xLeon
asked on
which antivirus
Hello,
could you advise me which antivirus is the best? I'm using Norton Antivirus and Ad-Aware with latest updates but it isn't enough.
There are still viruses on my computer and internet is much slower. It should be 512 kbps and my indicator shows 524 kbps but the reality is another. I must wait lots of minutes when I'll write internet address and now I must restart computer, because it's impossible to click through to the form with this question. (I'm writing it in notepad)
thanks for help
could you advise me which antivirus is the best? I'm using Norton Antivirus and Ad-Aware with latest updates but it isn't enough.
There are still viruses on my computer and internet is much slower. It should be 512 kbps and my indicator shows 524 kbps but the reality is another. I must wait lots of minutes when I'll write internet address and now I must restart computer, because it's impossible to click through to the form with this question. (I'm writing it in notepad)
thanks for help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
kenfcamp
I've used PC-Cillin "http://www.trentmicro.com" for over 5 years on my windows machines, and have to say, I've never had reason to look for something else.
You'd better reinstall Windows.
Or identify suspicious proceeses using the task manager and look up more info about them in the Internet. That's how I remove spyware which Anti-Spyware programs cannot remove.
Or identify suspicious proceeses using the task manager and look up more info about them in the Internet. That's how I remove spyware which Anti-Spyware programs cannot remove.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i've used norton anti-virus in the past, as long as it's kept updated it's the best antivirus software out there in my opinion.
if you're looking for a free alternative, try AVG antivirus: http://www.grisoft.com
if you can pinpoint the actual viruses in question, there is no need to reinstall your entire system. just open your PC in safemode (press F8 repeatidly at startup and select SafeMode from the menu that will appear) and go into your system and manually delete them.
if you're looking for a free alternative, try AVG antivirus: http://www.grisoft.com
if you can pinpoint the actual viruses in question, there is no need to reinstall your entire system. just open your PC in safemode (press F8 repeatidly at startup and select SafeMode from the menu that will appear) and go into your system and manually delete them.
ASKER
Internet isn't working now in my computer, but it's interconnected with another computer with internet sharing. It is interesting that internet is going fast on the other computer.
But I can't use those programs, because they will analyze the healthy computer and some programs are not free.
I found these viruses with norton and adaware and they are still returning:
HVLScan.exe, Haktek.exe, Aphex.exe
I used SpyBot and it has found MiniBug
I'd like to reinstall Windows but I can't. My CD-ROM isn't working, it's damaged
But I can't use those programs, because they will analyze the healthy computer and some programs are not free.
I found these viruses with norton and adaware and they are still returning:
HVLScan.exe, Haktek.exe, Aphex.exe
I used SpyBot and it has found MiniBug
I'd like to reinstall Windows but I can't. My CD-ROM isn't working, it's damaged
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
xLeon,
Please follow what I wrote earlier
If computer still slow, download HijackThis
http://www.hijackthis.de/
Run the program and you will find many entries. Most are OK. Post the log at the Hijackthis forum and click Analyze, Save. Post a link to the saved list here.
Please follow what I wrote earlier
If computer still slow, download HijackThis
http://www.hijackthis.de/
Run the program and you will find many entries. Most are OK. Post the log at the Hijackthis forum and click Analyze, Save. Post a link to the saved list here.
I highly recommend Kaspersky Personal or Kaspersky Personal Pro. Always lightning fast scanning, doesnt slowdown the machine a single bit. Has integrated scripting, email, macro scanner. Updates come out every 3 hours. And the price is very low as compared by other solutions. Check it out at http://kaspersky.com
Trend is way faster than Norton (5-6 times!).
If you up the points, we'll help you fix this.
If you up the points, we'll help you fix this.
KAV, by Kaspersky Labs is one of the best tested ones, speed wise and detection rates.
ASKER
Hi, I'm sending the link on hijack analysis
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html
I'd turn off the following:
pdvdservice.exe (This doesn't have to run resident)
CloneCDTray.exe (This doesn't have to run resident)
Realsched.exe (Is used to downlaod realplayer updates, but is mainly there for sending you ads. You can update realplayer manually, so I'd not run this in the background.)
msmsgs.exe (ms messenger service, not necessary and can be missused to compromise your PC)
wzqkpick.exe (Winzip also runs when it isn't resident)
elbycheck.exe (This doesn't have to run resident)
NeroCheck.exe (This doesn't have to run resident)
mouse.exe (might be a mouse driver, but XP supports mice without extra drivers, so I think this could also be a virus or worm)
OSA9.exe (This doesn't have to run resident)
Also, your internet explorer is out of date, this leads me to believe that your windows isn't uptodate either. Run Windowsupdate manually, also update not just the critical updates.
pdvdservice.exe (This doesn't have to run resident)
CloneCDTray.exe (This doesn't have to run resident)
Realsched.exe (Is used to downlaod realplayer updates, but is mainly there for sending you ads. You can update realplayer manually, so I'd not run this in the background.)
msmsgs.exe (ms messenger service, not necessary and can be missused to compromise your PC)
wzqkpick.exe (Winzip also runs when it isn't resident)
elbycheck.exe (This doesn't have to run resident)
NeroCheck.exe (This doesn't have to run resident)
mouse.exe (might be a mouse driver, but XP supports mice without extra drivers, so I think this could also be a virus or worm)
OSA9.exe (This doesn't have to run resident)
Also, your internet explorer is out of date, this leads me to believe that your windows isn't uptodate either. Run Windowsupdate manually, also update not just the critical updates.
ASKER
the following processes aren't between running processes: elbycheck.exe, NeroCheck.exe, OSA9.exe
the process msmsgs.exe is impossible to end up. It is appearing between running processes again and again.
I don't have explorer as a default browser. I'm using Mozilla Firefox 1.0.3
the process msmsgs.exe is impossible to end up. It is appearing between running processes again and again.
I don't have explorer as a default browser. I'm using Mozilla Firefox 1.0.3
You can disable the messenger via outlook in tools, options, other, the instant messaging checkbox. Elbycheck you can also disable via msconfig in the startup tab or the services tab, and if it shows up in your taskbar, by rightclicking it you can often turn off these items from starting. Otherwise you should also be able to disable that via Clone CD and changing the configuration options. The same should work with nerocheck.
ASKER
I have Microsoft Outloook 2000 and I can't find there instant messaging checkbox. Except of msmsgs.exe are all 'malicious' processes from the above list disabled.
Outlook -> Tools -> Options. The "Other" Tab, the option right at the bottom of the screen.
You can also right click in the taskbar on the messanger and open the service, then you can look for the setup of it and find and disable where it say's start automatically on bootup (or similar).
You can also right click in the taskbar on the messanger and open the service, then you can look for the setup of it and find and disable where it say's start automatically on bootup (or similar).
Here is how to disable Windows Messenger
Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.
Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.
To expand on what rindi already said:
Start Messenger, then Tools -> Options -> Preferences and un-check the box that reads "Run Windows Messenger when Windows starts"
Start Messenger, then Tools -> Options -> Preferences and un-check the box that reads "Run Windows Messenger when Windows starts"
ASKER
In outlook 2000 is it probably somewhere else
in Services I can't find Windows messanger
I think that this process isn't critical because now is internet running OK. I have just done two scans with Norton and Adware.
in Services I can't find Windows messanger
I think that this process isn't critical because now is internet running OK. I have just done two scans with Norton and Adware.
ASKER
Is this scan better?
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html
If you are unfamiliar with this domain, hve HJT delete it
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
All those entries for hostserv.exe are extremely suspicious. If you don;t know what that process is, suggest removing or disabling it.
ASKER
I tried that ip address in my browser but is probably doesn't exist. But I don't know how to delete it.
hostserv is removed.
hostserv is removed.
"hostserv is removed."
Good. You might want to do another scan with HijackThis and make sure it didn't come back.
Those nameservers seem legit. Are you based somewhere in Europe or Africa?
Good. You might want to do another scan with HijackThis and make sure it didn't come back.
Those nameservers seem legit. Are you based somewhere in Europe or Africa?
194.228.2.1 PTR record: ns2.tel.cz. [TTL 86400s] [A=194.228.2.1]
194.228.41.113 PTR record: dns-polvezni.iol.cz. [TTL 86400s] [A=194.228.41.113]
i
netnum: 194.228.2.0 - 194.228.2.31
netname: BFP-PCD-AIS
descr: IOL - Internal LAN, DNS
country: CZ
admin-c: IOL1-RIPE
tech-c: IOL1-RIPE
status: ASSIGNED PA
notify: hostmaaster@iol.cz
mnt-by: AS5610-MTN
changed: hostmaster@iol.cz 20020404
source: RIPE
inetnum: 194.228.41.64 - 194.228.41.127
netname: INFOVISTA-NET
descr: Thamova 11
descr: Praha 8
country: CZ
admin-c: IOL1-RIPE
tech-c: IOL1-RIPE
status: ASSIGNED PA
notify: hostmaster@iol.cz
mnt-by: AS5610-MTN
changed: hostmaster@iol.cz 20020609
source: RIPE
194.228.41.113 PTR record: dns-polvezni.iol.cz. [TTL 86400s] [A=194.228.41.113]
i
netnum: 194.228.2.0 - 194.228.2.31
netname: BFP-PCD-AIS
descr: IOL - Internal LAN, DNS
country: CZ
admin-c: IOL1-RIPE
tech-c: IOL1-RIPE
status: ASSIGNED PA
notify: hostmaaster@iol.cz
mnt-by: AS5610-MTN
changed: hostmaster@iol.cz 20020404
source: RIPE
inetnum: 194.228.41.64 - 194.228.41.127
netname: INFOVISTA-NET
descr: Thamova 11
descr: Praha 8
country: CZ
admin-c: IOL1-RIPE
tech-c: IOL1-RIPE
status: ASSIGNED PA
notify: hostmaster@iol.cz
mnt-by: AS5610-MTN
changed: hostmaster@iol.cz 20020609
source: RIPE
>> I tried that ip address in my browser but is probably doesn't exist. But I don't know how to delete it.
Check the item in HijackThis log and have HJT delete it.
Check the item in HijackThis log and have HJT delete it.
ASKER
that seems to be nameserver of my provider
I would leave it alone.
ASKER
and this is another scan
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html
mouse and hostserv are there again but they are not between running processes
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html
mouse and hostserv are there again but they are not between running processes
"mouse and hostserv are there again"
If HiJackThis won't remove it, you can just use Regedit to edit the resgistry, browse on over to HKLM\SOFTWARE\Microsoft\Wi
and delete the entries for mouse and hostserv from there
(but do this only if you are somewhat familiar with regedit)
Be sure to run HijackThis again to be sure they are really gone.
If HiJackThis won't remove it, you can just use Regedit to edit the resgistry, browse on over to HKLM\SOFTWARE\Microsoft\Wi
and delete the entries for mouse and hostserv from there
(but do this only if you are somewhat familiar with regedit)
Be sure to run HijackThis again to be sure they are really gone.
Mainly try getting rid of that mouse.exe. If you can't remove it via hijackthis or regedit, boot into safe mode, find mouse.exe and either rename or delete this file. Also don't have realsched starting up. Then, you are still using an outdated IE version. Even if you use firefox for normal surfing, IE is still necessary for the windowsupdate. Run the full windowsupdate by hand, don't just select the critical updates, also select the others.
ASKER
HiJackthis was able to remove mouse and hostserv
now it's time to split up points between you experts. 25 war1, 20 rindi, 20 r-k. I don't have more points, so many thanks to DeltaFire
now it's time to split up points between you experts. 25 war1, 20 rindi, 20 r-k. I don't have more points, so many thanks to DeltaFire
Thanks too.
Good luck to you and don't get anymore adware. :)
Good Luck and happy surfring ;-)