PDA

View Full Version : Some best Antivirus for required protection of Data



sazd1
18-10-2009, 02:25 AM
I have suffered a lot for loss of data due to Virus in my computer.
Please indicate some of the best Antivirus to be installed or downloaded for the required protection of data and the Computer.

Thanks

beeswax34
18-10-2009, 04:06 AM
If you haven't cleaned the infection already, then download the free trial of NOD32 from here:
http://www.eset.com/download/index.php

If your computer is fine and you want proper long-term protection, you choose to pay for NOD32 or get Avast Anti-virus for free and pair that with Comodo Firewall Pro which is also free:

http://www.avast.com/eng/avast_4_home.html

http://personalfirewall.comodo.com/

Misty
18-10-2009, 06:33 AM
Not Avast ! :eek:

http://pressf1.pcworld.co.nz/showthread.php?t=103786

Misty :)

kjaada
18-10-2009, 07:47 AM
What makes you believe you have a virus??
There are several ways to lose data and a virus would not be the most common one.

Blam
18-10-2009, 02:06 PM
What makes you believe you have a virus??
There are several ways to lose data and a virus would not be the most common one.

+1 To that.

Can you be mroe specific on the details?

Post a HijackThis log if you can.

sazd1
20-10-2009, 12:02 AM
Hi Blam
Thanks for your reply Blam.
My MsWord and MsExcel files are showing no data just garbage.
I ran HijackThis and the logfile results are as under:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:09, on 19/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\runouce.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\servises.exe
C:\ARQUIV~1\iGv6\sysbrand.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ana\reader_s.exe
C:\WINDOWS\system32\servises.exe
C:\ARQUIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\Net.exe
C:\WINDOWS\system32\net1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [7928] C:\WINDOWS\system32\51.tmp.exe
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ana\reader_s.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [Yahoo! Pager] "C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [reader_s] C:\Documents and Settings\Ana\reader_s.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [DAEMON Tools Lite] C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe -autorun (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader (usnjsvc) - Unknown owner - C:\Arquivos de programas\MSN Messenger\usnsvc.exe (file missing)

--
End of file - 7841 byte

Please advise.

Speedy Gonzales
20-10-2009, 08:08 AM
Boot into safe mode / networking (reboot, hold f8 down, select it). Disable system restore. Tick these then tick fix checked

Close browsers. Once you tick these then tick fix checked, delete these files

Or get trojan remover below. Install it, update it, click on scan. Then select all options under the utilities menu.

Or get teamviewer (www.teamviewer.com) install it run it, then send me a PM with the ID and password in it. Make sure you boot into safe mode / networking

C:\WINDOWS\system32\Net.exe

C:\WINDOWS\system32\net1.exe

C:\WINDOWS\system32\Net.exe

C:\WINDOWS\system32\net1.exe

C:\WINDOWS\system32\Net.exe

C:\WINDOWS\system32\net1.exe

C:\WINDOWS\system32\Net.exe

C:\WINDOWS\system32\net1.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [7928] C:\WINDOWS\system32\51.tmp.exe

O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe

O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe

O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Ana\reader_s.exe

O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe

O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe

O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe" (User '?')

O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER
\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (User '?')

O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER
\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe (User '?')

O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [reader_s] C:\Documents and Settings\Ana\reader_s.exe (User '?')

O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')

O4 - HKUS\S-1-5-21-1060284298-507921405-2147122835-1003\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

sazd1
21-10-2009, 12:24 AM
Thanks Speedy Gonzales
I tried to download TrujanRemover it downloaded but after complete download it gave a message that it cannot download on system. I not know why.
I ran the system in safe mode and then i deleted many files you mentioned, by going to C:/Windows32 and then deleting files from there one by one. Many files i found there and many i could not found there. And i fear that i could not perform this task completely due to my own incapabilities.
The system is not working properly and it is not being connected to internet too. What i am doing is that working on another computer and the softwares i download on a flash drive through this computer and then install on that faulty computer.
so please advise if i will have to format that faulty computer losing all my data or there is some rescue for that.
Thanks for your cooperation.

Speedy Gonzales
21-10-2009, 12:44 AM
Did you tick the entries before you deleted the entries??

Did you boot into safe mode / networking?? Thats the only way you'll get on the net. if you want get teamviewer. And send the ID and password thats in it to me in a PM. I'll check it out

nofam
21-10-2009, 09:13 AM
if you want get teamviewer. And send the ID and password thats in it to me in a PM. I'll check it out

Hope your Portuguese is passable! :D

Speedy Gonzales
21-10-2009, 09:18 AM
You dont have to talk :p

nofam
21-10-2009, 11:42 AM
You dont have to talk :p

Yeah I know - just meant that his PC language is set to Portuguese by the look of his log! :blush:

Speedy Gonzales
21-10-2009, 11:49 AM
Just as long as I can remember whats what (on the english version), I'll pass. And use ccleaner to remove the startup entries

sazd1
22-10-2009, 12:08 AM
Hi Speedy
Yes I did that all and removed the files suggested by you.
I rebooted the computer. But that virus i think(Envelop icon with text README under that icon) is still there smiling at me with satire.

I tried to download TrujonRemover but it failed. Should I format and reinstall windows again or there is some rescue for that?
Thanks for your guidance.

Speedy Gonzales
22-10-2009, 12:11 AM
If you want me to help you get teamviewer like I posted, then boot into safe mode / networking. Then install it then run it. Then send me a PM with the ID and password. Altho you come in too late (its 12.10 am here). So, I may not be able to get into your system if you come in too late (or early). Since I may not be up this late, all the time. Other than that, you may have to reformat to fix it