Jump to content

What anti-virus do you use?

dmh79

By dmh79
in Computer & Tech Chat

 Share

Recommended Posts

waddler8 Community Regular

waddler8

Posted
Posted

Strange.

 

Download SystemLook from the link below and save it to your Desktop.

 

Download

 

 

  • Right click SystemLook.exe & choose "Run as Administrator" to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
C:\Users\scott\AppData\Local\evbrer.dll

:regfind
Vrefikufevoridoz


     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Post this log in your next reply.

The log can also be found on your Desktop entitled SystemLook.txt

Link to comment
Share on other sites
rich5315 Enthusiast

rich5315

Posted
Posted

kaspersky is what i use, had it for years, best ever!, i dont think the free ones are very good, norton says it updates daily, its data base is only updated every wednesday! so your norton lies! kaspersky is best it picks things up no other would.

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted
norton says it updates daily, its data base is only updated every wednesday! so your norton lies!

 

There are different schedules for different types of content and updates.

 

The product frequently, 5 to 15 minutes, checks for pulse updates, this is a process that requires very little bandwidth and little CPU and IO resources.

http://community.norton.com/t5/Norton-Internet-Security-Norton/LiveUpdate-Lies-To-Us/m-p/329255/highlight/true#M135566
Link to comment
Share on other sites
scott94 Apprentice

scott94

Posted
Posted

Hi Waddler,

 

Sorry for the late reply, its hard to get time to sort my pc out with work and other commitments like playing ice hockey.

Here are the results of the system look:

SystemLook 04.09.10 by jpshortstuff

Log created at 16:23 on 04/04/2011 by scott

Administrator - Elevation successful

 

========== file ==========

 

C:\Users\scott\AppData\Local\evbrer.dll - Unable to find/read file.

 

========== regfind ==========

 

Searching for "Vrefikufevoridoz"

No data found.

 

-= EOF =-

 

 

Ive been speaking to a few friends and ive downloaded SpyBot Search and Destroy. Ive got AVG now aswell and that detected another Trojan it was a (TrojanHorse Generic21.BLCA) and it moved it to the virus vault so im guessing thats sorted it.

Ive got a feeling that whatever i've had has now gone as my system seems to be running quciker, and ive done scans with spybot, malwarebytes and AVG an they havent detected anything, so i might leave it. I'll keep scanning every day now though!

 

Thanks everyone for your help, advice and suggestions, they're much appreciated.

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted

The file doesn't look to be there & neither is the launch point in the registry. That's two reports that don't show it (DDS & SystemLook). The DDS log also didn't show anything else bad or suspicious.

 

SystemLook 04.09.10 by jpshortstuff

Log created at 16:23 on 04/04/2011 by scott

Administrator - Elevation successful

 

========== file ==========

 

C:\Users\scott\AppData\Local\evbrer.dll - Unable to find/read file

 

========== regfind ==========

 

Searching for "Vrefikufevoridoz"

No data found

 

-= EOF =-

 

Ive got AVG now aswell and that detected another Trojan it was a (TrojanHorse Generic21.BLCA) and it moved it to the virus vault so im guessing thats sorted it.
Hard to tell without knowing the exact filename and location (path to file) of whatever AVG detected.

(eg: C:\directory\folder\subfolder\filename.exe)

 

We can leave it at that if you're happy & aren't having any problems. Post back any time if you want more help.

Link to comment
Share on other sites
scott94 Apprentice

scott94

Posted
Posted

Its strange that i can still search for the evbrer.dll and it comes up, but it might include previous search's just like google does when youve been on the internet that day.

The icon next to it is a blank piece of paper, whereas all the others have icons e.g. folders.

 

as for the latest trojan regarding the file name it was C:\Users\scott\AppData\Roaming\Qupez\gydyi.exe

 

hope this helps

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted
as for the latest trojan regarding the file name it was C:\Users\scott\AppData\Roaming\Qupez\gydyi.exe

 

That doesn't show in the DDS log so must be a newly created file or one that has been on the machine for a while. Executables really shouldn't be running from %appdata% so they're easy to spot.

 

If you want, do this for me:

 

  • Right click SystemLook.exe & choose "Run as Administrator" to run it
  • Copy the content of the following codebox into the main textfield:
    :reg
HKLM\Software\Microsoft\Windows\CurrentVersion\Run /s


     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Post this log in your next reply.

The log can also be found on your Desktop entitled SystemLook.txt

Link to comment
Share on other sites
scott94 Apprentice

scott94

Posted
Posted

Hi Wddler, thanks for the quick reply. Here are the results from the scan:

Administrator - Elevation successful

 

========== reg ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

"RtHDVCpl"="RtHDVCpl.exe"

@=""

"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe""

"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"

"Skytel"="Skytel.exe"

"QuickTime Task"=""C:\Program Files\QuickTime\QTTask.exe" -atboottime"

"iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe""

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java Update\jusched.exe""

"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

@=""

Link to comment
Share on other sites
waddler8 Community Regular

waddler8

Posted
Posted

That looks alright. The bold bit in red shouldn't really be there but it's not malicious at all.

Any more problems, anything else been detected?

 

========== reg ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

"RtHDVCpl"="RtHDVCpl.exe"

@=""

"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe""

"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"

"Skytel"="Skytel.exe"

"QuickTime Task"=""C:\Program Files\QuickTime\QTTask.exe" -atboottime"

"iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe""

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java Update\jusched.exe""

"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.