Weird Windows Search behavior after spyware removal

[kent]

Somehow on this three week old computer with:

Norton IS+AV 2007
AdAware SE
Spybot S&D

I got some spyware that ironically was named SD/bot or something. Norton claimed to remove it.

I knew it was spyware when Norton asked me to authorize "winsystems16.exe" to access the Internet. My first thought was -- a 16-bit program!??! My second thought was -- "That's spyware/virus/malware!"


Ran Norton... Norton removed it. Ran Adaware/Spybot and removed everything they found (mainly tracking cookies)


Anyways, I wanted to search for winsystems16.exe and when I did during the search a box popped up asking me to provide a password for a backup archive (Think a rar file or something)


Anyways -- everytime I search for a file now -- it asks for a password. WTF

 

[bbz_Ghost]

Ugh... Norton...

I'm gonna create a disclaimer and add it to my sig I think:

<If you have any Norton product installed, sorry, but you're beyond hope...>

hehehe

http://housecall.trendmicro.com

Hit that for a full system scan and see what it says.

 

[kent]

Com'on.. at least it's version 2007. AntiVirus for teh masses!


Any answers to my search issue? A password box pops up at random times, no matter what I search for.

 

[bbz_Ghost]

I can only offer some advice: it's been what, 3 weeks since you built it? If you spent the money to build it, another $40 surely can't hurt, right?

Head to www.eset.com and buy NOD32 - it'll handle the AV duties, it'll handle most of the malware issues, and you'll probably never have such issues again. Format the box, start over clean (without the NIC connected), install the downloaded copy of NOD32 immediately after the installation, reboot, and when you return to the Desktop, plug in the NIC, go online, hit the update for NOD32, once that's complete hit Windows Update and once that's done, you're set.

"And that's all I have to say about that..."

 

[digital_exhaust]

As indicated above, Norton likely missed something... try a different a/v... I recommend the free 30 day trial of NOD32.... AntiVirus for teh masses!

Dammit... beaten again

 

[kent]

Well, Trendmicro found NOTHING but a couple of ahem...keygens.

That's it.

AdAware/Norton/Spybot are reporting NOTHING weird.

But when I use Windows Search I still get a password box randomly which makes me think something is weirddddd

 

[leSLIe]

buy NOD32 - it'll handle the AV duties, it'll handle most of the malware issues

hmm.. are u saying that the NOD32 is also good against Spyware?

 

[digital_exhaust]

AdAware/Norton/Spybot are reporting NOTHING weird.

Try SuperAntiSpyware.... I've seen it pick up things that AA and Spybot miss.. it's free, can't hurt to try....

 

[bbz_Ghost]

http://www.eset.com/media/promo/NOD32_v27_highlights.html

Simple short Flash video to explain some of what it does, and you can always get more info at the main site. And yes, it does handle malware of many kinds, of which spyware is just another sub-category of sorts.

It's the best there is, as stated here in this thread, as stated a few hundred times across this forum if not thousands, and probably a few million times across the Internet itself.

I doubt you can find that kind of backing for Norton products anymore. They stopped being tight useful code with Norton Utilities v8, and that was a long loooooooonnnngggggg time ago.

If you have a good browser: IE7, Avant, Firefox, Opera, etc... and you have NOD32, you're not going to have many problems if you ever have any at all, period.

 

[ShadowDragon]

It's the best there is, as stated here in this thread, as stated a few hundred times across this forum if not thousands, and probably a few million times across the Internet itself.

Just not stated in an actual test.
http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82

Now granted it's very very very good, and I certainly wouldn't recommend Norton to my worst enemy, but I do have a problem with it being called "the best."

 

[kent]

- Reinstalled Windows + latest drivers
- Spoke to an Indian guy named "John" to reactivate my OEM copy of MCE05
- Installed NOD32
- Updated NOD32
- Scanned -- Nothing found.
- Installed Windows Defender, nothing found.


I also tried to use windows search and it now works without asking me for a password. Go figure.

Now time to reinstall.....everything. RIGHT AFTER I MAKE AN IMAGE of C:\

 

[bbz_Ghost]

Just not stated in an actual test.
http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82

Now granted it's very very very good, and I certainly wouldn't recommend Norton to my worst enemy, but I do have a problem with it being called "the best."

Old test, outdated results, Vista wasn't out yet in RTM, etc etc... I could go on. This isn't a competition, yanno. I could point you to various sites that ranked NOD32 the best AV software of 2006 but but but...

But, it seems the OP has found his winnarrrrr... and making an image is a very good thing.

 

[ShadowDragon]

This isn't a competition, yanno.

Oh, I agree.

Heck I use Avast home. I guess I'm just touchy when it comes to using the word "best" when dealing with this stuff since my legal department pounds into my skull to not say it or even tell someone one specific program.

 

[bbz_Ghost]

"Better" or "best" are certainly descriptive terms that can actually have some usefulness, and yes, using them in some situations will be highly tainted by personal experience and objectivity, but... if you (meaning whoever is reading this) were to install all the AV software on the market in VMs for testing, you'd probably not be surprised to find that NOD32 is:

- lighter on resources than most if not all of them
- faster when scanning than most if not all of them
- handles malware and random intrusions more readily than most if not all of them
- updates far more frequently than most if not all of them
- costs about the same or less than most if not all of them
- has won more detection awards in testing than most if not all of them

So, I'm not sure what others consider "best" but... that sure looks like the overall champ to me.

And I'm not alone...

AV-Comparatives Summary Report 2006 - December 2006 (PDF file, 45.2KB)

 

[kent]

Well.

Now it's back. And I've got a helluva error upon starting Windows which starts NOD.

Windows loads, NOD green screen splashscreen loads and then throws up an error but NOD keeps working.


AND when I search for files the password prompt is BACK. WTF

 

[digital_exhaust]

Are there any system restore files on your storage disk? Or on any partition other than your os partition/disk? Have you completely scanned every single file on your machine, including those on your other partitions/disks?

 

[bbz_Ghost]

I did suggest a particular procedure for doing the re-installation of your system way back in post #4 in this thread, yanno... and there's a very good reason for that specific step-by-step procedure, but I'm sure you can see that and figure out that reason now, can't you? Only thing I missed was the drivers - do those last of all, seriously. You can deal with VGA mode for a little while if needed, and no sound, etc.

 

[kent]

I blasted the 320GB drive. The data on it is backed up regularly to two other machines on my LAN.

Neither of these machines are having these issues. So I'm not too worried about the few files I added between the last time I backed up and now.

I've reinstalled Windows, yet again.

BTW: Don't be mean to me, I followed your instructions -- perhaps something on the D drive contaminated my new Windows install, but I've formatted that drive for this go-around.

 

[ShadowDragon]

I'm back to using Norton. It's seriously not a bad AV, despite what the "purists" think.

Except for it not actually detecting or cleaning off what was causing the spam relay on a single one of my customers who were foolish enough to buy it after I told them not to (and I've dealt with 9703 so far this year) sure it's not bad I guess.

 

[mket]

kent, in looking at AV software the four criteria I look for are:

#1 - detect (and hopfully remove) malware.
#2 - quick enough scanning. this includes running while im asleep
#3 - updates stay sufficently up with new malware.
#4 - low enough profile that its presence is not noticable or negligble

The first is a must, the rest are fluff.

There is no point in even having AV if it doesnt catch problems.

 

[kent]

Think it's gone...

I'm just so damn happy it didn't spread to my LAN. I would've been fucked then.

 

[Met-AL]

You do realize that viruses and malware don't just spread. They are not contagious like thier biological counterparts. You have to run something that activates them or downloads them such as an infected .exe, a vb script, a website, etc.

Judging from your previous post about keygens, I suggest you stay off of Asta La Vista and your problems probably won't resurface. 90&#37; of those keygens contain some sort of malware. No honor amongst thieves anymore.

Oh, and if buying NOD32 doesn't suit you, download AOL Active Virus Shield from Kasperky Lab for free.

 

[kent]

Well I'm at school now so I can't update anymore right now about the situation really but


Before I left, the password box came back. The thing is, I used no files from any infected sources. I burned my drivers (ATi, Intel chipset, etc) from a different computer (non infected, does not exibit the password box during a file search)

I'm really confused. There's been no way for an infection to happen, especially this quickly.

Norton, Adaware and Spybot all report that everything is normal and I couldn't find the file in the registry (which should still be clean)


Leads me to believe one of my programs that I use is causing me to get the password box. It doesn't fuck up my search, it just pops up and says this backup archive needs a password.

Totally strange. Like I said, two other computer on the LAN do not exibit this symptom. One is XP Pro, the other is XP Home, both are legit licensed genuine and so is my Media Center 05 (bought MCE05 for the Vista Premium upgrade)

Completely confused because nothing reports I have any infection of any sort

Ideas?

 

[kent]

I think I figured it out.

The last program I installed before the password box came back was Arcronis TrueImage Home. It's what I use to make and restore backups, the thing is -- I was so excited when I built this computer I didn't make an image.

I like to make an image with only the following:

- Activated Windows and Office (main thing!)
- Mozilla Firefox and T-Bird
- All drivers
- Burning programs


Basically, it's everything I use, EXCEPT my games (take up too much space, image won't fit on one DVD)


So, the password box came back.

I uninstalled Arcronis, rebooted, did another random file search -- NO PASSWORD BOX.

 

[Met-AL]

Basically, it's everything I use, EXCEPT my games (take up too much space, image won't fit on one DVD)

That is the reason my games are installed on a second hard disk seperate from my OS. It's easier to do an image backup and not include the games.

...and I hate installing games. It's not so bad nowdays with games finally starting to come DVD's, but back when games came on 4cd's, it was a pain in the ass. Then you have to reset all your settings, copy and paste all the mod files that you like, download and install patches, etc. LOL, I have a few games like SOF2 that I am using the same install now for like 4yrs if not more. I just keep copying it to my new drives as I get them.

 

[kent]

Dude, I have a Raptor. Why would I want to install it on any other disk than that one?


Granted, you said disk, and not partition. I suppose I could make a say... 30GB partition for Windows then leave the other 110GB for a partition on games.

I never quite thought about doing that for the purpose of routine backups. I may do that next time. Thanks for the tip.

 

[kent]

Wanted to note, I've been screwing around and installing programs for 30 minutes now.

No password box during file searches anymore.

I really guess it was Acronis. Why..though? Bad thing is, only one of my other computers has it installed (I lack licenses!) and it's my laptop and it's in my car and i'm too lazy to go get it to see if it also produces a password box on a file search.

 

[Met-AL]

Dude, I have a Raptor. Why would I want to install it on any other disk than that one?


Granted, you said disk, and not partition. I suppose I could make a say... 30GB partition for Windows then leave the other 110GB for a partition on games.

I never quite thought about doing that for the purpose of routine backups. I may do that next time. Thanks for the tip.

Disk/partition...either will allow you to save the time re-installing games manually and also keep them off your images to conserve space.

Also, most games dont even need to be reinstalled after the OS is wiped and installed even if the game is left uninstalled. The only games that have problems in my experience are the Battlefield games. All my other games work just fine after I find the .exe and run it. Like I said above, I am on a 4yr old install of SOF2. I finally got it to just the way I like it

Oh, and pls don't call me dude. </passes the hit >