29 total posts
I would give.......
Malwarebytes AntiMalware a try:
Operating Systems: Microsoft
MBAB found nothing
Thanks, Marianna. I really appreciate the detailed instructions given. I followed through. But guess what? It found no malwares! I wonder what that means. I noticed it took a far shorter time to scan and the number of objects scanned is also far less than that of Adaware and AVG. During the scan AVG's Resident Shield Alert kept popping up! I am enclosing the report for your information. I will get Adaware to scan again to see what it says. Will keep you posted. Thanks again.
Malwarebytes' Anti-Malware 1.12
Database version: 793
Scan type: Quick Scan
Objects scanned: 38320
Time elapsed: 12 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
(No malicious items detected)
(No malicious items detected)
During the scan AVG's Resident Shield Alert kept popping up!
and what did the alert(s) tell you??
What did it tell you?
It said: "Accessed file is unwanted. Potentially unwanted program. File name:C:\Program files\CNNIC\Cdn\cdnforie.dll. Threat name: AdwareGeneric2.UC. Detected on open." and many similar others.
I finally found CNNIC with 'search' and deleted in in safe mode. Ran AVG and this time it seemed able to remove all threats without any problem!
But when I ran Adaware, I got exactly the same number and same kind of threats and same kind of response! During the scan, another Resident Shield Alert popped up. This time it is "c:\windows\system32\cdn.dll. Threat name: AdwareGeneric.BQZ. Detected on open."
I have got 2GB of virtual memory, with 1.96GB available. But during Adaware scan just now, a warning said it was low on virtual memory,and Windows was trying to increase it....
Well, how bad is my situation?
This time it is "c:\windows\system32\cdn.dll.
That one also belongs to Adware.Cnnic
Have a look here : Adware.Cnnic Removal Instructions IF you can find the other files on your computer.
Maybe you try first:
Download and scan with SUPERAntiSpyware Free for Home Users
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
Oops... link is here....
Super Anti Spyware caught some
Marianna, I did just as you directed. I scanned, but it only caught 12 items all under Documents & Settings. Remembering that Adaware caught 19, I decided to scan in safe mode, and this time it caught 8 Trojan.CNNIC/variant with some familiar file names that AVG's Resident Shield kept throwing at me. I wonder if this is all.
Perhaps I will rescan tomorrow.
Do you think it will be easier to just reformat the harddisk?
Thanks a lot, Marianna.
Remember, the "ugly stuff" will also be in your system restore points.
Scan tomorrow - after updating your AVG AND Super AntiSpyware - again in safemode. IF the scans come up clean......
Then browse to the C:\documents and settings\Owner\local settings\temp folder and delete all files and folders in it.
Then browse to the C:\Windows\Temp folder and delete all files in it.
Then in internet explore click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.
Then reboot to normal mode.
TO CLEAR OLD SYSTEM RESTORE POINTS
On an infection-free computer, make a new restore point:
- Launch System Restore from its Start Menu | Programs | Accessories shortcut (or directly launch C:\Windows\System32\restore\rstrui.exe from a Run box).
- Select "Create a restore point." Click Next and follow out the menus.
Then, purge all restore points except the most recent:
- Run Disk Cleanup, either from its Start Menu shortcut, or from right-click + Properties on C: in My Computer, or from directly launching C:\Windows\System32\cleanmgr.exe from a Run box).
- After it scans, click the More Options tab, then Clean Up in the System Restore section, confirm the action, then click OK to run it.
Back to square one!
Hi Marianna, I scanned with Superantispyware and AVG in safe mode as suggested. Super did not find anything, while AVG found quite a number of tracking cookies which it cleaned up.
I could not find the c:\documents and settings\owner\local settings\temp folder. I did find c:\windows and the temp folder under it. When I ran the cursor over it, it had approx 600kb and some files. But when I opened it, no file was listed. So I couldn't proceed. Kindly advise.
Then I remembered Adaware found some adware.ToolbarDeepdrive malwares which were not reflected in the Super search. So I thought I would scan with Adaware. But it didn't seem to want to start. I did a search, and there were many, many toolbars listed.
Then I reboot to normal and did the scan with Adaware. The result was exactly like before - 8 adware.CDN, 8 adware.ToolbarDeepdrive and 1 dataminer. Only this time when asked to remove the threats, it did not say it cannot remove the file.
Also, during the scanning, AVG Resident shield popped up at least twice with C:\windows\system32\cdn.dll and c:\system Volume Information\restore...(a long string of numbers)...sys.
I also notice there is plenty of internet activities - within a short span of time, my broadband connection has received and sent hundreds of thousands of bytes, even though I was not doing any surfing.
Am I back to square one?
Can you SEE the HIDDEN files?
1. Click "Start".
2. Click 'My Computer'
3. Select the 'Tools' menu
4. Click 'Folder Options'.
5. Select the 'View' tab.
6. Under the 'Hidden files and folders' heading, select 'Show hidden files and folders'.
7. Uncheck the 'Hide protected operating system files (recommended)' option.
8. Click 'Yes' to confirm.
9. Uncheck the 'Hide file extensions for known file types'.
10. Click 'OK'.
Do you have teatimer ENABLED in Ad-aware? DISABLE it, otherwise it WILL interfere with the fixes.
Do you have CCleaner? IF not,
Download CCleaner HERE and install it.
Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.
Then open it and select the items you wish to clean up.
In the Windows Tab:
I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
Then click the "Run Cleaner" button
Now run AVG in SAFEMODE and also SuperAnti Spyware.
ONLY as a "guide" have a look here:
Just to be sure
Hi Marianna, a few questions before I start. I don't want to mess up again.
1. My Ad-aware is 18.104.22.168. Its user interface does not seem to have any options, except for scanning. I can't find 'teatimer'. Seeing that Ad-aware does not seem to play a part in this cleaning process, do you want me to uninstall it first?
2. In CCleaner, under System, 2 entries - start menu shortcut and deskstop shortcuts - are left unchecked. Do you want me to check that also?
3. Will Ccleaner also clean out the files in the temp folders that you wanted me to? I have unhidden the files, but still one temp folder refused to reveal its files either in 'browse' or 'search'.
4. Do you want me to run Ccleaner in normal or safe mode?
I had a look at the CNNIC site. It's frightening.
Thanks. Have a good weekend!
Re: Ad- aware
1. Is enough IF you disable it.
2. CCleaner under System...... I have ALSO checked start menu shortcut and deskstop shortcuts in MY CCleaner
3. Yes, CCleaner will also clean the temp.files. The one temp.folder > can you rightclick on it and look under properties? What is the name of that temp.folder?
4. Yes, you can run CCleaner in safemode.
Thanks - you have a great weekend too.... I will be in\out of the house over the weekend - only FYI - so you are NOT wondering where I am "hiding":)
Stay cool, calm and collected
This is what I have done in safe mode:
1. Run Ccleaner. It cleaned tons of files.
2. Run AVG. Found tons of cookies and one cdn.dll. It closed on its own. So I assumed it's ok.
3. Run SuperAntiSpyware. Found no threat.
4. Check on the temp folders, mostly empty, except one which I deleted. Check on Internet Explorer and Morzilla also.
5. Reboot. Create new restore point and purge the rest.
I hope this is all. I will run ad-aware tomorrow to see if it's ok. Right now i want to assume it's ok. But I have just connected my broadband connection to write this post, and already it has sent out over 200,000 bytes and received over 1.8 million bytes!
Will let you know tomorrow. I truly appreciate your patience and your encouragement.
"senior moment"......... or whatever you call it...
teatimer is for SpybotS&D and Ad-watch is for Ad-aware, but don't know IF the newest version of Ad-aware still has it.
a little mistake
Teatimer is Spybot Search & Destroy, not AdAware.
Guess, you missed it.........
Yes, I did
I saw it right after I posted. Sorry.
What OS ? RAM Extremely Small 4 New LARGER...
modern programs like Adaware 2008 (20+ megs). 27 processes running while connected to net (here) is quite good so too many start-ups is, in general, not the problem.
If Marianna's suggestion doesn't get 'em, try removing in safe mode/or
using "Move on Boot" program (Google it). If it's a plug-in it may be able to be manually un-installed by un-installing toolbar & plug-in.
More info please
Thanks, Tobeach. I am not too computer savvy, so will appreciate more detailed instructions. How do I go about removing some unneccessary programs? I went to System Information last night and found that I only have 10.10 MB available physical memory. Is that significant? I also took a look at 'Tasks Running' and found a number of files with 'path' etc. not available. Is it normal?
Carol's Suggestion 4 KB...Is Excellent....
Assuming you have XP.Which?Home?Pro? Sp1 or Sp2? Sp3? Total HD Size?
Have you or even CAN you do a defrag? If free space on HD is less than about 30% of total (depending on which OS) you may not be able to without creating some space by deleting excess programs not used or moving some storage files like WMV or Audio files onto a separate storage medium (DVD/CD/USB Flash drive).
Most programs are listed in your Control Panel>Add/Delete Programs Icon>List. See if "toolbar" mentioned is listed there. If so you may be able to un-install from there(if a legit one...If a Malware one maybe more difficult).
Some things resist removal if they're running (from boot-up).Often scanner "can't remove" means either 1) Item is an installed program and must be manually un-installed from Add/Delete Progs or 2)needs Safe Mode to stop running first Often they can be removed/un-installed if running in Safe Mode since most items are not loaded/started in this mode. How to start in safe mode:
Do Not be dismayed by weird appearance of desktop in SF. You can use as if normal. It will return to normal when rebooted to normal mode.
Could NOT find specific info via Google for either of named problems. Perhaps mis-spelled ??
Freeware "Toolbar Cop" may help in removal of both Toolbar & BD browser search re-direct. Do Not Click on any "Sponsored Links". Author Ramesh.:
Path not available MAY mean someone has done an un-install already(perhaps not complete). Also may mean system files are damaged.
To correct damaged system files , try running System File Checker.
If XP, based on an on board back-up copy of XP(read only) used to correct files. If copy is corrupted, it may tell you to insert XP or SP2(if patch applied) disk or to indicate location of SP2 info to get new,
clean copy inserted. Good to have disk at hand. To Run SFC:
Left click on My Computer(open)
Right click on "C" or your OS drive if another letter.
Left click Properties and then click Tools Tab.
Left click on "Error Checking"> Check Now.
Left click to enter check mark in "Auto Fix System File Errors"
Left click on "Start".
Computer will have to reboot to begin repairs.
Just leave alone (you're locked out anyway) 'til process finished.
Hope of some help.
Got some removed
Thanks, tobeach. I went to safe mode and got the suspected file CNNIC removed. Also removed a toolbar from Add/Remove program. But overall situation not much improved.
I have XP home edition and SP2. Harddisk is 40G with more than 70% free. I went to defrag and analyzer said no need to defrag.
Regarding the installation of KB931784
You never mentioned which operating system you're using. I'm presuming it's Windows XP. Many user's had the same problem with KB931784 last year. Go to your Control Panel and see if Add/Remove indicates the update was installed. If so, delete the update. Empty your Temporary Internet Files and reboot. If you have Automatic Updates enabled, temporarily disable it until the below procedure is entirely completed.
After you restart the computer, try this suggestion for installing problematic updates, offered by Ottmar Freudenberger. (I would create a Restore Point first)
Create a folder directly off your C drive and call it "Downloads". (C\Downloads) If it isn't "C", change it accordingly.
"Save" the update to your harddisk, where you created the C\Downloads folder.
After manually downloading the update to your Downloads folder, go to Start>Run and type (or paste) the following in the appropriate space:
Keep the quotes and note there is a space between the last quotation mark and /o
Press OK then Enter. Reboot. Remember to re-enable Automatic Updates.
The update should install without creating any further problems. If you still have a problem, or receive any error messages, make sure to read "Known Issues" here and see if it applies to you. There are other things you can try, but the above seems to work in many cases.
Thanks, Carol. Will follow your instruction tomorrow. The update is still waiting, but I got to sleep now.
Re: Done all
Great Job !
Are you up-to-date with ALL Microsoft patches? To be sure - go to Windows Update and check.
Do you have the latest Sun Java installed?
Go here to check: http://www.java.com/en/download/installed.jsp
What you also could do is,
go here: http://secunia.com/software_inspector/
Feature Overview - The Secunia Online Software Inspector:
* Detects insecure versions of common/popular applications installed on your computer
* Verifies that all Microsoft patches are applied
* Assists you in updating your computer and problems
* Runs through your browser. No installation or download is required
....but first ENJOY your Sunday - tomorrow is another day
You Are Very Welcome
Out of the woods at last?!
Trust you have had a good weekend.
Well, I scanned the computer in normal mood with
1. Ad-aware. Found a few cookies of TAI 3, which it removed.
2. SuperAntiSpyware. Found 1 Adware Tracking Cookies which it removed.
During these last two scans, AVG Resident Shield popped up with "Potentially Unwanted Programme c:\Windows\system32\cdn.dll".
3. AVG. Found the above spyware c:\windows\system32\cdn.dll and moved it to virus vault.
Do I need to purge restore point again? I did not do it this time. I can do it in the next scan, if necessary.
Does it mean that I am out of the woods at last?
Thank you for your additional advice. I did not know that I have to check at Windows Update, thinking that enabling Automatic Windows Update was enough. I went there and it asked me to install Service Pack 3, etc. which I did.
Will look at the other sites later on.
Thanks again, Marianna. You have been a really great help.
It sounds this way ;)
Thanks, yes I had a great weekend - is only a "pity" it flies by like nothing
You can DELETE everything you have in AVG's vault. Reboot
Yes, I would purge the restore points again like you did last time so you have a CLEAN computer.
I also would recommend installing:
Prevent the installation of spyware and other potentially unwanted software!
Spyware, adware, browser hijackers, and dialers are some of the fastest-growing threats on the Internet today.
By simply browsing to a web page, you could find your computer to be the brand-new host of one of these unwanted fiends!
More here: http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
SpywareGuard now also features Download Protection and Browser Hijacking Protection!
You Are Very Welcome and Happy SAFE Computing
Thanks & MOre Questions
Hi Marianna, I scanned again with AVG, and this time it found absolutely NOTHING! Halelujah, Praise God, and a big thank you to you.
I don't think anybody else would have been so patient to get me through this. It has been a very educational week for me. I have printed out all your posts, so I can refer to it in future.
Right now I have already installed in my computer
1. AVG 2008
2. Ad-aware 2008
1. If I also installed SpywarBlaster 4.0 and SpyGuard 2.2, will they conflict each other?
2. My computer is an old horse with only 128 M Ram. And at the moment only 10 M is available. Will it be advisable to install them now, or wait until I am able to install more Ram?
3. Or shall I uninstall Ad-aware and install these last two instead?
Thank you again.