Better antivirus than kaspersky or nod32 ?

J

jampack

Contributor
Hello friends.
i have a big prob. i am using windows xp sp2 on my system. i have been using KIS 7.0 for a long time now. My pc somehow got infected with virus from my friend's hdd connected to my computer irrespective of the protection. Now i am having problems like enabling viewing of hidden files and even if i change the settings, the settings dont change from "dont view hidden files". So i scanned whole hard-disk with kaspersky and found nothing. then i installed eset smart security and it also couldn't find anything. please help..
 
i think quick heal shud help u
....or if u have a emergency startup disk that wud really help...create one from a frnds comp if needed... btw maybe there is a specific fix whoch oder members mite point out
 
just because u can boot into windows doesnt mean u have got rid of dem all.......the quick heal will do a mem check first bfore installation..but if uve been paid a visit by a special harami one... for complete removal u need to kick it out bfore it gets into da mem
 
Do a boot scan after updating your AV. After the virii are detected and cleaned, don't open any partitions. Run regedit and do the following:

  1. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
  2. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
  3. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
  4. The “Show hidden files & folders” check box should now work normally.

Go to your system partition from the address bar after enabling "show hidden folders/ system folder". Delete any autorun.infs u find. Repeat on all partitions.

Most probably u were infected from a USB drive. Disable autorun and always open removable drives thru the address bar. keep an eye out for autorun.infs on pen drives. Open them if u find one and look for the program that is set to autorun. Delete any such files u find.

Or you can download SDFix and run it. Fixes most malwares and resets default registry/ system settings.
 
log file of hijackthis if this is what u asked for
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:36 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Varun\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78ED60A8-E533-4A8E-8B09-6938E00B45AA}: NameServer = 218.248.240.24 218.248.240.135
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 3956 bytes
Click to expand...
 
Did u try out the registry changes? If your PC is no longer infected, the change would be instant (without reboot).
 
i havent tried the registry changes. how do i know my pc is no longer infected? scans by kaspersky and eset gud enough? cant trust kaspersky much since it cudnt detect the virus at first place and even after i had done full system scan, which showed my pc to b virus free, it kept on finding viruses from the system information folders every now and then. tried eset now and it hasnt found anything either
 
well it worked. i changed the value from 0 to 1. and that does the trick. thanks for the help.

but now the question still remains wot antivirus to trust..?
 
Most AVs are late in detecting autorun virii as they don't spread as fast as other virii which propagate thru the net. Your present AV is very good. Just remember to disable autorun and always open removable media thru the address bar.

I clean up an infected PC almost everyday as I service many Govt. offices here , not to mention my pendrive which I have to use daily on government offices, yet I have never been infected in the past three years. I just have a regularly updated Avast home and follow safe practices.
 
drkhalsa said:
Can you plz explain it bit more in more simple way ( sorry for the trouble!)

I am using NOD32 from last 3 years and never faced any problem. till now
Click to expand...

Lucky fellow.
I have used Symantec, Avast, Kaspersky, Nod 32, Windows Defender, ZoneAlarm and still had infections.
In fact, I spent almost four hours today trying to clean a very badly entrenched VirtuMonde from my system that had sneaked in with a torrent file and set its bases in system folders despite NOD32 and Defender on guard.

In practice, I have found that your computer's security is as good as your computing practices. If you are click happy be ready to deal with nasty stuff. Running an AV or Anti-Trojan helps up to an extent but finally what matters is how careful you are while clicking on executable files/scripts.
 
drkhalsa said:
Can you plz explain it bit more in more simple way ( sorry for the trouble!)
Click to expand...

For example, if ur drive letter is I, type I:\ in the address bar in My Computer and press enter :hap2:
 
morgoth said:
Lucky fellow.
I have used Symantec, Avast, Kaspersky, Nod 32, Windows Defender, ZoneAlarm and still had infections.
In fact, I spent almost four hours today trying to clean a very badly entrenched VirtuMonde from my system that had sneaked in with a torrent file and set its bases in system folders despite NOD32 and Defender on guard.

In practice, I have found that your computer's security is as good as your computing practices. If you are click happy be ready to deal with nasty stuff. Running an AV or Anti-Trojan helps up to an extent but finally what matters is how careful you are while clicking on executable files/scripts.
Click to expand...

that's a very good point made by morgoth...No mattter wot kind of Security softwares u use, at the end of the day all that matters is how good ur computing practices are...my fathers comp got infected with some folder virus and even Norton is unable to detect it...the only possible solution i find is to format the system..i might sound immature or unrelated to the topic when i say that "No security is perfect" :P ....this sentence was said in Batman the Animated Series..i used to watch and enjoy it as a kid...:P

I guess that same point can b made in this scenario...:P
 
thegamerulez said:
well, cant we just open windows explorer and click on I drive? :huh:
Click to expand...

Most infected pen drives will execute the virus if you double click on it. Some will execute even if u right-click and select search, open, autoplay and explore.
 
Balkazzaar said:
my fathers comp got infected with some folder virus and even Norton is unable to detect it...the only possible solution i find is to format the system..i might sound immature or unrelated to the topic when i say that "No security is perfect" :P ....this sentence was said in Batman the Animated Series..i used to watch and enjoy it as a kid...:P

I guess that same point can b made in this scenario...:P
Click to expand...

Most virri I come across ( mostly spreading thru pen drives) are undetected for months by Avast, McAfee, AVG and Norton (these are the most used AV here) . Fortunately, there are programs like SdFix and other freeware which can atleast enable the registry and task manager if disabled. These two tools can help recover from most of the virii prevalent nowadays. And googling the symptoms also helps in finding solutions.

In fact, the utility of an AV after infection is very limited. You'd still need to repair ur sytem/ registry yourself.

btw, I'm no longer a kid, but I still enjoy Batman :ohyeah:
 
Naga said:
Do a boot scan after updating your AV. After the virii are detected and cleaned, don't open any partitions. Run regedit and do the following:


  1. Or you can download SDFix and run it. Fixes most malwares and resets default registry/ system settings.
Click to expand...


  1. Naga said:
    Just try the changes. If it works, u're no longer infected.
    Click to expand...

    I ran a scan with SDFix . Here's the report.

    Code: 
    [b]SDFix: Version 1.216 [/b]
Run by Metalheart on Sun 08/17/2008 at 03:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File

Rebooting
[b]Checking Files [/b]: 

Trojan Files Found:

C:\autorun.inf - Deleted

Removing Temp Files

[b]ADS Check [/b]:
                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-08-17 15:08:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Quake 3\\quake3.exe"="D:\\Quake 3\\quake3.exe:*:Enabled:quake3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 12 Aug 2008        90,295 ..SHR --- "C:\r2nl.com"
Sat 16 Aug 2008        91,179 ..SHR --- "C:\t1ypkh.exe"
Sat 16 Aug 2008        92,457 ..SHR --- "C:\WINDOWS\system32\amvo.exe"
Sun 17 Aug 2008        84,992 ..SHR --- "C:\WINDOWS\system32\amvo0.dll"
Sat 16 Aug 2008        84,992 ..SHR --- "C:\WINDOWS\system32\amvo1.dll"
Sat 16 Aug 2008        91,179 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"
Sat 16 Aug 2008        84,992 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Sat 16 Aug 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]
    Still, the problem is as good as new !! The drives still open in a new window from my computer and I still cannot change the View Hidden Files option !! And I still can't edit the registry (i can open the registry but the changes don't get saved !!)

    :no: :S :huh:
 
Back
Top