spyware

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Why beta don't detect ADW_COMESYS.C ? and Troj_agent.jc.
I go to trend micro and down the pattern file 0.315 -tma315.zip but windows
can not open it.Any body know how to remove the 2 above ,help me ,thanks so
much.
 
Hey Checked :)

The first one is difficult to comment on , Maybe worth double checking the
spelling as Trend Micro's database doesnt have information on this, At first
I though it may be CMESYS which is one of the Claria (Gain) components but
Microsoft Antispyware does great in detecting and removing Claria's junk so
it must be something else,

The latest Pattern file from Trend also doesnt list this Adware. How are you
finding out your infected with these ? If you have a scanner thats finding
them then you shouldnt need to download a new pattern file as the scanner
must already have the definitions stored to be able to detect a problem. Its
the same with Trojan Agent jc , Trend doesnt have any information on this
file but it is a Backdoor Trojan so you could try Ewido Security Suite and
Also Run a couple of online Virus scanners to see if they detect any
problems. Here's abit of info on that Trojan

http://www.sophos.com/virusinfo/analyses/trojteadoora.html

Download, install, and update the free version of ewido security suite

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes close Ewido

Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run Ewido again. From the main menu click on 'scanner' then click 'Complete
System Scan' When ewido finds something, it will pop up a notification.
Select "Remove" and check the boxes "Perform action with all infections" and
"Create encrypted backup" then click on ok.When the scan finishes, click on
"Save Report" and save it to your desktop or c:/drive incase you need it
again.

If You have another scanner installed thats detecting these files then also
run that while your in safe mode then reboot back to normal mode.

Please run the Housecall online virus scan located at:

http://housecall.trendmicro.com/housecall/start_corp.asp

Follow the prompts to scan your hard drive for viruses. Select the
"Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, restart your computer.

If you feel there is still a infection on your system then also run Panda
Activescan here:

http://www.pandasoftware.com/activescan/

Choose to "Disinfect automatically," and follow the prompts. Delete any
viruses found, and restart your computer.

Some Antivirus scanners cannot remove infections because you are online and
they are running on the system when you perform the scan, If you have
problems with the infection returning download any of these scanners and run
them in safe mode

Microsoft Malicious software removal tool :

http://go.microsoft.com/fwlink/?LinkId=40587


Trend Micro's Damage clean up tool :

http://www.trendmicro.com/ftp/products/tsc/tsc.zip


Mcafee's Stinger Virus Remover

http://vil.nai.com/vil/stinger/


Regards

Andy
 
I use the Trend pc 12 ,which reported ADW_COMESYS.C but it said "deny
access",also TROJ_AGENT.JC with "quarantine fail".Then i used panda active to
scan and it reported the first one along with virus eicar.mod which trend
did't find.The microsoft removal tool also detected nothing.I am so
confused.Yesterday ,i get assist from trend technician,there's way to remove
the first spy by downloading the pattern file from trend,but i cannot
either.Trere is information about that spy in trendmicro.com and solution
..But unfortunately,i don't know much about troubleshooting at all.I would be
greatful for all your further help.
 
Sorry ,the right name must be ADW_COMETSYS.C.I download the panda evaluating
version but it require uninstall trendpc 12,i didn't do that 'cause trend is
preinstalled in my pc,so i wonder how can i installed again to protect my
pc.Wait for your answer.Morover ,the window af the site i am on close by
itself,is it because of the infectious?
 
Hello Checked,

first Trend PC 12 with auto update on, has the latest pattern file!
In the option menu of Trend, set all the second actions to Delete!!
Do a full scan again with Trend, if there is nothing found, i think
Trend already sweep the file out!

Regards >*< TOM >*<
 
Hey Checked

Its probably a good idea to run the scanners in safe mode on your system and
also include Ewido Security Suite as that performs great with trojans and
doesnt conflict with other Protection products you have installed, Cometsys
seems to be related to screensavers.com and shows it adds a toolbar to IE so
you could check your add/remove screen (Start menu > Control Panel >
Add/Remove Programs) and check if you have any screensavers or toolbars
downloaded from them, If you cannot find any listed and you still get
warnings from Trend Micro make a note of where Trend is detecting the files
and then manually delete them, You could check programs files for
CometSystems and delete the folder if it exists (Start Menu > My Computer >
C:/Drive > Program Files > CometSystems) If your sure its on your system and
you cannot find a way to remove it then contact cometsystems and ask them for
removal instructions , You can write to them by clicking on this link:

http://search.cometsystems.com/mailer/mailer.php?product=screensavers-feedback

The Eicar.mod that was detected is abit worrying, Eicar is a harmless test
virus which is used to check Antivirus software as most Antivirus vendors
have this file on there definition lists and when its run the Anti-Virus will
display a alert saying its blocked a virus, The file itself is harmless and
is just used to test AntiVirus products to make sure they are working without
having to install a Real Virus. Panda has detected Eicar.Mod on yours which
means its a modified version of this test virus so its possible it contains
malicious code , You dont need to install Panda's Programs to remove this,
The ActiveScan will detect it if its on your system and at the end of the
scan you get the option to save the report so you can then check where its
detected, If Panda cannot clean it then either manually remove the infected
file or post the report back together with the Ewido scan report as that will
make it easier to help you remove them.

First try installing Ewido and updating it then boot to safe mode and run
Ewido and Trend's scanner then reboot back to normal mode and run an online
virus scan, save the reports from scanners that let you like Ewido and
ActiveScan and then post them back if the problems continue,

Here's a few more online scanners incase you need them:

http://www.bitdefender.com/scan8/ie.html
http://www.windowsecurity.com/trojanscan/trojanscan.asp
http://www.symantec.com/cgi-bin/securitycheck.cgi
http://www.kaspersky.com/virusscanner
http://support.f-secure.com/enu/home/ols.shtml
http://us.mcafee.com/root/mfs/default.asp?cid=8433
http://www3.ca.com/virusinfo/virusscan.aspx
 
Hi Andy,i have removed the screensave toolbar by ADD/REMOVE PROGRAM and its
folder which contains the spyware i told you ,then i scaned again which the
panda active and it nolonger reported that.It surprised me that i just have
to remove the program ,which can solve the problem.Now,is my computer safe
from that?
About the Eicar.mod, i could not remove 'cause panda required to be
installed.Also,the location of this virus is Trend micro security.So do i
have to delete it ? I also can't get to more inf. about this virus from the
report of panda though i have turned off all popup blocker and add the panda
site to popup allow.
By the way ,i also installed Ewido ,it helped me remove lots of
cookies,which are added everytime i online .I wonder why cookies can not be
blocked by security tool.They are all from strange pages i never visit.
Thank you very much for all your helpful information.
 
Hi Again

Ewido Is great and is worth keeping on your system as it works fine even
after the 14 day trial finishes, It just stops Auto Updates and Real Time
Protection but the real time isnt needed if you use Microsoft's Real Time and
the updates can be done manually anytime you want, they also release updates
daily so its one of the best scanners around.

If you removed ScreenSavers from Add/Remove screen and then deleted the
folder in Program Files then it cannot cause you any more problems as all the
files are stored in the program files folder, You could download Ccleaner to
clear out your Temp and unused files which would be usefull if you have had
Trojans on your system but thats just incase any malicious installers are
saved in the temp folders plus it would free up space on your system if you
have alot of temp files stored as none of them are required and its suprising
how much space they can use, It will also delete cookies on your system so
its a usefull cleaner to have.

http://www.ccleaner.com/

Regarding Eicar.Mod its might be a false detection if Panda is detecting it
inside Trend Micro, It may be reading Trend's definition files and detecting
the virus or it could be in a Quarantine folder by Trend, Im not sure if this
is the same Trend Product you have but it gives a basic guide for deleting
Quarantined files if thats where Panda is detecting the problem:

http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=17042

If your Antivirus is working and is starting with Windows then its possibly
a false positive, If there was a virus inside Trend Micro's folder then other
scanners would detect this but try clearing the Quarantined files and see if
that clears the problem, If not then try another online scanner like
Kaspersky or Bitdefender and see if they detect any problems

All The Best

Andy
 
Hey Andy,thanks a lots for your further help.I cheeked the quarantine but
there's nothing there .I used kaspersky and one virus detected.I don't know
what to do now.Can you to me more about what quarantine is used for 'cause
one trojan found by Trend 12 but "quarantine fail" ,i don't understand
this.There is one more problem,i use kaspersky scan and it reported
Exploit.HTML.CodeBaseExec infected from that online scan.What is this about
..This online scan contains virus?
Waiting for you.
 
There is still a report from trend pc-cillin 12 about that ADW .I really am
confused about that .Morover ,i click on the filename(this is from
kaspersky's report)the virus property and the message is "The file was
successfully scanned for viruses and other viruses and other malicius
code"(Trend)RESULTs :File name:onlinescan{1}.htm.Novirus found .There is a
path to that file .It is: C:/Documents And Settings\ THU
NGUYEN\Localsettings\Temorary internet files\Content.IE5\IBCDY1C3\
onlinescan[1].tml but i cannot find the way to get to that to delete.Sorry 4
bother you a lots .I appreciate your help.Dear
 
Hi Again Checked

Quarantine is when your Antivirus detects an infected file, it usually tries
to clean the file and restore it to the original state. If that fails, it
will 'Quarantine' the file. This basically means that it moves the file into
a protected area where it won't cause any more harm. At this point you can
choose to either delete the file from Quarantine or restore it. The online
scans do not contain active viruses but will have virus definitions which
they use to scan your system,

Your Antivirus is being too sensitive if its detecting a virus in an online
scanner because they are clean. What you need to do is make a note of the
paths to any infected files and let us know where they are so we can remove
them, The path you gave is in the Temorary internet files so all you need to
do to remove them is clear your Temporary files, Use Ccleaner and press Run
cleaner and that will remove all the files from temp folders. Another way is
goto start menu and run and type

cleanmgr

press ok then place checks next to Temporary files and Recycyle bin then
press ok again to remove them. If you get any more infected warnings then let
us know exactly where they are detected, If its detecting any files on your
system you can then goto jotti's site and have the file scanned for malware
using 14 different scanners http://virusscan.jotti.org/ , just press browse
and find the file then press submit to get results,

If you have any problems just let me know and I will help where I can

Regards

Andy
 
Nice to receive message from you.
I have checked the Teporary internet file and there is just one file
there,i just deleted because there's nothing to do with that .Morover ,the
path kaspersky gave me just wrong so it is in windows ,not Documents and
Setting.There's nothing in the files.So is it ok if i just deleted.Can you
answer me this,please?.All the online scanner were sent to the
C:\WINDOWS\DOWNLOADED PROGRAM FILES and all of the status are installed .Why"
installed "happen to online scans ?It 's just normal, is n't it? Because they
are not in"downloaded installation".So ,all i have is to remove them?
Also,there are hundreds of cookies in my folder and the number keeps going
up .Does it usually happen when we are online?And i have to delete usually.
I am not sure if i am done with other spy and virus i asked you .As i said
trend still reports but not often because the spy was not removed by
itself.And the eicar.mod is not a test virus by trend.I will try scan trend
folders.The technician from trend said there's nothing to worried about virus
that trend don't report and they are not familiar with panda .All the things
i ask may be tiny for you but those 're all i don't know ,so one more time
thanks a lots for spending time on my questions.
 
Hello Checked,

first Trend PC 12 with auto update on, has the latest pattern file!
In the option menu of Trend, set all the second actions to Delete!!
Do a full scan again with Trend, if there is nothing found, i think
Trend already sweep the file out!

Regards >*< TOM >*<
 
Hi Again

Its not a problem , Im happy to help if I can and I can understand why your
frustrated if you keep getting Virus or Spyware alerts. Its like Tom says if
you cannot find the file thats detected as a Virus then its very possible
that the scanner which detected it has deleted the file.

The online virus scanners rely on an ActiveX component that's loaded when
you start the online scans, these ActiveX controls are required to use the
online scanners, In addition to the ActiveX the scanners will also download a
definition file to the temp directory, These are just signatures to help the
scanners detect any infections and are harmless to your system, I suspect
this is what was found last time as you said it was in the temp folder with
the name onlinescan. If this is all the scanners are detecting then it's safe
to say your system is clean of malware.

Each scanner will have different definitions so its a good idea to run more
than one when you think there has been an infection on your system but its
also possible for one to give a false positive so you have to check each in
detail before removing them, For example I have some Microsoft Antispyware
scanner results saved into a text file and zipped into a compressed folder,
If I scan this with Mcafee online scan it shows its infected with
"Exploit-MhtRedir.gen" but its clean as its only a text file,

Usually you don't uninstall Antivirus ActiveX controls but if you want to
remove them, Open the folder "Downloaded Program Files" under your Windows
folder in Explorer. Right click on the online scanner entries and choose
"Remove" and to remove the definition files just run Ccleaner or delete the
anti-virus definitions files from the temp folder. If you wish to use the
Online scanners anytime these ActiveX controls will be downloaded again.

Cookies are common on the Internet and not a threat to your system as they
do not contain any code, They are required on sites where you login to
remember your settings so they are usefull, Some cookies could be considered
a privacy concern as they are added by third party sites and not the site you
were visiting, Companies like doubleclick add these types of cookies and they
are what scanners refer to as Spyware cookies. You can easily clear cookies
from your system by running Ccleaner, Windows also offers a few ways to
remove cookies or restrict them getting onto the system.

You can delete cookies easily by going to start menu > C:/drive > Documents
and Settings > YourUsername > Cookies and opening that folder, Delete any you
dont want from there, Another option is open a IE browser window and goto
tools on the top bar , choose Internet Options then press delete cookies,
Third option is from the same page (Internet Options) press the Privacy Tab
and click Advanced - Here you can block and restrict cookies getting onto the
system but they are very usefull to remember settings & usernames on sites so
only restrict third party cookies if you use that option.

Its probably a good idea to clear your restore points incase Trend is
detecting any infection in the restore area, Goto start and run and type

cleanmgr

Press Ok then goto the more options tab then press Clean up on the System
Restore area to remove all the restore points except the latest one. If Trend
detects anymore problems then make a note of the filename and the path to the
file and we can look at it in more detail to see if it really is infected.
You could also make a copy of the file and email it to me if your unsure and
I will check it out but see if you get anymore warnings first.

Chat to you later

Andy
 
Back
Top