From: "G-Manski" <(E-Mail Removed)>
| I ran AdAware v1.06 and had these items show up: IBIS Toolbar. I found the
| registry key for this and tried to delete it. The IBIS would not delete for
| me. The IBIS was "owned" by my son. I logged in as him and the registry key
| for IBIS was deleted. I ran another AdAware scan and nothing showed up. I
| ran an AVG Free edition scan and found a Keenval trojan. I found the
| registry key for this and deleted it.
|
| I still have the activity showing on my router. I am not familiar with
| "background" traffic. Granted my computer shows no signs of being infected
| with anything. The constant activity is annoying and I do not think it is
| normal.
|
| I have not tried the Ethereal yet. What does this program actually show me?
|
| Thanks.
Unless you know how to read a protocol decode, it won't help.
Instead, download TCPVIEW from Sysinternals --
http://www.sysinternals.com/Utilities/TcpView.html
It will show a GUI based, dynamic view, of what program is opeing and communicating on what
port to what site on the Internet.
Based upon your finding the IBIS Tioolbar adware/spyware and a Trojan, the chances are still
high that there are other infectors.
Please download, install and update SpyBot Search and Destroy v1.4
http://security.kolla.de/
And use the the following Multi AV scanner. It is a friont end to; McAfee, Trend Micro and
Sophos AV scanners. None of which need to pre-exist on the PC. I usggest this becuase AVG
often misses amny infectors.
I suggest starting with the McAfee AV module, then Sophos then Trend Micro.
Use of Ad-aware SE, SpyBot S&D and the Multi AV scanning tool should be done on *all*
platforms on the lAN side of the Router.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Similar Threads
Linear Mode
