How can I tighten up my internet security!!

marylee

Despite following all the advice given my members from this forum. My antivirus still keeps picking a virus trojan dloader and blocking silent calls everyday since saturday. What else can I do guys, I have Pc-cillin Internet security, spybot,ccleaner and microsoft anitspyware, all up to date and when I scan nothing shows. Hijack log did not show anything malicious as well. How can I stop this getting in the computer in the first place? Please can somebody advice me on the security of my internet settings. I did consider doing a restore point but I have to go back from Saturday when it was working OK an since then I have installed a few things. Also when I am in safe mode in XP, I do not notice any difference on the desktop, everything seem the same, I can still use the internet whereas in windows 98, the icons on the desktop change and I cannot use the computer. Sorry if I seem to be repeating myself. This is drivng me crazy, I thought av and spywares programmes are supposed to block ths before they get in the system. Thanks

sra

I posted a link to a list of 10 things here

If you do the stuff on that list then you can't get much safer

penrhyn

Don't know whether this may help but I've found that Ewido finds more stuff than MS antispyware, \spybot S&D or Adaware.

I am a bit confused at the references to Windows 98 and Windows XP, are you running both systems on the same PC?

This might be asking the obvious but your firewall is switched on?

O one last thing, get firefox

pchelpman

marylee wrote:

My antivirus still keeps picking a virus trojan dloader

Did your AV give this trojan a name and tell you where it's located on your PC? If so please post back here with as much detail as you can.

If it really IS a trojan you can run everything that's already been suggested but also a specialist trojan remover - Trojanhunter. It has a fully working trial version.

You can download it here....

http://www.trojanhunter.com/

Scan your PC with it and have it fix anything it finds definitely bad. If it comes up with messages about "suspicious" or "doubtful" files - and you're not sure what to do - post the details back here for more advice.

And don't forget the first 4 posts in our new "anti-malware" sticky here....

http://forums.moneysavingexpert.com/showthread.html?t=133269

You really should try everything there as well.

Lastly, you say that HijackThis doesn't reveal anything bad. If you're right then the trojan is either being blocked before it can install itself OR it's hiding deeper than HJT can see. HJT is good but it doesn't reveal everything. Not by any means.

Please try all this then update us on how things are. If there's no improvement there are other things we can try. You should also post a copy of your HJT scan report here for review.

bildanto

Hi, I had the same message coming up when I installed my anti-virus ie Warning BT Yahoo - Blocking making Silent Calls. I was told on here that the message is nothing to worry about it means that the BT connection wants data from the pc and your firewall is letting you know. Like you I am on BT Yahoo and have had a lot of problems.

pchelpman

bildanto wrote:

Like you I am on BT Yahoo and have had a lot of problems.

You are not alone. Get rid of one or the other (or both).

marylee

penrhyn wrote:

Don't know whether this may help but I've found that Ewido finds more stuff than MS antispyware, \spybot S&D or Adaware.

I am a bit confused at the references to Windows 98 and Windows XP, are you running both systems on the same PC?

This might be asking the obvious but your firewall is switched on?

O one last thing, get firefox

The old computer is windows 98, and my firewall is switched on.

marylee

pchelpman wrote:

Did your AV give this trojan a name and tell you where it's located on your PC? If so please post back here with as much detail as you can.

If it really IS a trojan you can run everything that's already been suggested but also a specialist trojan remover - Trojanhunter. It has a fully working trial version.

You can download it here....

http://www.trojanhunter.com/

Scan your PC with it and have it fix anything it finds definitely bad. If it comes up with messages about "suspicious" or "doubtful" files - and you're not sure what to do - post the details back here for more advice.

And don't forget the first 4 posts in our new "anti-malware" sticky here....

http://forums.moneysavingexpert.com/showthread.html?t=133269

You really should try everything there as well.

Lastly, you say that HijackThis doesn't reveal anything bad. If you're right then the trojan is either being blocked before it can install itself OR it's hiding deeper than HJT can see. HJT is good but it doesn't reveal everything. Not by any means.

Please try all this then update us on how things are. If there's no improvement there are other things we can try. You should also post a copy of your HJT scan report here for review.

The trojan is being blocked by the AV, but my AV seems to be picking it sometimes twice a day. Here is my hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 10:49:10, on 17/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\BT Yahoo! Internet\ModemLock.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Yahoo! Internet\Watchdog.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\DOCUME~1\Dominic\LOCALS~1\Temp\clclean.0001
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\atip.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - !!4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - !!5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - !!65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AtiPanel] C:\WINDOWS\atip.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: BT Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

The virus name is TROJ_DLOADER.NQ C\windows\-p9hEPQbj.exe. in quarantine. I hope this makes sense to somebody. Thanks for your help

Thanks for your help.

marylee

bildanto wrote:

Hi, I had the same message coming up when I installed my anti-virus ie Warning BT Yahoo - Blocking making Silent Calls. I was told on here that the message is nothing to worry about it means that the BT connection wants data from the pc and your firewall is letting you know. Like you I am on BT Yahoo and have had a lot of problems.

Thanks for this, it is so worrying and I kept checking my phone bill for unknown calls.

intel

bildanto wrote:

Hi, I had the same message coming up when I installed my anti-virus ie Warning BT Yahoo - Blocking making Silent Calls. I was told on here that the message is nothing to worry about it means that the BT connection wants data from the pc and your firewall is letting you know. Like you I am on BT Yahoo and have had a lot of problems.

:wave: Yep thats BT wanting info.

peter_the_piper

I suggest you run the file here
http://www.hijackthis.de/
It will tell you of anything nasty.
Its the authors site I think.