HELP pls.. hopefully right place

Using WinXP SP2, Symantec AV
currently trying ewido trial.

chronological personal disaster:
1. some program had vicious trojan/malware or something called ..er spyquake2 giving false alarms and popups (SAV detects something else too such as bgates.exe, srv.exe win.tmp.exe, Trojan dialers? and could not clean it.. some quarantined, some failed.
2. Used rougescanfix and shtmem to remove the spyquake2.
3. spyquake2 trays seem to be removed, however every now and then Symantec antivirus catches bgates.exe, tmp.exe etc
4. installed ewido trial, found tons of spywares, malwares, all sorts of shocking news.. including the ones caught by SAV. Removed it from system (or so I thought)
5. At times still ewido/SAV pops up with warning on Trojan dialers or etc. Hence whilst it is removed from system, it regenerates itself.. (note that I am only opening yahoo.com at this point)
6. installed hijackthis…opened task manager and delete the suspected malware.
7. delete winlogon (suspected malware) from registry as well (before this renamed the dll file to something else, otherwise everytime it restarts, this thing remains)
8. bootup windows under safe mode… DELETE all cookies, all temp internet files, all temp folders and files..
9. Went to work… Hoping everything works well.. left it on with internet on.

Question:
A. is my system / pc/ harddrive now clean Is what I hv done finally correct?
B. Can’t ewido remove it instead of me using hijackthis manually etc because I am seriously thinking of buying ewido if it can do so…
C. do I need another antivirus prog? Other than SAV? Sigh.. do I hv to buy PANDA or NOD32? Which is better
D. Can I purchase ewido online using ccard if I’m abroad? Any restrictions?

Help appreciated plsss
Thanks
Mark

 

Whoa whoa whoa.

HijackThis and taskmanager? Hopefully that was only to stop the processes. Normally we would advise people not to touch anything in HijackThis before consulting with someone more experienced first.

Second, try scanning in Ewido in safe mode as stapp recommended, and doing that at least 2-3 times. Quite a hassle, but sometimes things stay around after the first reboot or so.

 

you should ditch Norton AV and download the free version of AVG- it works great. I have it on all my clients computers including my own and i also have the pro version which is more for the business user or if you want a firewall with it and I have the one with the firewall and have been using it for 3 yrs with no problems.

Having 2 antivirus programs is not good for your computer. they will fight each other and you will have more problems than you have now. You can have more than one anti spyware program- those tend not to fight each other

robin

 

Well.. will do so in safe mode then..

whilst now nothing pops up anymore.... by SAV or Ewido but i still feel that my internet is leaking somewhere ;(

is there a way to find where it's leaking to
i saw a lot of tcp active closed finished.. in the connections screen of ewido then it disappears.

also i found some svchost.exe , but only 2 is listening mode..
is that wrong too?

 

tried under safe mode.

no probllems found..
but still have internet lag spike..

hm...

 

Anything dialing out?

And Norton is a perfectly fine AV to have. AVG, infact, has worse detection rates. :O

 

Yes, I agree...100+%, nothing wrong with NAV. What version do you have- 2004, 2005, 2006?

If ewido is not finding anything, I suggest that you need to get on a forum where they will examine your HiJackThis scan log and provide direction from what it is showing....such as the forum at:

http://forum.hijackthis.de/index.php?langid=4

JMO.

 

If you have Spyquake you can read about removal here:-

http://www.bleepingcomputer.com/forums/topic47826.html

http://gladiator-antivirus.com/forum/index.php?showtopic=34376

It's best to do a HJT log at a suitable forum though.

 

thanks... will try hijack this forum first.


i believe i hv removed spyquake2 but maybe the remnants..