Remove this Banner Ad

Is spybot a virus or a cleanupper?

🥰 Love BigFooty? Join now for free.

Mobbs

Mobbs

A Large Portion, Yes
The McInnes Prize Sweet FA 500 Games Played SFA Club Captains Roys FFC - Sweet F.A. Sweet F.A. Immortal Mobbs 500 Koala Minecraft
Nov 1, 2000
84,609
101,903
www.footypedia.com/qooty
Other Teams
Fitzroy FC
I have various problems with our PC at the moment. Fred has been helping by recommending cleanups. I've managed to work out how to defrag and how to 'sagerun', but other things just don't work.

Firstly, I was recommended to download and run 'spybot'. It won't download. The page just hangs. Forever. Doesn't even return a message. Every different download site. Same result.

Also, I have Norton Antivirus running on my PC. Many people say its not worth it. Some say it is. I wouldn't know how to check for viruses any other way. But twice now Norton has found W32.Spybot.Worm in my /../../../explore.exe ... that sounds bad. So I run a full Norton check, and it finds nothing. Why is this? I tried looking up how to remove W32.Spybot.Worm, but the instructions talk about safe modes and registry keys and stuff that I know is cause me to completely destroy my computer. Would it help to reinstall explorer? Would THAT destroy my computer? What should I back up, first?

That's another thing. I have a CD-RW, which is fortunate for backing up. I went out and bought re-recordable CDs. Copy a heap of stuff to CD drive. It copies them, then says, click this to write to the CD. I do so. Once complete, I check what's on the CD. Nothing is on the CD. How can this be? Its locked, meaning I can no longer write to it. But nothing was written to it, or at least my PC is not admitting to anything being on it.

ANother thing. DAP (Download Accelerator Plus). I have a feeling that its playing up. So I try to uninstall it ... KISS principle when in strife. It won't uninstall. The Uninstall screen just remains there, unmoving, unmoved, immovable. Am I stuck with it?

I have AdAware, and run that every now and then. It finds stuff, I delete it. I only use about 25mb for temp files, hoping that a high number of temp files might have been part of the problem.

The computer runs at a rate of knot very much at all. Slow as a wet week. Can take a minute to load a simple page. Can't really perform two functions at once.

I know that's a lot of questions, but if anyone has any answers, I'd appreciate them!

Cheers,

Kev
 
Originally posted by Mobbenfuhrer
Also, I have Norton Antivirus running on my PC. Many people say its not worth it. Some say it is. I wouldn't know how to check for viruses any other way. But twice now Norton has found W32.Spybot.Worm in my /../../../explore.exe ... that sounds bad. So I run a full Norton check, and it finds nothing. Why is this? I tried looking up how to remove W32.Spybot.Worm, but the instructions talk about safe modes and registry keys and stuff that I know is cause me to completely destroy my computer. Would it help to reinstall explorer? Would THAT destroy my computer? What should I back up, first?
Click to expand...

explore.exe or explorer.exe?

big difference.

if it is the first, it is a worm, if it is the second, it is your explorer
 
Originally posted by Mobbenfuhrer
I have various problems with our PC at the moment. Fred has been helping by recommending cleanups. I've managed to work out how to defrag and how to 'sagerun', but other things just don't work.

Firstly, I was recommended to download and run 'spybot'. It won't download. The page just hangs. Forever. Doesn't even return a message. Every different download site. Same result.

[snip]
Click to expand...

Ok 1st up I can help you with ensuring your machine is virus free if you are still having problems with this.

Goto the following website and print out a copy of this page:

http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Now after printing off a hardcopy, or saving a copy of the document to you computer, disconnect from the internet both via software and hardware (unplug your modem, ADSL etc). The Spybot worm allows backdoor access to your computer (ie. allows hackers to access your computer without your knowledge and use it to their advantage), so by physically disconnecting your computer prevents this from happening until we can clean it up.

Now in the document go down to the "Removal Instructions" section. Norton provide very good and clear instructions for removing viruses so just follow the instructions step-by-step. You might need to reconnect to the internet in order to get additional information about some of these steps (like Disabling System Restore etc). If you have to then reconnect goto the link and print off the relevent instructions and then disconnect again.

By carefully following these instructions you should be fine. Don't be put off by things like Safe Mode and changing the Registry... Safe Mode is what it suggests - places the computer into a safer mode where it only runs necessary programs. Editing the Registry is dangerous but just follow the instructions about making a backup of the Registry Settings, and then just double check the changes you make to the Removal Instructions and you should be fine.

If you have and problems or questions feel free to contact me via email on:

kensw001@students.unisa.edu.au

All the best. Once you clear up the virus stuff I will try and help you with the other issues.

SKC
 

Log in to remove this Banner Ad

See if you can do an online virus check at Housecall.
 
Re: Re: Is spybot a virus or a cleanupper?

Originally posted by kaysee
Ok 1st up I can help you with ensuring your machine is virus free if you are still having problems with this.

Goto the following website and print out a copy of this page:

http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

...
Click to expand...

Yep I already have that stuff printed out ... but its way over my head. I got system restore turned off, but after that it got too heady.
 
Re: Re: Re: Is spybot a virus or a cleanupper?

Originally posted by Mobbenfuhrer
Yep I already have that stuff printed out ... but its way over my head. I got system restore turned off, but after that it got too heady.
Click to expand...

OK lets go step by step and I will guide you through.

OK you can disable the System Restore (I gather you're using WinXP) which is good.

Now:

1) Have you downloaded the latest Virus Definitions for Norton Antivirus? If not then do so using either Norton's LiveUpdate feature or by downloading Norton's Virus Definition file and running the it (this is called Intelligent Updater).

2) You don't need to restart your computer in Safe Mode and then restart it again in Normal Mode so just skip straight to the next step.

3) Now prepare Norton AV for a full system scan. Open up NAV and goto Options->Norton Antivirus.

- A dialog will open called "Norton AntiVirus Options"... in the list on the left select System->Auto-Protect. Now at the bottom of the dialog ensure this option is selected "Comprehensive file scanning (recommended)"
- Now in the list on the left select System->Manual Scan and ensure you have the following selected "Comprehensive file scanning (recommended)" and "Scan within compressed files"
- Exit out of the NAV Options dialog and now run a FULL SYSTEM SCAN of you computer (ensure you computer is disconnected from the internet).

4) During the scan note down ALL files that infected (you might need to restore them later) and then delete them.

5) Ok now for the 'scary' part... editing the Registry. Here is some background information in the REGISTRY for you. The Registry scares people because almost all software applications use the registry to store critical information. I use the registry often to store information about the applications I design. This is basically who computer programs 'remember' the size and position of the applications you last used... or when programs should run. As long as you know exactly what you are editing things will be fine, so DON'T WORRY do the following and you will be fine:

- Open up the Registry by clicking on your Start Menu and select Run. This will open a small little dialog box with a single edit field. Type in the word "regedit" and click OK.

- the dialog called "Registry Editor" will now open. It is divided into 2 parts... on the Left a directory like structure that can be navigated and on the right is a list of Registry Entries and their values. But 1st lets make sure we back it up before making changes.

- Click on the File menu option and select Export option. This will open up a save dialog. Simply type in a File Name you want to save your backup as and navigate to a directory you want to save it in. Click on Save and there you have it... just like saving any other file... your Registry settings are now backed up.

- Now you have backed up your Registry you can now feel free to make modifictions knowing you can always retrieve the previous settings. So...

- in the directory listing on the left either clik on the little + signs or Double click the folders to expand them and navigate down to find the following entry:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

- Once you get down to the "Run" folder just select it in the left Directory and you should see the list of values in the right side change. For some background information this part of the registry is used to automatically run programs when Windows starts up, so viruses often like entering in values here to ensure they always run.

- Now pull out your list of infected files that NAV found when performing the scan. In the right section search down and look at both the Name and Data columns and see if any of the files NAV found as being infected are listed in there. If there is then select the entry and Delete it.

- Ok now in the Left side again navigate to the following directory:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

- Do the same thing you done in the "Run" directory to the "RunOnce" directory and delete any files that NAV found as being infected.

- Now exit the Registry... and that is probably the 'scariest' part over with.

6) Now simply just search and delete for "tftp*.*" files that have a size of 0Kb. Just follow this:

- Click Start, and then click Search.
- Click All files and folders.
- In the "All or part of the file name" box, type, or copy and paste, the file names tftp*.*
- Verify that "Look in" is set to "Local Hard Drives" or to (C:).
- Click "More advanced options."
- Check "Search system folders."
- Check "Search subfolders."
- Click Search.
- Delete the files that are zero-bytes (0kb) and contained within any folder that ends with "Startup." ( eg. "...\\Startup")

7) Ok now restart your computer and run another full system scan to make sure there are no other infections.

8) reconnect back online and you are good to go.

FINALLY NOTE: This only removes the virus from your computer. This virus spreads through KaZaA so be careful about what and how you grab files through KaZaA (if you use it).

HTH otherwise email me at: kensw001@students.unisa.edu.au
 
Thanks kaysee, I'll give it a go.

Originally posted by Jim Boy
Get rid of DAP, its full of spyware.
Click to expand...

I'm trying to, but I can't. It refuses to go.

Originally posted by Jim Boy
With the CD burner, you might want to check you're writing to a disk istead of a virtual disk. In Nero, click on 'recorder', then 'choose recorder' and select your CD
Click to expand...

Maybe. What's Nero? How do I get to it?
 
What are your full comp specs - including connection details?
 

Remove this Banner Ad

Originally posted by Mobbenfuhrer
Umm I'd tell you ... if I knew. Kinda grey coloured. What are comp specs?
Click to expand...

Don't think anyone will notice if I quietly retire from this thread.:D
 
kaysee, I forgot to mention that when I tried to follow those instructions, when I got into safe mode and ran Norton again, it didn't find a virus. Then later when it ran itself, it found it again. Now housecall didn't find it but found a different one.

Now Norton started its weekly scan yesterday arvo and should be finished about lunchtime today, so I'm going to see what it shows up this time.

Fred, please don't go! If I don't know what comp specs are, then I need more help, not less :(, surely!

Jim Boy, thanks re DAP, I'll try to do that, sounds like it would work. I tried updating it already, but it said I'm already up to date. But a full reinstall might do the trick.

Also, no, I don't know what Nero is, but I am using Windows XP, and I don't know what burning software I'm using. I'm only cutting data, not songs (I mean, not albums, anyway). So when I stick in the blank cd it immediately says "ooh, blank CD, wanna burn sumfin?" and I go from there. Probably a Windows or an XP built-in.
 
Originally posted by Mobbenfuhrer
Umm I'd tell you ... if I knew. Kinda grey coloured. What are comp specs?
Click to expand...

Computer Specifications???

Otherwise I'm with Kev!

You sound like you're running my PC Kev, ie Slow as all.....

Mine is just too old & tired I have to burn things off & Reformat often to stand a chance of running more than 3 windas at a time.

Nero is Burner software for idiots, like me! It's served me well.
 
Mines an old Pent2-300. Runs like a charm. Tweaked to run at peak speed and the rubbish cleaned off regularly.
Old in computers seems to mean reliable too.
 
Originally posted by Fred
Mines an old Pent2-300. Runs like a charm. Tweaked to run at peak speed and the rubbish cleaned off regularly.
Old in computers seems to mean reliable too.
Click to expand...

Mine is far worse than yours! Mobb's might be fine with a bit of tweaking too. It was only 6 months ago that mine plain ground to a halt, choked with spyware crap & god knows what else.

The key is taking out the garbage. :D
 
Ok (and thanks Kaysee for the instructions for this) :

Norton ran again recently and again found NO viruses!

I just ran the regedit stuff that Kaysee offered.
The only tftp files were :
TFTP.EX_ in C:\I386
TFTPD.EX_ in C:\I386
TFTP.EX_ in C:\WINDOWS\I386
TFTPD.EX_ in C:\WINDOWS\I386
TFTP.EXE in C:\WINDOWS\SYSTEM32

Norton did not find any registry keys affected by virus, either.
 

🥰 Love BigFooty? Join now for free.

Remember to keep checking for updates.
 
Originally posted by Mobbenfuhrer
Ok (and thanks Kaysee for the instructions for this) :

Norton ran again recently and again found NO viruses!

I just ran the regedit stuff that Kaysee offered.
The only tftp files were :
TFTP.EX_ in C:\I386
TFTPD.EX_ in C:\I386
TFTP.EX_ in C:\WINDOWS\I386
TFTPD.EX_ in C:\WINDOWS\I386
TFTP.EXE in C:\WINDOWS\SYSTEM32

Norton did not find any registry keys affected by virus, either.
Click to expand...

OK ... DON'T delete any of those files because they don't belong to a "...\Startup" directory.

Just keep your Virus Definitions upto date (via 1 of the methods I described in the previous post) ... probably best to do this weekly, but at least monthly.

Cheers
SKC
 
Yeah I knew not to delete them.

Its got a lot more complicated since the days when the only files you had to make sure you didn't delete were command.com, autoexec.bat and ... darn it I've forgotten the third one!

I'll probably keep Norton on the machine for now, run that housecall thing every now and then as well (thanks Fred!) and run adaware every now and then, also will do the sageruns and defrags every now and then.

It seems to be a little bit better already. Maybe it just liked the feeling that I cared.

My next major jobs are to work out how to install that spybot thing, and how to remove DAP (I think DAP is causing some of the trouble).

Thanks all for your help.
 
You can delete DAP simply by using "find" and deleting everything but then you'll probably need to edit a lot of settings like MTU and MSS and do some registry cleaning. Then it's a case of getting the network settings just right.
Are you using dialup, ADSL or cable?

Don't forget Spybot - remembering to check for updates monthly or so.
 
Originally posted by Fred
You can delete DAP simply by using "find" and deleting everything but then you'll probably need to edit a lot of settings like MTU and MSS and do some registry cleaning. Then it's a case of getting the network settings just right.
Click to expand...

Again, all those settings make me sweat!

Originally posted by Fred
Are you using dialup, ADSL or cable?
Click to expand...

I can answer THAT one! dial-up.
 

Remove this Banner Ad

Is spybot a virus or a cleanupper?

Similar threads

BigFootyNews
News & Events India revokes order to preload cyber security app on smartphones -
Replies
0
Views
67
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Singapore orders Apple, Google to prevent government spoofing on messaging platforms -
Replies
0
Views
41
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Australian organisations must act on security – or risk AI ambitions falling flat -
Replies
0
Views
70
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Google says 'likely over 100' affected by Oracle-linked hacking campaign -
Replies
0
Views
55
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Apple appealing against UK 'back door' order -
Replies
0
Views
85
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Qantas obtains court order to prevent third-party access to stolen data -
Replies
0
Views
165
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Cert authority issued multiple rogue TLS credentials for Cloudflare DNS -
Replies
0
Views
43
BigFootyNews
BigFootyNews

🥰 Love BigFooty? Join now for free.

Back
Top