Hey Crash,
You started a useful thread (at least I think it was you) on protection for your computer some time ago. It included a little scottie *** that looked out for people trying to put things in your start up menu. Well, I can't find the thread anywhere.
a) Can you locate the thread for me.
b) If not, what was the name of that little scottie *** program.

I lost him when my hard disk crashed a while back.

Cheers,
KV

This is a copy and paste of a file I have kept after originally posting it on this forum. It should be a 'sticky' as PC protection is poorly understood and inadequately applied with all sorts of dodgy and overpriced rubbish [NORTON'S would be the most common and pathetic in this category].

My personal 'top of the hit parade' and what I use for PC protection.

Kasperski is cheap [trial available], trouble free, unobtrusive and does the job NORTON'S pretends to do.

Kaspersky Anti-hacker [firewall]
Kaspersky Anti-Virus Personal [anti-virus and genuine Trojan killer].
At: www.Kasperky.com


or a good freebie is Zone Alarm [google it].

The below list is what I use on my PC or set up for friends on their PC as there is no perfect program that does it all. A Combo is the way to go that together 'does it all'. They are very well known and considered among the best going and are free. Please use only these [safe] download sites as there are many 'clones' of these well known programs that are not the real thing:

'Spybot' Free at: http://spybot.safer-networking.de/

'SpywareBlaster' is the spybot companion piece. Free at: http://www.javacoolsoftware.com/spywareblaster.html

'Ad-Aware SE Personal' Free at: http://www.lavasoftusa.com/software/adaware/

Win Patrol: http://www.winpatrol.com/ [Free] This program protects and patrols your start-up programs and stops any unauthorized programs becoming start-up programs or hijacking and taking over existing programs, plug-ins active-X controls etc.]

'HijackThis' Free at: http://www.spywareinfo.com/~merijn/downloads.html

This baby tells you exactly whats happening threat wise you may not know about on your PC. [the threat might actually be from a spyware program itself that you have paid good money for or got for free].

After scanning with 'HighjackThis' you will see a log of all start-up programs and processes, active -X controls and plug-ins etc. on your PC with a 'what's this?' and a 'fix' button. DO NOT press the 'fix' button on something suspicious you have ticked unless you know it is dangerous, you might be removing something vital to your PC. Follow the advice below and copy and paste the log onto one of the many sites that will interpret the log for you.

Spyware Warrior advice about 'Highjack-This': "Where possible, users should become familiar with the use of HijackThis in order to remove stubborn spyware and adware that standard anti-spyware scanners fail to remove. Less experienced users should know how to get help from the e***** volunteers who provide free 'HijackThis' log advice and analysis at major anti-spyware forums".

Wack this nice lot above on your PC and you are at max safety and it's then safe to even do internet banking. What was that you say? You already do internet banking without ALL of the above [or similar that is as good] protection ? !!! 8-)

Cheers,
Crash

And here is the link for the thread

http://forums.ozmium.com.au/showthread.php?t=13120

hope this helps

I would just like to put a warning on "HijackThis" it can be a very dangerous program if you are not sure what you are doing.

Results of using this program can range from programs not starting to the whole computer refusing to boot in to windows.

I would just like to put a warning on "HijackThis" it can be a very dangerous program if you are not sure what you are doing.

Results of using this program can range from programs not starting to the whole computer refusing to boot in to windows.

I agree Shaun, hijack this 'can be' a dangerous program but it is not the use of it that is dangerous, it's what you might be tempted to tick and delete. NEVER DO THAT :-)

Example of typical logfile of running processes:

Logfile of HijackThis v1.99.1
Scan saved at 10:56:56 AM, on 3/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Desktop\toolbox\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - **06849E9F-C8D7-4D59-B87D-784B7D6BE0B3** - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - **53707962-6F74-2D53-2644-206D7942484F** - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - **08B0E5C0-4FCB-11CF-AAA5-00401C608501** - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - **08B0E5C0-4FCB-11CF-AAA5-00401C608501** - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683** - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683** - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\**9C3DF2CC-9E50-49C6-A11A-43AFEC7C26F8**: NameServer = 203.49.70.20 139.134.2.190
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\system32\catsrvut.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Typical log file [note 'win patrol'/scottie ***]. Apart from the obvious, how many users would know if one of those above processes is a 'nasty' and should not be on the computer? Very few.

The idea if there is a PC problem is to 'copy and paste' log to a website like www.spywarewarriors.com where there is a special section to do that and there will be heaps of help from puter users who do know exactly what's what. Without 'Hijack this' there is no way of knowing whats wrong if you still have problems after trying all the usual fixes. Hijack this will nail it. Or I should say someone at 'spyware warrior' forum will from your log.

PS. I'm glad I did put that log up here. I just noticed somthing that should not be there !! [not dangerious, just annoying].

Thanks guys, the little dawg is reinstalled.

Hi guys,
for top advice on Spy Bot (you can post the whole log) and other security issues - try this forum http://www.windowsbbs.com/ they really know what they're doing - got me outta trouble a few times.

Den

I personally don't like "scottie"

Although it provides protection, it is not very user friendly.

Consider the free program a-squared : it's worth it's weight in gold.

When using Hijack this, always seek advice from someone before deleting anything. What you are looking for in general is BHO entries which are not supposed to be there. In the above log posted obviously Adobe and Spybot should be there, but often you will find something really sus and it's safe to remove.

There is also a program called SmitRem which is good for reclaiming a hijacked computer.

Any issues I can help with - I will - that's my main job ;)

Ewido is also an excellent program.

Most people do not realise that they should delete the system restore points to clear unremovable entries, boot into safe mode and log into the admin account to remove the nasties, that way they are not unremovable or loaded into memory and therefore "in use".

Just a tip.

Scottie stops your PC being hijacked in the first place and it's free. I've never had my PC hijacked using it and there were several attempts when I was [once upon a time] using Nortons firewall ....

I prefer ZoneAlarm.

Although I don't use it myself now, as a freebie ZoneAlam is a good firewall Chrome.

For those wanting a virus checker [on your PC, not going to sites for a free check which you might not be able to do if you have certain nasties]. www.bitdefender.com has a free version [the only virus protection that I know of that's has a free version] that is tops.

I don't mind Ewido but it eats system resources faster than my dogs wolfs down a pizza, A-Squared is a very nice program the free version is good but the paid is better.

On the A-Squared site you will find another free program called Hijackfree no need to install this baby she runs from the download and will help removing everything thats bad

Have any of you guys had experience in deleting Movie Pass (or equivalent)?

This insiduous program has installed at least one file on my computer (that I know about) which can't be deleted from program files or removed via add/remove programs in control panel.

From what I have been reading on the net many people have experienced the same problem.

Fortunately, I have not been subjected to pop ups demanding payment but I do get an IE script error just about every time I go on the net. The program installed itself on 23/04/06 so I imagine the demands for payment would have already started if they were going to.

As suggested on one site I have tried calling America a number of times to cancel the account but have not been able to speak to anyone - and am not prepared to leave a phone number etc on the recording as requested.

Just wondering if anyone had first hand knowledge of some program that might remove this malware/spyware for me. It feels somewhat uncomfortable knowing that something is sitting on my computer and possibly gathering and transmitting information about other programs I have installed.

I even came across one site that supposedly will help remove this program following payment of $5 US. Seems a pretty good deal on face value but for all I know I could be jumping from the frying pan into the fire.

At least I know any help forthcoming from this forum would be impartial, which may not necessarily be the case if I just take pot luck on the net.

Apologies for off topic post, and any help would be appreciated.

wunfluova

http://forums.techguy.org/security/471129-movie-pass-virus.html

It's a bit long in the tooth with details, but gets to the crux of the situation at registry towrds the end of the post.

This site looks like it might do the job

http://www.vcn.com/knowledgebase/article.php?id=422

Wunfluova,

If you don't wish to go into your registry [not recommended unless your sure about what your doing], copy and paste a 'hijack this' log here and I or I'm sure Chrome will spot the process. All you have to do then is tick it in Hijackthis and press the 'fix' button.

Alternatively and easier, go to www.Kaspersky.com and run their free on-site virus checker program. It will nail the movie-pass virus and remove the problem. Turn off any virus protection program you have before yiou run their check [Nortons ?]

If you have no virus protection and just a firewall, after going to Kaspesky for a free fix, you can then go to www,bitdefender.com and download their free downloadable virus protection. To avoid viruses, Do not open unknown em attachments.

Wunfluova,

I have just done a bit of checking and Oh boy, movie pass ['AGENT.DLL TROJAN MUVIPAZ' a trojan, not a virus] is a bit of bother to remove as there is quite a few things you have to do, so here is a simple way that should get it if Kaspersky fails to:

Download the killbox [this is a file removal program that will remove files where all else has failed to remove it. Don't ever type in TEETH, because this program will remove them :-) ]:

http://www.bleepingcomputer.com/files/killbox.php

Unzip it to your desktop

Run killbox. Open Options and check Remove Directories
Where it says Full Path of File to Delete you need to type or copy (Hightlight
and Ctrl + c)
and Paste (move to the killbox and place the cursor in the box and Ctrl + V):

C:\Program Files\License_Manager

Then check the Delete on Reboot box
then the red button.
It will say: File Will Be Removed On Reboot, Do you want to reboot Now.
Tell it Yes and it will reboot your PC.

Here's an interesting site that you might want to browse (thanks Squirter). Well worth hanging on to in your favorites.
www.annoyances.org (http://www.annoyances.org)

KV

Crash thats why i didn't bother with the virus scan.....this is a very intelligent program that can mutate in to multiple installs, you need to remove it manulay.

yes that program killbox will need to be used the site i posted has all info need to rid this crap from your PC.

If all this seams to hard just format the pc and reload everything.PS that site above seems a bit out of date.

Ok the news is out of date but good stuff on there

Thanks for all the info guys. I will check it out tonight when I get home from work. I don't have sufficient e*****ise to go mucking around in Registry.

At present I only run Mailwasher, AVG free and AdAware personal so I guess I need to expand my armoury.

Wunfluova

p.s I don't believe it! For the word ***** out substitute "knowledge of the task at hand"

What was the old definition of this word? - something about drips under pressure :)

Wunfluova,

If you are hesitant about mucking around with the registry - don't do it.

Firstly weigh up, is it better just to back up your data and reinstall Windows as suggested.

You do need to increase your armoury.

AVG is excellent, so is Adaware. The problem is that there is no GOOD all in one solution.

This is what I use on my computer and have never had a problem:

AVG
Spybot
Adaware
CCleaner
A-Squared
ZoneAlarm

As long as you keep these up to date and do regular scans, you will be very unlucky to get infected.

I find a-squared one of the best, and all of these are free.

For troublesome removal I recommend scanning with Ewido in safe mode through the Administrator's account (make sure you have enabled showing system and hidden files and operating system files in the "view" section of the control panel).

The final workaround is Spyware Doctor - you have to pay for removal, BUT it shows a log of problems and you can manually fix because the trace residency is shown.

If you've tried all of this....post a hijack this log to a support forum and they will help you. Make sure you have scanned your computer with all the above programs in safe mode before running the hijack this program.

Crash thats why i didn't bother with the virus scan.....this is a very intelligent program that can mutate in to multiple installs, you need to remove it manually.

yes that program killbox will need to be used the site i posted has all info need to rid this crap from your PC.

If all this seams to hard just format the pc and reload everything.PS that site above seems a bit out of date.

Yep, your spot on shaun. This is one smart Trojan, not a simple virus.

No single program will remove this Trojan [Kasperski ...might] as there is quite a bit of manual stuff to do as well. It is certainly beyond any of the spyware removers and a hijackthis log will only bring up [some of] the problem but will not rid the PC of it alone. A highjack this log e***** was taking someone through the [quite a few] steps to rid a guy's PC of it, but in exasperation told the guy to download 'killbox' and follow the instructions he provided [I copied them here]. Did the trick straight away!!

From the guys logfile, this is the problem:
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent

Thanks again all who contributed their thoughts. In the end it was all painfully simple. (assuming there aren't remnants of the program that I am not aware of)

I downloaded Killbox to my desk top in preparation but didn't have to use it. I simply restarted my computer in safe mode (had never deliberately done this before so that is something I have learnt today) then went to program files and was able to delete the License_Manager directory - which I couldn't do in normal mode. I then went to Add/Remove programs and was able to remove the remaining 'link'.

I haven't had any IE script errors since rebooting, so hopefully the problem has been resolved.

Wunfluova

If you run Macromedia Flash make sure you have the latest version. The following versions are vulnerable to movie pass:

* Flash Player 8.0.22.0 and earlier
* Flash Professional 8
* Flash Basic
* Flash MX 2004
* Flash Debug Player 7.0.14.0 and earlier
* Flex 1.5
* Breeze Meeting Add-In 5.1 and earlier
* Adobe Macromedia Shockwave Player 10.1.0.11 and earlier

If you have any of these in your program files remove them:

AltPayments,
Download Manager
Media PipeMyAccessMedia, or
P2Pnetworks.

or below in a highjackthis log:

O4 - HKLM\..\Run: [MediaPipe P2P
Loader] "C:\ProgramFiles\p2pnetworks\mpp2pl.exe" /H

They are all part of movie pass.

Good luck.

If you run Macromedia Flash make sure you have the latest version. The following versions are vulnerable to movie pass:

* Flash Player 8.0.22.0 and earlier.

Crash - I'm using Flash Player 8.0.24.0 so I assume that is safe? Appreciate your comments.

La Mer

Your version is fine I think. You might like to upgrade to the latest 8.0.5.0 when you have time.