If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
virus regenerating
I am having a problem with a virus regenerating every time I start or restart
my HP laptop. In the Task Manager window, under Processes, activexdebugger32.exe keeps showing up and using processing power. And, I believe related to that one, I also get a warning from my antivirus every time I start or restart for a file called ktkbdhk3.dll, which I was able to figure somehow links to the site http//smartsite.cjb.net. How can I find out where the file is that keeps regenerating these files and delete them for good? These files have also shown up on other computers in our office, and I don't know if they have been infected individually, or if it could be from the use of a commonly used flash drive in our office. Thanks for any help! |
Ads |
#2
|
|||
|
|||
virus regenerating
"Whrdg" wrote: I am having a problem with a virus regenerating every time I start or restart my HP laptop. In the Task Manager window, under Processes, activexdebugger32.exe keeps showing up and using processing power. And, I believe related to that one, I also get a warning from my antivirus every time I start or restart for a file called ktkbdhk3.dll, which I was able to figure somehow links to the site http//smartsite.cjb.net. How can I find out where the file is that keeps regenerating these files and delete them for good? These files have also shown up on other computers in our office, and I don't know if they have been infected individually, or if it could be from the use of a commonly used flash drive in our office. Thanks for any help! http://www.fbmsoftware.com/spyware-n...bdHk3_DLL/741/ http://www.symantec.com/security_res...723-99&tabid=2 http://www.sophos.com/security/analyses/w32amcaa.html activexdebugger32.exe http://www.sophos.com/security/blog/2007/06/295.html Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 2... You need to be sure your system is clean from malware and Viruses by scanning for them Scan for malwares from he http://onecare.live.com/site/en-gb/d....htm?s_cid=sah http://onecare.live.com/standard/en-gb/default.htm Run a scan from here on-line: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine: http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ http://free.grisoft.com/doc/5390/lng/us/tpl/v5 Then download these tools to see the running processes in real-time and you can search them to make sure they are Legit. "Process Explorer for Windows v10.21" http://www.microsoft.com/technet/sys...sexplorer.mspx "AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell" http://www.microsoft.com/technet/sys.../Autoruns.mspx HTH. Let us know. Regards, nass ---------- www.nasstec.co.uk |
#3
|
|||
|
|||
virus regenerating
Cleaning a Compromised System
http://www.microsoft.com/technet/com...mt/sm0504.mspx "The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications)." -- Carey Frisch Microsoft MVP Windows - Shell/User ---------------------------------------------------------------------------Â*----- "Whrdg" wrote: I am having a problem with a virus regenerating every time I start or restart my HP laptop. In the Task Manager window, under Processes, activexdebugger32.exe keeps showing up and using processing power. And, I believe related to that one, I also get a warning from my antivirus every time I start or restart for a file called ktkbdhk3.dll, which I was able to figure somehow links to the site http//smartsite.cjb.net. How can I find out where the file is that keeps regenerating these files and delete them for good? These files have also shown up on other computers in our office, and I don't know if they have been infected individually, or if it could be from the use of a commonly used flash drive in our office. Thanks for any help! |
#4
|
|||
|
|||
virus regenerating
"Carey Frisch [MVP]" wrote:
Cleaning a Compromised System http://www.microsoft.com/technet/com...mt/sm0504.mspx "The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications)." Balderdash. Cleaning can sometimes be difficult but usually is not impossible. Sometimes a reformat and reinstall is the quickest solution, but in other cases it can be gross overkill, the equivalent of "capital punishment for jaywalking". Ron Martell Duncan B.C. Canada -- Microsoft MVP (1997 - 2008) On-Line Help Computer Service http://onlinehelp.bc.ca Syberfix Remote Computer Repair "Anyone who thinks that they are too small to make a difference has never been in bed with a mosquito." |
#5
|
|||
|
|||
virus regenerating
Whrdg wrote:
I am having a problem with a virus regenerating every time I start or restart my HP laptop. In the Task Manager window, under Processes, activexdebugger32.exe keeps showing up and using processing power. And, I believe related to that one, I also get a warning from my antivirus every time I start or restart for a file called ktkbdhk3.dll, which I was able to figure somehow links to the site http//smartsite.cjb.net. How can I find out where the file is that keeps regenerating these files and delete them for good? These files have also shown up on other computers in our office, and I don't know if they have been infected individually, or if it could be from the use of a commonly used flash drive in our office. Thanks for any help! What anitivirus software do you have installed? Is it fully up to date and have you done a full system scan with it recently? What antispyware software do you have installed? Is it fully up to date and have you done a full system scan with it recently? Go to at least two of the following free scanning sites and do their free online scans. Some of them will actually remove the malware they find, others will just identify it and report what the find: Bit Defender http://www.bitdefender.com/scan8/ie.html Trend Micro http://housecall.trendmicro.com Kaspersky Online Scanner http://www.kaspersky.com/virusscanner Panda ActiveScan http://www.pandasoftware.com/activescan WindowSecurity.com TrojanScan http://windowssecurity.com/trojanscan Webroot http://www.webroot.com/ Good luck Ron Martell Duncan B.C. Canada -- Microsoft MVP (1997 - 2008) On-Line Help Computer Service http://onlinehelp.bc.ca Syberfix Remote Computer Repair "Anyone who thinks that they are too small to make a difference has never been in bed with a mosquito." |
#6
|
|||
|
|||
virus regenerating
Ron Martell wrote:
"Carey Frisch [MVP]" wrote: Cleaning a Compromised System http://www.microsoft.com/technet/com...mt/sm0504.mspx "The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications)." Balderdash. Cleaning can sometimes be difficult but usually is not impossible. Sometimes a reformat and reinstall is the quickest solution, but in other cases it can be gross overkill, the equivalent of "capital punishment for jaywalking". Ron Martell Duncan B.C. Canada Agreed. Formatting the hard drive to solve a virus or spyware problem is rather like using an axe to trim one's fingernails. Sure, it'll probably get the job done, but it's rather messy...., and almost always unnecessary. I will concede that there are times when data integrity is absolutely mission- and/or business-critical, and that under such circumstances, formatting the hard drive is by far the surest way to ensure that system's integrity. But such situations are the exception, rather than the norm, even on a great many business or government systems. And, of course, such an agency will have been making frequent and thorough back-ups of its critical data. There's also the "Time is Money" factor involved; it's often quicker to rebuild a machine, particularly if partition imaging tools are used, than it might be to clean the hard drive. However, such data criticality and the need for system integrity only very rarely apply to the home computer user, although his personal data is no doubt important to him. Furthermore, the home consumer is much less likely to have backed up his data frequently or recently, or to have any rapid recovery tools available. There's no real, immediate need to certify his hard drive as 100% clean; further measures can be always taken, as needed, should initial attempts to clean the hard drive fail. Therefore, formatting the hard drive is, relatively speaking, a much more catastrphic event. It should only be recommended as a last resort, once other, less draconian measures have failed. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrand Russell |
#7
|
|||
|
|||
virus regenerating
The OP stated:
"These files have also shown up on other computers in our office, and I don't know if they have been infected individually, or if it could be from the use of a commonly used flash drive in our office." It appears the virus has infested other computers in his office already. Any astute IT administrator would have prevented this catastrophe by following prudent security measures which include reformatting the hard drive of an infected, and now compromised, computer. -- Carey Frisch Microsoft MVP Windows - Shell/User ---------------------------------------------------------------------------*----- "Bruce Chambers" wrote in message ... Ron Martell wrote: "Carey Frisch [MVP]" wrote: Cleaning a Compromised System http://www.microsoft.com/technet/com...mt/sm0504.mspx "The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications)." Balderdash. Cleaning can sometimes be difficult but usually is not impossible. Sometimes a reformat and reinstall is the quickest solution, but in other cases it can be gross overkill, the equivalent of "capital punishment for jaywalking". Ron Martell Duncan B.C. Canada Agreed. Formatting the hard drive to solve a virus or spyware problem is rather like using an axe to trim one's fingernails. Sure, it'll probably get the job done, but it's rather messy...., and almost always unnecessary. I will concede that there are times when data integrity is absolutely mission- and/or business-critical, and that under such circumstances, formatting the hard drive is by far the surest way to ensure that system's integrity. But such situations are the exception, rather than the norm, even on a great many business or government systems. And, of course, such an agency will have been making frequent and thorough back-ups of its critical data. There's also the "Time is Money" factor involved; it's often quicker to rebuild a machine, particularly if partition imaging tools are used, than it might be to clean the hard drive. However, such data criticality and the need for system integrity only very rarely apply to the home computer user, although his personal data is no doubt important to him. Furthermore, the home consumer is much less likely to have backed up his data frequently or recently, or to have any rapid recovery tools available. There's no real, immediate need to certify his hard drive as 100% clean; further measures can be always taken, as needed, should initial attempts to clean the hard drive fail. Therefore, formatting the hard drive is, relatively speaking, a much more catastrphic event. It should only be recommended as a last resort, once other, less draconian measures have failed. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrand Russell |
#9
|
|||
|
|||
virus regenerating
On Tue, 10 Jul 2007 13:04:26 -0500, "Carey Frisch [MVP]"
Cleaning a Compromised System http://www.microsoft.com/technet/com...mt/sm0504.mspx "The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications)." You don't mention formal scanning, i.e. without running the infected code base at all. That will allow scanners to catch everything they can recognise... which still leaves you with what they miss. But the bigger picture is this - your wonderfully clean new build has lost all patches and protections, and is even more likely to be infected than the infected installation was. So while you can argue that cleaning a system may fail to clean it completely, one can just as easily argue that a system environment that got infected is just as likely to do so again if all one does is "just" wipe and rebuild (and patch, and install av, and etc.). Then there's the question of restoring data backups and apps... http://cquirke.mvps.org/reinst.htm refers. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#10
|
|||
|
|||
virus regenerating
On Tue, 10 Jul 2007 18:48:28 -0500, "Carey Frisch [MVP]"
The OP stated: "These files have also shown up on other computers in our office, and I don't know if they have been infected individually, or if it could be from the use of a commonly used flash drive in our office." It appears the virus has infested other computers in his office already. Any astute IT administrator would have prevented this catastrophe by following prudent security measures which include reformatting the hard drive of an infected, and now compromised, computer. You're not just dealing with one infected PC anymore. I'd want to know about: - networking, hidden admin shares, password "band-aids" - WiFi exposure - sneakernet, i.e. USB sticks, CDRs, off-site server storage You can't begin to talk about "cleaning a PC" unless you can isolate it from others, and you can't begin to talk about "cleaning the network" unless you isolate PCs from each other, ensure that cleaned and uncleaned PCs never co-exist on the LAN, and know that your LAN is bounded from the outside world. In that broader context, "just" wiping and rebuilding one particular PC just isn't relevant anymore. ------------------------- ---- --- -- - - - - I'm on a ten-year lunch break ------------------------- ---- --- -- - - - - |
Thread Tools | |
Display Modes | |
|
|