Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Caveman

  1. Yes, that's the name "Sanity Check" I use it to check for hidden rootkits, but I should clarify, the program states that as a general rule programmers should not use that mehtod of hooking unless they are very very good, so as you say it's part of vista so probably no issue there. It was merely pointing out the methods which it used should only and can only be done by extremely good programmers, otherwise it is probably some sort of Rootkit activity of a general nature which could cause more problems as it could very easily make windows unstable.
  2. Up for discussion: What do you guys think, is this a potential problem in UPH Cleanup. This is the result of a scan using " Sanity Check" , the results of the scan are posted here:The application says UPH is intercepting system services. I know its purpose but is theier arisk using the program causing a even bigger issue. System routines are being intercepted One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up. The module uphcleanhlp.sys is hooking the kernel to intercept base system services. Information about the responsible module uphcleanhlp.sys: file path: c:\windows\system32\drivers\uphcleanhlp.sys
  3. Hi, its the Caveman here: A little info on Spy Counter: I believe it started as Cybermedia Cleaner, then Microsoft bought the good app, turned it into crap with Microsoft anti-spyware, then some other company bought the engines, revamped it and called it Spy Counter. OK now for testing results, I read all the media hype and so-called editors picks and top scoring of this product. I tested it ver. 2.5, updated for free to vers. 3. standard and Vipre is all hype, used it on many computers. It found the odd trojan and malware issues but really super-antispyware and malwarebytes found all the same entries and removed them, the scanner was actually slow for me. My suggestion: Don't buy, I stopped using it in my arsenal. I need apps that work fast and remove clean. No time to mess around wiating for long scans to finish and find 2 entries while standard cleaners find hundreds of legit issues.
  4. Hey Greenliaght, thanks for the interest, I actually went back to thier site and downloaded the "portable version", no install necessary, it works great, its a great tool to show all the Vundo entries and select them to be removed and the reboot.
  5. Note on SAS: I have used it 7 to 10 times a day on client computers for quite awhile now, I'm surprised it took so long to add it. Its afirst rate app. and very effective.
  6. update# 4: more info on Osam Autorun Manager, I like this app more and more, it's like Unhackme and and Regassasin and Unlocker in one easy scan format and a whole lot more and Its free. Warning: Only experienced Techs should test or use this product ok. OSAM" (Online Solutions Autorun Manager) is a powerful and reliable tool for controlling the 'cleanliness' of components and applications that are automatically loaded or started under certain conditions without user's consent. "OSAM" provides an easy one-click way of obtaining detailed information about the components that are run automatically at the system start and can potentially affect its operation. Basically, all types of malicious software that have been around for the last 7-10 years use various mechanisms of sticking to an infected system. With this product, you will be able to monitor and control these activities and, which is more important, eradicate the threat on your own. Image Image Image Rootkits are one of the biggest threats for end user systems. This malicious software integrates into the system on a very low level and completely hides its presence. The user is often totally unaware that the computer is being controlled by hackers. But that's not a problem: whether it's a hidden start of a rootkit driver or other hidden keys, "OSAM" will detect any of these autorun variants. Modern malicious software, such as adware, spyware and spambots cannot be completely removed by existing anti-virus solutions. However, such treatment attempts often leave the user without working network connections or damage other system components. The user becomes helpless and alone with the problem. The "OSAM" manager will easily solve this problem! Image Image Image The virus blocks access to a registry key or file? You can't remove them using any possible means? The "OSAM" manager will tackle this problem, too*. If the user is experiencing problems, he can use several program functions to seek experts' assistance (for instance, on our forum) - save a detailed system report (all autoruns) or save a full snapshot of the startup data (in the same form as on the user's system). Downloads >> Functional capabilities: * support of virtually all known methods of automatic loading using the system registry or special folders; * automatic detection of the peculiarities of settings on specific user systems; * validation of digital file signatures; * color marking of file statuses for better comprehension; * filtering by statuses of detected objects; * search by masks using any parameter in any display mode; * output of additional information for any object type; * output of detailed file information, validation of file existence and accessibility; * temporary disablement of registry objects or files without creating additional keys or subfolders; * generation of two types of report files (text and HTML*) with all autoload information. Unique capabilities: * protection against rootkits by detecting hidden registry keys and records using the method of direct registry data analysis (without using OS functions); * comprehensive support of LSP (Layered Service Providers) filters deletion and recovery with rearrangement of the providers chain; * support of namespace providers (NSP) with rearrangement of the providers chain*. Advantages: * a completely free application! * grouping by file objects enables you to quickly find all links to a specific automatically loaded file; * regular updates of the methodological database after the analysis of in-the-wild malicious software; * full Unicode support (any national characters, filenames and registry data); * support of visual themes (skins) for users who do care how their favorite software looks. Downloads >> * - available only for registered users (conditions may be changed in the near future) Compatibility: * Microsoft Windows 2000 * Microsoft Windows XP * Microsoft Windows 2003 * Microsoft Windows Vista The company is currently working on providing full support of these operating systems: * Microsoft Windows XP x64 * Microsoft Windows 2003 x64 * Microsoft Windows Vista x64
  7. Update#: the Company forums tlak aboutthe direct access to the hard-drive as a good thing as do some of the reader to enable the scanners Direct Disk Access feature for raw data. NO word on direct access to keyboard yet.
  8. Update#2: I emailed the Company in Russia re; the Keybaord access request concern i have , and checked out the other things in the program, Interesting is there full instructions on using the program to get rid of all the Trojan Vundo problems. Very nice: Link is here for the Visdeo and Instructions within OSAM Automanager: http://www.online-solutions.ru/en/how_to_remove_vundo_trojan_virtumonde.php VUNDO TROJAN REMOVAL How to remove the Vundo Trojan (also known as Virtumonde, Virtumondo, Virtumundo, Monder, Monderb, MS Juan) using the OSAM Autorun Manager (Portable Version, 3.63mb or Installation Package, 8.84mb). Please note! These steps are only for the Windows XP / 2003 / 2000 users. 1. First you should click on the "Settings" button in the top menu: OSAM Menu - Settings And then change the value for "Disable objects using the driver" option to "Always", as it is shown below: OSAM Settings - Driver Mode: Always 2. Now look through the list of the objects and find the randomly-named .DLL files under the following registry keys: Internet Explorer section: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Winlogon section: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Explorer section: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks Randomly-named .DLL files means something like that: nnnkLcCU.dll, opNdccDV.dll, hgGxyXQH.dll, yfcfqtfd.dll, cbxvttsR.dll, pmnkLCSk.dll. And these files should be located in the WINDOWS\system32 directory. Use the OSAM Online Malware Scanner function, if you have problems with finding the right ones: OSAM: Scan using Online Malware Scanner 3. Disable the trojan entries by removing the checkmarks in the checkboxes next to these randomly-named .DLL files. 4. Once you have finished with the disabling the items, press the "Apply" button: OSAM: Apply Button You will see the list of the disabling items (press the "Close" button) and then the following message will be displayed: OSAM: Reboot now Press the "Reboot now" button. Once your computer will be rebooted, the Vundo Trojan will be disinfected. 1. Start the OSAM again - you will see the report about deleted entries. 2. Press the "Settings" button to change the value for "Disable objects using the driver" option back to "For undeletable objects only". 3. Also you can use the "Jump to file" function to delete the inactive trojan files: OSAM: Jump to file 4. And then use the "Delete from storage" function to delete the disabled items from the list of the objects: OSAM: Delete from storage If you still need help or have any questions - you are welcome to our forum. To register on forum please follow this instruction. Comments and discussion are here. Step-by-step Vundo removal video instruction: Comments and discussion are here
  9. Update on Autorun Manager: after install and running the program, it removed the few things I choose to remove, and then I scanned my entire system with SAS, Malwarebytes, 5 rootkit scanners, Hi-jack This, Kasperskey A/V tool, Avira Anti-virus, Pest Patrol by CA, AVAST A/V tool, unhackme 4.8, SBS& D, and DAF to see if any policies restriction had taken place. Well everything was except 5 cookies found. So, it looks ok so far, But I'm still concerned about the program wanting direct access to my keyboard.
  10. OK, I checked out one of our Visitors requests at our for an an evaluation of his product. Said he had a new security software company in RU. Flags went off right away, but I checked out the site and downloaded OSAM Auto Manager. Interesting product, upon Installing it things were going well, then Comodo firewall flagged a request for direct access to my Keyboard, ohhh, I din't like that and said " deny access" this is a great example of why Comodo Firewall Pro is an excellent product. the product Install continued , no bad effect from saying "NO access" , then it asked for Direct access to the hard-drive, well many programs need that like disk management and defraggers, but again being cautious I said " Deny Access always in Comodo. it continued on and seemed to install fine. I opened the product up. Normal popups from Comodo 3 more time based on my actions, I expected those to pop up and I said " allow access to the internet to check its database for questionable files it found on my Hard drive. OK then it allowed me to view items in fairly unique way, I have not seen this combination of associating the registry entries to the program in such an easy to read format before. The scans themselves were very fast. I saw some entries which i thought were gone, the crap by Paretologic that I tested previously. So my question is to others, could this Keyboard access thing denied by Comodo be a keylogger? Well my first step was to submit the installer 8.7 mb to Virus Total online scanners. I wouldn't go to all this trouble but this app has very good possibilities and I don't want to dismiss it out of hand. The results are posted here, it back all clean. if anyone wishes to test and provide feedback i would appreciate the assistance. I will scan my entire system now looking for infections of any type, my previous full scans came up 0 before so any change should be related to the app. Wish me luck. I'll let you know how it went. Virus Total: Results: File osam_autorun_manager.msi received on 10.11.2008 21:52:38 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/35 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 37 and 53 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.10.10.1 2008.10.10 - AntiVir 2008.10.11 - Authentium 2008.10.11 - Avast 4.8.1248.0 2008.10.11 - AVG 2008.10.11 - BitDefender 7.2 2008.10.11 - CAT-QuickHeal 9.50 2008.10.11 - ClamAV 0.93.1 2008.10.11 - DrWeb 2008.10.11 - eSafe 2008.10.08 - eTrust-Vet 31.6.6141 2008.10.10 - Ewido 4.0 2008.10.11 - F-Prot 2008.10.11 - Fortinet 2008.10.11 - GData 19 2008.10.11 - Ikarus T3. 2008.10.11 - K7AntiVirus 7.10.491 2008.10.11 - Kaspersky 2008.10.11 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.11 - NOD32 3515 2008.10.11 - Norman 5.80.02 2008.10.10 - Panda 2008.10.11 - PCTools 2008.10.11 - Prevx1 V2 2008.10.11 - Rising 2008.10.10 - SecureWeb-Gateway 6.7.6 2008.10.11 - Sophos 4.34.0 2008.10.11 - Sunbelt 3.1.1715.1 2008.10.11 - Symantec 10 2008.10.11 - TheHacker 2008.10.11 - TrendMicro 8.700.0.1004 2008.10.10 - VBA32 2008.10.10 - ViRobot 2008.10.10.1416 2008.10.10 - VirusBuster 2008.10.11 - Additional information File size: 9299968 bytes MD5...: f3d6426eaa31be98618c21210bbc1054 SHA1..: c246aea1f15bbe65061709c053a31c9db4cb5e9c SHA256: e67ead2b31bbda8153c9765e60d26d9d9e4e7513f97d1279c4e084c7afebad05 SHA512: 9da42d7aa1e4b8e1e77eec32de7b491a1eb06e926390f1d56083204b276ec270 e8d4538251a4695f2fc34bb8827e905fb2eb3ff388a4fc30cf13a102a0c1f95d PEiD..: - TrID..: File type identification Microsoft Windows Installer (92.7%) Windows SDK Setup Transform Script (6.3%) Generic OLE2 / Multistream Compound File (0.8%)
  11. Try to do a system restore first, Press F8 on start, selct safe mode, select " no and go back a week. Then after its done, unistall ZA ,its crap like Tarun said. Run your scans, then install Comodo and watch what it asks you. ok. Hope this helps. Regards Caveman
  12. I agree PC Tools Spyware Doctor slows down your system, is bloatware and ineffective crap. Love this Site. Tell it like it is, if millions are using it , or should we say conned or duped into buying it, as the ads for this crap are everywhere. They must pay big kick-backs to websites that push Spyware Doctor crap.
  13. Hey Tarun, can you please investigate Paretologic, I thing most of there stuff is crap and should be blacklisted.
  14. Note: Update on Rootkit Unhooker from Caveman: Microsoft now owns Rootkit Unhooker and SEye….”As you can guess all our source code and concept were sold to MS. The new secret project of Micosoft is SEye ...
  15. Nothing against Windows Defender, but its a pain in the rear when I try to connect remotely to a Vista computer, it will often block my attempt, yeah I know maybe its supposed to do that, but even after the client tells it to allow or ignore and I'm coming in on port 80 Geez, and it's freezing me out. I'm all for Super-Antispyware free version, I use it 10 times a day on computers. It's rated in my top 5 tools for cleaning up malware and trojans, great engines, always improving the product, d*** nice program. Windows defender is a real time application but to me its just a real pain in the rear.
  16. Quote form Avira, Just to let you know the status, nice product too bad they discontinued it. NOTE: The Avira recovery products "Avira UnErase Personal" and "Avira NTFS4DOS" have been discontinued and are no longer supported by Avira. You may download them for personal use only and Avira accepts no liability.
  17. Caveman

    Comodo BO Clean

    Hi all, The scoop on Bo-clean: I used it for 3 years before it was bought by Komodo, Bo-clean was originally used by many universities to stop trojans spread on the networks, then it became open to everyone, at some point a major over-haul was needed as the scaning engines were not picking of the new types of threats, the company updated the program, but you would have to use the Programs " conflict utility" to stop freezes and conflicts with other software upon boot up, this wasn't big deal. Then Komodo bought it and released it for free, I was surprised it was free, I downloaded it and used it for 2 months, I really never saw it stop many threats on my clients computers, so either the scanners were not effective or everybody unplugged their comps, and you know that did not happen, the scanners were outwitted by the new type of Trojans. I removed it from my arsenal of apps. Hope this helps.
  18. Hi, its the Caveman here: A little info on Spy Counter: I believe it started as Cybermedia Cleaner, then Microsoft bought the good app, turned it into crap with Microsoft anti-spyware, then some other company bought the engines, revamped it and called it Spy Counter. OK now for testing results, I read all the media hype and so-called editors picks and top scoring of this product. I tested it ver. 2.5, updated for free to vers. 3. standard and Vipre is all hype, used it on many computers. It found the odd trojan and malware issues but really super-antispyware and malwarebytes found all the same entries and removed them, the scanner was actually slow for me. My suggestion: Don't buy, I stopped using it in my arsenal. I need apps that work fast and remove clean. No time to mess around wiating for long scans to finish and find 2 entries while standard cleaners find hundreds of legit issues.
  19. Hi its the Wisard here: Most common cause would be if by mistake, you used an OEM XP Pro CD, and not not a Media Centre Edition 2005,2006 ect . type CD, that was originally installed on the Problem child Machine, thats my best guess, that would explain you losing Media centre amd becuase of the repair over top, media player 11 would default back to 9 or 10 version, , just download it again from updates. If you did a proper repair of a off a good Media Centre CD everything should have been fie, check the CD you used and determine that please and post back for further instructions. Dial- A Fix can fix your update problems but not the Media Centre issue.
  20. Hi all, Caveman here, easiest way to solve this fellas issue is to direct him into the bios and reset bios to defualt settings which should put voltage settings back to normal setting for his board and processor, it that doesn't work, then its probably failing. Also blow out the Fan and Heatsink to correct over-heating. It may be too late though. Worth a shot.
  21. DAF would not cause that problem it simply reverts XP settings back to normal. If over a short period of time you lose a lot of space , then look for a utility that came pre-loaded on your system that makes image backups in a hidden directory, I know some toshiba's do that and also leveno's. there is a special key to hit to access the area and stop the backup imaging and recover your lost space. Google: Leveno or Toshiba if that is your laptop brand with the words, hidden backups. Regards Caveman
  22. I agree with Tarun, 'A-squared" is like :"Trojan Remover" all talk, no action and has been around for quite some time, used it many years ago and it was not effective then and the latest re-incarnation is not useful at all to me personally.
  23. HI everyone,I just joined , I do remote computer service everyday all over the world, my first suggestion for the serious tech is Unhackme" 4.8 version, make sure you realize it shows some good entries in its scan results upon booting up, use the " ask others" button for a rating of good or bad before you remove it if your not sure.
  24. Hi everyone, I've been reading everything here and its pretty accurate stuff, I'll make some suggestions soon to help improve this great site information. I troubleshoot and fix computer problems every day 12 hours a day, sometimes more if my wife doesn't catch me at my computer. I support client all over the world remotely. I have a love / hate relationship with Malware and Viruses and other Nasty's out there inthe wild, as I make a good living off other peoples problems fixing the issues. But I'll retire soon to my private little Island if the Phillippines soon, so I'll share my experience and knowledge here so others can help and maybe make some bucks too, hehe!!! If there are any single guys out there who like beautiful women, let me know: <y wife has 20 cousins waiting, haha. Anyway my first recommendation for essential malware/ rootkit removal tool is "Unhackme" 4.8 version. Careful don't rush out there and start using it until you understand that it shows good stuff and bad entries so read the info itis telling you before you kill it. Its a lifesafer.
  • Create New...