PC Helllllp

Discussion in 'other security issues & news' started by confusedrus, Jul 7, 2004.

Thread Status:
Not open for further replies.
  1. confusedrus

    confusedrus Registered Member

    Joined:
    May 11, 2004
    Posts:
    13
    I have suspected for quite some time now, that my anti-virus software was not functioning, even though it appears to be from all the NOD32 support end.
    As well, I am not getting critical updates from microsoft on automatic update, and when I do a scan for them always, I'm always told there are none.
    Spysweeper found a "possible hijacker" in the HOST file www.dcsresearch IP address in Host file:64.91.255.87 Correct Address: 12.170.116.68.
    I ran a Panda antivirus checker, and it says my computer does not have any antiviurs protection.
    Spybot S&D resident just alerted me that System Startup user entry Change
    Old data: C:\Program Files\Webroot\Spy Sweeeper\spy New data: ":\Program Files\Webroot\Spy Sweeeper\spy . The only difference I can see is the quotation marks in front of the new data. What's that about? I came across something that said certain Trojans can stop you from receiving "critical updates and patches" and can render antivirus software useless. Is this true, or were my eyes just getting tired from hunting for answers? I would be grateful if any one has any ideas what might be happening.
     
  2. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    I'm not qualified to really help you, but until then, you might find the resources at this site useful...http://www.spywarewarrior.com/uiuc/main.htm
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Open "Add or Remove Programs" in your Control Panel. It should list your installed Windows updates. You can also view your update history by date from within Windows Update itself.

    The IPs you mention resolve to:

    64.91.255.87
    diamondcs.com.au
    Host reachable, 36 ms. average

    12.170.116.68
    pita68.mercurylink.net
    Host unreachable

    Your hosts file should use 64.91.255.87 for www.dcsresearch.com. Mercurylink is an ISP providing dial-up services in the northeastern part of the United States.

    The registry change is harmless. I have startup entries with and without quotation marks. It is also not unusual for an installed program to later modify registry entries created by its installer.

    I don't use NOD32; hopefully someone who does can determine for you whether or not it has been disabled.


    Nick
     
  4. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear confusedrus, the color of the NOD32 tray icon should be green not red. you can open the control centre and see what is running and what is disabled. gray or red icons inside control centre means there is a problem. anyway you can visit this site and check your NOD32 with EICAR test.

    http://www.eicar.org/anti_virus_test_file.htm
     
Thread Status:
Not open for further replies.