Page 2 of 3

PostPosted: Sat Apr 17, 2010 8:01 am
by evasive
That looks quite familar to me, someone making money out of a free project again? ... uoiaview//

PostPosted: Sat Apr 17, 2010 11:11 am
by dizzyflower28
I have a fear that a virus may be the doing of my increased hard drive. I ran a thorough scan in both ZoneAlarm & Avast. Nothing showed up in ZoneAlarm but a file did show up in Avast (a file name something like UPS Invoice.exe). I wish I had written the entire folder location down but I chose to delete the file @ the next startup. If I remember correctly it was in Application data or local settings. My hard drive is still increasing making me concerned if it really did get deleted. I did a Windows search looking for the file (I made sure to select to look in hidden files & folders) but nothing showed up. What else should I do?

My other option would be to restore my HD to July 3, 2009 which would suck b/c I would loose a lot of date. Although a few days ago I threw my most important stuff onto my Powerbook just in case.

Also, should I be worried about security? I haven't logged into any banking sites or sites w/ important info just in case.

PostPosted: Sat Apr 17, 2010 11:44 am
by evasive
hmmm or something like this:

In which case a system restore won't help either. Tried some rootkit revealing tools yet?

PostPosted: Sat Apr 17, 2010 11:53 am
by dizzyflower28
I ran F-Secure a few days ago but I ran it in regular mode, tried running it in Safe Mode but it said I had to run it regular. Can you recommend any other good rootkit eliminators?

PostPosted: Sat Apr 17, 2010 11:54 am
by Karlsweldt
If you have removed suspicious files or folders, and they return, likely it could be a virus. Or a program that loads when the OS starts, replicating "lost" files. The 'Start-up' link from the start menu should have no listings except what is actually needed. Any program needed will load when required, and then close completely when you want it to.. instead of lingering unused in the background, wasting CPU cycles and memory.
You can check the Task Manager for what processes are running, and note which are taking the largest chunk of operating space. The Task Manager also shows what applications are running, whether or not in actual use. The 'performance' part of Task Manager shows what memory and CPU usage is, at the current time. More than 50 processes running when you have no actual programs in use indicates excess overhead.
You can check what programs auto-start from running msconfig and check the 'start up' tab. Any changes made will require a restart. Be cautious about certain processes, as they may cause a failure of the OS to load properly. The SysTray box in the lower right corner of the screen shows active processes. Any more than eight, including the clock and speaker symbol, indicates excessive programming in operation.
Some "finder" programs are notorious about collecting files it deems you would like, and are more a nuisance than a help.
In the worst case, you may want to get a new hard drive and do a full new install. It would be a hassle, but you can set your preferences as needed. Then just copy over your files. But before any copy is made with the old drive, use the new setup to give it a good, deep scan. This would reduce the risk of that "infection" migrating to your new install.

PostPosted: Sat Apr 17, 2010 12:05 pm
by evasive
dizzyflower28 wrote:I ran F-Secure a few days ago but I ran it in regular mode, tried running it in Safe Mode but it said I had to run it regular. Can you recommend any other good rootkit eliminators?

there's no such thing as an eliminator, only a detector. a rootkit is specifically written to penetrate your system to the level where you cannot remove it...

PostPosted: Sat Apr 17, 2010 12:05 pm
by dizzyflower28
As far as the task manager, I'm under processes and am not seeing anything too alarming. Although I did count 68 processes running.

In your opinion could this be a virus is there a possibility it's Photoshop?

PostPosted: Sat Apr 17, 2010 12:07 pm
by dizzyflower28
Would most rootkit detectors be able to detect a problem in regular mode vs safe mode?

PostPosted: Sat Apr 17, 2010 12:53 pm
by Karlsweldt
Rootkits are a nasty form of DRM, or Digital Rights Management. The Sony/BMG rootkit was one of the worst. But there are rootkit removers from many sources, some free and others that do cost a few dollars. This Rootkit Removal Guide should help explain the safest way to remove them.
Some brands of anti-virus software do have rootkit detection/removal facilities. Rootkits come not only from installed software, but can come from certain unsavory sites.. even suspicious Emails. My AVG program picked up a rootkit the other day, and I had not installed any programming in more than a week, or visited untrusted sites. Was moved to the 'virus vault' and I deleted it. So far, no return.

PostPosted: Sat Apr 17, 2010 12:57 pm
by dizzyflower28
Thanks, I'll try running it and see what happens. If the problem is a virus & not a rootkit, would doing a system restore to July 3, 2009 remove the problem?