withington
asked on
TROJ BIPSY.D
I just ran trend micros scan and it reported that I have TROJ BIPSY.D. Can anyone help me remove this?
thanks
thanks
Trend Micro should report what file is infected. From what I can tell it is spyware. Reboot into safe mode and delete the file.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
added to this problem is that I cannot update NORTON virus definitions . . .
So, I turned off System Restore, did not yet turn it back on as I did this before I saw any reply posts, and am now running Symantic Online Scan
I will let you know the results. So far it has found 8 "threats"
So, I turned off System Restore, did not yet turn it back on as I did this before I saw any reply posts, and am now running Symantic Online Scan
I will let you know the results. So far it has found 8 "threats"
Yikes...
ASKER
ok, I amy or may not have gotten rid of all the bad stuff, but now it continualy hangs at the "welcome" screen when booting up. If I shut it down for a few seconds and then start it up, most of the time it will boot to Windows. ANy ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would suspect Norton. Uninstall and test.
And a quick note: it's really NOT good having more than 1 Anti Virus running.
Zee
Hello,
Uninstalling Norton may help with boot problem, but will not remove remaining viruses that are possible still on the system.
If viruses are still on the system and you remove AV, reinstalling it before removing viruses will probably be unsuccessful.
Beside I suggested online scanning, one at the time, not to install them. Clicking on above URL's will get you to free online scan.
There is possible that you may not be able to scan. That would sugest that system is infected badly. Having Norton already installed will help determined what files are infected and where are they.
I would remove Norton only if I'm sure, that is the problem.
Uninstalling Norton may help with boot problem, but will not remove remaining viruses that are possible still on the system.
If viruses are still on the system and you remove AV, reinstalling it before removing viruses will probably be unsuccessful.
Beside I suggested online scanning, one at the time, not to install them. Clicking on above URL's will get you to free online scan.
There is possible that you may not be able to scan. That would sugest that system is infected badly. Having Norton already installed will help determined what files are infected and where are they.
I would remove Norton only if I'm sure, that is the problem.
ASKER
thanks for all your help. I think that I was able to rid myslef of all problems except for two malware files. . . that in a moment. I will tell you what I did:
scanned with PandaSoftware, Norton, TrendMicro. Only Panda Still finds 2 malwares that I am having problems getting rid of. Ii had to uninstall Norton and then reinstall - obviously one of the files must have gotten currupted. I will get the names of the 2 files, but in the mean time I iwill raise the number of points for this question if anyone can help me with another problem on another computer
XP, Thunderbird - the inbox erratically changes numbers like from 333 to 1254 to 874 . . . and on. When I delete any email it shows up again almost right away. And then out of the blue, the Inbox reflects the correct number of emails.
whats up with this? What virus do I have on this box?
scanned with PandaSoftware, Norton, TrendMicro. Only Panda Still finds 2 malwares that I am having problems getting rid of. Ii had to uninstall Norton and then reinstall - obviously one of the files must have gotten currupted. I will get the names of the 2 files, but in the mean time I iwill raise the number of points for this question if anyone can help me with another problem on another computer
XP, Thunderbird - the inbox erratically changes numbers like from 333 to 1254 to 874 . . . and on. When I delete any email it shows up again almost right away. And then out of the blue, the Inbox reflects the correct number of emails.
whats up with this? What virus do I have on this box?
ASKER
btw - the two files are: WebHancer and IPInsight. Any ideas on how to get rid of them? Also, the problem with thunderbird was that I had not compacted the folders. I had to delete some profile files and then all was fine.
THanks again, and if anyone knows how to get rid of those other files I would greatly appreciate it!
THanks again, and if anyone knows how to get rid of those other files I would greatly appreciate it!
Glad we could be of help. Thanks.
The files you mention are spyware, that these should take care of:
First of all, download NOW this Winsock fix:
http://downloads.subratam.org/WinsockFix.zip
If you lose internet access after the cleanup, run this tool.
After that, download the fully functional trial version of Spy Sweeper:
http://www.webroot.com/downloads/?WRSID=595f27d74dd2795a56af83b763c321e1
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
Download Ad-Aware from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
Also excellent is SpyBot Search & Destroy available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once (“in use”).
You should also apply the "immunize" function, since it blocks roughly 1900 known 'bad' runs/apis/apps.
Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.
You can also install “preventive” software that will help you control these nasties:
SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Prevents the installation of Active-X based spyware, malware, dialers, etc
Currently protects you against 3400+ nasties.
Advantage: no system resources used!!!
Just download, install and UPDATE.
All of them extremely useful but you must keep them UPDATED.
Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.
Zee
Hello,
Have in mind that there some different variants of IPinsight. Look if you have some P2P programs installed on system, like Kazaa, sharebare and so on. If you do, remove them as well. Whot Zee sugest you is good. Also check manualy for this files. IPinsight creats them.
IPInsigt.dll
IPInsigt.pnf
IPInsigt.inf
Sentry.exe
Sentry.ini
IPInsigt.dll
Reason I'm teling you that, is that I did have exspiriance with it. After removing pest with spy removing programs, it did leave some files behind and thing reapired again.
Check registry entrys:
HKEY_LOCAL_MACHINE\Softwar
Delete "sentry" if there
Restart machine. Not to say, be very cearful wiyh registry, and do it in seafe mod.
When you are completly don and sure you did get out all pests. Put back on restore points and do Windows updates.
On the end, to add on Zee arsenal of tools and they are all good, you should consider "Microsoft Windows Spyware" It is free and very good. To read more about this and download it, visit site below.
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en
See this site as well. More on MS Win. Spyware.
http://microsoft.blognewschannel.com/index.php/archives/2005/01/09/
To read about and remowe webhancer wisin Norton site.
http://securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html
good lock.
Have in mind that there some different variants of IPinsight. Look if you have some P2P programs installed on system, like Kazaa, sharebare and so on. If you do, remove them as well. Whot Zee sugest you is good. Also check manualy for this files. IPinsight creats them.
IPInsigt.dll
IPInsigt.pnf
IPInsigt.inf
Sentry.exe
Sentry.ini
IPInsigt.dll
Reason I'm teling you that, is that I did have exspiriance with it. After removing pest with spy removing programs, it did leave some files behind and thing reapired again.
Check registry entrys:
HKEY_LOCAL_MACHINE\Softwar
Delete "sentry" if there
Restart machine. Not to say, be very cearful wiyh registry, and do it in seafe mod.
When you are completly don and sure you did get out all pests. Put back on restore points and do Windows updates.
On the end, to add on Zee arsenal of tools and they are all good, you should consider "Microsoft Windows Spyware" It is free and very good. To read more about this and download it, visit site below.
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en
See this site as well. More on MS Win. Spyware.
http://microsoft.blognewschannel.com/index.php/archives/2005/01/09/
To read about and remowe webhancer wisin Norton site.
http://securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html
good lock.
ASKER
\thanks for your reply.
I already have used S&D as well as AdAware. THey came out clean. I am now running SpySweeper.
Question: When I booted the puter up, I got 2 error messages that I had gotten before that I thought that I fixed: THe first was that the Time/Date deal was not correct and that I need to use the applet to correct it. After celecting OK, the puter continues to boot up and then after the windows desktop loads I get a Norton error message that informs me that a certain file cannot load and that Norton will be disabled. Yesterday when I was working on this computer, by the end of the day the messages not longer appeared. Note, yesterday I adjusted the time/clock. Just now when I booted up I got those messages - as I said earlier - and the time/clock was dated in 1989. COuld those 2 error messages appear then not appear due to the CMOS battery? If so how hard is it to replace?
thanks
I already have used S&D as well as AdAware. THey came out clean. I am now running SpySweeper.
Question: When I booted the puter up, I got 2 error messages that I had gotten before that I thought that I fixed: THe first was that the Time/Date deal was not correct and that I need to use the applet to correct it. After celecting OK, the puter continues to boot up and then after the windows desktop loads I get a Norton error message that informs me that a certain file cannot load and that Norton will be disabled. Yesterday when I was working on this computer, by the end of the day the messages not longer appeared. Note, yesterday I adjusted the time/clock. Just now when I booted up I got those messages - as I said earlier - and the time/clock was dated in 1989. COuld those 2 error messages appear then not appear due to the CMOS battery? If so how hard is it to replace?
thanks
The date/time changing after turning off PC is usually a sign of a failing CMOS battery.
The Norton not being enabled is a sign of a corrupt installation.
I would suggest an uninstall, restart and cleanup with this tool:
http://ca.huji.ac.il/bf/mcafee/NoNav.exe
This will clean your system of Norton residues.
Restart again and reinstall and update Norton.
That should do it.
Post back your findings.
Zee
And almost forgot these:
Replacing Your Computer's CMOS Battery
http://www.rlrouse.com/computer-loses-time.html
Information about the computer CMOS
http://www.computerhope.com/help/cmos.htm
ASKER
thanks How in the world do you know this stuff!!!! I will let you know what transpires
ASKER
about the 2 files that are still on the computer. Panda shows them in the following location:
c:\undo\backup.cab[whInsta
c:\undo\backup.cab[Belt.in
I can't seem to delete these files manually
thanks
c:\undo\backup.cab[whInsta
c:\undo\backup.cab[Belt.in
I can't seem to delete these files manually
thanks
Hello,
Using Mcaffee tool to remove their competitor is not what you should do, unless you wish to install Mcaffee AV. Just thought, I may be wrong.
Before you replace battery on the Main board:
• Get battery that exactly match yours existing
• Go to CMOS settings [during boot up, pres and hold “dell key or other appropriate Keyboard key”]
• Right down CMOS settings as they will change once you replace battery
• Make sure you have protect PC from ESD
• Change battery, start system and enter CMOS. Correct any changes if they bin made.
• Restart the system.
To remove Norton:
• Go to safe mode and use “add/remove” tool in “control panel”
• Remove Norton AV and Norton Update manager
• Manually remove all files and folders that are left behind (Use “search” and look for “NORTON and SYMANTEC”
• Clean registry of Norton and SYMANTEC entries. You can do it manually by going in to registry “start, run, type regedit. Click on “EDIT” and then on Find. Type Norton and ENTER, delete entry’s associated with Norton (after delete pres F3 key and kip doing till search is over. Repeat same for Symantec. This can be time consuming and make sure you export and save registry before doing it. Not to say, be very careful what you delete.
You can use third party registry cleaners (some are free). I would be very careful with it. You can find all kinds in Google search.
Restart system and reinstall Norton.
Again I highly recommending you to install and run Microsoft Windows Spyware.
Using Mcaffee tool to remove their competitor is not what you should do, unless you wish to install Mcaffee AV. Just thought, I may be wrong.
Before you replace battery on the Main board:
• Get battery that exactly match yours existing
• Go to CMOS settings [during boot up, pres and hold “dell key or other appropriate Keyboard key”]
• Right down CMOS settings as they will change once you replace battery
• Make sure you have protect PC from ESD
• Change battery, start system and enter CMOS. Correct any changes if they bin made.
• Restart the system.
To remove Norton:
• Go to safe mode and use “add/remove” tool in “control panel”
• Remove Norton AV and Norton Update manager
• Manually remove all files and folders that are left behind (Use “search” and look for “NORTON and SYMANTEC”
• Clean registry of Norton and SYMANTEC entries. You can do it manually by going in to registry “start, run, type regedit. Click on “EDIT” and then on Find. Type Norton and ENTER, delete entry’s associated with Norton (after delete pres F3 key and kip doing till search is over. Repeat same for Symantec. This can be time consuming and make sure you export and save registry before doing it. Not to say, be very careful what you delete.
You can use third party registry cleaners (some are free). I would be very careful with it. You can find all kinds in Google search.
Restart system and reinstall Norton.
Again I highly recommending you to install and run Microsoft Windows Spyware.
Regarding the undeletable files, have you tried Safe Mode, navigate to that folder and manually delete it?
This could also be useful:
How do I delete an "undeletable" file?
http://www.dougknox.com/xp/tips/xp_undeletable_file.htm
Regardig the NoNav tool, grujiczoran,
I am sorry you don't know the NoNav tool, that is NOT Mcafee. Even if the link seems to suggest that, you should take a look before commenting:
NONAV is an unsupported Symantec tool for removing files and registry keys from Norton Antivirus / Symantec Antivirus.
This is helpful for example when an upgrade from an older version fails and you need to prepare the machine for a clean re-installation.
The tool can be sent out to customers as long as they have been informed that nonav is an unsupported tool / without warranty and provided "as-is".
NONAV removes the following products from filesystem/registry:
NAV Norton Antivirus 4.x / 5.x
NAVCE Norton Antivirus Corporate Edition 7.0x 7.5x 7.6x
SAVCE Symantec Antivirus Corporate Edition 8.0x 8.1x 9.x
SSC Symantec System Center (from CE 7.x / 8.x / 9.x)
AMS Alert Management System (from CE 7.x / 8.x / 9.x)
SCF Symantec Client Firewall 5.x 7.x
NONAV can also be set to remove the following components:
Symevent drivers
LiveUpdate (1.5-2.0)
shared Virus Definitions
Central Quarantine Server / Quarantine Console
NONAV should leave other Symantec products alone on the machine but only very limited testing has been done on this.
PcAnywhere 10.5 / 11, Ghost 8.0/2003 and the Central Quarantine Server has been tested and appear to work fine after running nonav.
NONAV is designed to work on the following OS:
Windows 2003 Server
Windows XP
Windows 2000 Professional / Server
Windows NT4 Workstation / Server
Windows ME
Windows 98
Windows 95
The above was quoted from the included NONAV.TXT file.
And a footnote: the Add/Remove orocedure does not remove all the Norton/Symantec references in the registry and system (Surprised? Shouldn't be...)
Cheers,
Zee
Hello,
Two files you are talking about are probably saved in guaranty folder of one of your cleaner programs.
Check guaranty of your programs and delete them from there.
If that is not the case. Again clear restore points and go to safe mode and navigate to folder and delete them from there.
This folder may be hidden. If so, click on “folder options” Then “View” Select “show hidden files and folders”
Then try to find it and delete. Restart the system and do all scaning again. When you are done do not forget pot back restore points.
Belt.ini is file created by adware. Another nasty thing. See Norton.
Important:
Before you install any Antivirus program on your system, you have to clean computer of all viruses and spywares. Installing AV programs on infected PC will not work well. Son or later you will have problems. Also some viruses will make AV work OK, but will not detect them.
Sometimes cleaning viruses and spyware can be very time consuming and still anybody can very easily miss some little file that will make virus reaper. Maybe reinstalling OS is better choice. Backup and save all important files before reinstalling OS.
Good lock
Two files you are talking about are probably saved in guaranty folder of one of your cleaner programs.
Check guaranty of your programs and delete them from there.
If that is not the case. Again clear restore points and go to safe mode and navigate to folder and delete them from there.
This folder may be hidden. If so, click on “folder options” Then “View” Select “show hidden files and folders”
Then try to find it and delete. Restart the system and do all scaning again. When you are done do not forget pot back restore points.
Belt.ini is file created by adware. Another nasty thing. See Norton.
Important:
Before you install any Antivirus program on your system, you have to clean computer of all viruses and spywares. Installing AV programs on infected PC will not work well. Son or later you will have problems. Also some viruses will make AV work OK, but will not detect them.
Sometimes cleaning viruses and spyware can be very time consuming and still anybody can very easily miss some little file that will make virus reaper. Maybe reinstalling OS is better choice. Backup and save all important files before reinstalling OS.
Good lock
To blue_zee
I was wrong about NONAV, and yes I did not know about it. I Apologizing if my coment ofended you. I did not have attention whatsoever to undermind your help.
I did say to clean registry and explaying how.
any way I'm not doing it for competition, but to help and learn.
thanks.
I was wrong about NONAV, and yes I did not know about it. I Apologizing if my coment ofended you. I did not have attention whatsoever to undermind your help.
I did say to clean registry and explaying how.
any way I'm not doing it for competition, but to help and learn.
thanks.
No problem, I was not offended at all.
Just thought you drew conclusions too fast, nothing else!
And thank you for the feedback, I appreciated your reply.
Thanks.
Zee