Crazy Laptop

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Crazy Laptop

Post by AceCombat »

my brothers laptop is acting very funny......

everytime it is restarted.....something keeps enabling LAN Proxy and Internet Connection Proxy settings.....

ive run Spybot 4 times, AdAware 5 times, and NAV 2k4 4 times......each run comes up clean...


WTF is turning those two options back on?
User avatar
CDN_Merlin
DBB_Master
DBB_Master
Posts: 9781
Joined: Thu Nov 05, 1998 12:01 pm
Location: Capital Of Canada

Post by CDN_Merlin »

Windows. I'm sure it's IE.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

recommended course of correction?

*NOTE* Formatting is not a option....
User avatar
CDN_Merlin
DBB_Master
DBB_Master
Posts: 9781
Joined: Thu Nov 05, 1998 12:01 pm
Location: Capital Of Canada

Post by CDN_Merlin »

You using ICS or the built in Firewall?
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

CDN_Merlin wrote:You using ICS or the built in Firewall?

third party.....ZA Pro V3.5
User avatar
STRESSTEST
DBB DemiGod
DBB DemiGod
Posts: 6574
Joined: Sun Nov 21, 1999 3:01 am

Post by STRESSTEST »

behind that linksys you have?
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

yes....problem with that?


anyways i fixed it.......

it was AdSubtract, a option was checked for it to assign a proxy for AdSubtract to use while IE was open....it assigned that same Proxy to LAN Settigns.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

looks like another problem surfaced.....


a time released virus or something of the sort has buried itself deep under cover to the point that NAV 04 Pro couldnt pick it up.......


formatting is the only option because NAV 04 still cant find the source..
Jagger
DBB Admiral
DBB Admiral
Posts: 1615
Joined: Wed Nov 17, 1999 3:01 am
Location: Santa Rosa, CA

Post by Jagger »

If NAV hasn't picked anything up, how do you know it's a virus?

And I'm sure you're using the latest definitions...
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

Jagger wrote:If NAV hasn't picked anything up, how do you know it's a virus?

And I'm sure you're using the latest definitions...
because everytime the damn thing boots, the orignal package releases the virus, and NAV picks that up.....

its BLOODHOUND.PACKER....i just cant find the original package that is delivering the payload.
User avatar
Wolf on Air
DBB Admiral
DBB Admiral
Posts: 1872
Joined: Mon Dec 13, 1999 3:01 am
Location: Stockholm, Sweden
Contact:

Post by Wolf on Air »

As I recall, Bloodhound is the name for NAV's huerestics system. Such systems do misfire, it's not at all certain it's a virus. From the "packer" bit, I'd surmise it's detected some form of executable compressor it's not familiar with, and is taking the paranoid route.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

well im adjusting all the bloodhound options and seeing what i can do.......ive already tried the manual removing options stated on the Response website.


still is present.....and it seems to be releasing the package when IE 6 is opened and sometimes when booting the laptop itself
Jagger
DBB Admiral
DBB Admiral
Posts: 1615
Joined: Wed Nov 17, 1999 3:01 am
Location: Santa Rosa, CA

Post by Jagger »

Wolf on Air wrote:As I recall, Bloodhound is the name for NAV's huerestics system.
You are correct. According to Symantec, Bloodhound exploits typically reside in Portable Executable(PE) files.

I've only seen this a couple of times, and it was a long time ago.
User avatar
*JBOMB*
DBB Ace
DBB Ace
Posts: 272
Joined: Thu Jan 02, 2003 3:01 am
Location: Los Angeles

Post by *JBOMB* »

there is a program called "HiJack This" that will get rid of registry entries that redistribute their packages everytime the system re-boots.

However..."HiJack This" also shows you all the things you want in the registry as well.

The folks at lavasoft can translate your hijack thislog and tell you what you want to remove. You need to follow their rules of engagement though.

you need to post your adaware log...then have them direct you to the hijack this forum.

I went through this process with them over the course of 2 days and it was well worth the trouble..

They were able to help me correct my issues without having to reformat.

http://www.lavasoftsupport.com/
Post Reply