Do I have or virus or some sort of junkware? HELP!

apaxfrenzy · Jul 16, 2004

Ok, here's the deal. I thought I was rather familar with spyware/adware/viruses/crap but, I guess not. I have Norton '03 Pro, freshly updated, and it wont find anything other than W32.HLLP.Handy and it wont even get rid of that. Anyway, that's not causing the problem because this is new...

Anyway, here's the deal... whatever is running in the background is smart because, I can't get into Task Manager, Msconfig or the Registry Editor. Once those apps are open... *POOF* they immediately close.

Does anyone know what this is and how I can get rid of it?

Also, what's a equal virus scanner to Norton thats nice and light? I know there are other options out there just as good as Norton and McAfee if not better because I haven't really considered Norton useful.

Thanks for the time and help everyone!

Godspeed.

-dave

btw

WinXP Pro SP1 with fresh security updates
Norton '03 Pro
DSL connection

pitupepito2000 · Jul 16, 2004

have you tried the recovery console?
what type of permissions or who owns that process?
Have you gone to Norton's website and see if there's any documentation on your problem?

good luck,
pitupepito

Crusty · Jul 16, 2004

I would think that, yes, you DO in fact have a virus.

apaxfrenzy · Jul 16, 2004

ok, I can't even get to the list of processes because I can't get into Task Manager.

the recovery console always makes it worse

I can't wait to get my G4.

Thanks! -dave

Crusty · Jul 16, 2004

Try safe mode and see if you can scan and/or find the process.

pitupepito2000 · Jul 16, 2004

can you overwrite the file. Meaning can you use an editor to overwrite the file.

apaxfrenzy · Jul 16, 2004

Oh, yeah I can't even get into Safe Mode either. Sorry, I forgot to mention that previously.

Overwrite the file? Do you mean rename regedit or msconfig? I can certainly try that.

Thanks!

I'll keep you posted and vice versa.

Godspeed.

-dave

tiap · Jul 16, 2004

Okay you have got something, that's pretty clear.
Download a program called Hijackthis, if you still can.
Then go to www.wilderssecurity.com and search the forums for info and post your hijack log there when asked, follow the recommendations and you will be clear
By the way Norton is a very bulky package.

apaxfrenzy · Jul 16, 2004

Ok, wanted to pass along this info to everyone else.

Renamed Regedit and found this in Startup

"AOL Instent Messenger" "SUTOMADW.EXE"

Funny, even after updating Norton, it didn't find this and, I searched there virus list database with this filename and boom, nothing. It's obvious Norton just can't get the job done anymore.

Guess I'll remove this manually. Thanks for your help everyone!

Godspeed!

-dave

pitupepito2000 · Jul 16, 2004

Originally posted by: apaxfrenzy
Oh, yeah I can't even get into Safe Mode either. Sorry, I forgot to mention that previously.

Overwrite the file? Do you mean rename regedit or msconfig? I can certainly try that.

Thanks!

I'll keep you posted and vice versa.

Godspeed.

-dave

What I mean by overwriting the file, is open the file using "notepad" or your favorite editor, and a whole bunch of jargon should show, just delete the jargon, and replace it by some randomn text string.

good luck,
pitupepito

mobobuff · Jul 17, 2004

McAfee's Stinger and AVG's free virus scanner are nice short-and-sweet virus eliminators.

dclive · Jul 17, 2004

Originally posted by: mobobuff
McAfee's Stinger and AVG's free virus scanner are nice short-and-sweet virus eliminators.

The reason none of these, including Norton's, find anything is probably because he has a filter driver or device driver in there that's intercepting any calls to the hacked files and telling Norton's et al "There's nothing to see here" when it scans a hacked file.

Solution: Make a Bart's PE boot disk, put the latest AV scanner files on it, and use that to scan your system. Then, reboot into safe mode, and run MSINFO32 to see what devices you have on there that are non-standard; it seems likely you've got something there that shouldn't be. Then remove the files associated with that device.

Or reinstall the OS.

PsharkJF · Jul 17, 2004

Scan it as a secondary IDE device on another pc.

Mem · Jul 17, 2004

Also, what's a equal virus scanner to Norton thats nice and light? I know there are other options out there just as good as Norton and McAfee if not better because I haven't really considered Norton useful.

For a payed anti-virus program ,Panda Titanium 2004 is excellent,

Panda homepage. .

Btw they also have a very good free online AV scan, link.

I forgot to say they do a free 30 day trial versions of their software.

PsharkJF · Jul 17, 2004

Alternate to Norton:
www.ca.com
I believe their AV scanner is called EzTrustAntivirus. Very good.

CaptnKirk · Jul 18, 2004

You have a single pixel virus, it is imbedded within some photograph or picture
that you downloaded from some website. It keeps you from seeing what programs
and application are running so you can't pin it down for defeating it.

If it is the same one that hit my system a year ago, it will also have a partition
deleting rouge program that will scramble your hard drive when you do find it.
I went through the chase of this virus program for 45 days with a Microsoft rep
before we decided to terminate and reload the entire operating system.

It collapsed the 4 partitions in the main (Primary) hard drive & the 2 partitions
in my secondary (Slave) hard drive, but it did NOT cross over into the RAID pair.
If you have a second HDD or any other hard drives, pull the Ribbon Cable and Power
Connectors off of them and only work to replace the single hard drive program.

dclive · Jul 18, 2004

Originally posted by: CaptnKirk
You have a single pixel virus, it is imbedded within some photograph or picture
that you downloaded from some website. It keeps you from seeing what programs
and application are running so you can't pin it down for defeating it.

If it is the same one that hit my system a year ago, it will also have a partition
deleting rouge program that will scramble your hard drive when you do find it.
I went through the chase of this virus program for 45 days with a Microsoft rep
before we decided to terminate and reload the entire operating system.

It collapsed the 4 partitions in the main (Primary) hard drive & the 2 partitions
in my secondary (Slave) hard drive, but it did NOT cross over into the RAID pair.
If you have a second HDD or any other hard drives, pull the Ribbon Cable and Power
Connectors off of them and only work to replace the single hard drive program.

Sounds pretty wild, but farfetched. Can you point to a link over at Symantec that details this "single pixel virus"?

There are many ways to keep a user from seeing what files are infected, the key one being a device driver or service that's running. The normal way to discover this, assuming and hoping it won't run in safe mode, is to run the box in safe mode and then do an MSINFO32 and have a knowledgeable person look at what services and devices are loading.

Or scan it while that hard drive is attached as a slave drive while booted into another hard drive's OS.

CaptnKirk · Jul 18, 2004

Internet tags, and some forms of 'Spam-Zombie' programs that capute your machine.
They only use it for a short time before abandoning you and leaving you with problems.

"Still others acquire information about you, your machine,
and your browsing habits by using single-pixel Web bugs "

c/net NetNews

<Paragraph 4>

A Web bug works by planting a Web address into a document.
The bugs can take up just a single pixel on a computer screen,
making them invisible to a viewer.

They are out there, so believe it.

dclive · Jul 18, 2004

Originally posted by: CaptnKirk
Internet tags, and some forms of 'Spam-Zombie' programs that capute your machine.
They only use it for a short time before abandoning you and leaving you with problems.

"Still others acquire information about you, your machine,
and your browsing habits by using single-pixel Web bugs "

c/net NetNews

<Paragraph 4>

A Web bug works by planting a Web address into a document.
The bugs can take up just a single pixel on a computer screen,
making them invisible to a viewer.

They are out there, so believe it.

You're confused.

The web bugs are essentially cookies that can trace your movements (as long as you keep loading those same pictures/documents on a given web page/source.) They are not viruses, and they cannot hide on your machine (actively) and, for example, destroy partitions, or whathaveyou as the original poster has stated. The article and the link you gave makes this clear. They can track your IP address and tell the interested party what IP address opened that document and at what point in time; that's about it. It won't influence his Task Manager, MSConfig, or regedit.

CaptnKirk · Jul 18, 2004

So I'm confused ?

I have already dealt with one of the virus programs that use that form to
take over and do things to a computer. As I said I worked with the Microsoft
group for 45 days and we never did issolate the virus, but their tech department
made the determination that is was not a resolvable program fix, and it would be
easier to just re-install the entier operation system.

They could see what it did and what it defeated, but not trap it.
First - on the task bar there was no indicator that a program was running,
when it was minimized - it just dissapeared, but continued to run.
(A little Green Block would appear in the right hand corner of the rask bar)
Second, when TASK MANAGER was launched it came up without any
of the tabs or the header block, which rendered Task Manager useless.

Since you are not confused and know so much more about this than the
Microsoft People that I worked with on this, and my own experience with it,
I encourage you to contact microsoft and explain to them that they are 'Confused'.

dclive · Jul 18, 2004

Originally posted by: CaptnKirk
So I'm confused ?

I have already dealt with one of the virus programs that use that form to
take over and do things to a computer. As I said I worked with the Microsoft
group for 45 days and we never did issolate the virus, but their tech department
made the determination that is was not a resolvable program fix, and it would be
easier to just re-install the entier operation system.

It seems most likely you were hit with another issue, because the symptoms described in that article are very mild and not at all obtrusive - so someone else can see when you load a given document - not a big deal. OTOH, something obviously happened on your system that was so bad you reinstalled.

They could see what it did and what it defeated, but not trap it.
First - on the task bar there was no indicator that a program was running,
when it was minimized - it just dissapeared, but continued to run.
(A little Green Block would appear in the right hand corner of the rask bar)
Second, when TASK MANAGER was launched it came up without any
of the tabs or the header block, which rendered Task Manager useless.

That does seem to be something like what he's describing, but not at all what the article describes. I'd tell you/him to boot in safe mode and then see what MSINFO32 showed as installed (but not running, since you'd be in safe mode) on your system. If that didn't show anything, I'd get a copy of your registry and look in the HKLM/System/Services key and see what was different compared to a typical XP install. I'd also look at both RUN and RUNONCE keys to see what ran on the system(s) at startup.

I'd also plug that drive into another system and run a current virus scan and AdAware scan on the drive.

Since you are not confused and know so much more about this than the
Microsoft People that I worked with on this, and my own experience with it,
I encourage you to contact microsoft and explain to them that they are 'Confused'.

What's your case number?

Do I have or virus or some sort of junkware? HELP!

Member

Golden Member

Lifer

Member

Lifer

Golden Member

Member

Senior member

Member

Golden Member

Lifer

Elite Member

Senior member

Lifer

Senior member

Lifer

Elite Member

Lifer

Elite Member

Lifer

Elite Member