I've just scanned my computer with the pc pitstop virus scan,and it has found 10 viruses,i have panda titanium antivirus software,i've run the scan on there too but it hasn't found any viruses,could any one help me in removing these viruses,here are the viruses that pc pitstop found,by the way i'm a new with computers. The Trj/Revop.A Virus was found in file C:\_RESTORE\TEMP\A0007859.CPY The Trj/Revop.F Virus was found in file C:\_RESTORE\TEMP\A0007862.CPY The Trj/Revop.E Virus was found in file C:\_RESTORE\TEMP\A0007863.CPY The Trj/Revop.E Virus was found in file C:\_RESTORE\TEMP\A0017626.CPY The Trj/StartPage.EB Virus was found in file C:\_RESTORE\TEMP\A0023650.CPY The Trj/StartPage.CM Virus was found in file C:\_RESTORE\TEMP\A0023662.CPY The Trj/Startpage.DI Virus was found in file C:\_RESTORE\TEMP\A0023743.CPY The Trj/Startpage.DI Virus was found in file C:\_RESTORE\TEMP\A0023848.CPY
Don't panic download NOD32 antivirus trial version update after installation and then scan your computer.
thanks for replying jaredite,is it safe to have two antivirus programs running at the same time,i currently have panda titanium antivirus.
Hi Mao, It looks like those viruses have been cleaned by your AV ... the scan results indicate they're in system restore (XP) info ... try cleaning up some of your older restore points ... Select - Start -> control panel -> Performance and maintainence -> Free up space on your hard disk -> click the more options tab -> Clean up for System restore -> hit OK (this is for the default XP style) Then rescan with the online scan. See if the results are different. Post back if they are, and I can give you instruction to clear all the restore points, if a few still exist. HTH dog - Yes, you can use more than one AV, so long as only one runs a resident (live) and the other on demand.
Hi there and welcome to the TDS forum! Since your infections are in system restore the easiest way is in my computer > troubleshooting disable system restore, reboot, enable system restore again and those former restore points with the infection have gone. Now make manually a new restore point of the situation. Since you posted in the TDS forum, --Nod32 is a very nice choice, one of the best for anti-trojans-- but your Panda is also an anti-virus/anti-trojan combination. with the current threats i would recommend to look also at the DiamondCS site for TDS which is a specific anti-trojan. There is in general not any problem having more ptrotective tools installed on your system, as long as none or only one at the time is set for resident protection. TDS works very different: it has a resident protection to check all executable code before it is allowed to run (in the registered version of TDS) the exec protection. this part is not a running process so you can leave that always on. KIf you scan with one of your scanners (NOD, Panda) others must be stopped during that, TDS can be up as long as you don't have it actively scanning at the same time, and during a TDS scan the other two must be stopped. So after installing TDS, reboot, (you were doing that anyway because of that system restore thing) back to the TDS download page for the update of the latest definitions, and have TDS doing a full system scan with all scan options in the scan console enabled and all unnecessary applications closed, sit bak for a coffee as it can take a while. In the end, in the bottom console with alerts right click on one of the items and save to text, which (scandump.txt) file you can paste in your next posting. In the meantime (before starting your scan or when it's finished, up to you) you read thios thread [thread]15913[/thread] about in step #2 hto download the Hijackthis file and how to create and post your Hijackthis log file for the experts to help you with looking at your system and possible malware. So you have a few things to do, we're here for you to help you out, so please post back soon!
Hi Jooske,thanks for your reply,i also have a problem when i go onto ie as soon as i go on there about:blank appears on my homepage could you tell me how i can get rid of this heres my hijack this log. Logfile of HijackThis v1.97.7 Scan saved at 16:03:04, on 08/06/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\INTRUSTW.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\KRSNCVQX\HIJACKTHIS[1].EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {78E9FF8F-9FD4-4DA1-9418-D948F0FBF67F} - C:\WINDOWS\SYSTEM\HDKPAA.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [INTRUSTW] C:\WINDOWS\SYSTEM\INTRUSTW.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37906.4086574074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://phobos.apple.com/detection/ITDetector.cab O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
Hi Mao, welcome to Wilders. What Jooske said about System Restore is the easiest way to clean it out, however, if you are infected with anything else after that, it will only restore those new items to it also. Your system needs to be cleaned and I see you posted your HJT log in here. There is a special thread in this Forum specifically for HJT logs. If you would like to repost it here: https://www.wilderssecurity.com/forumdisplay.php?f=26 some expert there will assess it and help. Cheers, TAS
https://www.wilderssecurity.com/showthread.php?t=35556 The expert cleaning service continues in this thread.