Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Made a Hijackthis on a brand new computer and?????

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Sun Sep 28, 2008 10:08 am    Post subject: Made a Hijackthis on a brand new computer and????? Reply with quote

I found this....

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Is this always a problem or can It be a normal file???

Also Hijackthis said:
My system denied write access to hosts file...what does that mean?? Question

Spiken
Back to top
View user's profile Send private message
roger_m
Warrior Addict


Joined: 24 Feb 2006
Last Visit: 06 Mar 2014
Posts: 605
Location: Blackwater, Australia

PostPosted: Sun Sep 28, 2008 1:00 pm    Post subject: Reply with quote

The browser helper object refernences is part of Window Live Messanger and is safe.

http://www.castlecops.com/tk32132-htc_8_1_0178_00_dll.html
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Sun Sep 28, 2008 1:25 pm    Post subject: Reply with quote

Ok so I can leave that file with "no name" without problem? Smile

I downoladed and remade a scan with a newer version of
Hijackthis and now it scanned without problem of denied acess...

I have another computer where I found 2 "no file-no name"

should I post a Hijackthis of that,and where???
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Mon Sep 29, 2008 11:49 am    Post subject: Reply with quote

Can we back up a little
what os?
What third party firewall do you run?
what AV?
Which Browser? Script blocker?
have you done updates and Spybot and Av scans recently
sent any hits to quarantine? (not remove/delete?)
Immunized?
T-timer on or off?
Could you run /secunia software inspector and make sure you are up to date?
remove ALL old java versions
you may answer these non-malware removal questions here

If you think you are infected post the hjt in the malware removal forum (or if you get hits with your scans)
give your post a meaningful name (not "please help")
READ THE STICKIES FIRST include the logs with any hits found
DO NOT REPLY TO YOUR OWN FIRST POST
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Mon Sep 29, 2008 12:22 pm    Post subject: Reply with quote

Thanks for your answer...now we are speaking about the older machine where I found 2 "no file no name" right... not about the new machine where somebody answer that the "no file no name" I found there belonged to MSN an was no harm???Correct??

So about the older machine where I found 2 strange files...
I have no great problems with it, just that it's very slow..it has been like that since after I got help taking away navipromo adware last christmas....could be because I have to many programs running or because disc C is nearly filled out with programs???

Information you asked for...
It runs windows XP and I just upgraded to SP3
The firewall is windows and antivirus Nod 32
Internet explorer version 7,0

I did scans lately and did not find anything
(nod32 found a trojan in a file a couple of weeks ago and I removed the file as they asked me to)

T-timer is off(I think) because I thought it could create problems with the other security programs
(I have AVG,Spybot,Superantispyware,asquared,windows defender,spywareblaster and adaware)

I do run secunia often and I did remove old versions of Java.

Sorry but I don't understand AV ???and scriptblocker?
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Tue Sep 30, 2008 12:32 pm    Post subject: Reply with quote

There is a scriptblocker add on for firefox many malicious surprises these days are scripts java, vbs, whatever

we got to walk before we run

do you have BOTH AVG and NOD-32 installed as boot on startup real time AVs?
or are you using one as an "on demand" scanner?
which?

You do not necessarily need T-timer with windows defender but that is a good question to ask at the Safernetworking spybot forum.
I would leave it off for now

Update Spybot tomorrow and re-immunize
do you have SD-Helper on?

enough for one post
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Tue Sep 30, 2008 1:58 pm    Post subject: Reply with quote

Rolling Eyes Hi!!
I don't think I have a scriptblocker if it's not in IE7's security choices

I have NOD32 running all the time and so do windows defender
and spywareblaster....

then I have the free versions to use on demand of
adaware 2008,AVG antispyware(old version as they don't do It anymore without antivirus???),spybot,a-squared free & superantispyware

I don't think I have the spybot teatimer on but I am not sure how can I check that???And can I turn it of without uninstall the program?

I had an old version of Spybot(1,4) that kept freezing for errors all the time don't know why...I scanned with it today and it found
ASK,MY GLOBAL SEARCH and ZANGO...that I fixed

Then I changed out the version of Spybot to 1,6 and I Immunized and scanned again...It worked perfectly and did not freeze anymore,and now it said it was clean...

I did a new Hijackthis now and I found just one NO FILE now instead of 2 before,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Is that a problem?

And folloowing files what are they,ok?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O24 - Desktop Component 1: (no name) - http://www.currentcodes.com/

What is an SD-helper????

Thanks for your interest!!
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Tue Sep 30, 2008 5:15 pm    Post subject: Reply with quote

nod32-WD-SB good choices all ok

next group also all good choices for on demand scanners- you had me concerned about AVG AV
(are they still updating AVG definitions?? (This is old EWIDO)

T-timer would have a whit and blue box with a lock on it in the taskbar- you're ok

now we have some work to do
there are major incompatibilities between SBS&D 1.4 and earlier and 1.5-1.6
I suggest that you un-immunize and then remove all old versions from add remove programs
then run the spybot removal tool
there is a thread in the safer network spybot forum or you can search for _"small fix" there
actually google found it on first try
www.safer-networking.org/en/howto/uninstall.html

then reinstall 1.6 update and re-immunize
Spybot updates tomorrow so your timing is perfect
when installing install sd-helper (which blocks bad downloads in IE) but do not install t-timer till we find out about compatibility with Windows Defender (old Windows AntiSpyware> Old Giant anti Spyware)

the O2 file is actually a legit MS reg entry BHO leave it alone

I have to run out and put out a fire but could you google the CLSID's and file names
SD helper is going to be ok
but I have no idea what bdoscandel
if the network diagnostic etc are legit or masquerades
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Wed Oct 01, 2008 5:58 am    Post subject: Reply with quote

HI!!!

First to the AVG antispyware...it is an old version(what I know they do not make antispy wirthout antivirus now)but it does upgrade when I use it and It scans without problem...can I keep it or should I take it away???

I removed Spybot 1,6...1.4 I removed yesterday...
Then I used the removal tool...It said do you want to join info to regostry or not..I said NOT...

Then I reinstalled the Spybot 1,6 and I also took away the old Spybotfiles under C/programs so It could create it's new backup there

About the files...

What I can understund they will do no harm they're all remains of older program versions or installations,what do you think???

bdoscandel has to do with bitdefender scanner(not even know if I have that installed but I don't think I do

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
don't understund what it is but seem to be some rest of a program?

Currentcodes is a site for discount coupons,don't know why Hijack gets up that?

Should I post a Hijack somewhere and ask if there's something to remove or I just leave it as that...??


Spiken
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Thu Oct 02, 2008 9:12 pm    Post subject: Reply with quote

as long as avg will update it is a good scanner

removed Spybot 1,6...1.4 I removed yesterday...
Then I used the removal tool...It said do you want to join info to regostry or not..I said NOT..

I would certainly post at the spybot forum and see if the "small fix" requires the yes or no answer

e2e2dd38-d088-4134-82b7-f2ba38496583
is legit but if you do not use it find
Network Diagnostic\xpnetdiag.exe
and remove

don't know why Hijack gets up that? HJT finds lots of good and bad things- mostly good- bad stuff tries to hidel

you would be better getting a firewall installed
think prevention
you have nod32 wd and sb
you can always scan with MBAM and SAS every once in awhile
think prevention
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Thu Oct 02, 2008 11:22 pm    Post subject: Reply with quote

Hi!!!
I allways had the windows firewall on,but I checked out now and it was off...I believe I took it away for some reason and I forgot to put it back...Thanks!!! Smile
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Fri Oct 03, 2008 2:00 pm    Post subject: Reply with quote

you need a third party firewall
the xp one may stop drive by downloads but will not protect you from the phone home malware of today
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Fri Oct 03, 2008 2:16 pm    Post subject: Reply with quote

What's a third party firewall??? Question

Where do I get that?

I know that I can just keep ONE firewall at the time...so if I put this THIRD PARTY ONE I have to close the windows firewall...???

On my new computer I have Norton 2008 as antivirus and I use Nortons firewall so i Shut the windows one is that correct or do I have to change it???
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Sun Oct 05, 2008 5:26 pm    Post subject: Reply with quote

Norton is a third party firewall
In general I would make the xp firewall- the "first party" firwall inactive
With Vista I know it is done automatically
You might ask Norton but to be safe turn it off
If you have a router with a firewall most of them are inbound only( some enterprise price routers can be configured for both ways but it is thought that most of the time this would be the IT department)
NO porblem using a router's firewall with one on the machine.
Norton 2008 antivirus is much improved over earlier (bloatware) versions
Start thinking what you are going to do when your norton subscription runs out.
I just got a computer in with it's norton subscription expired and incessant Norton popups saying- You have No Antivirus pleas send money- and no way to shut them off (no easy way for a user)

Firewall wise you're good for awhile
cheers
Back to top
View user's profile Send private message
Spiken
Junior Member


Joined: 15 Nov 2007
Last Visit: 13 Nov 2008
Posts: 49
Location: Italy

PostPosted: Sun Oct 05, 2008 11:07 pm    Post subject: Reply with quote

Hi..I've got Nortons firewall (from norton 2008 antivirus) on my new laptop with windows vista and I closed the windows system firewall...is that correct???



On the older computer were I have windows XP I just have windows firewall and It has NOD 32 as antivirus...but I don't now If there come a firewall with NOD 32...so what should I do here?
I need to get another firewall for this PC?


You spoke about the problem to get rid of Norton...
I had Norton 2005 on the older PC and I wanted to change it out for NOD32..but It wouldn't let me because there was no uninstallere on add/remove programs...
I went on Nortons homepage and after a bit of research I found a
uninstaller for all Norton versions to install on computer and run...and It worked...It took away all traces...
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Mon Oct 06, 2008 7:31 am    Post subject: Reply with quote

Vista will take care of the firewall co-ordination but do not trust xp to do it

nod 32 does not have a firewall component- you need one on the xp machine

lots of good free firewalls
comodo-pc tools- others?
(zone alarm has downgraded it's outbound protection in their free version)
then turn xp-firewall off manually

I also suggest a real time anti malware-spyware-trojan
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group