LS SteveJ

  • Content Count

  • Joined

  • Last visited

Everything posted by LS SteveJ

  1. Zole. Did this behaviour happen after a recent windows update? //Steve
  2. JDAHPUSER, setting Ad-Aware to automatic in the main program dialogue will accomplish this, if you have chose to block registry changes. However, I caution you... when you are installing software or updating windows, this setting should be handled with care, as it can automatically block things that you maybe didnt want to block....some people have encountered problems with this... thanks //Steve
  3. Hello Gotaro. Ad-Aware SE will continue to run on Windows 98, and we will be providing updated definition files... we wont leave you out in the cold, dont worry!
  4. SuperC.. which websites show an older update version? The main website should be showing the latest update version. Please let us know if we have an error on one of our sites... Thanks! //Steve
  5. Hello Could you try the steps in this FAQ and let us know if that helps out?
  6. Adagio. I think at this point (due to the limited amount of interaction you have with the system), your options are growing thin. We can help you to clean up the system, but if your mouse / keyboard do not work consistently, and not even in Safe Mode, then we will have a real problem helping out, because the clean-up process requires several reboots. If you can, try to install HijackThis (while your keyboard / mouse are working). If you can successfully install this and get a log to us, then we may be able to recommend a cleanup process based on something called "Offline Editing". This involves accessing your harddisk from an external editor to remove files / registry entrie; the only difference is that Windows is NOT loaded, therefore the malware cannot load. The steps for making a HijackThis log can be found here When you have posted your log, someone will be along to help you - you should mention the things I have said about the offline editor. We will be creating something called a BartPE boot disk. (you really need access to another computer running 2000/XP, with a CD burner and a Windows XP/2000 install disk to be able to make this) Instructions on how to make this can be found in PDF format here You can start with creating that disk while you are waiting for someone to analyze your HijackThis log. Hope we can get you sorted Best Regards Steve Lavasoft Research Team
  7. Hello w2ww. Firstly, you may wish to try the steps described here If this does not fix your problem, then you may have Virtumonde Removal procedures for this infection exist here Let us know how you get on.... Thanks Best Regards Steve
  8. Many of our users are encountering a freezing issue with Ad-Aware scans. This behaviour seems to be random in where it freezes, which is making it difficult to asscertain the problem. We have had reports of success after full checkdisk and disk defragmentations. However not all have fixed this problem. More recently, we received a report that the way to fix this problem is to do a Level 5 Chkdisk, correcting all errors. PLEASE BEFORE CONTINUING, RUN A FULL CHKDISK ON YOUR SYSTEM, FIXING ALL ERRORS if you are not sure how to do this or what this means, please read the Wikipedia article here UPDATE: This issue is also being caused by stealth files on the system We would ask all who have gone through the steps above (without success), to scan their system with both "Rootkitrevealer" (from sysinternals), and BlackLight (from F-Secure) Please download Rootkit Revealer (link is at the very bottom of the page) Unzip it to your desktop. Open the rootkitrevealer folder and double-click rootkitrevealer.exe Click the Scan button (bottom right) It may take a while to scan (don't do anything while it's running - leave the PC idle during the scan!) When it's done, go up to File > Save. Choose to save it to your desktop. Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here Post a report from this tool Post a report from this tool Download the free beta trial of this tool from F-Secure called Blacklight F-Secure Blacklight: Doubleclick on bibeta.exe to run it. Click the *I accept* button near the bottom of that page. Download and run blacklite click > scan then > next, next again then exit there will be a new text file near blacklite.Post it please. The text file is named: fsbl.xxxxxxx.log (the xxxxxxx stand for numbers) !!Do not rename any files yet If none of the above are working for you, it may be a conflct with another software on your system. We have had reports of user using the new version of Spysweeper being able to fix the problem by uninstalling Spysweeper temporarily to remedy the problem. This is also one option that can be tried. If this is the case for you, please let us know. We will be contacting Webroot (Spysweeper author) in this case to see if we can solve the compatibility issue. LS SteveJ, LS CalamityJane Edit 08 Aug 2005 by CalamityJane: Fixed Blacklight download link
  9. Would anybody like me to put up an archive of released definition files in the updates forum?
  10. What are process modules? Process modules are additional resources that are loaded into a running process (DLL's basically). The number loaded into a process varies depending on what you have been doing on your system right before you do a scan. If you are interested in seeing which DLLS are loaded in which process, then two applications "ListDLLs" or "Process Explorer", both from Sysinternals, are excellent at displaying this. We recommend "Process Explorer"... it is a much better all-round tool.
  11. Hello Dior. Process modules are additional resources that are loaded into a process (DLLS's basically). The number loaded into a process varies depending on what you have been doing on your system right before you do a scan. If you are interested in seeing which DLLS are loaded in which process, then two applications "ListDLLs" or "Process Explorer", both from Sysinternals, are excellent at displaying this. I recommend "Process Explorer"... it is a much better all-round tool. Thanks ///Steve p.s. I will add this to the FAQ / Knowledge base...
  12. Before posting a "HijackThis" Log, you must run a scan with the latest version of Ad-Aware (build 1.06r), and ensure that you have the latest definition file by performing a webupdate once Ad-Aware is loaded. If you do not follow these steps before posting your log, be aware that you will be instructed to do this anyway. HijackThis logs are easier to work with, when Ad-Aware has cleaned up files that are alread in detection; and indeed, it is best not to go through manual removal steps, if the up-to-date Ad-Aware can do it automatically. Thanks //Steve Edit by LS CalamityJane to add: Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM nor by email, AIM, ICQ, IRC! The way to request help is to post a NEW TOPIC in the appropriate forum. Look for the *New Topic* Button near the top right when viewing the forums. Unsolicited PM's or emails sent to staff and/or helpers will NOT be answered. Replies are posted to topics in the forum instead.
  13. jepp... end process Actually... CalamityJane is probably gonna come in here and take over from me soon, as it is 10:30 here and I am on my way to bed... Anyway... I hope the system is clean for you after this - and remember... always run Ad-Aware with latest webupdates first.... (I hope you did that in this case?) Good night //Steve
  14. To clean up here, check the box next to O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hpBEEF.tmp, then click "fixed checked" To remove the other files, this must be done manually.... You may have to go into Windows Task Manager first and kill "atmclk.exe" before deleting it.... When you have done this, use explorer to go into the system32 folder (be very careful that you select the correct files here)... and select "atmclk.exe" and the "hpBEEF.tmp" file Then delete them.
  15. Also get a copy of the file C:\WINDOWS\system32\hpBEEF.tmp. This may also be malware Thanks
  16. Make a folder on the desktop called "Malware" Use explorer. Navigate into "c:\windows\system32" and find the file atmclk.exe If you cannot see it, then make sure you are viewing hidden files. When you see it, select it then "ctrl - c" and go to the malware folder on your desktop. "ctrl-v" to paste it into the folder... let me know how you get on... Thanks //Steve
  17. Hello yellow parker, Sorry to hear you are having some trouble... I see a probable Trojan.Downloader here C:\WINDOWS\system32\atmclk.exe This is masquerading as some form of "Atomic Clock". It is a known malware, which we have had a few of already. Try updating your definition file in Ad-Aware using WebUpdate, and do a scan (new file available today) If this does not kill the problem, then you should copy the file "C:\WINDOWS\system32\atmclk.exe" to another location (such as a folder on your desktop), then remove the file using HijackThis Delete. You may then send this file into Lavasoft for analysis if you wish Once you have done this, restart your computer, then make another hijackthis log, and post it here Thanks
  18. Hello Emy. We have some very talented and helpful people on these forums who can guide you through the steps necessary to solve this problem. Firstly, you should follow the instructions on creating something called a "HijackThis Log" The instructions for this are posted here When you have done this, you may copy the content of the log file, and put it in a post in this forum, stating in as much detail as you can, the problem. Someone will be along to help you out with that Thanks //Steve
  19. It could be that your user account does not have permission to write to the windows temp folder.... Ad-Aware may require a certain amount of temp space while loading and scanning... you could try this open a command prompt type "set temp=c:\documents and settings\YOURUSERNAME\temp" (making sure there is a temp folder there in your user profile) now try running ad-aware.... Thanks //Steve
  20. This false positive should be fixed with this morning's release Thanks
  21. Hello... this will occur if Ad-Aware looks inside a zip archive, or moves a file to its own quarantine / temp folder, and you have a resident Anti-Virus scanner running which immediately reacts to the "touching" of the file. Conflicts like this can occur, and the best way to avoid them is to make sure that you do a thorough scan of your system (including inside archive files), which your Anti-Virus scanner. This will remove any files which your anti-virus detects, and will avoid any problems with Ad-Aware doing its own clean-up on the file and triggering the anti-virus application.
  22. Hello please consult this FAQ, which should aid you in your problem Thanks //Steve
  23. Symptom When opening Ad-Aware SE, you may receive the following message. "Windows No Disk. No disk in drive. Please insert disk into drive. " Cause This is most probably caused if the system had a removable media designated with driver letter C: , which has now been removed. Solution Microsoft supply an article on how to deal with this problem
  24. mrparanoid... ad-aware scans processes, and therefore reads winlogon.exe when it does this.... if one of your other security applications is blocking read access, it could cause ad-aware to freeze...
  25. Hello. The problem with Rogue Antispyware's such as Spyfalcon, is that the downloading trojans for them are released in huge amounts on a daily basis. If Ad-Aware has not been able to detect one of the latest variants, this means that the file has not come in to us for analysis yet, and indeed, many of the other vendors may not detect it. The best thing you can do is identify the file that is causing the problem... I assume some form of tray icon?.... and send it in to us for analysis.... Thanks //Steve