HPE Community
Operating System - Microsoft
1752765 Members
4966 Online
108789 Solutions
New Discussion юеВ

Re: spybot warning

 
SOLVED
Go to solution
Pat
Honored Contributor

тАО05-22-2005 01:06 PM

тАО05-22-2005 01:06 PM

Re: spybot warning

If you don't have Hijack This, download it and save it to your desktop. Read the instructions on this page.

http://tomcoyote.com/hjt/

Go into Safe Mode and Run it. Save your hijack log. Once you've run the scan, you can safely delete the files if you do not have a program that requires them.

Can you think of any software you've recently downloaded that would warrant the usage of backweb lite when it first began showing up on your system?

I've read F-secure anti-virus uses backweb lite also.

My experience in removing Backweb with an anti-spyware tool instead of through Add/Remove Programs was posted above. I had to do a system recovery then remove from Add/Remove Programs.

Pat


0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 07:56 AM

тАО05-27-2005 07:56 AM

Re: spybot warning

I did try F-secure one time as it was provided for free from my cable server. However it did not seem to scan all files like Norton, so I reverted back to Norton. Iwas reluctant to do a complete restore as I have some diffiulty re doing all the re install of programs. I have now another problem with the removal of a trojan, but I suppose I should start a new thread?
c'est la guerre
0 Kudos
Reply
Pat
Honored Contributor

тАО05-27-2005 08:17 AM

тАО05-27-2005 08:17 AM

Re: spybot warning

Norton makes a backup copy of any files (trojans) removed. They still show up as being in the system even though they were removed. Delete them from the backup folder.

Use an online scanner such as trendmicro's housecalls or bitdefender.com

Pat

0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 08:53 AM

тАО05-27-2005 08:53 AM

Re: spybot warning

sorry to ask a dumb question, but where do I find this backup log in Norton? I tried to find it through 'search", but nothing came up.
c'est la guerre
0 Kudos
Reply
Pat
Honored Contributor

тАО05-27-2005 09:01 AM

тАО05-27-2005 09:01 AM

Re: spybot warning

I believe you have to look into Report then click on the Quarantined Items. That should show a list of backup items kept. Right click on each and delete (or hold down CNTRL to delete several).
When prompted by a warning re: removal, click on Yes
Close Norton
Pat
0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 09:32 AM

тАО05-27-2005 09:32 AM

Re: spybot warning

It does not show in there either, but yet if I run the scanner again it pops up like this attachment.
c'est la guerre
0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 09:41 AM

тАО05-27-2005 09:41 AM

Re: spybot warning

Sorry, I sent the wrong attachment, This is what shows after the scan: I tried to empty the cache and Temp. Internet files to no avail.
Source: ipreg32.dll
Description: The compressed file ipreg32.dll within C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\666N6D4H\ipreg32[1].cab is infected with the Trojan.Domcom virus.
Click for more information about this threat : Trojan.Domcom
c'est la guerre
0 Kudos
Reply
Pat
Honored Contributor

тАО05-27-2005 10:16 AM

тАО05-27-2005 10:16 AM

Re: spybot warning

Trojans hide in system restore points also. Have you turned off system restore and run another virus scan to ensure the system is clean? They also may affect the installed scanner; so it is best to perform a complete system scan at one of the online scanners available.

Did you read this Symantec Article?

http://securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html

Pat

0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 10:33 AM

тАО05-27-2005 10:33 AM

Re: spybot warning

Yes I did read the article and did scan after turning off the restore feature. I will do that again and try an on line scanner.
c'est la guerre
0 Kudos
Reply
Pat
Honored Contributor

тАО05-27-2005 10:57 AM

тАО05-27-2005 10:57 AM

Re: spybot warning

When you located the file, had you done a search and did you include the option to look for hidden files and folders in the search?

Make sure when you search for a file to check the 3 items listed below.

Start/Search/All Files and Folders/scroll down click More Advanced Options.

Scroll down and make sure these 3 options are checked.

1. Search System Folders
2. Search Hidden Files and Folders
3. Search Subfolders


Also, did you download HiJack this and run it in Safe Mode? You should be able to delete the file with that program.

Have you looked into your Browser Addons? Tools>Internet Options>
Click the Programs Tab
Click Add-ons

Check to see if there's a BHO identified as DownCom Module. If so, disable it.

IPreg32.dll is an UNSAFE Application/Process Description


http://www.superadblocker.com/I/IPREG32.DLL-2157.html

Pat
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.