How serious is the trojan "VBS/StartPage.NAM"?
How serious is the trojan "VBS/StartPage.NAM"?
And what should I do with "[7] Object is probably infected with an unknown virus"?
My Eset Smart Security just finished scanning my HP Compaq nx7300 Windows XP SP3 Pro: internal HDD 250 GB, two external HDD (Freecom Toughdrive no. 1 and Freecom Toughdrive no. 2, each on 250 GB).
Results:
No. of threats found: 2
No. of scanned objects: 7,327,848
Scanning time: 8 hours 50 minutes
[4] Object cannot be opened. It may be in use by another application or operating system
[7] Object is probably infected with an unknown virus
I know that one of the two threats that was found is false alarm.
The second threat is this:
I:\Kingston USB\Install directly after wiping HDD\Security software\ComboFix.exe » RAR » 32788R22FWJFW\Creg.dat - VBS/StartPage.NAM trojan
How serious is this virus? It was not found on my USB, but on a folder on my external HDD Freecom toughdrive no. 1 (the folder was named \Kingston USB\).
And what should I do with "[7] Object is probably infected with an unknown virus"?
To the thing is that my external HDD Freecom toughdrive no. 1 was reported this morning as "Unknown device. No drivers are installed for this device". So I can not open or access my Freecom toughdrive no. 1 now. I have made another posting about this issue. I has happened for a long time that this Freecom Toughdrive no. 1 is not recognized, and I always disconnect it a few times, and after that it finally finds the external HDD.
And what should I do with "[7] Object is probably infected with an unknown virus"?
My Eset Smart Security just finished scanning my HP Compaq nx7300 Windows XP SP3 Pro: internal HDD 250 GB, two external HDD (Freecom Toughdrive no. 1 and Freecom Toughdrive no. 2, each on 250 GB).
Results:
No. of threats found: 2
No. of scanned objects: 7,327,848
Scanning time: 8 hours 50 minutes
[4] Object cannot be opened. It may be in use by another application or operating system
[7] Object is probably infected with an unknown virus
I know that one of the two threats that was found is false alarm.
The second threat is this:
I:\Kingston USB\Install directly after wiping HDD\Security software\ComboFix.exe » RAR » 32788R22FWJFW\Creg.dat - VBS/StartPage.NAM trojan
How serious is this virus? It was not found on my USB, but on a folder on my external HDD Freecom toughdrive no. 1 (the folder was named \Kingston USB\).
And what should I do with "[7] Object is probably infected with an unknown virus"?
To the thing is that my external HDD Freecom toughdrive no. 1 was reported this morning as "Unknown device. No drivers are installed for this device". So I can not open or access my Freecom toughdrive no. 1 now. I have made another posting about this issue. I has happened for a long time that this Freecom Toughdrive no. 1 is not recognized, and I always disconnect it a few times, and after that it finally finds the external HDD.
Nod is detecting Combofix as a virus. Dont worry. Disregard that. Majority of Anti Virus programs detect Combofix as a virus due to the contents of Combofix.
If any worrries you can delete it anyway and get a new copy.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
If any worrries you can delete it anyway and get a new copy.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
What is the path of the first detection?
ASKER
The first detection is 100 % no virus, I've got that confirmed earlier. Ok, feels good, no virus then. But still a lot of problem with my Windows: Blue screen, freezing. Maybe just too many new installations.
ASKER
Before I close down the results from the scan,
what should I do with "[7] Object is probably infected with an unknown virus"?
and
[4] Object cannot be opened. It may be in use by another application or operating system
Are these dangerous to leave and not do anything about? I use Eset Smart Security. How can I do anything about these? Are they saved somewhere?
what should I do with "[7] Object is probably infected with an unknown virus"?
and
[4] Object cannot be opened. It may be in use by another application or operating system
Are these dangerous to leave and not do anything about? I use Eset Smart Security. How can I do anything about these? Are they saved somewhere?
Is there no file+pathname beside those?
For:
[4] Object cannot be opened. It may be in use by another application or operating system ->most likely is pagefile.sys which is ok.
You can upload three recent minidump files to be checked here to see why machine is blue screening. c:\windows\minidump is location
For:
[4] Object cannot be opened. It may be in use by another application or operating system ->most likely is pagefile.sys which is ok.
You can upload three recent minidump files to be checked here to see why machine is blue screening. c:\windows\minidump is location
ASKER
Hi
The problem remains, I often get the bluescreen with reboot, and laptop is slow and often freezes.
Here are some recent minidump-files uploaded.
Mini120609-01.dmp
Mini020910-01.dmp
The problem remains, I often get the bluescreen with reboot, and laptop is slow and often freezes.
Here are some recent minidump-files uploaded.
Mini120609-01.dmp
Mini020910-01.dmp
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tried to run 'Autoruns' in Run..., but got this message:
"Windows cannot find 'Autoruns'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
Do you mean I should type Autoruns in Start/Run...?
"Windows cannot find 'Autoruns'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
Do you mean I should type Autoruns in Start/Run...?
Autoruns is an app from microsoft(systernals)
You can download it from link above :)
You can download it from link above :)
ASKER
Optoma, thanks, got it now! I'll be back soon with the report from Autoruns
ASKER
Here's the AutoRuns file at last...
Could you please keep this posting open a little longer, so I can get the problem resolved?
I want to see what the response will be on my uploaded AutoRuns file.
AutoRuns.txt
Could you please keep this posting open a little longer, so I can get the problem resolved?
I want to see what the response will be on my uploaded AutoRuns file.
AutoRuns.txt
Stll have same startup+freezing issue?
1>Get the latest graphics card driver from HP:
http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?prodNameId=3310302<=en&cc=us&prodTypeId=3219
2>Hit start, run, type Dxdiag and run full test
3>Do you know this program:
c:\program files\premier tools\tbu09048\pltbie.dll
If not upload that dll to virustotal
http://www.virustotal.com/
1>Get the latest graphics card driver from HP:
http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?prodNameId=3310302<=en&cc=us&prodTypeId=3219
2>Hit start, run, type Dxdiag and run full test
3>Do you know this program:
c:\program files\premier tools\tbu09048\pltbie.dll
If not upload that dll to virustotal
http://www.virustotal.com/
ASKER
I have recently received important suggestions on how to solve the whole problem. Would really appreciate if you could keep the question open a little longer so I can try optoma's advices. Otherwise, I would need to post the same question over again.
ASKER
Dxdiag: all tests were successful
ASKER
Optoma,
"The page you requested can not be found" (the link to the graphics card, but the link was cut off halfways, and to press the link worked). But I couldn't find any graphics card driver.
c:\program files\premier tools\tbu09048\pltbie.dll
(What is the name of the software?) What .dll should I upload?
"The page you requested can not be found" (the link to the graphics card, but the link was cut off halfways, and to press the link worked). But I couldn't find any graphics card driver.
c:\program files\premier tools\tbu09048\pltbie.dll
(What is the name of the software?) What .dll should I upload?
What operating system is it running?
.dll is c:\program files\premier tools\tbu09048\pltbie.dll
When machine freezes + reboots, has it been running for a while?
.dll is c:\program files\premier tools\tbu09048\pltbie.dll
When machine freezes + reboots, has it been running for a while?
ASKER
Yes, it has always been running for a while, never happens in the beginning during bootup.
It's a Windows XP Pro SP3 32-bit
It's a Windows XP Pro SP3 32-bit
If machine has been running for a while, its possibly overheating.
Is the fan running smoothly on underside of laptop?
Would the laptop be placed on a smooth surface like a desk/table?
Heres the xp pro graphics driver
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=3310301&prodNameId=3310302&swEnvOID=1093&swLang=8&mode=2&taskId=135&swItem=ob-66173-1
Is the fan running smoothly on underside of laptop?
Would the laptop be placed on a smooth surface like a desk/table?
Heres the xp pro graphics driver
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=3310301&prodNameId=3310302&swEnvOID=1093&swLang=8&mode=2&taskId=135&swItem=ob-66173-1
ASKER
I've never had any problems with overheated machine before (the processor is a Intel Celeron M), and I'm in a cold environment now, and the laptop is placed on a smoóth surface (table). I think the fan is running smoothly, at least I hear nothing from it.
I've recently removed malware with ComboFix, and actually the laptop works fine now, except for two things:
1. Desktop items are all selected and not possible to unselect
2. My external HDD is not recognized any longer in My Computer (right-click Manage), but it is recognized in menu for Safely Remove Hardware. Earlier, I could unplug and plug in again, and the external HDD would get recognized. Now, that does not work either, it's only recognized in Safely Remove Hardware (and that is to no use for me as I can't access the data at all now on my external HDD).
See my related postings about this:
1. Why do I get the blue screen and after reboot the message "The system has recovered from a serious error?" ID: 25060416 (This is resolved, it doesn't happen any longer.)
2. Why has my Desktop changed background colour to white and there is a warning triangle in light-blue colour? ID: 25783936 (This is resolved, it doesn't happen any longer. But there are these two new issues now after running ComboFix with all items on Desktop selected and unrecognized external HDD.)
3. Why is my external HDD recognized on my netbook and not on my laptop? ID: 25802966
(Still unresolved.)
Thanks Optoma, I'll try updating to the latest graphics driver now
I've recently removed malware with ComboFix, and actually the laptop works fine now, except for two things:
1. Desktop items are all selected and not possible to unselect
2. My external HDD is not recognized any longer in My Computer (right-click Manage), but it is recognized in menu for Safely Remove Hardware. Earlier, I could unplug and plug in again, and the external HDD would get recognized. Now, that does not work either, it's only recognized in Safely Remove Hardware (and that is to no use for me as I can't access the data at all now on my external HDD).
See my related postings about this:
1. Why do I get the blue screen and after reboot the message "The system has recovered from a serious error?" ID: 25060416 (This is resolved, it doesn't happen any longer.)
2. Why has my Desktop changed background colour to white and there is a warning triangle in light-blue colour? ID: 25783936 (This is resolved, it doesn't happen any longer. But there are these two new issues now after running ComboFix with all items on Desktop selected and unrecognized external HDD.)
3. Why is my external HDD recognized on my netbook and not on my laptop? ID: 25802966
(Still unresolved.)
Thanks Optoma, I'll try updating to the latest graphics driver now
ASKER
Optoma,
after having installed the latest graphics drivers, I can no longer connect to internet. How can this be related to graphics drivers? After installed graphics drivers and reboot, I got several popup-windows after each other:
"Spybot - Search & Destroy has detected an important registry entry that has been changed.
Category: ...
Change: Value changed
Entry: ....
Old data: ....
New data: ....
Allow change Deny change"
I chose Allow change for all, because it should be related to the newly installed graphics drivers, right?
But now, I can't get on internet with IE8
after having installed the latest graphics drivers, I can no longer connect to internet. How can this be related to graphics drivers? After installed graphics drivers and reboot, I got several popup-windows after each other:
"Spybot - Search & Destroy has detected an important registry entry that has been changed.
Category: ...
Change: Value changed
Entry: ....
Old data: ....
New data: ....
Allow change Deny change"
I chose Allow change for all, because it should be related to the newly installed graphics drivers, right?
But now, I can't get on internet with IE8
ASKER
It works fine now to get on internet.
But the problem with selected items on Desktop remains, and not possible unselect, not even after updated graphics drivers
But the problem with selected items on Desktop remains, and not possible unselect, not even after updated graphics drivers
Posted:)
http://www.symantec.com/security_response/writeup.jsp?docid=2004-051722-4036-99&tabid=3