Monitoring several laptops for infections and Acrobat reader, MS excel corrupt

[PhilliePhan]

Hi Shark,

Anyhow, so I am using a cellphone modem, that be the MTN data card.
So this is making all internet much slower. Will attempt Kaspersky in a moment, but attaching the zipped files you requested.

I figured that was what you were using the card for shortly after I wrote that...LOL!

-- The zipped files are benign - I didn't think that they were anything to worry about, but was curious.

Regarding the ntde1ect.com..when I installed Trend Micro earlier in January I think that took care of of ntde1ect issue, which might have left some reference in the registry to the worm/malware.

Yeah - TM is a good product.
There are often registry remnants left after malware removal. In this case,it is a bit different as you are dealing with a number of infected external drives.
Those registry values will come back with the next infected drive - unfortunately, it is difficult to stop these drives from autorunning. Changes are usually only temporary. But, stopping their autoruns would be something to look into...
-- At least there are no actual malware files showing on your computer!

Scanned the pc using three programmes you suggested.
See attached txt. docs.
Hope I did them as I should have done. All looks clean

Agreed! They look good. Had a bit of difficulty reading the Kaspersky log in that format, but it too looks OK. I would say that this machine is clean. Now might be a good time to make a disk image with a tool such as Acronis...

-- Let me know how things are running and we'll wrap this up.

Starting to think I should rip Trend Micro from the laptop, and use another anivir. If I cancel the PCscnsrv.exe the pc runs ok again..

Well. . . This is a long-standing problem with TM. It sometimes has trouble interacting with other anti-malware programs (most notably, SpybotSD - which I do not see in HJT Log....)

http://blog.kazmarek.com/2007/10/10/...-too-much-cpu/
http://www.wilderssecurity.com/showthread.php?t=157277

If you do replace TM, I would suggest Kaspersky or NOD32 - they are listed in my linky below!

-- I would also suggest learning to use some tools such as ComboFix and SDFix and the like as they will be invaluable if you have to clean 20+ laptops.... These tools will remove a number of baddies automatically and a large number of other baddies will show in the logs as being recently added to the machines.


Cheers
PP

[PhilliePhan]

Somewhere along the line I forgot to address the Acrobat/Excel issues you mentioned.

I would imagine that they were corrupted during your malware battles and will need to be reinstalled.
-- In the case of Adobe, you need to update to the latest version (8) anyway for better security. Be sure to uninstall all older versions.

-- You should also update Java and remove any old versions via Add/Remove Programs.
http://www.java.com/en/

-- If you have any other questions or would like suggestions/recommendations, just let me know.

PP

[shark74]

Dear PP.
Scanned the pc using three programmes you suggested.
See attached txt. docs.
Hope I did them as I should have done. All looks clean,
Starting to think I should rip Trend Micro from the laptop, and use another anivir. If I cancel the PCscnsrv.exe the pc runs ok again....
but will wait for your response to see if there remains anything to do.
Thanks.
Shark

[shark74]

Dear PP.
Thanks for the guidance. My original gut feel was that TM might be the main resource cuplrit, but I had to be sure that the laptop weren't infected.

I had spybotSD on all the laptops (as well as other IANAG recommendeds), when we were using AVG, last year, but then we got TM from the Univ. It was a quick cure for the ntde1ect.com infections, but now the fast cure is coming to bite me .....

My personal laptop almost went to a standstill with the TM and SPybotSD conflict, after reading up onnit I removed all SpybotSD from the PC's, as TM "was the way to go". Silly me. I rather stick with SPyBSD and AVG, than with TM...but thats how I feel with clean slow laptop...not a re-infecting viral crazy diseased lptp, like i had at the end of the last course.

However now that I see that TM is the resource hog, I am wondering about our relience on this TM. Pondering my "wisdom" ...Its a mission to update...and all the other cons...

Do you think if I re-install TM, it might work a bit better...????and not suck the laptop dry..???


I will definitly follow up on Acronis (download is bit big for my mobile connection at the moment), and definitly update Java and Acrobat reader...Combofix and SDFix will be part of my arsenal. thanks for the flashdiskcleaner link you recomended.

With every infection I learn a bit more....

Do appreciate your time and help.
Shark74

[PhilliePhan]

Dear PP.
Thanks for the guidance. My original gut feel was that TM might be the main resource cuplrit, but I had to be sure that the laptop weren't infected. . . . It was a quick cure for the ntde1ect.com infections, but now the fast cure is coming to bite me .....

I think Trend is a good product, but there are other solid ones as well. Personally, I think the best "Security Suite" available is http://usa.kaspersky.com/products_se...t-security.php

It is vital to have the latest malware definitions, too! And, some companies are quicker to respond to new threats than others. I feel Kaspersky is among the best in this department.

Of course, the best defense is vigilance and safe Internet habits. Your situation with all the external drives makes things all the more difficult
You might want to look at tryng something like this: http://blogs.techrepublic.com.com/helpdesk/?p=93
If you need help doing this, let me know.

However now that I see that TM is the resource hog, I am wondering about our relience on this TM. Pondering my "wisdom" ...Its a mission to update...and all the other cons...

TM isn't alone -Take Norton AV, for example. It is a well-respected product, but it is also a ridiculous resource-hog.
And, there are often a number of factors that play into the slowdown of computers, not just cumbersome AV.
-- And, while updating the definitions can be a pain, it is vital you do so regularly!

Do you think if I re-install TM, it might work a bit better...????

I doubt that would have any effect on the slowdown. You might try experimenting with some of the free options in my linky below.
In lieu of a security suite such as the Kaspersky I recommended, I feel one can get by quite well with a good and updated AV program, a good Firewall such as ZoneAlarm, Microsoft® Windows Defender for some "real time" protection, and Spyware Blaster along with Firefox as your default browser. Perhaps keep AVG Anti-Spyware on hand for "on demand" scanning. Just remember to keep all those products updated as best you can....

I will definitly follow up on Acronis (download is bit big for my mobile connection at the moment)

Good - that would seem the perfect solution. And, it is always a good idea to keep backups of data/projects/ etc... that you want to keep.

With every infection I learn a bit more....

That is always the case!
It is good to become proficient in the removal of baddies - I don't think the flood of new and evil malware will end anytime soon.
And, you can always feel free to call on us

Do appreciate your time and help.
Shark74

Happy to help!
I really don't work with malware all that often these days. So many other responsibilities. Just filling in for Judy this week.
Plus, and I hate to say this, it really is not that much fun anymore. Tools such as ComboFix are a blessing to those infested with malware, but as a forum volunteer, one gets tired of copying and pasting the same steps over and over for each new thread.
It was much more of a challenge a 3-4 years ago when we had to rip the baddies out kicking and screaming on a thread by thread basis.... Ahhh . . . the "good old days." LOL!


Best Luck to you in your endeavors in Africa! If I were younger, I think that would be an exciting challenge!

Cheers
PP