Ewido falling over at clean up stage

Discussion in 'ewido anti-spyware forum' started by jgibukl, Feb 15, 2006.

Thread Status:
Not open for further replies.
  1. jgibukl

    jgibukl Registered Member

    Joined:
    Feb 15, 2006
    Posts:
    2
    Hi, I'm new to this forum. I have been running Ewido for a couple of months now and it has been working well. However, the last 3 times I've tried to run a Full system scan, Ewido shuts down just before it is about to clean the infected files that it has found. It seems almost as if Ewido is infected itself. It will complete the scan and try to clean the files but will then disappear as if another program has shut it down.

    Any help with how to solve this would be much appreciated. I'm using Windows XP home edition with SP2 and Firefox. I've also used Spybot, Ad-ware and Avast but they are not finding anything infected at all.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    It would be useful to know the name of the malware found, and its file path.

    Have you tried scanning in safe mode?

    If you have, have you tried doing a purely memory scan in 'safe'? If you find something is still running in memory, it is sometimes possible to use the 'Processes' sub-section of ewido's 'Analysis' section to terminate the process before attempting to delete it.

    Let us know what files ewido has found though.

    You could also do an online scan to see if that finds anything:-

    http://www.kaspersky.com/service?chapter=161739400
     
  3. wintwok

    wintwok Registered Member

    Joined:
    Feb 17, 2006
    Posts:
    3
    Hi there,

    I am getting the same problem too + I'm running XP home edition- managed to save the log which is below: Please advise 'best next step' as I being bombarded with pop ups and unders at an alarming rate - my friend says 'allegedly' it came the AOL cd-rom.......

    Anyway - here it is below:

    __________________________________________________
    ewido security suite online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Adware.Look2Me
    Path: [2508] C:\WINDOWS\system32\sVmlib.dll
    Risk: Medium

    Name: Adware.Look2Me
    Path: [3724] C:\WINDOWS\system32\guard.tmp
    Risk: Medium

    Name: TrackingCookie.Yieldmanager
    Path: C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@ad.yieldmanager[1].txt
    Risk: Medium

    Name: TrackingCookie.Euroclick
    Path: C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@adopt.euroclick[2].txt
    Risk: Medium

    Name: TrackingCookie.Cpvfeed
    Path: C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@cpvfeed[1].txt
    Risk: Medium

    Name: TrackingCookie.Mediaplex
    Path: C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@mediaplex[1].txt
    Risk: Medium

    Name: TrackingCookie.Reliablestats
    Path: C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@stats1.reliablestats[2].txt
    Risk: Medium

    Name: Not-A-Virus.Monitor.Win32.NetMon.a
    Path: C:\Program Files\Network Monitor\__delete_on_reboot__netmon.exe
    Risk: High

    Name: Adware.Look2Me
    Path: C:\WINDOWS\system32\__delete_on_reboot__guard.tmp
    Risk: Medium

    PLease advise...

    Many thanks,


    Mark.
     
  4. jgibukl

    jgibukl Registered Member

    Joined:
    Feb 15, 2006
    Posts:
    2
    Thanks Topper. Sorry I it's taken me a while to reply, havve been away on business. Should be home this weekend to try out your suggestions. I haven't tried any your ideas yet and can't remember off the top of my head what the malware is. Will let you know how I get on.
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Hi wintook,

    you've got a VX2 infection, there is some info here:-

    http://www.pchell.com/support/look2me.shtml

    You could try a special cleaning tool, VX2.BetterInternet Finder XP/2k available here:-

    http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41

    But probably your best bet would be to submit a HJT log to a spyware removal site. For example, try one of the following:-

    http://forums.subratam.org/index.php?showforum=7

    http://forums.tomcoyote.org/index.php?showforum=27

    http://gladiator-antivirus.com/forum/index.php?showforum=170
     
  6. wintwok

    wintwok Registered Member

    Joined:
    Feb 17, 2006
    Posts:
    3
    Hey Topper,

    Thanks very much. I'll give that a try and let u know how it goes...Seeems to be a bit of a monster...... Fortunately I've recently done a complete restore on my pc so I have everything already backed-up.
     
  7. wintwok

    wintwok Registered Member

    Joined:
    Feb 17, 2006
    Posts:
    3
    Topper,

    thanks for all your advice and links.....everything is okay now....

    Thanks again!!

    :thumb: :D :D
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Your welcome wintwok.:D

    Glad to hear you've got things sorted.:thumb:
     
Thread Status:
Not open for further replies.