waddler8 Posted April 1, 2011 Share Posted April 1, 2011 Strange. Download SystemLook from the link below and save it to your Desktop. Download Right click SystemLook.exe & choose "Run as Administrator" to run it. Copy the content of the following codebox into the main textfield::file C:\Users\scott\AppData\Local\evbrer.dll :regfind Vrefikufevoridoz Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Post this log in your next reply. The log can also be found on your Desktop entitled SystemLook.txt Link to comment Share on other sites More sharing options...
rich5315 Posted April 2, 2011 Share Posted April 2, 2011 kaspersky is what i use, had it for years, best ever!, i dont think the free ones are very good, norton says it updates daily, its data base is only updated every wednesday! so your norton lies! kaspersky is best it picks things up no other would. Link to comment Share on other sites More sharing options...
waddler8 Posted April 2, 2011 Share Posted April 2, 2011 norton says it updates daily, its data base is only updated every wednesday! so your norton lies! There are different schedules for different types of content and updates. The product frequently, 5 to 15 minutes, checks for pulse updates, this is a process that requires very little bandwidth and little CPU and IO resources. http://community.norton.com/t5/Norton-Internet-Security-Norton/LiveUpdate-Lies-To-Us/m-p/329255/highlight/true#M135566 Link to comment Share on other sites More sharing options...
scott94 Posted April 4, 2011 Share Posted April 4, 2011 Hi Waddler, Sorry for the late reply, its hard to get time to sort my pc out with work and other commitments like playing ice hockey. Here are the results of the system look: SystemLook 04.09.10 by jpshortstuff Log created at 16:23 on 04/04/2011 by scott Administrator - Elevation successful ========== file ========== C:\Users\scott\AppData\Local\evbrer.dll - Unable to find/read file. ========== regfind ========== Searching for "Vrefikufevoridoz" No data found. -= EOF =- Ive been speaking to a few friends and ive downloaded SpyBot Search and Destroy. Ive got AVG now aswell and that detected another Trojan it was a (TrojanHorse Generic21.BLCA) and it moved it to the virus vault so im guessing thats sorted it. Ive got a feeling that whatever i've had has now gone as my system seems to be running quciker, and ive done scans with spybot, malwarebytes and AVG an they havent detected anything, so i might leave it. I'll keep scanning every day now though! Thanks everyone for your help, advice and suggestions, they're much appreciated. Link to comment Share on other sites More sharing options...
waddler8 Posted April 4, 2011 Share Posted April 4, 2011 The file doesn't look to be there & neither is the launch point in the registry. That's two reports that don't show it (DDS & SystemLook). The DDS log also didn't show anything else bad or suspicious. SystemLook 04.09.10 by jpshortstuff Log created at 16:23 on 04/04/2011 by scott Administrator - Elevation successful ========== file ========== C:\Users\scott\AppData\Local\evbrer.dll - Unable to find/read file ========== regfind ========== Searching for "Vrefikufevoridoz" No data found -= EOF =- Ive got AVG now aswell and that detected another Trojan it was a (TrojanHorse Generic21.BLCA) and it moved it to the virus vault so im guessing thats sorted it.Hard to tell without knowing the exact filename and location (path to file) of whatever AVG detected. (eg: C:\directory\folder\subfolder\filename.exe) We can leave it at that if you're happy & aren't having any problems. Post back any time if you want more help. Link to comment Share on other sites More sharing options...
scott94 Posted April 4, 2011 Share Posted April 4, 2011 Its strange that i can still search for the evbrer.dll and it comes up, but it might include previous search's just like google does when youve been on the internet that day. The icon next to it is a blank piece of paper, whereas all the others have icons e.g. folders. as for the latest trojan regarding the file name it was C:\Users\scott\AppData\Roaming\Qupez\gydyi.exe hope this helps Link to comment Share on other sites More sharing options...
waddler8 Posted April 4, 2011 Share Posted April 4, 2011 as for the latest trojan regarding the file name it was C:\Users\scott\AppData\Roaming\Qupez\gydyi.exe That doesn't show in the DDS log so must be a newly created file or one that has been on the machine for a while. Executables really shouldn't be running from %appdata% so they're easy to spot. If you want, do this for me: Right click SystemLook.exe & choose "Run as Administrator" to run it Copy the content of the following codebox into the main textfield::reg HKLM\Software\Microsoft\Windows\CurrentVersion\Run /s Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Post this log in your next reply. The log can also be found on your Desktop entitled SystemLook.txt Link to comment Share on other sites More sharing options...
scott94 Posted April 4, 2011 Share Posted April 4, 2011 Hi Wddler, thanks for the quick reply. Here are the results from the scan: Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "RtHDVCpl"="RtHDVCpl.exe" @="" "Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" "TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" "Skytel"="Skytel.exe" "QuickTime Task"=""C:\Program Files\QuickTime\QTTask.exe" -atboottime" "iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe"" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" "AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" @="" Link to comment Share on other sites More sharing options...
KingofvikinG Posted April 4, 2011 Share Posted April 4, 2011 I use Microsoft security essentals works fine for me. Link to comment Share on other sites More sharing options...
waddler8 Posted April 4, 2011 Share Posted April 4, 2011 That looks alright. The bold bit in red shouldn't really be there but it's not malicious at all. Any more problems, anything else been detected? ========== reg ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "RtHDVCpl"="RtHDVCpl.exe" @="" "Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" "TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" "Skytel"="Skytel.exe" "QuickTime Task"=""C:\Program Files\QuickTime\QTTask.exe" -atboottime" "iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe"" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" "AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now