virus/trojan - help re random rebooting, online scans..

Discussion in 'Backup and Security' started by Ken_DTU, Mar 23, 2003.

  1. Ken_DTU

    Ken_DTU

    I (unwisely) tried kazaalite and looks like I somehow got a trojan/virus on the hard drive.... I didn't download any executables, scripts or anything other than .mpgs , but it looks like one of those had a bug somehow attached to it...

    symptoms are: tiny firewall looks to shut down now and then, and, pc randomly reboots at least once/day for no reason, and I'm getting signs that norton a/v processes look to be tampered with, eg zonealarm saying they've changed... and, getting requests to allow runDLL as service to access the 'net ..

    Anways, pestpatrol, norton, and the online checker at www.trendmicro.com don't show anything, though I know somethings' there... scanned registry and don't see anything suspicious .. can't get www.sarc.com online scanner to work w/IE, saying activex not enabled even w/low security settings..


    any other tips for how to spot a "bug" when pestpatrol, norton etc can't seem to find it?


    I really don't want to reinstall the win2k o/s again ..

    also, thx to the ET member who posted the link to the great regcleaner program, at

    http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

    .. it's very useful .. hmm any other good online scanners I can run to scrub the system? Most standalone a/v programs don't co-exist, eg can't load mcafee w/norton or others.. so, limited to doing online scans, or, let me know if you have any other good tips for software..


    thx!


    ken
     
  2. where'd you get the suspected file? i have kazalite zipped but haven't installed yet. i hope you didn't install on your tading system.
     
  3. Ken_DTU

    Ken_DTU

    hi , no , fortunately it's on my 3rd pc, i learned my lesson last time this happened.. i think it was a norwegian or finnish site link for kazaalite i saw on google search .. this one: http://www.kazaalite.nl/en/

    hard for me to see how anything I downloaded would've infected the pc, because they were just .mpg files, no .mpg.exe or any of that, simple .mpgs, and I scanned each one w/norton and pestpatrol before viewing to be safe.

    i think it's something in the install package itself, pestpatrol warns about it, but it just says it's audiogalaxy, meaning kazaalite, i think..
     
  4. kazaalite rules.

    get it at kazaalite.com
     
  5. Pest Patrol picks up a lot of stuff especially the Kazza crap .
    Did you update Pest Petrol definitions before you ran the scan?
     
  6. Ken_DTU

    Ken_DTU

    hi, yes re pestpatrol, agree it picked up the entries, deleted them .. also there's one called "spybot" that looks to be very good, got it via http://security.kolla.de/, like ad-aware.. looks interesting, found a couple of "DSO Exploit" registry entries etc

    wish we didn't have to deal with all this virus/trojan cr@p.

    another favorite: "goback" from roxio .. it's saved me many times, even for simple things like when drivers don't install correctly, it makes it easy to "go back" up to 24 hours to restore your registry and other settings, keeps a 5gig swap file basically to recover system .. it's been very useful this past year

    ken
     
  7. Ad Aware is also quite usefull . It picked up some pests that Pest Patrol did not. I use both .

    http://www.lavasoftusa.com

    Ad Aware is free. Make sure you run the update after you install the program to get the latest pest info.