hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.CAB)

hi im back, and dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.CAB)

The other day i was randomly checking out what was in my task magager, and i found a suspecious CMD64.EXE. no idea what in the heck that was so i googled it. of course, it was some kind of trojan, and i wondered why norton hadnt detected it. i ended the process. ok, so later on, a virus alert popped up from norton about a trojan downloader. this trojan is called NOTEPAD.COM.



a while ago i posted about a trojan downloader, ST.EXE, but that was deleted. norton detected a NOTEPAD.COM, but i deleted it in safe mode, already. today i unistalled norton, and installed mcafee instead (virusscan) and it told me i had a counter.cab, which i deleted in safe mode today.. i looked up this "counter.cab" at several other forums, and the others who were infected with it, it was infected in NOTEPAD.EXE. could this counter.cab be related to ST.EXE. because when i came here the first time, i read different posts about ST.EXE and the trojans caused by it, such as notepad.com. btw, when i deleted the notepad.com trojan yesterday, it was in /1386/system32 or something..


also, will this trojan come back up as something else, such as notepad.exe, and wmp.exe or anything like that..in about 2 months more?


thanks and sorry if that confused you

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

Hi Strawberry, can you please list all of the security software that you are using.

Cheers

 

alright
im using Spyware Doctor, AdAware SE, Spybot, Mcafee VirusScan, Spyware Blaster, CWShredder, and Zone Labs Security Firewall.

 

i also have move on boot, and the one that installs lots sites in your restricted zone*.. i think its called IE spyad??

 

*cries*

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

OK, here’s my suggestions:

1) Remove all programs listed inside ZoneAlarm, or place question marks by all programs, and when ZoneAlarm asks for allowing access to the internet by any program, make sure you know the program before you allow access.

2) Follow the comprehensive steps found in General Cleaning.

3) If the above steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

4) Take a look here for further discussion on security and how to make your system that much stronger and here for more.

This is what works really well for me, very simple to use and maintain.

Hope this helps…

Let us know how you go.

Cheers

 

Thanks

i downloaded some of those programs, hope it works.

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

If you follow each step in the post above, including the advice about ZoneAlarm you should see your system clean very quickly.

Just make sure you follow each and every step in General Cleaning and don’t go onto another step until you have completed the one you are on.

After this, and this is REALLY important, I would suggest reading through the 2 links I provided about strengthening your security and you shouldn’t have this problem again

My security is quite extensive and a great deal of it was learnt through Wilders, it is all very simple to use and maintain.

Let us know how you go...

Cheers

 

Thanks...So far so good... hey guys do you think that these trojans are connected, or that they're different trojans?

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

Hi, yes they're most pobably related, as trojan downloaders will download several trojans, slowing the infected machine down alot, ive seen some that harvest CPU & MB as well as bandwidth, all from the same source file, if not gotten rid of they can get into the operating memory, which is a pain to fix.

 

I also have Download.Alchemic.A.

i have to delete this right now. be right back.

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

OK, once we get you cleaned up, I'm going to make you my pet project in getting you secure as a fortress

 

well i went into safe mode and silly life AVG said there was so virus.

i uninstalled AVG because it was using up my CPU..

but i looked myself in the location he told me the virus was but... it was access denied in safe mode, and in normal mode...

mcafee didnt tell me i had it.. i even selected exaclty where AVG told me the virus was and scanned it with both products

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

Can you please go back through General Cleaning.and follow each step, don't go on to another step until you have completed the one you are on.

When this is complete, let me know and we'll proceed from there.

Cheers

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

I recently moved from Norton Antivius to Mcafee and a load of things had been missed by Norton.

Jimbob

 

Im a mess. there was no file virus last time. But yesterday i tried to install SP2 and it crashed the computer and made starup slow so i uninstalled it and did a XP recovery, and reset everything...and deleted all its hotfixes (SP2).

I now have:
Norton Antivirus 2005
SpySweeper
Mcafee Personal Firewall
Syware Blaster
AdAware
Spybot
Ewido.. security suite
IE-spyad
and Mcafee Security Center

So i run norton, and look here...http://www.freewebs.com/amazingdreamss/omg.bmp
(i posted in these forums asking why the 3TY0R.EXE application wanted to gain access to the internet, and here we have it.)
what gives? norton cannot delete them in normal mode...how do i QUARANTINE them so i can just bring them up on safe mode? because in safe mode it takes forever and you cannot choose what folders to scan without doing a full scan.

=(

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

If you have Norton Antivirus and Mcafee Security Center, do you not have 2 virus scanners running at one I didn't think you could do that.

Jimbob

 

Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

Just let it do it in Safe Mode, it may take a while, but it will get there... You can also use Stinger.

Cheers

 

well my norton trial 2005 went out so i just used AVG free.. and it didnt find anything so..wth? and trend micro housecall cleaned about 2 or 3 possible viruses for me a while back after norton told me i had those.. so what now.

and blackspear.. i have Toolbar in my program files folder or in other words.. Websearch Toolbar.. i cannot delete it.. I had dcsresearch as one of my hosts, i googled it websearch, and someone had it and posted a HIJACK THIS! log and they had that site as one of their hosts.. and the person helping them told them to delete it using hijack this! and .. i also deleted mine..

http://forums.techguy.org/t323828.html

theres the thread

i also have VIEWPOINT in my program files..

 

Hi Strawberry can you take a look at the page located here: BleepingComputer

Let us know how you go...

Cheers

 

Even though you didn't mention anything about using TDS-3, you did mention Spysweeper. I am guessing you have used TDS-3 at one time or another and that is the reason for the dcsresearch listing in your HOSTS file. I get the same thing. I think it was placed there to aid the user in going to the Pri forum when pushing the F5 key.
If you use SpyCatcher, it will flag another TDS-3 file as using the internet behind your back. I am guessing this is the one they use to make sure you have a liget copy running on your PC.

In closing, some of the spywear you are deleting has been added by other security software.
Most applications inspite of being genuine ones do embed spyware files for business purposes. The same may be true for the applications that you may use on your computer.

Bruce

 

Thanks bruce.

Blackspear, There are no entries in my log that show symptoms of Websearch Toolbar or Wintools. But the folder is still there in my programs file folder, and it is active. But i don't have any websearch toolbar in my IE. Why is this folder just sitting there doing nothing

I have found an article on how to delete it .. but i don't understand what its trying to say! http://www.sawtoothdistortion.com/Articles/DeleteUndeletableFiles.html

 

How about we forget cleaning and just reformat your hard drive? and start new?

Bruce

 

Here is the deal

unless you are a buisness and need to save alot of data. I always recommend reformating.
It is simple amd it is easy and you don't have to be affraid of the dark LOL
You simply save you drivers and e-mail address's.

Start fresh and new

Reflash BIOS and start new. YUM doesn't it sound tasty?

Bruce

 

argh what does this mean!?