Hey people, sorry if this is a rubbish question but I’m not a techie really. My PC recently became infected with loads of trojans/worms etc, some of which are real SOB to get rid of. I think my friend was downloading stuff off soulseek, and I forgot to reinstall avast when I upgraded. Any, I’m still doing battle with SDbot.worm and other goodies that avast isn’t reconising (it’s sayin my pc is clean now), so I’m now going through other 14 day free trial software like counter spy etc and mcfee’s stinger programme.
As I’m trying to do this I keep getting a virus warning from avast saying ‘Suspicious Message!’
and
There are too many identical e-mails in appointed time
I click ‘dont send’ when this comes up but I have no idea what they’re going on about? When I check the resident scanner on internet mail it seems to be continually scanning outgoing spam emails about dicks and viagra? Outgoing from who? I don’t know who they’re being sent from or to? Could someone tell me whats going on? Thanks, people! ???
okay, I’ve been reading up on all the other replies that people have put up on exatly the same problem and I’ve run through their solutions.
So to clarify:
I already have spybot, adaware, the 15day free trial of counter spy and avast installed. I also have spyware blaster installed but my pc obviously isnt clean so I dont know whether I should uninstall this. Avast takes a day to run a scan and says its clean. I’ve just ran counter spy and removed two adawares and now says its clean. Adaware says it’s clean. I’ve just run the mcfee stinger and it reckons its removed the sdbot.worm virus. I run spy bot and ever time I run it I keep getting a ‘LSA’ virus on spybot which I remove but when I startup its there again. I’m on windows 2000 and I haven’t got any other secuity measure apart from avast. I’m too poor to pay for anything. When I try to run hijack this something flashes up very quickly then disappears! go figure? Help!
OK crossed replies. The lssas you will continue to get until you get a firewall, although Avast should stop this, do you have the network shield enabled? Spywareblaster needs to be installed on a clean machine so when you are clear rinstall it. 24 hours is a long time for an AVAST scan how big is your drive?
Thanks, I have everything on avast installed on high. When I first installed avast is told me I had resident memory virusus and automatically started a boot scan. I’ll try the other options. should I uninstall spyware blaster?
Still crossed OK. Restart your system and press the F8 key when it starts rebooting you should then get an option to boot in safe mode, Select safe mode without network. Once you are in run Ewido (you may have to search in programme files for it) Once that has completed then start Avast interface select the menu and select boot scan, your system will reboot and scan. But first ensure Ewido and Avast are updated before you commence
thank you essex boy! :-* I have to go out now but shall try everything you say when I get back! Can I contact you to tell you how its going/more support if I’m failing miserably?
hey there essex boy! Right, I did everything you told me to last night. Thank god I did! Ewido is amazing, when I ran it in safe mode I found 444 infected files after everything else said I was pretty much clear. This included three trojans and a worm! I then ran avast in safe mode, it didn’t find anything. I then rebooted and installed zonealarm as you said. I started the PC this morning and ran spybot and the same LSA warning came up! I copied results to file:
Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
From reading up on the internet it seems that the windows security center stuff are false positives. Is the LSA thing a false positive as well? Ewido, spybot, adaware and counterspy cant find anything.
I’ve had false positive detections with Spybot S&D, AdAware and Ewido, so nothing is immune to False Positive detections. So don’t take anything at face value always check (as you have done).
It is hard to say if something is an FP without a little experience (and you are getting it in spades), but when I update one of my security software tools (not avast), I run a scan straight after it. This way I get an idea that the new detections could be as a result of the new signatures added in the update and I check them a little more throughly, if in doubt you can move them to the quarantine. If I’m sure they are OK I ignore/leave them.
If you experience a problem after quarantine system won’t boot or running problems, you can try to boot into safe mode, run the respective program and restore items from quarantine.
After the next update I move the items out of quarantine and scan again on occasion some are found to be OK, so don’t rush to delete items in any form of quarantine.
Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
I’m sure someone will correct me if I am wrong but I think that these entries show that your windows security centre is turned off… I’m glad things worked for you, stick around and visit sometimes, life is not all about problems ;D
I think it not that the Windows Security Center is switched off, rather the anti-virus checks are disabled. It would depend on what the dword value 0 means. ‘Off’ or ‘On’ (1 = on ?). However, you should be able to check this by opening the WSC and if the check is disabled, enable it.
Hey essexboy! I’ve put on zonealarm but am now having trouble with soulseek, which I use a lot. I’ve put the soulseek website on my ‘trusted’ websites. I can get onto soulseek, search files and download them but I keep getting the ZoneAlarm Security Alert saying it has blocked internet access to your computer from (ip address). I think these are p2p people on soul seek trying to access my files, because no-one is downloading. also, when i try to click on their weblink (which you can donate money on paypal) it just keeo coming up blank. Help, can I have soulseek AND zonealarm. Thanks everyone!
Operating System: Windows 2000 Pro
Product Name: ZoneAlarm (Free)
I can get onto soulseek, search files and download them but I keep getting the ZoneAlarm Security Alert saying it has blocked internet access to your computer from (ip address). I think these are p2p people on soul seek trying to access my files, because no-one is downloading
This shows that ZA is working and you are not getting downloads on your system that you don't want, you can disable the ZA popups by putting a tick in the don't show this again box.. What is the URL for soulseek I'll go and have a look.
hey essex boy!! The number is 38.115.131.135, website www.slsknet.org. I would rather have the firewall than nothing but as a file share its kinda uncool not to share files… Any ideas for a compromise?!
