Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WHO is ANTI- virus and who is the virus..software ??? 1

Status
Not open for further replies.
Huntindad

Huntindad

MIS
Jan 17, 2004
7
US
Folks, I'm a PC rookie. I work in the mainframe arena. But I'm learning. My machine at home I'm afraid is Hijacked/hosed or something. It got pretty dang slow in loading web pages & lots of &^$#@# pop ups.

I loaded what I thought was Symantec, but was diverted to WInAntivirus. I installed it before I realized I had been Snookered. I uninstalled it. Still can't get ahold of them or the billing co.

I tried to load Mcaffee, but balked when it said it would automatically renew at the going rate. I may revisit that one.

I then loaded eAnthoology Antivirus software. It said I had buttloads of viruses & spyware. Now I read on pestpatrol/broadband something that eanthology may be a virus/spyware site itself.

My longwinded question... who is legit & who is the damn virus/spyware folks???

I've heard Spybot is good to load for spyware. And Hijackthis is also good. I'm afraid to load this stuff in case my machine will divert it.
I tried to load AVG software several times... but never got the email with the serial number.

At this point I'm ready to chunk this dang machine.

Who are the good guys ????

David
 
Sort by date Sort by votes
Gee Huntindad, I feel your pain. But all of this can be fixed because there are some really sharp people on this board. First of all, have you tried uninstalling through Add/Remove programs the WinAntivirus and the eAnthology software? AVG by Grisoft is a decent, free AV and can be be gotten here but first you gotta get cleaned up from this mess. :). You should run HijackThis and copy and paste the log here. Someone will help you out!

Jazzgirl
 
Upvote 0 Downvote
Eanthology is indeed bad software.
Legitimate Antivirus programs and companies include:
This is an official partner list from Microsoft. If it's not on this list, you probably shouldn't buy it (tho Microsoft doesn't know all, they have listed most credible companies)
If you need an online virus scan (and you probably do from the sounds of it) go here:
Spybot
AdAware
Hijack This and CWShredder
In that order, you should then post your Hijack This log and we'll look it over for you.

 
Upvote 0 Downvote
Thanx folks,

When I get home this evening, I'll load the above items & let you guys know of the results. I didn't realize that there was soooo much spyware/virus companies proliferating out there.
My Hijack log will probably look pretty nasty.

David
 
Upvote 0 Downvote
Oh.. Jazzgirl,

I did uninstall both Winantivirus & eanthology. I have my doubts as to whether or not all of it is off my machine.
I'm learning...slowly maybe, but a little here, a little there.

David
 
Upvote 0 Downvote
David

Quick point: If you get the DOS version of F-Prot from you can boot your PC up in DOS mode if Win95/98, or from a floppy if it runs NT/2K/XP and scan the hard drive without any viruses in memory.
If you find it difficult to make a DOS bootdisk, go to and download the ISO image, then burn that, then boot the PC from it - that will give you a fairly up to date DOS checker.

John
 
Upvote 0 Downvote
You're doing fine Huntindad. Just hang in there and everyone will help. If you were comfortable going through the registry I'd suggest you clean it up after uninstalling those offending aps. If you're not comfortable then don't do it! Jrbarnett's suggestion about F-prot is a good one. It's a great product and I always keep it for backup. Also, if you are running XP make sure you turn off System Restore. Post back if you need instructions on how to do that.

Jazzgirl
 
Upvote 0 Downvote
I'm running on an old...old machine(4 years old). I have windows 98 SE on it. I'll tackle the registry... I think. I ain't got a clue as to where it's at though :)

David
 
Upvote 0 Downvote
Yes, I didn't see that you stated if you did run Spybot. It is spyware free, make sure to update it after you install (and when the list of available updates pops up, change the default download Europe site to the US one... I'm assuming you're in the US). Sounds like your system has been more riddled by spyware than virus. If spybot tells you it needs to restart and scan again, let it. Any problems completing any virus or spyware scans, just boot to safe mode and try again.

Matt J.
 
Upvote 0 Downvote
O.k. folks I ran a bunch of stuff last night and got a Hijacked log.

Xemus... I had adaware on my machine. I don't think it was running though. I ran spybot & then I ran adaware. Hope that was o.k. I then ran the hijack stuff. they had other options(programs) in hijackthis, but I didn't run those.

I could not get into the closedsocket web site. I was able to install NAV from a CD and do the liveupdate. I have the trend pc-illan ? on my machine, not sure, but don't think it is up to date.( I know... I need to keep current on all this stuff. I will from now on). here is the log from hijacthis...

Logfile of HijackThis v1.97.7
Scan saved at 10:05:15 PM, on 1/20/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 98\IOMON98.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 98\WEBTRAP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\MAPISP32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM216.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [AVTray] C:\Program Files\WinAntiVirus 2004\AVTray.exe
O4 - Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: 3270 Express Terminal - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
Now... waht does all of this mean... looks greek to me :)
actually, looks like I got a bunch of junk in my system. Spybot knocked out alot of stuff.

Thanx folks,

David
 
Upvote 0 Downvote
Use Hijack THis! to remove these entries:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM216.DLL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

This is mostly spyware/adware and remnants. If you're curous why I'm suggesting you blow away Internet Optimizer, read here:

Other than these entries, you are looking fairly clean.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Well, I finally got a hold of billingnow via a chat line help system. I told them I was fraudulently fooled into the winantivirus software and wanted a refund. They said, our records show you ordered it. Yes, by fraudulent means. I said I would not pay the bill & if not fully refunded would forward to the state a ttoney's office. She said they would cancel the order. & after questioning them as to how... she gave me a refund number. I recorded all of this into a word document for CYA purposes.

My machine is still running slow & now I'm getting a weird sound like something changed the sound the machine makes when acknowledging commands.

something else to look into.

thanx folks,

David
 
Upvote 0 Downvote
Great job Huntindad! I've been battling my computer for a couple of days so I've been out of the loop on this thread. Glad to see you got fixed up. I too had a friend recently who accidentally downloaded some "malware" called Spykiller. Messed her system up something awful but at least she followed some instructions I sent her.

Good luck in your adventure in PC world!

Jazzgirl
 
Upvote 0 Downvote
HuntinDad, I would also suggest that you contact your credit card company or bank if it was a debit card and provide them the information that BillingNow gave you.

Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
 
Upvote 0 Downvote
I too was duped into the WinAntiVirus download. I have been unable to get any satisfaction from my e-mail. Could you provide the phone number for Billingnow.com.
 
Upvote 0 Downvote
Poppioftwo,
go to their website - They have the fax number, no phone number But... go to contact us page, they have a "chat" session where you can "talk" with them. That's what I did. It is not always up, so you may have visit their site more than once. aarrggghhh. Those folks are sorry SOB's

David
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
290
Oorde
Oorde
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
239
2ffat
2ffat
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
213
Henry Pence
Henry Pence
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
489
ChrisHirst
ChrisHirst
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
122
andyv2011
andyv2011

Part and Inventory Search

Sponsor

Back
Top