Jump to content


Anti-Spyware Brigade
  • Content Count

  • Joined

  • Last visited

About kimberley27

  • Rank
    Advanced Member
  • Birthday 06/27/1966

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
  • Interests
    Josh Groban

Previous Fields

  • System Specifications:
  • Teams:
  1. Mr very gorgeous Josh Groban Hugs Kimberley
  2. hi m, i did a little more checking through my trends logs, firstly when the worm was first picked up, actual time and date. then to see if it had been straight after an update which it was not, which is good news. this means that i like you proberly Trend already had the right updates to keep it clear. if it had been after an update and not picked up by realtime, i would have thought maybe it could have been on there for a while and the latest updates now includes the ability to find it. i guess what i am trying to say is that if realtime picked it up, without just having been updated it proberly got it straight away. as for passwords i never allow mine to be stored by ms or anyone else, i know this then takes some careful keeping of them, but its safer then the thought they are sitting on my pc. if you want to check your ports now go to this site and run a "shields up" check and a leak test!! http://www.grc.com/ also the pits homepage has several test you may want to run if you are new here. run the full test check. http://www.pcpitstop.com/ by the way the link you posted is not working at the moment at least not for me!! kimberley
  3. hi Mctavish, i have had the same report as you. i saw no listing for it in my log files other than the clean up log, nothing in the virus sections at all. i believe the files i listed originally are part of sun Java and the intrusion noted was infact by trend itself. one causing the other so to speak. anyway like you i have not had any other reports. my pc is protected by 3 different firewalls hardware and software, and if this did get in, which i doubt its gone now, as has yours you say. i have run several further antivirus test and suggest you do this to make sure, also remember to disable system restore. then re-enable, to clear it out. i found this file from them on it http://be.trendmicro-europe.com/enterprise...BOT.APA&VSect=O hope this helps kimberley
  4. hi again its seems from the link you are only using an online scanner, is it at all possible for you to get a full version of an anti virus? i cant tell you if the online scanner is capable of removing this yet? but i believe it is. also i have a file for you to check out http://www.trendmicro.com/vinfo/virusencyc...T%2EAAB&VSect=P anyway which ever one you are using i need to know what you see actually when the scan has finished. where the file is located etc. run your antivirus again and copy the results here. i need to check this because the file you are trying to delete may be in your system restore. also you can try the pits online virus scanner http://www.pcpitstop.com/antivirus/default.asp and this one called the stinger http://vil.nai.com/vil/stinger/ download the file download stinger exe. which ever you use, i can't stress enough the matter of a realtime antivirus and firewall. any infectioned cleared pc will not remain clear without these!! hope this helps kimberley
  5. hi debbie, stubborn sucker this one, can you tell me are you running the full version of trend, is it updated!! if so which version!! or just the online one has trend managed to get this file yet which is part of the troj too SPYW_GETSYS.A. can you check the logs to find out if this has been found and removed i could not remove this from a pc until this had been removed. could you also post actually what trend sees. kimberley
  6. hi guys Josh groban for me. Cds "Josh Groban", "Closer" dvds "live in contert" "live at the greek" In the car, on the pc, in the dvd players you get the idea. kimberley
  7. Trend s pccillin 4 me 2. i have always used these, tried norton once for about 5mins. back to trend 4 me. Av and Firewall as standard now!! anti spam. network protection. private data protection. etc Also i have a Belkin networking router with firewall, just because!! kimberley edit. Trend have been going mad in the last few days with updates, all good stuff!!
  8. Hi guys, Just found this file on my desktop, I am not sure actually when it appeared as I was doing other things!! Anyway the only thing I know is that about 30mins ago. I had a warning from form realtime to say that this had been detected and cleaned.# Worm SDBOT.APA clean successful!! Where the two are related I don’t know!! Anyone with any ideas on this Thanks kimberley Heres what the file reads hs_err_pid3056 An unexpected exception has been detected in native code outside the VM. Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x324 Function=[unknown.] Library=(N/A) NOTE: We are unable to locate the function name symbol for the error just occurred. Please refer to release documentation for possible reason and solutions. Current Java thread: at sun.awt.windows.WToolkit.eventLoop(Native Method) at sun.awt.windows.WToolkit.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Dynamic libraries: 0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE 0x77F50000 - 0x77FF7000 C:\WINDOWS\System32\ntdll.dll 0x77E60000 - 0x77F46000 C:\WINDOWS\system32\kernel32.dll 0x77C10000 - 0x77C63000 C:\WINDOWS\system32\msvcrt.dll 0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll 0x7F000000 - 0x7F041000 C:\WINDOWS\system32\GDI32.dll 0x77DD0000 - 0x77E5D000 C:\WINDOWS\system32\ADVAPI32.dll 0x78000000 - 0x78087000 C:\WINDOWS\system32\RPCRT4.dll 0x70A70000 - 0x70AD9000 C:\WINDOWS\system32\SHLWAPI.dll 0x71700000 - 0x71848000 C:\WINDOWS\System32\SHDOCVW.dll 0x71950000 - 0x71A34000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll 0x4F510000 - 0x4FD21000 C:\WINDOWS\system32\SHELL32.dll 0x77340000 - 0x773CB000 C:\WINDOWS\system32\comctl32.dll 0x771B0000 - 0x772D4000 C:\WINDOWS\system32\ole32.dll 0x5AD70000 - 0x5ADA4000 C:\WINDOWS\System32\uxtheme.dll 0x71500000 - 0x715FD000 C:\WINDOWS\System32\BROWSEUI.dll 0x72430000 - 0x72442000 C:\WINDOWS\System32\browselc.dll 0x75F40000 - 0x75F5F000 C:\WINDOWS\system32\appHelp.dll 0x7C890000 - 0x7C911000 C:\WINDOWS\System32\CLBCATQ.DLL 0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll 0x77050000 - 0x77115000 C:\WINDOWS\System32\COMRes.dll 0x77C00000 - 0x77C07000 C:\WINDOWS\system32\VERSION.dll 0x63000000 - 0x63096000 C:\WINDOWS\system32\WININET.dll 0x762C0000 - 0x76348000 C:\WINDOWS\system32\CRYPT32.dll 0x762A0000 - 0x762B0000 C:\WINDOWS\system32\MSASN1.dll 0x76F90000 - 0x76FA0000 C:\WINDOWS\System32\Secur32.dll 0x76620000 - 0x7666E000 C:\WINDOWS\System32\cscui.dll 0x76600000 - 0x7661C000 C:\WINDOWS\System32\CSCDLL.dll 0x76670000 - 0x76757000 C:\WINDOWS\System32\SETUPAPI.dll 0x11000000 - 0x1102F000 C:\Program Files\SpywareGuard\dlprotect.dll 0x73420000 - 0x73573000 C:\WINDOWS\System32\MSVBVM60.DLL 0x01200000 - 0x012BB000 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 0x5EDD0000 - 0x5EDEA000 C:\WINDOWS\System32\olepro32.dll 0x1A400000 - 0x1A47A000 C:\WINDOWS\system32\urlmon.dll 0x76170000 - 0x761F8000 C:\WINDOWS\System32\shdoclc.dll 0x74770000 - 0x747FF000 C:\WINDOWS\System32\mlang.dll 0x71AD0000 - 0x71AD8000 C:\WINDOWS\System32\wsock32.dll 0x71AB0000 - 0x71AC5000 C:\WINDOWS\System32\WS2_32.dll 0x71AA0000 - 0x71AA8000 C:\WINDOWS\System32\WS2HELP.dll 0x71A50000 - 0x71A8B000 C:\WINDOWS\system32\mswsock.dll 0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll 0x76EE0000 - 0x76F17000 C:\WINDOWS\System32\RASAPI32.DLL 0x76E90000 - 0x76EA1000 C:\WINDOWS\System32\rasman.dll 0x71C20000 - 0x71C6E000 C:\WINDOWS\System32\NETAPI32.dll 0x76EB0000 - 0x76EDB000 C:\WINDOWS\System32\TAPI32.dll 0x76E80000 - 0x76E8D000 C:\WINDOWS\System32\rtutils.dll 0x76B40000 - 0x76B6C000 C:\WINDOWS\System32\WINMM.dll 0x5CD70000 - 0x5CD77000 C:\WINDOWS\System32\serwvdrv.dll 0x5B0A0000 - 0x5B0A7000 C:\WINDOWS\System32\umdmxfrm.dll 0x01A60000 - 0x01C61000 C:\WINDOWS\System32\msi.dll 0x75E90000 - 0x75F3D000 C:\WINDOWS\System32\SXS.DLL 0x722B0000 - 0x722B5000 C:\WINDOWS\System32\sensapi.dll 0x75A70000 - 0x75B15000 C:\WINDOWS\system32\USERENV.dll 0x76FC0000 - 0x76FC5000 C:\WINDOWS\System32\rasadhlp.dll 0x76F20000 - 0x76F45000 C:\WINDOWS\System32\DNSAPI.dll 0x76FB0000 - 0x76FB7000 C:\WINDOWS\System32\winrnr.dll 0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll 0x76D60000 - 0x76D77000 C:\WINDOWS\System32\iphlpapi.dll 0x63580000 - 0x6381C000 C:\WINDOWS\System32\mshtml.dll 0x746F0000 - 0x74716000 C:\WINDOWS\System32\msimtf.dll 0x74720000 - 0x74764000 C:\WINDOWS\System32\MSCTF.dll 0x76390000 - 0x763AC000 C:\WINDOWS\System32\IMM32.DLL 0x32520000 - 0x32532000 C:\Program Files\Microsoft Office\Office10\msohev.dll 0x6B700000 - 0x6B790000 C:\WINDOWS\System32\jscript.dll 0x746C0000 - 0x746E7000 C:\WINDOWS\System32\MSLS31.DLL 0x74CB0000 - 0x74D1F000 C:\WINDOWS\System32\mshtmled.dll 0x72D20000 - 0x72D29000 C:\WINDOWS\System32\wdmaud.drv 0x72D10000 - 0x72D18000 C:\WINDOWS\System32\msacm32.drv 0x77BE0000 - 0x77BF4000 C:\WINDOWS\System32\MSACM32.dll 0x77BD0000 - 0x77BD7000 C:\WINDOWS\System32\midimap.dll 0x66E50000 - 0x66E8B000 C:\WINDOWS\System32\iepeers.dll 0x73000000 - 0x73023000 C:\WINDOWS\System32\WINSPOOL.DRV 0x67DE0000 - 0x67DF3000 C:\Program Files\IncrediMail\bin\ImHook.dll 0x5FF20000 - 0x5FF43000 C:\WINDOWS\System32\MSRATING.DLL 0x5FF50000 - 0x5FF61000 C:\WINDOWS\System32\msratelc.dll 0x71D40000 - 0x71D5B000 C:\WINDOWS\System32\ACTXPRXY.DLL 0x60300000 - 0x60307000 C:\Program Files\Yahoo!\Messenger\idle.dll 0x7C340000 - 0x7C396000 C:\Program Files\Yahoo!\Messenger\MSVCR71.dll 0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll 0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2\bin\jpiexp32.dll 0x6D380000 - 0x6D397000 C:\Program Files\Java\j2re1.4.2\bin\jpishare.dll 0x08000000 - 0x08136000 C:\PROGRA~1\Java\J2RE14~1.2\bin\client\jvm.dll 0x10000000 - 0x10007000 C:\PROGRA~1\Java\J2RE14~1.2\bin\hpi.dll 0x017B0000 - 0x017BE000 C:\PROGRA~1\Java\J2RE14~1.2\bin\verify.dll 0x017E0000 - 0x017F8000 C:\PROGRA~1\Java\J2RE14~1.2\bin\java.dll 0x01800000 - 0x0180D000 C:\PROGRA~1\Java\J2RE14~1.2\bin\zip.dll 0x061D0000 - 0x062DA000 C:\Program Files\Java\j2re1.4.2\bin\awt.dll 0x062E0000 - 0x06330000 C:\Program Files\Java\j2re1.4.2\bin\fontmanager.dll 0x51000000 - 0x5104D000 C:\WINDOWS\System32\ddraw.dll 0x73BC0000 - 0x73BC6000 C:\WINDOWS\System32\DCIMAN32.dll 0x5C000000 - 0x5C0C8000 C:\WINDOWS\System32\D3DIM700.DLL 0x6D2F0000 - 0x6D304000 C:\Program Files\Java\j2re1.4.2\bin\jpicom32.dll 0x01850000 - 0x0185F000 C:\Program Files\Java\j2re1.4.2\bin\net.dll 0x03790000 - 0x037B2000 C:\Program Files\Java\j2re1.4.2\bin\dcpr.dll 0x76C90000 - 0x76CB2000 C:\WINDOWS\system32\imagehlp.dll 0x6D510000 - 0x6D58D000 C:\WINDOWS\system32\DBGHELP.dll 0x76BF0000 - 0x76BFB000 C:\WINDOWS\System32\PSAPI.DLL Heap at VM Abort: Heap def new generation total 576K, used 529K [0x1a480000, 0x1a520000, 0x1abe0000) eden space 512K, 90% used [0x1a480000, 0x1a4f4730, 0x1a500000) from space 64K, 99% used [0x1a500000, 0x1a50fff8, 0x1a510000) to space 64K, 0% used [0x1a510000, 0x1a510000, 0x1a520000) tenured generation total 4572K, used 3114K [0x1abe0000, 0x1b057000, 0x20480000) the space 4572K, 68% used [0x1abe0000, 0x1aeea990, 0x1aeeaa00, 0x1b057000) compacting perm gen total 5376K, used 5234K [0x20480000, 0x209c0000, 0x24480000) the space 5376K, 97% used [0x20480000, 0x2099ca48, 0x2099cc00, 0x209c0000) Local Time = Wed Feb 02 23:38:04 2005 Elapsed Time = 57 # # The exception above was detected in native code outside the VM # # Java VM: Java HotSpot Client VM (1.4.2-b28 mixed mode) #
  9. hi guys just an up date, on this after trend removed the downloaded file, SPYW_GETSYS.A. an date from them after and a pc restart, and it has now quarantine Troj.Agent AAB it did find the virus again , but only in the restore files which i then disabled and then re enabled again. thanks kimberley
  10. thanks i will have another prod and poke at this tomorrow when i get around there i will let you know how it goes and what i find out from it, hugs kimberley
  11. hi willl either of these remove it??? http://www.trendmicro.com/vinfo/virusencyc...T%2EAAB&VSect=P this is what i found from trend, i have no idea why their clean up is not removing it. it found and quarantine the spyware file, it downloaded, but will not remove the troj itself thanks kimberley
  12. Hi jacee thanks for that, this seems to be only a removal if you have their product already installed. all the links available send you around in circle s and then back to the start again, do you know if there is available a removal tool for this. thanks kimberley
  13. Hi guys i haven't been around much lately, been busy. you know the type of thing. great to be back in the fold again lol. any way i installed trendmicro pccillin 2005 on a pc today, and it found this TROJ AGENT. AAB IN C:\WINDOWS\System32\Pzkgwn.exe Trend micro has been unable to remove or quarantine it, even though it is listed now as a removable troj in their previous updates. anyway i did a manual scan, and tried to remove it, after setting system restore, still it told me the file could not be removed. i searched for it and tried to remove it, still got error in accessing this file anyone know how the get rid of it. now i am home i will try and do a little research on it myself, just to see what comes up. trends realtime is on reminder on the time that the virus is active, so pops up with the info 24/7 now. any help please would be thankfully received kimberley
  14. hi guys, i leave all mine running apart from when i am out of the house, for a while. at night i use one pc as a surveillance cam, for out side. (nosy i know) one thing i do have however is everything protected by a good surge protector, even my wireless broadband connection etc, everything runs together so everything is protected. kimberley :beer:
  15. hi nez, i just remembered that when i use windows movie maker to transfer vhs the my compy i need to connect a cable from the mic port, to my sound card, could this be the problem, should i connect it again? although doing the test you recommended allowed me to see and hear the sound being transferred from my mic (toucam). the toucam was however not listed as a capture device in wins movie only "rage" ati video capture. when i selected "capture" i got an error stating shut down all aps using this. a window also opened the sound config, which when i speak allows sound to be transferred as i stated above. it shows an input level microphone slider. which is config. as audio device toucam. audio input microphone. video in compos. which is guess is the setting left when i use win mov. for editing. still this does not explain how or why i cannot send all receive sound via my web cam. many thanks for your help kimberley :beer:
  • Create New...