Well, after going thru a lengthy malware procedure within CASTLECOPS and submitting the findings to their forum, it appears that my PC is clean now of any worms and trojans.
HOWEVER, and Wiz you might want to file this,
here is the response from CastleCops. The 1st paragraph is me stating what I found after the malware procedure.
------------------------------------------------------------------------
They are: CTHELPER: rbot-xb worm QUICKTIMETASK: coolwebsearch parasite
variant & netvision dialer SUNJAVAUPDATESCHED: agobot-ow worm/sdbot-aux
worm/sdbot-wi worm 1025UDP: netspy/maverick's matrix/remote storm and
finally CSRSS.EXE: %winpath% & sober.z worm
"Those are not worms. The problem with a2highjackfree is that it only
looks at file names and identifies anything that ever had that file name
as a threat. All of the above files get flagged on mine as well. But,
there are legit files and by looking at your hijackthis log they are in
the correct place so they are OK.
That is one reason I do not recommend using a2highjack free. Way too many
false positivies."
_________________
Yellowhammer
MS-MVP Security 2005
How to prevent Reinfection <http://ralphcaddell.com/pchelp/spyware.htm>
<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 19 June 2006 at 08:56 AM.]</p></FONT>
Spybot Registry Update
Moderator: Wiz Feinberg
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Chip;
I'm glad to hear that you were able to rid your computer of the spyware infections that plagued it. Thanks for posting that information about a-squared giving false positives. I will either remove my links to it, or add a warning, until I learn that the problems have been resolved.
It should be noted that there are trojans and other nasties in the wild that use file names associated with Quicktime and SoundBlaster files. If one knows where the real files are supposed to reside they can tell if the threat is real or false-positive. If you search CastleCops for Qttask.exe and Quicktime you will see that they represent real threats, if they are in the system directory, not Program Files. This is where the real Hijack This program is unsurpassed.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
I'm glad to hear that you were able to rid your computer of the spyware infections that plagued it. Thanks for posting that information about a-squared giving false positives. I will either remove my links to it, or add a warning, until I learn that the problems have been resolved.
It should be noted that there are trojans and other nasties in the wild that use file names associated with Quicktime and SoundBlaster files. If one knows where the real files are supposed to reside they can tell if the threat is real or false-positive. If you search CastleCops for Qttask.exe and Quicktime you will see that they represent real threats, if they are in the system directory, not Program Files. This is where the real Hijack This program is unsurpassed.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Thanks Wiz...you're 2nd paragraph left me in the dust. I'm just a hack. I'm beginning to understand some of this, but it's a struggle.
Now I'm getting into the nitty gritty.
LIKE: "If one knows where the real files are supposed to reside, they can tell if the threat is real or false-positive" - if I did locate such files, what kind of test could/should I do to determine if they're cool or not?
This is where the wizzes enter. I don't have a clue.
Now I'm getting into the nitty gritty.
LIKE: "If one knows where the real files are supposed to reside, they can tell if the threat is real or false-positive" - if I did locate such files, what kind of test could/should I do to determine if they're cool or not?
This is where the wizzes enter. I don't have a clue.
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
What this means is that if the authentic files are supposed to be inside a program's own folder, under the Program Files directory, but files with the same name are found in the Windows or System32 directory, those files are fraudulant and may be viruses. In the case of Quicktime Tasks, the real file, qttask.exe, should be in Program Files\Quicktime\. If a file by that name is found in Windows or Windows\System32 it is probably infected and is an imposter file.<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 19 June 2006 at 06:33 PM.]</p></FONT><SMALL>If one knows where the real files are supposed to reside, they can tell if the threat is real or false-positive</SMALL>
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Wiz, I understand what you just said.
But how do you know this is going down and where do you get a clue?
All these anti-spy programs seem to have a fallibility. So how would I know where to look?
How would I have a clue that something is a-miss?
What you said about these files being or not being in Windows\System 32 - how do you check this? And how do you know what files to check.
I'm naive my friend about this, but I am begining to get it a bit.
Don't feel obligated to get right back. You've been more than helpful with me and my problems. I appreciate it. And you've got to be a very busy dude.
Thanks Wiz<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 19 June 2006 at 07:56 PM.]</p></FONT>
But how do you know this is going down and where do you get a clue?
All these anti-spy programs seem to have a fallibility. So how would I know where to look?
How would I have a clue that something is a-miss?
What you said about these files being or not being in Windows\System 32 - how do you check this? And how do you know what files to check.
I'm naive my friend about this, but I am begining to get it a bit.
Don't feel obligated to get right back. You've been more than helpful with me and my problems. I appreciate it. And you've got to be a very busy dude.
Thanks Wiz<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 19 June 2006 at 07:56 PM.]</p></FONT>