SpywareBlaster 3.5.1 and FileChecker

Discussion in 'SpywareBlaster & Other Forum' started by Raul, Jan 23, 2006.

Thread Status:
Not open for further replies.
  1. Raul

    Raul Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    7
    Hi, this is my first post at this forum and I’m not too good with computers or the english language, so I ask for your understanding.

    I’m a SpywareBlaster user since its inception and also a FileChecker user.

    As soon as I downloaded and installed SpywareBlaster 3.5.1 I got a warning from FileChecker stating that the url I use to access my bank account has been edited. Few seconds after that a second warning from FC stated that Eudora.exe, my e-mail client, has been edited, and then a last warning, now filechecker.exe itself was edited.

    These are the first serious warnings I got from FC after three years using it.

    Could this be a compatibility problem between the new version of SB and FC?
    Or somehow something more dangerous was downloaded with SB 3.5.1?

    Your help will be most appreciated.

    Raul.
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hello Raul and welcome to Wilders,

    please do not duplicate your posts. Your other one has been removed.

    Be patient as i'm sure someone will be along to help with your issue.


    snowbound
     
  3. Raul

    Raul Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    7
    I'm not impatient, just dumb. I didn't find the first post and I think I had made something wrong, so I posted again.
    As I said, I'm not good with computers...:doubt:
    Thanks for removing the first one, I tried to do it myself.
    Raul.
     
  4. FanJ

    FanJ Guest

    Hi Raul,

    Unfortunatily I don't use FileChecker anymore.
    That has nothing to do with FileChecker (it is a great program !!!).


    Some little advice to check whether something is wrong :

    Can you let several online scanners do a scan on your files Eudora.exe and filechecker.exe?
    Jotti online scanner:
    http://virusscan.jotti.org/
    VirusTotal online scanner:
    http://www.virustotal.com/xhtml/index_en.html
    KAV online scanner:
    http://www.kaspersky.com/remoteviruschk.html

    What do those online scanners tell you ?

    Maybe you could tell us:
    1- which Windows version you are using;
    2- what the MD5 checksums and version numbers on your system are for
    2a- Eudora.exe
    2b- filechecker.exe

    I hope that someone else with the same version of those files will post their MD5 checksum (on a clean system).



    Not sure what happened on your system, but maybe it's a good idea to have a look at this thread:
    https://www.wilderssecurity.com/showthread.php?t=50662
    I don't say that your system is infected; I don't know at the moment, sorry :oops:

    Regards, Jan.
     
    Last edited by a moderator: Jan 23, 2006
  5. Raul

    Raul Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    7
    Hi, Jan. Thank you for your reply.

    I had scanned eudora.exe and filechecker.exe at Jotti before posting my question. Results were OK. I will do the same with Virus Total and KAV.

    While waiting for a reply I downloaded and updated the trial version of Panda Platinum and did a scan of the whole system. It detected and removed several spyware specimens, and during that process FileChecker again warned me of a editing of eudora.exe and filechecker.exe. I think this means the two files were returned to normal.


    My Windows version is 2000 Pro.
    MD5 for eudora.exe is A1E5F35AE92E13A4C4F381320EC43F9D (Taken from Kerio firewall) and eudora version is 6.2.3.4.
    I don't know were to get MD5 for filechecker.exe.

    I will follow your advice wrt the thread you directed me. I assume that will take a lot of time.

    Thanks again.

    Raul
     
  6. Raul

    Raul Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    7
    Hi, Jan.

    Well, I'd follow your instructions and looks like I have a clean system.

    In the process I got the MD5 for filechecker.exe.
    It is 700415A8482CFD20C62E231AC66EAD53, and version is 1.7.
    As you said, I hope somebody else will verify this.

    Thanks a lot for your help.

    Raul.
     
  7. FanJ

    FanJ Guest

    Hi Raul,

    Glad I could be a little help.

    I hope that your system is indeed clean.
    Let for example KAV do a complete scan of your PC on its online-scanner (you can go there from the same link as I gave above for its online file scanner).

    Did someone had a look at your HJT-log-file (at one of the boards that do HJT-logs)?

    Indeed, I still hope that someone will post his/her MD5 checksums for your FileChecker and Eudora files.
    Come on guys/gals ;)

    Cheers, Jan.
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    MD5 Hash: 700415A8482CFD20C62E231AC66EAD53 (hex)
    MD4 Hash: 3095C5C264230A3225F5B77CFE228D5E (hex)
    MD2 Hash: D294035108E656AFA5EE65C8F18E58D0 (hex)

    ;)
     
  9. Raul

    Raul Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    7
    Hi Jan And Bubba.

    I did complete online scan with KAV, as Jan advised. No detection at all.:D
    Wrt. my HJT log file, I submitted to networktechs.com, nothing suspicious was found, and I'm waiting for an answer from Spywareinfo. First I had to learn what a HJT log is.:oops:

    The MD5 Bubba posted for filechecker.exe is exactly the same as mine, but I have a doubt. Bubba's one is "hex" while mine, obtained from the Kerio firewall is "binary". Do this makes any difference?

    Again, thanks for your time and patience.
    Raul.
     
  10. Raul

    Raul Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    7
    Hi again, Jan/Bubba.

    They checked my HJT log at Spywareinfo, it is OK.
    This looks like a closed case.
    Thanks a lot for your assistance.
    Raul.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.