probable spyware/virus  | | |
July 3rd, 2004, 12:26 AM
|
#1 (permalink)
| | Senior Member
Join Date: Dec 2003
Posts: 877
|
You may have read my thread called yahoomsgr.exe. I delt with that problem, but now it's back in a new form. As I type, I'm being bombarded by notices from spybot that reg changes are being attempted. It will keep nagging me until I allow the changes, which I dont plan on doing. This time, something called AOL Messenger is the cause. I have never installed AOL Instant Messenger or Yahoo messenger for that matter. The associated file name is Aolmsgr.exe. I did a search for this file and came up with nothing. The category is listen as system global startup entry. This says to me that something is trying to add reg values to let some opther piece of spyware run on startup. For all i know this could even be a virus, as its more elusive than any spyware ive seen. I'll say once again that all spyware and virus scans return nothing. All software is up to date. There are no reg values to delete yet, because they dont get added until somone allows the reg changes. I don't know how to remove this because there is nothing to remove. Has anyone ever experienced this? I dont know how this got on my computer. It definately didn't happen on my watch, but others in my house don't really care or pay attention to what theyre doing with this comp so who knows.
__________________
“One things for sure: Whenever we play, our goalie stays warm.”
- Ville Nieminen, Pittsburgh Penguins
|
| |
July 3rd, 2004, 01:08 AM
|
#2 (permalink)
| | Ultimate Member
Join Date: Aug 2003
Posts: 2,721
|
Already tried Ad-Aware?
Also, what Antivirus are you using?
dan |
| |
July 3rd, 2004, 01:15 AM
|
#3 (permalink)
| | Senior Member
Join Date: Dec 2003
Posts: 877
|
Yes, i used Adaware and spybot. Im using AVG Pro 7 along with trendmicro online housecall.
Last edited by Gilthanaz : July 3rd, 2004 at 02:07 AM.
|
| |
July 3rd, 2004, 01:17 AM
|
#4 (permalink)
| | Ultimate Member
Join Date: Aug 2003
Posts: 2,721
|
I really dont like the spyware preventer that Spybot includes.
Its the one that is giving you problems right? Disable it. Dont use it.
I dont. I find it to be ugly and painful. I just use SpywareBlaster to prevent.
dan |
| |
July 3rd, 2004, 02:10 AM
|
#5 (permalink)
| | Senior Member
Join Date: Dec 2003
Posts: 877
|
Adaware's resident program detects this too. The same deal, it keeps coming up for about a half hour after the computer is started, then it usually stops. These files, yahoomsgr.exe and aolmsgr.exe have showed up in my system32 folder, that thows up a red flag for me. |
| |
July 3rd, 2004, 02:41 AM
|
#6 (permalink)
| | Rather Large Member
Join Date: Oct 2001 Location: Vernon, BC, Canada
Posts: 9,243
|
Try running your spyware app's in Safe Mode.
Empty your Temp folder and Temporary Internet Files folder of all files and then empty your Temporary Internet Files\Content I.E. 5 folder of all folders before you run your spyware app's.
After you complete your spyware scans and fix the problems, restart your machine and return to Windows. Go directly to http://www.trendmicro.com for the Free Online Scan. Remove the check for auto clean. Fix as appropriate at the end of the scan.
See what you get with this process of elimination.
Cheers! |
| |
July 3rd, 2004, 02:52 AM
|
#7 (permalink)
| | Member
Join Date: Jun 2004 Location: usa
Posts: 250
|
have you tried reverting to a previous Restore Point w/ Sys Restore?
turn off your virus scanner and restore to earlier volume.
Then make sure that your anti-virus EXCLUDES scanning SYS Vol iNf fldr where the restore points are stored.
Turn off your sys restore and run a scan.
Turn Sys Restore back on.,.
BHODemon can also be used for Browser Hijackers and some nasty parasiteware
that you may not even realize you have.
Hope this info can help your problem.
Take care
Keep coming back  |
| |
July 3rd, 2004, 03:38 AM
|
#8 (permalink)
| | Member
Join Date: Jun 2004 Location: Vermont
Posts: 70
| |
| |
July 3rd, 2004, 03:58 AM
|
#9 (permalink)
| | Member
Join Date: Jun 2004 Location: usa
Posts: 250
|
SpyCleaner is listed at #13 in ratings. Here is excerpt:
SpyCleaner is an average spyware detection and deletion product. There is an automatic update feature as updates become available. Once the components have been found you can use the tree format to sift through unnecessary components and get straight to deleting the ones that hurt your computer.
Feature Set:
SpyCleaner offers a limited feature set. You can backup and restore spyware components. There is also an automatic update feature. There are no real time monitoring capabilities.
Effectiveness:
This product does not find many components. It does give brief description of each component found and where it is located, but it does not give a severity analysis of the component. The Spyware/Adware components found are broken down into specific categories such as: Memory, File, Registry Keys, Software Company, Cookies, Folders, Registry Key Values, for easier tracking.
Ease of Use:
SpyCleaner is farily easy to use. However, it does not offer any help with what to do with the components once they are found. There's no way to tell which are harmless and which you should remove.
Customization:
You have the ability to select what you want to scan (e.g. files and drives). You can also set the option to back up deleted components
doesn't sound too promising.
This is better: SpySweeper -edited to add this link
imo
Last edited by noseBleeD : July 3rd, 2004 at 04:00 AM.
|
| |
July 3rd, 2004, 04:00 AM
|
#10 (permalink)
| | Member
Join Date: Jun 2004 Location: Vermont
Posts: 70
|
Trust me, i have spycleaner and it works extremely well. it saved my computer. |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions | | | | | Recent Discussions  | | | | | |