Spyware, Viruses, & Security forum

General discussion

housecall didnt work either

from earlier today i tried house call and it didnt find or remove these either now what do i do? spybot,avg,adaware with vx2,zone alarm panda scan ,house call done them all........

Adware:Adware/PortalScan No disinfected Windows Registry
Adware:Adware/PowerScan No disinfected C:\WINDOWS\SYSTEM\Intrigue.dll
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\downloaded program files\ATPartners.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.???
Adware:Adware/Comet No disinfected C:\WINDOWS\inf\dm.inf
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/PowerScan No disinfected C:\WINDOWS\SYSTEM\intrigue.dll
Adware:Adware/Comet No disinfected C:\WINDOWS\INF\dm.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\BIF.INF
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\ALCHEM.INI

Discussion is locked
You are posting a reply to: housecall didnt work either
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: housecall didnt work either
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
better use........

In reply to: housecall didnt work either

Download and install the following programs, If they're not on your computer, yet:
- AdAware SE: http://www.lavasoftusa.com/support/download/
- Spybot 1.3: http://www.safer-networking.org/en/mirrors/index.html
- Crap-Cleaner: http://www.ccleaner.com/ccdownload.php

Do a System-Scan with AdAware SE:
- Open AdAware SE
- First of all, check for updates.
To do this, click on 'Check for updates now', click the 'Connect'-button and, if there are new updates, click 'OK' and then 'Finish'.
- Now, do a system-scan by clicking the 'Start'-button.
- In the next screen, select 'Perform Full System scan' and click the 'Next'-button.
- Sit back and relax, while Adaware is performing the system-scan.
- When the scan is done, right-click in the list of items, that AdAware found, and select 'Select All', click the 'Next'-button and then 'the 'Finish'-button.
- Close AdAware SE.

Do a system-scan with Spybot 1.3:
- Open Spybot 1.3
- First, Check for updates
click the 'Search for updates'-button. If there are updates available, select them and click the 'Download updates'-button.
- Click 'Search and destroy' and then 'Check for problems'.
- Relax, while Spybot is performing it's scan.
- When Spybot is done, it will show a list of found items (or congratulate you with a clean computer). Click 'Fix selected problems' to delete the items.
- Close Spybot 1.3

Now, let's clean the harddisk and registry:
- Start CCleaner
- If you want to keep the Internet Explorer Cookies, then unmark 'Cookies'
- If you want to keep the Internet Explorer History, then unmark 'History'
- If you want to keep Windows Log Files, then unmark 'Windows Log Files'
- you're using Mozilla's Firefox or Internet Suite
- Click the tab Applications
- If you want to keep the Internet History, then unmark 'Internet History' under 'Firefox/Mozilla'
- Click Run Cleaner. CCleaner will search for unnecessary files and delete them.
- Click the Issues-tabpage.
- Click Scan for Issues
- When CCleaner is done, you'll probably see a list of found issues. Rightclick in this list and click Select All
- Click Fix Selected Issues
- Click Yes, when you're asked if you want to Backup changes
- Give the backup a name (or use the default name) and click Save
- Click Fix all selected Issues
- When that is done, close CCleaner

Click Start > Run > enter: [color=blue]cleanmgr[/color]

If you have more than 1 local harddisk-stations, you will be asked wich station to clean.
For now, choose the station on wich Windows is installed (usually C:)

First, Disk Cleanup will calculate how much space can be won by compressing and deleting.
This can take up some minutes, so pls be patient Wink

In the list Files to Delete, at least check:
- Downloaded Program Files
- Temporary Internet Files
- Recycle Bin
- Temporary Files
- (Temporary) Offline Files

Now, click OK and sit back while your computer is being cleaned.


Do a online Virusscan at Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Restart your computer.

Good Luck !
Collapse -
will try

In reply to: better use........

did adaware and spybot nothing will go download the other siggestion and will let you know did panda scan yesterday said it had that stuff on it let u know.....

Collapse -
I would also go

In reply to: will try

into add\remove and look for and delete:

PortalScan
PowerScan
FavoriteMan
IPInsight
Comet
ExactSearch
SAHAgent
NetPals

Also have a look in C:\Program files IF you can find them.

Pls. let us know how you are doing Happy

Collapse -
ok tried advice

In reply to: I would also go

ok so i downloaded the cc clearner did it word for work what you said except the [color=blue]cleanmgr[/color]didnt work but im assuming its the same as clean manager in the windows folder? if so it didnt clear or delete anything had everything checked off (always do) so i gained no space im going to go do the panda again but it takes FOREVER!! so i will let you know what that finds.....

Collapse -
as you run Panda on-line scan

In reply to: ok tried advice

SAVE the log again and let's see what it still finds Wink

Keep smiling and be patient Wink

Collapse -
(NT) (NT)OK!! WILL DO!

In reply to: as you run Panda on-line scan

Collapse -
panda scan finally done

In reply to: as you run Panda on-line scan

whew that takes a long time not as bad this time but some of the same still came up.... dare i ask now what??lol.....




Adware:Adware/PowerScan No disinfected C:\WINDOWS\SYSTEM\intrigue.dll
Adware:Adware/Comet No disinfected C:\WINDOWS\INF\dm.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\BIF.INF
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\ALCHEM.INI

Collapse -
What I would suggest you to do:

In reply to: panda scan finally done

Looks already much better Happy


go here:

http://virusscan.jotti.org

and submit these files for scanning:

C:\WINDOWS\SYSTEM\intrigue.dll

C:\WINDOWS\INF\dm.inf

C:\WINDOWS\INF\ALCHEM.INF

C:\WINDOWS\INF\BIF.INF

C:\WINDOWS\Downloaded Program Files\ATPartners.inf

C:\WINDOWS\ALCHEM.INI

pls. save the info you got and please copy\paste it in your next reply. Thanks Happy

Collapse -
results

In reply to: What I would suggest you to do:

here ya go we gittin betta!!
intrigue.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 25ab4ff8e0d0273b0af6065622b35a01
VBA32 Found Backdoor.VisualBasic.7 (probable variant)

*************************************************************
File: dm.inf
Status: OK
MD5 4101c74ca753299f31c1cf2e6918bf40
**************************************************************
File: ALCHEM.INF
Status: INFECTED/MALWARE
MD5 c1589c967064f998729dd40bccf98452
Fortinet Found Misc/Ipsentry
VBA32 Found IPSentry.inf
*****************************************************
File: BIF.INF
Status: OK
MD5 1721229c840db06ec604242efb0b6c07
*****************************************************
File: ATPartners.inf
Status: OK
MD5 64d45781f620b0b06666d6fcc8e2a2de
******************************
File: ALCHEM.INI
Status: OK
MD5 1222816de35cb673aa57b0fc58cb465d

Collapse -
Super - now we know MORE :)

In reply to: results

intrigue.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 25ab4ff8e0d0273b0af6065622b35a01
VBA32 Found Backdoor.VisualBasic.7 (probable variant)

C:\WINDOWS\SYSTEM\intrigue.dll

I can NOT find a C:\Windows\System\intrigue.dll - ONLY a:

C:\Windows\System32\intrigue.dll = Istbar

Well, there is a remove tool - and it can't "hurt" to run it:

Removal using the Adware.Istbar Removal Tool
Symantec Security Response has developed a removal tool for Adware.Istbar. Use this removal tool first, as it is the easiest way to remove this threat.

The tool can be found here:
http://securityresponse.symantec.com/avcenter/FxIstbar.exe

............

File: ALCHEM.INF
Status: INFECTED/MALWARE
MD5 c1589c967064f998729dd40bccf98452
Fortinet Found Misc/Ipsentry
VBA32 Found IPSentry.inf

Have a look here:

http://66.102.7.104/search?q=cache:LyOfABSZBRkJ:www.webhelper4u.com/transponder/alchem_exe.html+ALCHEM.INF&hl=en

Collapse -
ok ran first tool

In reply to: Super - now we know MORE :)

ran the first one it said it wasnt on my computer and the second is greek to me im avirus dummy? what do i do?

Collapse -
That means you do NOT have Istbar :)

In reply to: ok ran first tool

For the second link I gave,

have a look IF you can find the files mentioned.

Here is also a write up IF you have the "real thing" - but as mentioned in the jotti scan - it could be a False Positive" !!

Manual removal
Caller variant
Newer variants of Transponder may install a randomly-named reloader process to stop them being deleted. This should be taken care of before the main program is removed.

Open the registry (Start->Run->regedit) and select the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. On the right, one of the entries will have a name comprising 10-14 random lower case letters, pointing to a random (different) 6-to-8-letter .exe file in the System32 folder. If it is not clear, you can check by opening the System32 folder (inside the Windows folder; called just ?System? on Windows 95/98/Me) and opening the right-click-Properties dialogue box. On the ?Version? tab the ?Company name? will be callinghome.biz.

Delete this entry, reboot Windows and you should be able to delete the random file in the System32 folder. You can also open the registry (Start->Run->regedit) and delete the key HKEY_LOCAL_MACHINE\Software\Vendor\Xml to clean up if you wish.

Stub variant
Newer variants of Transponder may install a Stub reloader process to stop them being deleted. This should be taken care of before the main program is removed.

Open the registry (Start->Run->regedit) and select the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. On the right delete the ?susp?, ?alchem?, ?satmat?, ?conscorr? or ?farmmext? entry. Reboot Windows and delete the .exe file of the same name from the Windows folder.

All variants
The Transponder DLL lives in the Windows folder. Before it can be deleted, it must be deregistered. Open a Command Prompt window (from Start->Programs->Accessories; called DOS prompt on Windows 95/98/Me) and enter the following commands, for the Blackstone variant:

cd "%WinDir%\System"
regsvr32 /u ..\IEHelper.dll
Or, for the VX2 variant:

cd "%WinDir%\System"
regsvr32 /u ..\VX2.dll
Or, for the TPS108 variant:

cd "%WinDir%\System"
regsvr32 /u ..\TPS108.dll
Or, for the SiteHlpr variant:

cd "%WinDir%\System"
regsvr32 /u ..\SiteHlpr.dll
Or, for the MSView variant:

cd "%WinDir%\System"
regsvr32 /u ..\MSView.dll
Or, for the Twaintec variant:

cd "%WinDir%\System"
regsvr32 /u ..\twaintec.dll
Or, for the Host variant:

cd "%WinDir%\System"
regsvr32 /u ..\host.dll
Or, for the BI variant:

cd "%WinDir%\System"
regsvr32 /u ..\BI.dll
Or, for the mxTarget variant:

cd "%WinDir%\System"
regsvr32 /u ..\mxTarget.dll
Or, for the MultiMPP variant:

cd "%WinDir%\System"
regsvr32 /u ..\MultiMPP.dll
Or, for the LocalNRD variant:

cd "%WinDir%\System"
regsvr32 /u ..\LocalNRD.dll
Or, for the VoiceIP variant:

cd "%WinDir%\System"
regsvr32 /u ..\VoiceIP.dll
Or, for the BTGrab variant:

cd "%WinDir%\System"
regsvr32 /u ..\BTGrab.dll
Or, for the ZServ variant:

cd "%WinDir%\System"
regsvr32 /u ..\ZServ.dll
Or, for the Pynix variant:

cd "%WinDir%\System"
regsvr32 /u ..\Pynix.dll
Or, for the DLMax variant:

cd "%WinDir%\System"
regsvr32 /u ..\dlmax.dll
Or, for the Ceres variant:

cd "%WinDir%\System"
regsvr32 /u ..\Ceres.dll
Or, for the sPeer variant:

cd "%WinDir%\System"
regsvr32 /u ..\sPeer.dll
After doing this and restarting the computer you can delete the DLL file from the Windows folder. In the MSView variant you can also delete MSView.ini in the same place; in the Blackstone variant domlst.cch can be deleted. In the Ceres and sPeer variants you can also delete the Buddy.exe file.

There may also be various leftover installer files left in the Windows folder which can be deleted to clean up. Known filenames include MSVprep.exe, hostprep.exe, biprep.exe, bi_prob.exe, mx_prob.exe, tt_prob.exe, susp_reco.exe, ln_reco.exe, randreco.exe, intlreco.exe, mm_reco.exe, stmtreco.exe, tt_reco.exe, thnall1*.exe polall1*.exe and polmx#.exe.

In the TPS108 variant there may be a tps108.html file in the root of the C:\ drive; in the SiteHlpr variant it may be called bc777.html. These can be deleted to clean up.

http://www.doxdesk.com/parasite/Transponder.html

So, take it easy - if you can NOT find the files mentioned - relax, then it will be a FALSE POSITIVE the Panda scan found .

Collapse -
good morning indeed!!

In reply to: That means you do NOT have Istbar :)

ok i dont see any of that stuff there so i am safe?! now i have all these things for protection and they arent working? i updatelike every other day!!i have adawaresewith the vx2 tool,(set to the settings you had said along time agastill same,spybot,avg,and zone alarm i dont really surf the web i will do a google search every now and then but i usually type in the website and go direct. maybe allllll my settings should be on high or something? all these programs make my comp go so slow what do i really need? oh and the file from ccleaner can i delete it off my comp now? thank you once again my VIRUS GODS!!!!!

Collapse -
Sounds good :)

In reply to: good morning indeed!!

HI Happy

You have SpywareBlaster on your computer and uptodate and ALL protection enabled??

You have SpybotS&D up-todate - there is a new update today and you have enabled "immunise" ??

You have Ad aware SE up-to-date - also a new update today.

You can CCleaner - but I would keep it as it comes handy to cleanup your Temp.Temp.Internet files etc. Is up to you Wink

As you removed several "nasty ones" either make a NEW restore point ...... or clean up the restore points you have:

Disable system restore: Instructions here.

Reboot

Enable system restore.

Happy SAFE Computing Happy

Collapse -
prettyone1432, you should have responded

In reply to: housecall didnt work either

in the same thread as before. It makes it confusing trying to follow both of them for the same problem.

Collapse -
system restore

In reply to: housecall didnt work either

Windows Millennium Edition (ME) and Windows XP have a feature known as System Restore, which creates backups of certain files in the _Restore folder. The System Restore feature usually backs up files with EXE or COM extensions, which may include infected files and malware programs. Files in the _Restore folder are protected and can only be accessed using System Restore. This feature must be disabled first before Trend Micro antivirus can access and clean these files.

The following procedure disables the System Restore feature:

For Windows ME

1. Right-click the My Computer icon on the Desktop and click Properties.
2. Click the Performance tab.
3. Click the File System button.
4. Click the Troubleshooting tab.
5. Select Disable System Restore.
6. Click Apply > Close > Close.
7. When prompted to restart, click Yes.
8. Press F8 while the system restarts.
9. Choose Safe Mode then hit the Enter key.
10. After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted.
11. Re-enable System Restore by clearing Disable System Restore and restarting your system normally.

then rescan with housecall, plus...

Alias: SAHAgent (PestPatrol), NelPal (PestPatrol), Ezula TopText (PestPatrol), ExactSearchBar (PestPatrol), BargainBuddy (PestPatrol), NetPal (Ad-Aware), FavoriteMan (Mcafee), EUniverse.KeenValue (PestPatrol), KeenValue.Incredifin(PestPatrol), favoriteMan (PestPatrol), eAcceleration (SpyBot), IncrediFindBHO (SpyBot), KeenValue.PerfectNav (SpyBot), Adware.Binet (Symantec)

This adware is a JavaScript that downloads the cabinet file FR03TP.CAB.

The said cabinet file contains the following files:

* ATpartners.dll (detected by Trend Micro as ADW_NETPAL.A)
* ATpartners.inf (a non-malicious configuration file)
* fr03tp.exe (detected by Trend Micro as ADW_NETPAL.A)

AdAware should be able to detect and remove it, i had noticed on your other post and on this as well that you only mentioned that you had spybot, and many people here have suggested AdAware into which you had not responded (by what i have read, if you have, i apologise) if you had even considered it or have at the very least, tried it.

Collapse -
Her first post on the other

In reply to: system restore

thread said that she used Ad-Aware including the VX2 remover and it detected nothing. I'm beginning to thing these are false positives because Panda is the only one finding them BUT I could be wrong in that. Ad-Aware SHOULD have found at least MOST of them IMO. Panda's spyware/adware scan is pretty new to their regular scan.

Collapse -
could try this as well

In reply to: system restore

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!