|
Posted by Irwin Greenwald on February 2, 2007, 9:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
> | About once or twice a month my Sygate firewall asks if it is OK for
> | kernel service ntoskml.exe to access the internet via port 80 to connect
> | to an IP address that resolves to somewhere in the Czeck republic. I
> | suspect that I have some kind of virus or Trojan sitting aound in my
> | machine but checks using AdAware, Spybot, AVG virus scanner and Spyware
> | Doctor have found nothing of consequence.
> |
> | Anyone have any ideas?
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
>
> You can choose to go to each menu item and just download the needed files or
you can
> download the files and perform a scan in Normal Mode. Once you have downloaded
the files
> needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to
run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
Thanks for your reply. I am running the Sophos test now. I failed to
mention that AVG reported that the following had been changed:
Partition Table (MBR)
In C:\Windows\System32:
kernel32.dll
shell32.dll
ntoskrnl.exe
I don't know how AVG detects changes, so I don't know how to interpret
tese messages; however, I find the one about the Partition Table
particularly disturbing. will report back on test results when I
complete the tests.
BTW is snipping approved or disapproved in this newsgroup?
Irwin
| 
XML site map