|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
July 31st 04, 01:42 PM
|
|||
|
|||
Sandbox.a virus
I have a virus that I cannot remove. I have used a scan
program that shows the following as being infected. c:\windows\system\lpvfme.exe " "sjsatz.exe " "ljmmx.exe " "ntnf7.exe I am assuming that this problem causes me to have ppo up after pop up while on the internet. In the past I have simply deleted the files to correct the problem. Now, I can't find the files in the directory, even though I've changed settings to show hidden files. I've ran ADware and Spybot as well as the Norton Systemworks on my computer with no fix. Any solution. Thanks, Rick 
|
|
#2
August 2nd 04, 12:16 AM
|
|||
|
|||
|
Sandbox.a virus
Rick -
http://www.sophos.com/virusinfo/anal...jsandboxa.html http://www.trendmicro.com/vinfo/viru...BKDR_SANDBOX.A Have you tried running your programs in Safe mode? After that: Quick and basic scans from any of the following sites: Doxdesk parasite scan http://doxdesk.com/parasite/ Jim Eshelmans WSC on-line quick scan http://www.aumha.org/a/noads.htm Bugs Glitches and Stuff-ups http://inetexplorer.mvps.org/Darnit.htm More In-Depth on-line scanners for parasites and Trojans: GFI free on-line Trojan scanner http://www.windowsecurity.com/trojanscan/ Sygate Technologies Trojanscan http://scan.sygatetech.com/pretrojanscan.html PestPatrol on-line scan http://www.pestscan.com/home.asp SpywareChecker on-line scan http://www.spywareguide.com/txt_onlinescan.html Parasites, spyware malware basics: http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://www.mvps.org/winhelp2002/unwanted.htm Check for Spyware - How-to *Most important* - Before you try to remove spyware using any of the following programs, realize that the process of cleaning and removing certain spyware and malware may possibly interrupt and kill your internet connection. Therefore, you should obtain a copy of LSPFIX, and Winsockfix which will then make it possible for you to re-establish your internet connection if it gets terminated. Download LSPFIX from either of the following sites: http://www.cexx.org/lspfix.htm http://www.spychecker.com/program/winsockxpfix.html (For Win2k or XP) Download Winsockfix here http://members.shaw.ca/installations/WinsockFix.zip First, install the respective programs and then update them immediately, so that they have the current versions, and definitions. **Read the Help Files and Tutorials**. After you've Updated Spybot S&D, and SpywareBlaster, you *must* ENABLE the protections as well. These two programs do not automatically enable protections obtained from the newest definitions and updates, therefore this process but must be done manually. Without having enabled protections, the current definitions obtained from updates will be *useless*. Run the programs one at a time. With Ad-Aware you may have it generally clean whatever it finds. The same applies for CWShredder. Spybot S&D requires special attention, as does HijackThis (Only more so. Details listed below) The programs are listed in order of their general strength, safety, and purpose. It is perhaps best to install and run these in this order of appearance. All are freeware programs, but if you are pleased with the results and quality of the utilities, donations to the respective Authors will be cheerfully accepted. Another thing to consider doing is to run a program (only run one program at a time) a few times consecutively. The reason for this is that the first pass may kill certain Spyware programs, but may not be able to terminate and kill all files and programs which may be running at the time. That is why a second pass may be necessary to be thoroughly effective. Under the most stubborn cases, running the programs in Safe-Mode will allow for the best cleaning conditions, as there will be a minimum of interference from processes running in the background. Ad -Aware http://www.lavasoftusa.com/support/download/ Ad-Aware Tutorial (might help if you look through this) http://www.bleepingcomputer.com/foru...howtutorial=48 Ad-Aware VX2 Cleaner Plug-In http://www.lavasoftusa.com/software/...2cleaner.shtml CWShredder (cleans all Cool Web Search malware) http://www.spywareinfo.com/~merijn/downloads.html If the Authors site is unable to be accessed, then the following two sites offer his programs as well. http://www.majorgeeks.com/download4086.html http://www.snapfiles.com/get/coolwebshredder.html CWShredder Tutorial http://www.bleepingcomputer.com/foru...howtutorial=47 Coolwebsearch Smartkiller http://www.safer-networking.org/files/delcwssk.zip http://www.spychecker.com/program/miniremovalcw.html The above item is sometimes necessary if CWShredder detects a SmartSearch2 variant on your PC. Spybot S&D http://www.safer-networking.org/index.php?page=download Spybot Tutorial (Must Read) http://www.safer-networking.org/index.php?page=tutorial Other tutorials for Spybot S&D (Also must read) http://www.bleepingcomputer.com/foru...howtutorial=43 http://tomcoyote.com/SPYBOT/index1.php http://tomcoyote.com/SPYBOT/index2.php This item below is designed to *prevent* installation of malware and the like by comparing known CLSID's of these "bad guys" with what is in its definitions. By enabling a *Kill Bit* it prevents known malignant ActiveX from being installed or run on your machine. It doesn't remove anything, nor will it fix anything that is already in your PC. Rather, it will prevent installation or re-installation of the item once it has been removed manually, or by the use of another program which will perform the duty of removing the spyware. SpywareBlaster (prevents installation of Spyware, Trojans, etc.) http://www.javacoolsoftware.com/spywareguard.html SpywareBlaster Tutorial http://www.bleepingcomputer.com/foru...howtutorial=49 SpywareGuard (companion program to SWB, above) http://www.javacoolsoftware.com/spywareguard.html SpywareGuard Tutorial http://www.bleepingcomputer.com/foru...howtutorial=50 If you use Spybot S&D, be sure to clean *ONLY* the items displayed in *RED*. DO NOT clean any items displayed in Black or Green at this time. Lastly there is HijackThis. Hijack this is a very powerful, last resort type of program which is generally best used in conjunction with help from those who deal with the findings of the log created by the HijackThis scan. It does nothing in the scan itself; it merely says what is present and/or running on your PC. The items must be checked-marked to be "cleaned". You must know *exactly* what you are checking-off before you proceed. If you don't, you can quite possibly disable many useful and vital functions of your PC. Remember; read the Tutorials, and seek help at SpywareInfo Forums, Net-Integration, or TomCoyote forums for safety's sake. HijackThis http://www.spywareinfo.com/~merijn/downloads.html If the preceding site is down, you may get HijackThis from other sites Hijack This (from Major Geeks) http://www.majorgeeks.com/download3155.html http://www.spychecker.com/program/hijackthis.html http://computercops.biz/downloads-cat-14.html HijackThis Tutorials **(MUST READ)** http://www.spywareinfo.com/~merijn/htlogtutorial.html http://www.bleepingcomputer.com/foru...howtutorial=42 http://hjt.wizardsofwebsites.com/ http://s89223352.onlinehome.us/mirror/hjt/ Where to seek help with your HijackThis scan log SpywareInfo Forums http://forums.spywareinfo.com/ other help forums for HijackThis: Net-Integration http://forums.net-integration.net/index.php?c=19 TomCoyote http://forums.tomcoyote.com/index.php?showforum=27 Anti-Virus Tools AVG Anti-virus by Grisoft http://free.grisoft.com/freeweb.php/doc/2/lng/us/tpl/v5 avast! Virus Cleaner - free virus & worm removal tool http://www.avast.com/eng/avast_cleaner.html McAfee AVERT Stinger http://vil.nai.com/vil/stinger/ NOTE: With the above tools, particularly Avast Virus cleaner, be sure to disable your background PC Anti-virus utility. F-Prot for DOS (I don't know if this will work on XP systems however) http://www.f-prot.com/products/home_use/dos/ http://www.f-prot.com/products/home_use/ http://www.claymania.com/f-prot.html If you can use this program, be sure to make certain the most recent Updates are obtained for it. http://www.f-secure.com/download-pur..._updates.shtml F-Secure Anti-Virus for DOS (F-PROT edition) Update Macro.def to your system to get up-to-date macro virus protection. The other Anti-Virus databases, Sign.def and Sign2.def are updated weekly. They have definitions for all other kinds of viruses except macro-viruses. MACRO.DEF definition file SIGN.DEF definition file SIGN2.DEF definition file On-Line Virus scanners: RAV Antivirus Online Virus Scan http://www.ravantivirus.com/scan/ Command on Demand http://www.authentium.com/solutions/cod/index.cfm Freedom on-line virus check http://www.freedom.net/viruscenter/o...iruscheck.html TrendMicro Housecall (also detects some Trojans) http://housecall.trendmicro.com/ BitDefender Scan Online http://www.bitdefender.com/scan/licence.php Kapersky Online Virus Scanner http://www.kaspersky.com/remoteviruschk.html The above scanner works differently from most; it is a server based scanner, and will only scan individual files, or directories which are limited to 1 MB in total size. It will not do a full system scan. Hauri LiveCall Online virus scanning http://www.globalhauri.com/html/products/livecall.html The above is also server based if I remember correctly Panda on-line virus scan http://www.pandasoftware.com/activescan/activescan.asp McAfee FreeScan http://us.mcafee.com/root/mfs/default.asp Symantec Security Check (page offers security and/or virus scan) http://snipurl.com/7gz1 More general info you should be aware of: The Parasite Fight; Quick Fix Protocol http://www.aumha.org/a/quickfix.htm How to surf the Internet more safely with Internet Explorer http://www.infinisource.com/techfiles/surf-safe.html So how did I get infected in the first place? http://boards.cexx.org/viewtopic.php?t=957 Rogue/Suspect Anti-Spyware Products & Web Sites http://www.spywarewarrior.com/rogue_anti-spyware.htm Other vulnerability tests: Jason's Toolbox Browser Security Tests http://www.jasons-toolbox.com/BrowserSecurity/ Qualys' Free Browser Checkup http://browsercheck.qualys.com/ MyNe****chman - WinPopUP Tester http://www.myne****chman.com/winpopuptester.asp Firewall tests: (YMMV :-) Sygate Technologies Stealthscan http://scan.sygatetech.com/prestealthscan.html PortScan from Hackerwatch.org http://www.hackerwatch.org/probe/ ShieldsUp ports and security tests http://www.grc.com/x/ne.dll?bh0bkyd2 Site which links to various tests Security-Ops http://www.security-ops.tk/ How to disable Windows Messenger Service or WinPopup http://www.opentechsupport.net/forum...c/11211-1.html HTH - -- LuckyStrike How to make a good newsgroup post: http://www.dts-l.org/goodpost.htm http://home.satx.rr.com/badour/html/post.html ------------------------------------------------- "Rick" wrote in message ... I have a virus that I cannot remove. I have used a scan program that shows the following as being infected. c:\windows\system\lpvfme.exe " "sjsatz.exe " "ljmmx.exe " "ntnf7.exe I am assuming that this problem causes me to have ppo up after pop up while on the internet. In the past I have simply deleted the files to correct the problem. Now, I can't find the files in the directory, even though I've changed settings to show hidden files. I've ran ADware and Spybot as well as the Norton Systemworks on my computer with no fix. Any solution. Thanks, Rick
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| virus vs. hardware | Tracy Poole | Software & Applications | 1 | July 1st 04 04:15 PM |
| virus vs, hardware | Tracy Poole | General | 1 | July 1st 04 12:32 PM |
| MBR virus?? | Jim S. | Software & Applications | 1 | June 14th 04 07:03 PM |
| Found Virus | JUSTIN | General | 2 | May 28th 04 12:14 AM |
| avast/trend micro anti virus | Donna | Software & Applications | 3 | May 13th 04 01:02 AM |
Linear Mode
