Jump to content


  • Content Count

  • Joined

  • Last visited

About BobLewiston

  • Rank
  1. A day or two ago AVAST! AntiVirus warned me I was attempting to access a dangerous website. (I don't remember what website it was.) I took the warning and didn't access the website. Later I did a sweep with AVAST! It reported three malware infections. All 3 were of High severity and of the same type (Win32:Malware-gen). Two of the infections were within two different copies I had of the GMER executable, one on my main disk ©, and the other on my backup disk (E). These two executables were not actually named gmer.exe because, in order to avoid being impregnated with malware by the forces of evil before these files were even downloaded, those parties who make these files available for download give them random names. The third infection was in: E:\System Volume Information\_restore {D18642E0-9885-4956-BEC4-09E7EF0136D4}\RP453\A0106921.EXE. As this is a hidden directory, I was unaware of its existence on my backup disk. (I had originally obtained this disk drive from a friend.) AVAST! successfully quarantined the two infected copies of the GMER executable, but said it could no longer find the third infected file. I ran AVAST! again twice, Malwarebytes' Antimalware twice, and SUPERAntiMalware once, in all cases doing complete scans. No malware was found in any of these scans. Now PC Tools Firewall Plus has just reported: "Office Data Provider for WBEM Office Data Provider for WBEM is attempting to monitor and/or intercept NetgearCUv2 MFC Application events. This hook monitors keystroke messages. The hook procedure is associated with all existing threads running in the same desktop as the calling thread. Only allow this if you know the application is Safe." (Netgear is my wireless network adapter.) I of course didn’t allow the application to run. Apparently I've got a malware infection, and it's a keylogger (in addition to God knows what else). Any help available?
  2. Among other things, I've got Windows XP Pro, SUPERAntiSpyware 4.33.1000 (free edition) and PC Tools Firewall Plus Free At Windows launch, I've just started getting two PopUps. The first one says "SUPERAntiSpyware Update". Although it looks official, I've never seen this before (although for all I know, maybe this is how SUPERAntiSpyware handles updates for the software itself, rather than for the spyware definitions, which are updated manually by the user within SUPERAntiSpyware). The second PopUp is from PC Tools Firewall Plus. It says: “Services and Controller app (C:\Windows\System32\Services.exe) is attempting to load driver aswRdr (registry\Machine\System\Currentcontrolset\services\Answdr)”. Presumably this refers to the process referenced in the first PopUp. Playing it safe, I right-clicked the title bar of the SUPERAntiSpyware PopUp, but no drop down menu appeared from which I could select Close. ALt-F4 did close the dialog box, however. Before I allow this SUPERAntiSpyware PopUp to download its Update, can anyone confirm that this is a legitimate PopUp that is really from SUPERAntiSpyware? I’ve had problems with truly insidious malware in the past (including rootkits), and I don’t need any such problem again. Thank you.
  • Create New...