spybot worm

  • Thread starter Thread starter news
  • Start date Start date
N

news

I KEEP getting spybot

I removed it and the registry files as said by Norton, but it keeps coming
back.

I have Norton, should I buy something else? My windows update fails
(timeout).
 
I KEEP getting spybot

I removed it and the registry files as said by Norton, but it keeps coming
back.
Click to expand...

Could be:

1. In your System Restore.
2. You haven't done all the MS patches.
3. You have a undetected Trojan that keeps reinstalling Spybot.
4. You don't use a firewall or router/firewall.
I have Norton, should I buy something else? My windows update fails
(timeout).
Click to expand...

Try the KASFX util from my web site. It uses the Kaspersky scan
engine.

Art

http://home.epix.net/~artnpeg
 
From: "news" <[email protected]>

| I KEEP getting spybot
|
| I removed it and the registry files as said by Norton, but it keeps coming
| back.
|
| I have Norton, should I buy something else? My windows update fails
| (timeout).
|

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
I just removed worker.class after a full scan. The Win update wont work.
Probably a virus disabled the option.

I have lost 3 disks to malware, and it is finally cheaper to buy a new disk
and waste hours on this one.

I am very tired of it

How can I get a firewall working? Is this a router?
 
(e-mail address removed) AKA news on 12/8/2005 in
I just removed worker.class after a full scan. The Win update wont
work. Probably a virus disabled the option.
Click to expand...

Check your hosts file.
I have lost 3 disks to malware, and it is finally cheaper to buy a
new disk and waste hours on this one.
Click to expand...

You need to learn how to protect yourself.
I am very tired of it
Click to expand...

I'm surprised you haven't thrown it out the window ;)
How can I get a firewall working? Is this a router?
Click to expand...

Are you using XP SP2? It has a simple firewall.

Stop using Outlook Express. Use a more secure e-mail client(I use
Thunderbird)
Stop using Internet Explorer. Use a more secure browser.(I use Firefox)

No AV will protect you from yourself.


I have written some pages to help you clean your system and keep it
that way.(see below)
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Playing Nice on Usenet: http://oakroadsystems.com/genl/unice.htm#xpost
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236
 
news said:
I KEEP getting spybot

I removed it and the registry files as said by Norton, but it keeps coming
back.

I have Norton, should I buy something else? My windows update fails
(timeout).
Click to expand...

News,

In addition to the excellent advice from Art, Max and Dave:

1) Whatever you do, DO NOT start throwing (resident) AV applications
at your problem. Most of them do not like each other (talk about
Registry problems), and un-installing an AV app is usually not
trivial, particularly with NAV. If you want a second opinion, try one
of the online AV scanners. All are freely available, but some provide
detection only, not removal or quarantine. Most require the use of
ActiveX (IE).

Kaspersky AV: Free Online Virus Scanner - detection only
(http://www.kaspersky.com/virusscanner)
Trend Micro HouseCall - detection and removal
(http://housecall.trendmicro.com/housecall/start_corp.asp)
BitDefender Online Scanner - detection and removal
(http://www.bitdefender.com/scan8/ie.html)
Panda ActiveScan - detection and removal
(http://www.pandasoftware.com/products/activescan.htm)
Dr.Web CureIT! - detection and removal
(http://download.drweb.com/drweb+antivirus+free+services/)
PC Pitstop (Panda Engine)
(http://www.pcpitstop.com/antivirus/default.asp)
McAfee FreeScan - detection only
(http://us.mcafee.com/root/mfs/default.asp?cid=9913)
Symantec Security Check
(http://security.symantec.com/sscv6/default.asp?productid=symhome)

2) What update problems are you having? Use IE with default security
settings --- ActiveX, Java, Javascript all enabled. You can lock it
down later if you want. And switch to Microsoft Updates, which is
replacing Windows Updates and Office Updates.

3) As others have mentioned, your problems are probably not related to
NAV. But when it comes time for renewal, some AV info for your perusal:

AV-Test
(http://www.av-test.org/)
AV-Comparatives
(http://www.av-comparatives.org/)

IMO, stick to tests and comparatives, and be leary of polls and the
reviews of sites that accept advertising from AV vendors.

FWIW, most people around here prefer:
Free: AVG, avast!, AntiVir
Paid: KAV, NOD32
Most people around here don't like:
Norton, McAfee
Some of this is bias (these are the big guys), and some is from
experience, expertise and the above tests/comparatives.

Ron :)
 
From: "Ron Lopshire" <[email protected]>


| News,
|
| In addition to the excellent advice from Art, Max and Dave:
|
| 1) Whatever you do, DO NOT start throwing (resident) AV applications
| at your problem. Most of them do not like each other (talk about
| Registry problems), and un-installing an AV app is usually not
| trivial, particularly with NAV. If you want a second opinion, try one
| of the online AV scanners. All are freely available, but some provide
| detection only, not removal or quarantine. Most require the use of
| ActiveX (IE).
|
| Kaspersky AV: Free Online Virus Scanner - detection only
| (http://www.kaspersky.com/virusscanner)
| Trend Micro HouseCall - detection and removal
| (http://housecall.trendmicro.com/housecall/start_corp.asp)
| BitDefender Online Scanner - detection and removal
| (http://www.bitdefender.com/scan8/ie.html)
| Panda ActiveScan - detection and removal
| (http://www.pandasoftware.com/products/activescan.htm)
| Dr.Web CureIT! - detection and removal
| (http://download.drweb.com/drweb+antivirus+free+services/)
| PC Pitstop (Panda Engine)
| (http://www.pcpitstop.com/antivirus/default.asp)
| McAfee FreeScan - detection only
| (http://us.mcafee.com/root/mfs/default.asp?cid=9913)
| Symantec Security Check
| (http://security.symantec.com/sscv6/default.asp?productid=symhome)
|

If PC PitStop uses the Panda engine and signatures, why suggest it ?
It seems redundant when you suggest Panda ActiveScan.

Instead, I suggest suggesting

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
 
I just removed worker.class after a full scan. The Win update wont work.
Probably a virus disabled the option.

I have lost 3 disks to malware, and it is finally cheaper to buy a new disk
and waste hours on this one.

I am very tired of it
Click to expand...

Then learn how to stop it. Start out with this Xp survival guide:

http://www.cablemodemhelp.com/xpsurvivalguide.pdf
How can I get a firewall working?
Click to expand...

The Windows XP firewall is suitable and sufficient.
Is this a router?
Click to expand...

No. A router is a external device. You can Google up info.

Art

http://home.epix.net/~artnpeg
 
From: "Art" <[email protected]>

|
| Then learn how to stop it. Start out with this Xp survival guide:
|
| http://www.cablemodemhelp.com/xpsurvivalguide.pdf
||
| The Windows XP firewall is suitable and sufficient.
||
| No. A router is a external device. You can Google up info.
|
| Art
|
| http://home.epix.net/~artnpeg

To add to Art's statement...

Small Office Home Office (SOHO) Routers use Network Address Translation (NAT) and becuase of
this implementation many Routers have simplistic FireWall constructs. Additionally, many
SOHO Routers may have a full FireWall built-into the device.

One such Router FireWall construct is to spercifically block TCP and UDP ports. I always
suggest blocking both TCP and UDP Ports 135 ~ 139 and 445 on *any* SOHO Router.

This will surely help to keep out hackers and Internet worms that will use these ports and a
vector of infectinon or attack.
 
David said:
From: "Ron Lopshire" <[email protected]>


| News,
|
| In addition to the excellent advice from Art, Max and Dave:
|
| 1) Whatever you do, DO NOT start throwing (resident) AV applications
| at your problem. Most of them do not like each other (talk about
| Registry problems), and un-installing an AV app is usually not
| trivial, particularly with NAV. If you want a second opinion, try one
| of the online AV scanners. All are freely available, but some provide
| detection only, not removal or quarantine. Most require the use of
| ActiveX (IE).
|
| Kaspersky AV: Free Online Virus Scanner - detection only
| (http://www.kaspersky.com/virusscanner)
| Trend Micro HouseCall - detection and removal
| (http://housecall.trendmicro.com/housecall/start_corp.asp)
| BitDefender Online Scanner - detection and removal
| (http://www.bitdefender.com/scan8/ie.html)
| Panda ActiveScan - detection and removal
| (http://www.pandasoftware.com/products/activescan.htm)
| Dr.Web CureIT! - detection and removal
| (http://download.drweb.com/drweb+antivirus+free+services/)
| PC Pitstop (Panda Engine)
| (http://www.pcpitstop.com/antivirus/default.asp)
| McAfee FreeScan - detection only
| (http://us.mcafee.com/root/mfs/default.asp?cid=9913)
| Symantec Security Check
| (http://security.symantec.com/sscv6/default.asp?productid=symhome)
|

If PC PitStop uses the Panda engine and signatures, why suggest it ?
It seems redundant when you suggest Panda ActiveScan.

Instead, I suggest suggesting

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Click to expand...

Thanks, Dave. Back when I put the links together, I thought that there
were differences in the GUI, one downloadable, one on-line only. I
will re-investigate. And add your links.

BTW, have you used all of the online scanners?

Ron :)
 
| Thanks, Dave. Back when I put the links together, I thought that there
| were differences in the GUI, one downloadable, one on-line only. I
| will re-investigate. And add your links.
|
| BTW, have you used all of the online scanners?
|
| Ron :)

At one time or another, all but PitStop.
 
David said:
| Thanks, Dave. Back when I put the links together, I thought that there
| were differences in the GUI, one downloadable, one on-line only. I
| will re-investigate. And add your links.
|
| BTW, have you used all of the online scanners?
|
| Ron :)

At one time or another, all but PitStop.
Click to expand...

Dave,

Thanks. With dial-up, what gets downloaded and how, on-demand or not,
is a big deal. I will have more time to investigate in January.

BTW, I originally put the list together for my daughter. She has
Comcast and gets McAfee with it at no additional charge. I told she
could use the online scanners for second opinions, and to evaluate her
set-up which is probably adequate for her purposes. She should save
her money for her parents' old age.<g>

Ron :)
 
From: "news" <[email protected]>


|
| Until .... virus writers are held here - http://www.bop.gov - 2,000,000
| rooms, room services, 300 rooms added daily, and you can stay for life!
| Sorry - no computers.

My friend Raoul takes care of them. He works for the US DoJ/BoP in Brooklyn, NY.
 
David H. Lipman said:
From: "news" <[email protected]>


|
| Until .... virus writers are held here - http://www.bop.gov - 2,000,000
| rooms, room services, 300 rooms added daily, and you can stay for life!
| Sorry - no computers.

My friend Raoul takes care of them. He works for the US DoJ/BoP in
Click to expand...
Brooklyn, NY.

Well, how come I get the viruses, did Raoul take a day off!
 
Back
Top