Spyware, Viruses, & Security forum

General discussion

Spybot-since nasty results cannot update all applications

by mandyrchtr / July 6, 2005 3:25 PM PDT

Ran Spybot Search and Destroy 3 nights ago...results found: Errorguard,
Coolwwwsearch,
Hotbar,
RegistryOptimizer,
Trek Blue Error Nuker....
Deleted all and ran AdAware SE Personal and Spybot this morning (not AVG though) and they came back clear.
BUT prior to running these I checked for updates and found they tried to connect to server several times then told me server cannot be contacted, error in retrieval, server may be busy.
I was connected to the internet at the time.
Had not had this happen before.
I have Windows 98.
I also (as posted in Win 98 forum)have pages all minimised when using the Net...I always have to click maximise.
Unsure if connected to this problem.
Also have 2 damaged/deleted Ports...I did not realise what they were but put Syquest into 'MyUninstaller'so unsure if this can cause problems like this(letting bugs in?).
Any advice would be helpful...thank you.

Discussion is locked
You are posting a reply to: Spybot-since nasty results cannot update all applications
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Spybot-since nasty results cannot update all applications
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hi, Mandy ! Please hold on for Others to Reply......
by tobeach / July 6, 2005 5:33 PM PDT

'cause you've just had bout with some of the worst out there! Several of the newer malware out there will disconnect you from the web if you try to remove them.
For that problem you may find LSP Fix.exe a help in restoring connectability. There is also a text file read me that goes with it. Can be found at: http://cexx.org/lspfix.htm
I think it is important to get all of the bad guys out first before using the fix. I suspect one of your things is trojan and perhaps the "server" you can't reach is one which would either download more baddies or possibly try to take control (at a time of his chosing)to run a DOS attack. I'm no expert, others here are.
They will probably want more info on things like: What are you showing as your Home Page & Search Page (have they been hijacked to a site not set by you)?
Are there known" good sites " listed in your hosts file (a list of banned sites browser is prevented from accessing). Would prevent getting AV updates for example.
Given how broad your problem, is a re-install of 98 out of the question?? As a last resort? You have original install disk?
Definately run AVG now and note exact names & paths (locations) of any found and let fix what it can.
You (in 98) have a registry checker function which holds 5(?) previous restore points. It's used to replace bad reg files if you push "Reset Button". If you only got this bug in last 48 hours, you may be able to choose a date before then but I more afraid that the 5 points there may also be contaminated and allow it all to re-appear. In that case once your clean you'll have to create 5 clean new points manually (can tell you how later if need be). Try above (AVG) while awaiting others to climb on board. Patience! Happy

Collapse -
In mean time, see Parasite Suite post(this page w/lock)
by tobeach / July 6, 2005 5:44 PM PDT

and if able, get the Cool Web Shredder linked there and run it. Do you also have AdawareSE? They have an add-on listed at the lavasoft usa site: VX2 scanner/remover. That might also be helpfull if this batch combined is VX2. Hope this helps. It's 4AM my time so gone 'til the 'morrow. Wink

Collapse -
cwshredder clear and....
by mandyrchtr / July 7, 2005 11:13 PM PDT

vx2 clear as well....will now check this startup thing in anti-parasite suite.
Quick time player keeps coming back after msconfig...everytime.
Now sometimes when typing in an address on the net it goes away and I am still in the same place.
What is NetPumper...it is in my Start/Explore under Windows/Application (something) and when I clicked file up the top in there it was also there...I had not seen this before.
Finally poor AdAware managed to download update...poor thing it was a struggle!
Bye again for now...Mandy

Collapse -
Mandy
by roddy32 / July 7, 2005 11:26 PM PDT
Collapse -
Netpumper was not in my Add/Remove program so...
by mandyrchtr / July 8, 2005 1:33 PM PDT
In reply to: Mandy

I went to Start/Explore and deleted it in there then checked start/find Netpumper and found it also in temporary internet files and it would not let me delete...access denied.
Unsure what to do with it as I did not knowingly download this.
Going to check next lot of answers from you all know and follow whatever advice is there...thank you, Mandy

Collapse -
See if you can delete it in
by roddy32 / July 8, 2005 1:59 PM PDT
Collapse -
Thanks Tobeach...Extra info.....
by mandyrchtr / July 6, 2005 10:35 PM PDT

My home page is normal...I just have my ISP for home page....although it is slow now.
In Australia this is Westnet.com.au....they are a reputable service provider and are rated highly for their service...I have had an answer almost immediately every time.
Have used AVG and all clear as well as AdAware SE Personal and Spybot Search and Destroy...for now.
I have a Zone Alarm firewall...basic free version.
Cannot re-install as I have no disk...computer was given to me.
5 backup registries are dated in May....not recent?!
Will download cool web shredder shortly.
I still am going to pages I click to.
Drive is making noise as if it is still doing things when I am idle...or longer than it should.
Still unable to update these programs.

Collapse -
check host file
by littlegeneral / July 6, 2005 10:59 PM PDT

the malware you have has placed some ip address in your host file and that's why you can't update your anti-spyware programs. I would also download a anti trojan program. Here is one of the best
http://www.moosoft.com/products/cleaner/download/
You should also download Webroots updated Spy Sweeper 4.0
Just download the trial. This is one of the few programs that will totally remove CoolWebSearch
http://www.webroot.com/products/spysweeper/?WRSID=90244b300b06dcdc2f3f1ad51b0ab253
Also, install both programs and you must boot into safe mode. Otherwise, you won't get everything. Here is how you boot into safe mode. Restart you computer, when you here a couple beeps start pressing F8 or delete a couple times. You will see a menu and scrool down to safe mode and press enter. Hope this helps

Collapse -
Hi Mandychtr
by roddy32 / July 6, 2005 11:00 PM PDT

It's very possible that you had settings changed by this malware. I would try Tobeach's suggestion of LSPFIX first although you are able to get online still so it may not help but it won't hurt either. Here is the link for that again.
http://www.cexx.org/lspfix.htm

Here is a link for cwshredder, Make sure you only get the Stand-Alone version.
http://www.intermute.com/spysubtract/cwshredder_download.html

Also try one or more of these trojan removers. You can get free trials of any of them and 2 of them have free versions after the trials are over.
The Cleaner Pro 30 days trial - http://www.moosoft.com

TrojanHunter - http://www.misec.net/ (trial)

Ewido - http://www.ewido.net/en/

a-squared (free version 2nd download on the page) - http://www.emsisoft.com/en/

Collapse -
(NT) (NT) Which 2 continue free after trial period? Thanks, Roddy
by tobeach / July 7, 2005 4:38 AM PDT
In reply to: Hi Mandychtr
Collapse -
Hi Tobeach
by roddy32 / July 7, 2005 4:56 AM PDT

a-squared has a free version right from the beginning actually but it's just the scanner part and not the process guard. You can get updates for the defs whenever they are released for it so it's good for as long as you want to use it. Ewido has a 14 day trial period which includes the process guard and the automatic updates but you lose those after the 14 days. You can still update the program and defs via the updater on the program though, they just won't be automatic. I use both of them and the only thing I didn't like was the process guard during the trial period for Ewido made all my other programs load slower than usual but only by 2 or 3 seconds. That also might be because I also use other programs that have process guards so I'm probably overloaded a little bit.

Collapse -
Thanks, Roddy! That was one of the things...
by tobeach / July 7, 2005 5:56 PM PDT
In reply to: Hi Tobeach

I didn't like with Trojan Hunter. The resident scanner slowed things way down. Nature of the beast I suppose.
Your machine must be like a juggler with several balls in the ethernet at any given time(LOL)! Thanks! Happy

Collapse -
(NT) (NT) You're welcome.
by roddy32 / July 7, 2005 8:15 PM PDT
Collapse -
Slowly working through the list folks...
by mandyrchtr / July 8, 2005 9:43 PM PDT
In reply to: Hi Mandychtr

Used the web attack tool to curb a startup program in Anti-Parasite suite to rid myself of the Quicktime (qtask((sp?))-...apparently after looking at task manager programs it is put there by adware....
But after using the webattack tool and rebooting it is still there.Absolutely refuses to budge!
LSPFix I also used and it came back with no problems.
Will try the Trojan removers and use my safe mode for deleting the Netpumper.
Be back soon...
Mandy

Collapse -
Mandy
by roddy32 / July 8, 2005 9:52 PM PDT

Where exactly are you seeing Quicktime and EXACTLY what is it being called, including any extension it has?

Collapse -
QTTASK.EXE....
by mandyrchtr / July 9, 2005 12:11 PM PDT
In reply to: Mandy

is found in : Start/find/files and folders/msconfig
I then double click msconfig...go to startup and find :Quick Time Task
"C:\WINDOWS\SYSTEM\QTTASK.EXE"_atboottime
(I always untick every time I start in Windows 98 and am on the Desktop as it is loaded again as the icon is on the bottom right of the screen where the clock is.)
I cannot find it in Start/Explore under Windows \System
nor in the Add/Remove programs or the Quick time properties or folder.In fact I have searched everywhere else I can think of and this is the only place I can find it.
Just checked start/find/files and folders and qttask.exe is in C:\WINDOWS\SYSTEM ...96kb... Application and Qttask.lgc is in C:\WINDOWS\APPLOG...3kb...LGC file.

Collapse -
Have you actually gone into
by roddy32 / July 9, 2005 12:23 PM PDT
In reply to: QTTASK.EXE....
Collapse -
Roddy, This is what I keep doing.....
by mandyrchtr / July 9, 2005 1:52 PM PDT

I also just did the same in safe mode and it won't work.Try again....Mandy

Collapse -
Try this Mandy
by roddy32 / July 9, 2005 8:35 PM PDT

As long as you know exactly where this is, which it appears that you do, try MoveOnBoot which will delete it upon startup. It's easy to use. You can either follow the wizard on it and put the path for QTTASK.EXE in the MoveOnBoot program or you can navigate to the QTTask.exe itself and right click and choose "delete file on next boot". MoveOnBoot will add that context on to your right click menu when you install it. It only deletes files and not folders, just to let you know. Once you get rid of that one for sure, you sure be able to delete the other remnants afterwords.
http://www.snapfiles.com/get/moveonboot.html

Collapse -
Hate to say this.....
by mandyrchtr / July 11, 2005 1:51 PM PDT
In reply to: Try this Mandy

Went to snapfiles and downloaded moveonboot.
BUT when I entered the file name it told me 'incorrect file name.
I wrote it several ways.
I tried to find it again in Start/right click Explore...Windows\System...and program files....and quicktime....and tasks (where I found something called Xoftspy??)....but nowhere else is this QTTASK.EXE atboottime to be found.
Any more ideas....I am sure you are heading for brain strain soon LOL.
til next try...Mandy

Collapse -
Mandy
by roddy32 / July 11, 2005 9:02 PM PDT
In reply to: Hate to say this.....

I don't have time to reread the entire thread now but at one point, I thought you had said that you had deleted the ''QTTASK.EXE'' manually but it had come back, IF that is the case, instead of adding the path into MoveOnBoot, just go to where ever you found the file the first time and right click on it and choose ''delete file on next boot''. MoveOnBoot will work that way also. IF you don't know exactly where the file is then we will have to try something else. I had a simliar problem myself a few years ago trying to remove quicktime on an older computer I finally succeeded but I don't remember how I did it. LOL I see from a post further down that you removed Xoftspy. That is a good move, I will not use a program that has EVER been on Eric's list regardless if it has been removed from it or not.

Collapse -
Hi again Roddy,Just done something re:qttask.exe
by mandyrchtr / July 11, 2005 9:59 PM PDT
In reply to: Mandy

I put Qttask.exe into my google search browser and went to www.neuber.com/taskmanager/process/qttask.exe.html
here I found down the page a little peoples comments on this and went into my registry.
Start/run/regedit then HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\current version\run....found qttask.exe there...also in run-...and also in Run(disabled by starter).
I deleted all 3 of these entries.
Rebooted....and presto....no qttask showed up!
I noticed that qttask.exe was earlier today put in my startup programs twice...both exactly the same.
After this I went to Start/find files and folders/type in qttask and 2 entries showed up as usual...paths were Windows/System..and..Windows/Applog.Even though when I enter Start/Explore I cannot locate qttask in these paths,I deleted them through find files and folders.I am not holding my breath until I reboot again...but it is the first time it did not start when rebooting.
Looked everywhere else I could think of to locate any more bits of this Xoftspy...unable to locate any extra bits there.
Now having trouble with browser...noticed the pull down window in the address of my browser and also google search browser are blank....and checking it today nothing stays there for me.
The address browser dropped down on me without me touching it not long ago too...I had to put it back.
All the programs I have for 'nasties' are all clear again this evening.
bye again...Mandy

Collapse -
That was probably going to be
by roddy32 / July 11, 2005 10:19 PM PDT

my next suggestion. LOL I saw the neuber thread and others when I googled this the other day but it involved going into the registry which most people, including me are uncomfortable with so I always save that as a last resort. Another last resort was going to be the "issues" portion of CCleaner. I'm glad you might have it fixed, that is great news. As far as the dropdown menu not showing anything, mine doesn't either but I have it set that way by turning ''autocomplete'' off. I really HOPE you are all set now Mandy. Keep us posted Happy

Collapse -
Mandy, Since you have Spybot, there is .....
by tobeach / July 9, 2005 4:32 PM PDT

A function that is similar to Config which also lists & describes various items in start up. Like config, it has ticks in boxes before each item which can be on/off'd for temporary testing and also (if you're sure) can be fully toggled off. I don't know for sure if turning QTTask.exe there might be any more effective than in config but the writter of this may not have be counting on you having S&D and may have written the auto start for config only.
Suggest you might try turning it off there and even if config boots it , the extra cutout may mess with it. Worth 5 mins trial? You need your S&D to be in "Advanced Mode". Start S&D, on main page at top (next to "file') check mark to Advanced. Should show (at bottom left) one button each for settings & tools. Click tools and from list click on words "system start-up" if QTTask listed there untick and reboot. If it has turned off this beast, then go, and after highlighting item, click toggle at top. While there look for any Strange, weird or mispelled items listed. Sometimes they're made to look like legit programs except (for example) maybe has first letter in uppercase where ms program has it all in lower case. Often the program will be under 2 different names with the second one the re-activator of the first one(misdirection).
The other idea that occurs is 98s registry back-up tool with the 5 past registry files. I'm pretty sure these must be contaminated (similar to sys restore).
IF you'd gotten rid of 90% of the problems, I might be tempted to replace all of those, with 5 copies of current 90% clean in hopes of preventing those from having any re-install chance at all.Pretty careful double back-up thinking on the bad guys part but if he wrote for config re-tick would he pass up chance to pull same trick with the reg tool? Normally I'd only suggest this if 100% clean.
Don't really know this will solve much, and certainly Roddy has the expertise (miles beyond myself)... some times the forrest for the trees..
I am certinaly watching your progress with great interest and applauding each of your successes as if my own. You go , girl!! Happy

Collapse -
Several Sites List QTTask.exe as actually....
by tobeach / July 10, 2005 3:27 PM PDT

coming from Quicktime/ IPod tunes program install. I note the HP laptop we got has it on desktop. Some suggest its' main purpose was to monitor what movies/songs you watch/listen to and report back to Apple. (eventually to RIAA?).
One poster said he stopped the problem by unticking in config and then applying S&D Teatimer to prevent it re-enabling. That might work but you don't want to apply T>T> until you're fully clean of all else as it prevents registry changes without your permission. Would make other clean up difficult?? Thought worth a mention. Happy

Collapse -
Qucktime was already installed on my o.s.....
by mandyrchtr / July 11, 2005 2:39 PM PDT

when my brother gave it to me and I notice that quicktime is used for some? pictures on the screen.
When I start the internet explorer I go to my (most popular in Australia)ISP home page and I have noticed recently that I have a 'broken' Q dotted in several places while navigating around this site.I know this icon means quicktime.I assume there are pictures supposed to be in these spots.Some pictures are there and some are not...bit odd?
I think I have come accross these in Yahoo also and maybe a couple of other places but have not been in many other places on the net recently.
Will keep your thought in mind for now....
bye again.

Collapse -
Hi tobeach....just started up spybot in advanced...
by mandyrchtr / July 11, 2005 2:23 PM PDT

mode....I already had it in advanced I noticed.I
went into startup and found QTTASK.EXE_atboottime was in there...BUT...it was unticked.....not sure now that I have tried so many things but I think I did that earlier.But in the side window next to this it does tell me according to 'Paul Collins startup list' that this is either:System tray access to Apple's & quot;Quick Time and quot;viewer from version 5 onwards
OR CoolWebSearch parasite variant.
I already downloaded CWShredder and that is clear.
So is Spybot, AVG and ADware only came back with a number of tracking cookies...I deleted those.
I did download the recent Version of quicktime just to update.But the computer is slow and a couple of times the address changed/or stopped on me when I entered an address in the browser.
I sure am glad for your support between us all I look forward to licking this problem....sure is stubborn...I am more stubborn though!!
Thanks again tobeach....
Mandy

Collapse -
Mandy, I've just noticed in post to Roddy, Xoftspy is....
by tobeach / July 11, 2005 3:05 PM PDT

mentioned. The program (all versions before version 4.0) was classed as a rogue program for all the usual reasons. Now claims to have stopped false positives as sales goad and reformed (after blaming their associates).
I see no reason to take their word for it (the fox swearing he's reformed and no longer eats chickens (just ducks)! Remove any refrence to it you find in programs or registry or move on boot.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
You also mention AdWare. If you go to above link,you'll find many mentions of various versions listed. Anything mentioned in lists, I'd remove. Good page to ad to your Favorites/Bookmarks, I refrence it quite often. I'm assuming here you meant AdWare not Adaware(legitimate from Lavasoft). HTH!!! Happy

Collapse -
Very informative page is now added to my favorites...
by mandyrchtr / July 11, 2005 4:24 PM PDT

Thank you for that info tobeach....and I hopefully have removed Xoftspy....I must admit I am unsure how that got into my system....nothing written rings any bells??!
Mandy.....

Collapse -
Back again...something seriously wrong here....
by mandyrchtr / July 12, 2005 2:42 PM PDT

On rebooting qttask is gone...BUT...connected up to the internet,clicked on my icon for IE, after waiting for it to finish clicking away (quite slow),clicked on my favorites for cnet...waited again slow...clicked on my outlook express...then lost the page buttons I had on the bottom along with clock,icons next to that and the start button was white blank.
Could not do anything for a minute or 2 then got to the desktop clicking the outlook express x up the top right corner and was immediately at my desktop.Still was connected to the internet though but got everything back on the bottom of the screen except my 'pages'buttons and the internet icon that should be showing next to the clock.
Now getting straight into cnet from favorites when I click to change the page only half of the page showed...clicked back button twice for it to work then the same thing happened.Now I am able to do this message finally...was not sure if I should start a new message as my original message here is fixed as my programs have been able to be updated.(As of yesterday anyway)Have not tried today.
What to do....I am unsure what is happening...Mandy

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?