Re: Virus chest, iambigbrother help

Hi Tech,

I did send to the chest when given the virus warning. So does that mean the Win32:IamBigBrother-D[trj] would be the program itself? Am I safe on this? Do I need to uninstall? Being a hidden program it’s not in Add/Delete Programs. The only thing that came up in a search was the instructions, which are on the desktop along with the program’s download icon. Haven’t clicked on either of them. In the website instructions, I was supposed to download, restart, then read the instructions which would appear on the desktop, and then delete them from the desktop. I didn’t restart but I think the icon showed up after I did the search.

I’ve never used Ad Aware but SuperAntiSpyware worked well previously and seemed to catch alot of adware.

Sorry to start a second thread. The time timed out and when I re-submitted it came up as a new thread.

You’re safe.

But to be sure, I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Thanks, Tech. In the other thread Micky said because the iambigbrother is a legit keylogger that I downloaded from iambigbrother.com it should pose no security threat as far as the inappropriate obtaining of personal information. What is you opinion on this? This is the crux of it for me. I don’t want to get into something that will create more trouble than it’s worth, but if it’s a trustworthy program I’m making something out of nothing.

So if the program is in the virus chest, if I were to restart the computer the program would not be able to complete the install? If it comes down to better safe than sorry, I’ll need to ask you some “how-to” questions about the steps you posted for me. I appreciate the help!

Dear Tellme, although I said this is a legit keylogger program,I cannot say that it is %100 safe to have on your computer.You are caught between a rock and a hard place.On the one hand,you want to monitor your childrens activities,on the other,you are worried this program might transmit personal info.Personally I would only ever install such a program on a computer that had no sensitive info.Its a catch 22.You obviously do not trust this program,so it is probably best to remove it.You have opened up a fascinating debate.I too,will probably consider installing such a program,when my children are older.There are dozens of these programs and it is difficult to decide which ones are ok.There is a site ’ Get Safe Online ’ which has the backing of of UK government.Going through the site,it lead me to the link below.A list of supposedly safe monitoring tools, from Getnetwise.However at the bottom it says
Note: GetNetWise staff gathered this information from the companies that make these tools. We cannot guarantee the effectiveness of these products, nor do we endorse any products.
I am sorry I cannot give you the reassurance you are looking for.
http://kids.getnetwise.org/tools/tool_result.php3

I don’t think keyloggers due a good job for parental control. 1st: education, 2nd: filter. Keylogger requires a lot of parental work and analysis. Better use your time in education and let a filter try to show (automatically and, of course, with deficiencies) what is the best you want for your children.

Files into Chest are inert, can’t be executed or run or work in anyway.
You’ll need to restore the file and add it to avast Exclusion lists if you want to follow this wrong way.

Ack, the week got busy and I’m just getting back to this. Thank you, Tech and Micky, for your input. I’m going take Tech’s advice and clean things out but I’ll need some help as I go along. First off, in doing the boot-time scan do I have to mess with the advanced options? If so, what settings should I select? Also, how do I enable the archive scanning?

I followed the link to the HijackThis download and noted it is for use by those with advanced computer knowledge or someone under direction of someone who does. I’m definitely not the former so I’m hoping you guys are the latter! I’m not even sure which of the files shown to download. I haven’t read the tutorial yet but I don’t even know how to do what is stated in the basic directions. :-\ I find it somewhat intimidating that in my ignorance I could mess up my computer even more…but I do want to make sure I can clear my machine of the program.

I’d appreciate some hand-holding and anticipate being more enlightened (or at least less intimidated) on the other side of this process! :slight_smile:

Do not delete or move to Chest system files. Post here before the name and the path of the system infected files.

Both on-demand and at boot time scanning there are options to scan archives.

Other users (oldman, essexboy…) could help you with HijackThis.

So under the default action for infected file would I check “Move infected file to chest”?
You’re saying don’t delete or move the system files. Would I check “Ask for confirmation” or “Ignore delete or move for system files”?

After I run the boot time scan it will show me the name and path of any system infected files and you want me to copy and post those here, right? Should I do that before I move on to SuperAntiSpyware?

Sorry for the need for so many clarifications. For me it’s like walking in the dark in an unfamiliar place. Just want to make sure I do this right.

Yes.

“Ignore delete or move for system files” is safer right now.

You could copy and paste the report after Windows loads up.
The report file is created automatically in \Data\Report\aswBoot.txt

You can run avast before SuperAntispyware, yes.

No problems.

Tech,

I completed the boot time scan and it showed no infections. I pasted the report below. I’m running SuperAntiSpyware now. If that scan comes out clean do you think I still need to continue with the anti-rootkit application, HiJackThis, immunization, and check for insecure applications?

03/11/2008 22:20
Scan of all local drives
File C:\Documents and Settings\Owner\My Documents\My Downloads\rends_coruscantstreets2.zip\rends_coruscantstreets2\CO2\data_LVL_PC\CO2\CO2.lvl Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\My Downloads\rends_coruscantstreets2.zip\rends_coruscantstreets2\CO2\data_LVL_PC\core.lvl Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\My Downloads\rends_coruscantstreets2.zip\rends_coruscantstreets2\CO2\data_LVL_PC\SIDE\cor.lvl Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\My Downloads\rends_coruscantstreets2.zip\rends_coruscantstreets2\CO2\data_LVL_PC\SIDE\KOR.lvl Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\My Downloads\rends_coruscantstreets2.zip\rends_coruscantstreets2\CO2\data_LVL_PC\SIDE\tur.lvl Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\Data1.cab\vdk150.dll Error 42127 {CAB archive is corrupted.}
File C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU_\Data1.cab\AcroRd32.dll Error 42127 {CAB archive is corrupted.}
File C:\WINDOWS\I386\APPS\APP25887\IE\IEAK6OPT.CAB\ie55urd.exe\Wise0021.bin Error 42146 {Installer archive is corrupted.}

Number of searched folders: 8497
Number of tested files: 326487
Number of infected files: 0

Yes, go ahead.

You can by-pass.

Do it, it will help and protect you.

Regularly, it must be into your regular (weekly) maintenance.

Your boot time log is clean. Don’t worry.