and now also on a Desktop PC that was shared
via a network share!Win32::Zbot-ASN [Trj]I Installed avast! on the laptop, and during the initial boot up
scan, it found:
Win32::Invo [Cryp]
But now, CA anti-virus on the laptop crashes (conflict with avast!
?)My laptop Firewall (ZoneAlarm free) reports outbound requests in the
middle of the night from strangely named .exe file from the Windows
\temp folder.I've also upgrade the MSIE on the laptop to v7, but use Firefox v3
as the default.Is there something still hiding in the laptop, and generating all
these other trojans?
You can have only one fully installed anti virus application
performing both "On Demand" and "On Access" scanning. You can't have
two.
You can however supplement that one fully installed anti virus
application with additional "On Demand" anti virus scanners. These
can be online scanners or command line scanners than run locally.
You are still infected. There should be NO applications running from
the TEMP folder. So if ZA is indicating there is "...outbound
requests in the
middle of the night from strangely named .exe file from the Windows
.\temp folder..." you still have a problem.
Start by uninstalling Avast and see if that corrects CA anti-virus.
Shouldn't he shut off his System Restore since the virus(s) seem to be
in there and empty out his temp and TIF files?
Dustin said:David said:From: <[email protected]>
The saga continues.
After the initial cleanup using Malwarebytes Anti-Malware and
SUPERAntiSpyware,
MBAM found an additional Trojan.Downloader in a system restore
point. Next day, it found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows \iepinit_dlls (Spyware.Agent.H) ->
Quarantined and deleted successfully.
and C:\WINDOWS\system32\nvaux32.dll (Spyware.Agent.H)
Next day,
my Computer Associates AntiVirus v8 reported a couple of instances
of: Win32/Pruserinf.Y
on the infected laptop, and now also on a Desktop PC that was
shared via a network share!
I Installed avast! on the laptop, and during the initial boot up
scan, it found:
Win32::Zbot-ASN [Trj]
Win32::Invo [Cryp]
But now, CA anti-virus on the laptop crashes (conflict with avast!
?)
My laptop Firewall (ZoneAlarm free) reports outbound requests in
the middle of the night from strangely named .exe file from the
Windows \temp folder.
I've also upgrade the MSIE on the laptop to v7, but use Firefox v3
as the default.
Is there something still hiding in the laptop, and generating all
these other trojans?
You can have only one fully installed anti virus application
performing both "On Demand" and "On Access" scanning. You can't
have two.
You can however supplement that one fully installed anti virus
application with additional "On Demand" anti virus scanners. These
can be online scanners or command line scanners than run locally.
You are still infected. There should be NO applications running
from the TEMP folder. So if ZA is indicating there is "...outbound
requests in the
middle of the night from strangely named .exe file from the Windows
.\temp folder..." you still have a problem.
Start by uninstalling Avast and see if that corrects CA anti-virus.
[snip]
Shouldn't he shut off his System Restore since the virus(s) seem to
be in there and empty out his temp and TIF files?
Not right away. One could lose useful registry data and/or potentially
good files.