UBCD4Win Forums: Newbie questions: Vista, Burning, Slipstream - UBCD4Win Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Newbie questions: Vista, Burning, Slipstream

#16 User is offline   Stevec Icon

  • Newbie
  • Pip
    • Group: Members
    • Posts: 10
    • Joined: 10-January 08

    Posted 13 January 2008 - 11:40 AM

    Just an update:

    SuperAntiSpyware ran 4 hours, found over 400 items (lots of cookies), 8 separate groups:
    ISM (Internet Security Monitor) and the QDRDrive, QDRPack, QDRModule files
    PurityScan (includes Spool32.exe)
    Yazzle
    JKHHH.exe
    Winfixer
    Vundo

    I am looking at the above posts and more information in the UBCD4Win disk, and will run additional tools.
    0

    #17 User is offline   SteelTrepid Icon

    • Administrator
    • PipPipPipPipPipPipPipPip
      • Group: Admin
      • Posts: 6,191
      • Joined: 27-April 04
      • Gender:Male
      • Location:Ohio

      Posted 13 January 2008 - 12:05 PM

      Yeah, I forgot to mention that SuperAntiSpyware is very slow but I have always been pleased with the results. Out of habit I normally always run all tools in alphabetical order, however if it's close to closing time I'll start SAS so it runs over night. I did this the other day and SAS was actually the first and only thing I ran. Then next morning I looked at the screen and it had found 15,200 items!!! I haven't finished that system yet so I'm not sure if I'll be able to completely clean it.

      Good luck and continue on, you should be able to get it back to normal!
      "I play Russian roulette everyday, a man's sport, with a bullet called life"

      "My cause is noble, my power is pure"
      0

      #18 User is offline   Stevec Icon

      • Newbie
      • Pip
        • Group: Members
        • Posts: 10
        • Joined: 10-January 08

        Posted 13 January 2008 - 01:01 PM

        Looking at Kaspersky, they have two products, Antivirus and Internet Security.

        I'm not sure which to use... The IS looks like it include the AV part, but I can't find anything there that specifically states what the differences are.
        0

        #19 User is offline   SteelTrepid Icon

        • Administrator
        • PipPipPipPipPipPipPipPip
          • Group: Admin
          • Posts: 6,191
          • Joined: 27-April 04
          • Gender:Male
          • Location:Ohio

          Posted 13 January 2008 - 02:57 PM

          I've personally used KAV for over 2 years now and I talked my boss into becoming a reseller about a year ago. A lot of people tell us they have never heard of it but we explain it to them and how it does a much better job than Norton, McAfee, etc. After 75+ sales and no complaints from customers I would say it does a very good job.

          The AntiVirus detects viruses, some spyware (more than any other competing AV product), and scans for rootkits.
          Their Internet Security suite basically adds a firewall, parental controls, and a few other things. I personally do not like "suites" but the parental controls have had me think about trying it out for a while. One perk of the KIS product when compared to KAV is that it follows what the other AV companies started doing early last year.....you can install it on up to 3 computers in your home.
          I personally prefer just AV software, however the extra features and perks of Internet Security may be more appealing to you. The main reason I don't like IS's is because I hate software firewalls. But you can always disable that.
          "I play Russian roulette everyday, a man's sport, with a bullet called life"

          "My cause is noble, my power is pure"
          0

          #20 User is offline   Stevec Icon

          • Newbie
          • Pip
            • Group: Members
            • Posts: 10
            • Joined: 10-January 08

            Posted 13 January 2008 - 04:18 PM

            I have installed KAV and am running it. During startup, it is reporting some virus infections, especially jkhhh in programs I recognize as those running in the task manager. I tell it to delete if possible, or skip if removal is impossible. Rebooting, kav reports the same viruses.

            Should I be booting in safe mode and running a full KAV scan from there?
            0

            #21 User is offline   hilander999 Icon

            • Project Development
            • PipPipPipPipPipPipPip
              • Group: Moderator & Development
              • Posts: 3,662
              • Joined: 28-September 05
              • Gender:Male

              Posted 13 January 2008 - 11:05 PM

              View PostStevec, on Jan 13 2008, 04:18 PM, said:

              I have installed KAV and am running it. During startup, it is reporting some virus infections, especially jkhhh in programs I recognize as those running in the task manager. I tell it to delete if possible, or skip if removal is impossible. Rebooting, kav reports the same viruses.

              Should I be booting in safe mode and running a full KAV scan from there?

              KAV should have an option to run a scan durring the next boot cycle.
              This would be better then running from safe mode because this happens before the operating system starts which is when the files get locked and cannot be removed because they are in use and running in memory.
              Dead Blow Hammer - 19 colors of Duck Tape - Bailing Wire
              0

              #22 User is offline   Stevec Icon

              • Newbie
              • Pip
                • Group: Members
                • Posts: 10
                • Joined: 10-January 08

                Posted 13 January 2008 - 11:54 PM

                View Posthilander999, on Jan 13 2008, 08:05 PM, said:

                KAV should have an option to run a scan during the next boot cycle.
                This would be better then running from safe mode because this happens before the operating system starts which is when the files get locked and cannot be removed because they are in use and running in memory.


                Ok, I'll look for that option... after I uninstall and re-install KAV.

                After booting in safe mode and then running KAV for hours, it found two problem files, and it reported the following message:
                "File contains Trojan progrm and cannot be disinfected:
                Trojan Program:
                Trojan-Dropper.Win32.Agent.dgo"

                Then it listed C:\windows\system32\jkhhh.exe
                ...and C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (the kav path)

                I opted to SKIP the avp.exe deletion. After I ended the Kaspersky software, the task manager showed two avp.exe copies still running, and one kicking in some cpu usage every 10 seconds. I terminated them both in the task manager. And now I see a program, lsass.exe, and explorer.exe kicking in every 10 seconds and using some cpu time. Oh, and now there are TWO avp.exe files residing in the kav path: one is 563 KB, the other 223 KB. Smaller one has a modified date 3 minutes later than the larger. ...all of this while running in Safe Mode.

                So I am planning to uninstall KAV, reinstalling, then looking for that option to run a scan during the next boot cycle.

                ...edit...more info
                Booted with UBCD4Win, using Xplorer2, deleted the two KAV.exe files and the jkhhh.dll file.

                But something weird: looking in C:\Windows\System32, I tripped upon two files: hhhjk.ini and hhhjk.ini2. Both have size = 667,262 with attributes HSA (the only ones with that), but their dates show tomorrow (1/14/2008 4:56:06 and 4:58:00 AM)!

                Looks like some serious screwing around.
                Just for kicks, I added ".zzz" to their file names.

                This post has been edited by Stevec: 14 January 2008 - 12:52 AM

                0

                #23 User is offline   Stevec Icon

                • Newbie
                • Pip
                  • Group: Members
                  • Posts: 10
                  • Joined: 10-January 08

                  Posted 14 January 2008 - 01:57 AM

                  Finally! The system appears to be stable now.

                  I rebooted in normal mode, and Uninstall gave me the option of rebuilding Kaspersky, so I selected that option. I then restarted, and KAV did not report any problems, and the task manager appears calm and stable. Running IE, I don't get any more garbage popping up.

                  I'll play around some more, and see what happens...
                  0

                  #24 User is offline   LittlBUGer Icon

                  • Main Mirror/Here Since Beginning
                  • PipPipPipPipPipPipPip
                    • Group: Members
                    • Posts: 4,698
                    • Joined: 27-May 04
                    • Location:MT, USA
                    • Interests:Computers and stuff...<br /><br />:-)

                    Post icon  Posted 14 January 2008 - 10:37 AM

                    I've been using the Kaspersky suite for over a year now and like it very much. I tend to prefer software firewalls over just hardware as certain things that I do at home always get blocked for some reason when I enable/configure a hardware firewall, but are fine when I configure just a software firewall. Anyway, I like the Parental Controls for my wife's PC when my son is on it. Though, due to my love for NOD32 from Eset, and the fact they finally released a suite a while ago, I'll be switching to them again soon. :)



                    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein
                    "Computers are really strange - first everything works fine, then something goes terribly wrong and nothing works, and then - like a thunderbolt from a clear sky, everything is back to normal again. It's like nothing ever happened. Like the computer were female." - Unknown
                    "Some people say that I must be a terrible person, but it's not true. I have the heart of a young boy. In a jar on my desk." - Stephen King
                    "If there is anything the nonconformist hates worse than a conformist, it's another nonconformist who doesn't conform to the prevailing standard of nonconformity." - Bill Vaughan
                    "Microsoft Windows [n.]: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition." - Unknown
                    "When a newly married couple smiles, everyone knows why. When a ten-year married couple smiles, everyone wonders why." - Unknown
                    0

                    #25 User is offline   Stevec Icon

                    • Newbie
                    • Pip
                      • Group: Members
                      • Posts: 10
                      • Joined: 10-January 08

                      Posted 17 January 2008 - 04:49 AM

                      Just want to report back to everyone...

                      I believe I have finally cleaned up this system... I am actually posting from the previously infected laptop. :clapping:

                      Here's a summary of all I had to do:
                      Built the UBCD4Win disk (Thanks again for all the help!)
                      Used Roxio to actually burn the CD -- ran it on a Vista machine.
                      Booted the CD in safe mode, ran Spybot.
                      Spybot removed 82 different objects.

                      Rebooted from the "cleaned" hard drive, still had the Vundo spyware/adware problems: Advertisements would pop up in IE. Still had QdrPack11 problems, and some jkhhh.dll running.

                      Ran AV Personal, it removed 80 infected files.

                      Rebooted from "cleaned" hard drive.

                      Still had problems from ads from "Internet Speed Monitor" (ISM).

                      Booting again from UBCD4Win and running SuperAntiSpyware -- it found and cleaned up 400 items

                      Downloaded and installed Kapersky AntiVirus. Running it found the annoying jkhhh problem AND a file named "avp.exe" in the main Kapersky folder. I believe there was one space after the "p" as found by software run later, but Kapersky avp.exe left the space out. (or maybe I just didn't see it at the time.) I opted to bypass removing the avp.exe... I am sure that was a mistake now, because I still had problems with the computer.

                      I then downloaded and installed Spybot, and updated to the latest detection files they had. Running it reported and removed more... But then rebooting and running IE, and after a few minutes, IE pops up with another ad.

                      headers showed reditty.com or ylwbook areaconnect. So I went searching with Google, found a solution beginning with a HijackThis log.
                      From this link: http://answers.yahoo...10101253AARNBr0
                      Tried that:
                      Downloaded and installed HijackThis and VundoFix. Ran VuntoFix and removed two files, but the HijackThis log still showed entries including these:
                      C:\WINDOWS\system32\jkhhh.dll (file missing)
                      C:\Program Files\QdrDrive\QdrDrive9.dll (file missing)
                      C:\WINDOWS\system32\hgghghi.dll (file missing)
                      C:\WINDOWS\system32\rdvhvslz.dll (file missing)
                      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe

                      I added those file names to the VundoFix removal window and tried removing them. After rebooting, VundoFix found no problems, but HijackThis still showed some "(file missing)" entries.

                      I went ahead and used HijackThis, using their "Info on selected item.." button, and then anything that looked suspicious, I checked the checkbox, and clicked the "Fix checked" button. I removed several with the "(file missing)" entry first -- I recognized these as .exe or .dll files related to the viruses.

                      I rebooted and reran HijackThis several times, and finally got brave and removed a bunch of Comcast junk and Google Toolbar entries, too (I hate helper "toolbars"!) (I had already uninstalled any Google Toolbar and Comcast things using the uninstaller.)

                      So now the system boots cleanly, and Internet Explorer runs quietly. Nice!

                      I would like to remove those virus entries I have unchecked in the MSCONFIG Startup tab. I know they are in the registry, but ... should I bother?

                      And ...guess I need to make some donations now.

                      This has been a rather unforgettable experience.

                      This post has been edited by Stevec: 17 January 2008 - 05:24 AM

                      0

                      #26 User is offline   SteelTrepid Icon

                      • Administrator
                      • PipPipPipPipPipPipPipPip
                        • Group: Admin
                        • Posts: 6,191
                        • Joined: 27-April 04
                        • Gender:Male
                        • Location:Ohio

                        Posted 17 January 2008 - 09:29 AM

                        The items that HiJackThis keeps reporting can be removed several ways. I really do not know the "Windows"/registry way to remove them, just with EzPCFix. As I mentioned in my cleanup routine, I use EzPCFix to remove a lot of stuff but half of that problem is knowing what to remove. ExPCFix is like HiJackThis but with more and better options and it shows you a lot more.

                        Anyways, I'm glad your computer is now finally cleaned up. Now you know a little more on spyware removal so it should be a little easier the next time you face an infected system.
                        "I play Russian roulette everyday, a man's sport, with a bullet called life"

                        "My cause is noble, my power is pure"
                        0

                        • (2 Pages)
                        • +
                        • 1
                        • 2
                        • You cannot start a new topic
                        • You cannot reply to this topic

                        1 User(s) are reading this topic
                        0 members, 1 guests, 0 anonymous users