Jump to content

LoranK

Members
  • Content Count

    10
  • Joined

  • Last visited

Posts posted by LoranK


  1. I finally found out what the problems were with SAS finding a virus with the DNS Hijacker trojan. the company that sets the DNS suffix was overloaded with traffic. So to keep the speed up with the conections it received a Tunnel Adapter Teredo Tunneling Pseudo-interface. SAS was picking it up as a Virus when SAS deleted the virus it would delete the complete IP Address and submask net.I would see it twice because there is a tunneling and an auto tunneling interface on with the Ip Address. has anyone else had these kinds of problems? Or I up in the night?


  2. Hi Loran.

    Please submit a Customer Support Request:

    https://www.superantispyware.com/csrcreateticket.html

    Thanks, I did tonight. I was sending one of the logs to microsoftt as well. Because my Dr,Watson Postmortum debugger keeps having errors when I have more than 3 tabs open. they are registry items Microsoft may be able to have me rewrite the controlset. Unless you know? I have been browsing around this fourm and have had some of these same experiances as some of the other members. I like the fact that you guys that are good at computers are willing to help the novices like me without replies dripping in sarcasm. thanks, Loran


  3. Yes It does want me to reboot however if I let it get rid of the control set it will remove the Ip Address and the submask net and default gateway. If I knew where and what I was looking for I could delete the virus manually. It seems to either have change the way the program is reading it or is imbedded in the program it self. SAS can't distingush between the virus and the needed. until I can figure it out a little bit more I will have to leave the DNS hijacker there and hope it doesn't cause damage. otherwise I wouldn't have a internet link.


  4. It looks like the stuff that you posted from your scan log can be safely deleted. There were a few entries listing stuff about Proxy configurations and at the end the one about hi-jacked DNS. These and some of the other files may be causing what you are seing with your IP address. I would say go ahead and run another full scan after updating your definitions again and remove all the things it finds. It will most likely have you restart your computer after cleaning it, then let us know if it helped.


  5. If you haven't reinstalled already, try resetting IE by going into Internet Options>Advanced>Reset (Not Restore Advanced Settings).

    I don't think reset will work in this case because it's not the browser that is the problem it is the controlset. that is in MDOS Explorer is the shell. reset will not reconfigure MDOS settings.


  6. I was having the same problems. Seth is hopfully going to look at my post. what I had to do to restore explorer is to roll back to a restore date. that way you will be able to accsess internet. I think what is happening is the Ip Address is being removed when SAS removes the virus. view the log file to see if it says Trojan.DNS-Changer (Hi-Jacked DNS)

    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

    HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

    HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS#NAMESERVER

    If this is what it looks like then that is what is most likly happening. If you go into control panel and type ipconfig and it pulls up internal error registry item missing or incomplete. contact microsoft. then thats what it is for sure. I can't figure out how to get rid of the virus either. I think the virus is embeded in the controlset SAS can't distingush the harmful from the required so it will delete it all. that's my thoughts. If you come up with a remedy let me know I would like to smoke the one that I can't get rid of.


  7. Thank you for your replies I have downloaded the program to scan it. I don't know what to think when I get diffrent information from diffrent sources. I'm unsure myself how the internet security works. Sorry I didn't add the system information in the post it is windows xp home edition sp3 nfts system 32bit I'm pretty sure. The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse. I didn't know at the time that it was a crucial part of the frame work. even though norton thought it was a virus.That was the first time I had to get help reloading the system with recovery disks. what you are saying to do by cancelling the scan will it still keep everything in Quarrantine? The reason i was asking is there are a lot of programs that SAS is catching and they look like they could be harmful to the system. this time SAS finished the scan So I really dont' know what was happening. After looking over the scan log it looks like there is a lot of personal information in it about my computer. I really don't at this time feel comfortable putting this infmation into a public board. I will copy some of it. However I know it doesn't give you the whole picture and I do appreciate the advice and help. I will post more when I can figure out more of it and run a couple more tests on it myself. one positive thing is my faith in SAS has been mostly restored.::::::::::SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 06/26/2010 at 02:26 AM

    Application Version : 4.39.1002

    Core Rules Database Version : 5122

    Trace Rules Database Version: 2934

    Scan type : Complete Scan

    Total Scan Time : 00:55:45

    Memory items scanned : 497

    Memory threats detected : 0

    Registry items scanned : 8099

    Registry threats detected : 113

    File items scanned : 34334

    File threats detected : 186

    Adware.MyWebSearch

    HKU\S-1-5-21-3618631481-395094298-1503050598-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}

    HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D :::::::::::this is the first section that I pasted this below is the next section Note the Colons are the breaks that I put in so you can tell what is my typing and what was pasted. I skipped a small section with my sons information in it ::::::::::::::::: C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115605.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115606.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115607.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115608.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115609.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115610.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115611.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115612.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116105.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116106.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116107.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116108.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116109.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116285.DLL

    Adware.Tracking Cookie

    C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@ru4[2].txt

    C:\Documents and Settings\Owner\Cookies\owner@aws.112.2o7[1].txt

    C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt;:::::::::::::::::::::::there is a small break of a few lines again below is the rest::::::::::::::::::::HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8

    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn

    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted

    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL

    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision

    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag

    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#msn.exe.pos

    HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn

    HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL

    HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision

    HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag

    HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#msn.exe.pos

    HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\FunWebProducts

    HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\MyWebSearch

    HKLM\SOFTWARE\MyWebSearch

    HKLM\SOFTWARE\MyWebSearch\bar

    HKLM\SOFTWARE\MyWebSearch\bar#UseFWB

    HKLM\SOFTWARE\MyWebSearch\bar#pid

    HKLM\SOFTWARE\MyWebSearch\bar#fwp

    HKLM\SOFTWARE\MyWebSearch\bar#mwsask

    HKLM\SOFTWARE\MyWebSearch\bar#tiec

    HKLM\SOFTWARE\MyWebSearch\bar#Dir

    HKLM\SOFTWARE\MyWebSearch\bar#UninstallString

    HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath

    HKLM\SOFTWARE\MyWebSearch\bar#Id

    HKLM\SOFTWARE\MyWebSearch\bar#CurInstall

    HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir

    HKLM\SOFTWARE\MyWebSearch\bar#CacheDir

    HKLM\SOFTWARE\MyWebSearch\bar#sr

    HKLM\SOFTWARE\MyWebSearch\bar#pl

    HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision

    HKLM\SOFTWARE\MyWebSearch\bar#sscLabel

    HKLM\SOFTWARE\MyWebSearch\bar#sscURL

    HKLM\SOFTWARE\MyWebSearch\bar#Flags

    HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir

    HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS

    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES

    HKLM\SOFTWARE\MyWebSearch\SkinTools

    HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath

    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs

    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs

    HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

    HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0

    HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0

    HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32

    HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS

    HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR

    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid

    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32

    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib

    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid

    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32

    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib

    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid

    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32

    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib

    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113765.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113766.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115059.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115060.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115562.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115577.SCR

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115580.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115581.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115582.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115583.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115584.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115585.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115586.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115587.SCR

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115589.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115590.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115591.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115592.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116651.DLL

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116652.DLL

    Trojan.DNS-Changer (Hi-Jacked DNS)

    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

    HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

    HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS#NAMESERVER


  8. Welcome to the SAS forum Loran.

    That's ludicrous.

    The only exception is rogue antispyware/antivirus products.

    I recommend he educates himself on internet security. Feel free to mention this thread to him, as I wouldn't mind having a discussion with him.

    Anyway, rmlake is correct. We need to see the log before proceeding.


  9. Has anyone that has used the Super anti spyware program had trouble with it recognizing the IP address as a spyware program? three weeks ago I had this Happen. I had the program doing a routine scan and it gave me a odd message about my Lan cable being unplugged. I started by ending the program short of scanning and closed all my programs. then I tried to get back online (after checking connections)the message came up that said Registry file missing Contact Microsoft. I had no way to contact microsoft because I couldn't even get my computer online. I went into comand promt to see if I could configure the IP address Manually because I couldn't ping any other computers. when I type in the IP Config command the promt read IP address 00000 Submask Net 00000 and the Gatway Default 00000. I tried everything I could think of until I finally realized that I had to rollback my computer to the last time I downloaded new definitions from Superantispyware. Just to see what would happen I ran a scan and same as always it came back with the same spyware to be deleted. I deleted it then I was prompted to get a definiton update. I was a little worried about it so I declined. then went to the website directly to see if there were in fact updates there were and so I downloaded them. I ran a scan and in about the same place throughout the scan I had the samething happen to me. to no avail I had to roll back the computer again to fix the problem. I contacted a local computer store they told me that a lot of times spyware companies will insert there own spyware and virus so you can't run two spyware programs on your computer at once thats why when you get a new spyware program the instructions tell you to remove all previous spyware programs. that makes sense because I forgot about one once and they both came up with each Identifing the other as a virus. He recommeded I uninstall the program and get a better one. I unistalled it and have not been using it since. I have had no other problems yet. I didn't want to stop using Superantispyware because it seemed to catch alot of tracking cookies. It does put the seed of wonder into my head that the superantispyware site will (when updating insert its own harmless adwares to find)I was wondering if anyone had thoughts on this? I only know enough about computers to be dangerous when trying to fix my problems. Sometimes I can and sometimes I make it worse. would someone please clarify this for me? I would like to re download Superantispyware again On my computer because I thought it really worked. I can't afford to pay a yearly fee to keep people off my computer and I can't afford not to be protected. Thanks in advance to any pros out there with advice. Loran

×
×
  • Create New...