Home > General > Wormradar.com?

Wormradar.com?

Do any of you know what this BHO does, and should we leave it installed?Mark..AFAIK it's related to AVG's LinkScanner. I prefer to mention it for you not to loose your time waiting me to answer.Be sure I really-really appreciate your help. It was late here. Edited 1 times.

Please re-enable javascript to access full functionality. That's great information on AVG 8's BHO, and I can see now it is LinkScanner, and where it came from.I agree with Bob, and I like the way he describes the I ran hijack this and found a wormradar file and a few others i feel are suspect. If this has already been discussed please slap me round the head and send me on my way, I was reading a thread in the XP forum today;http://forums.cnet.com/5208-6142_102-0.html?forumID=5&threadID=299031&messageID=2798706#2798706Explorer.exe would not open. read the full info here

Rosie WinXP Pro sp3 \ Firefox, Panda, MBAM, SAS, SpywareBlaster Back to top #8 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:27 PM Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? tbird390, Jul 24, 2010 #7 dvk01 Derek Moderator Malware Specialist Joined: Dec 14, 2002 Messages: 50,434 that looks clean so if you are still getting problems & diverts etc then Delete

Download RSIT (random's system information tool) from here to your desktop. You can break logs into parts and use separate posts here when replying and posting the log files, if needed. Share this post Link to post Share on other sites Tag_    New Member Topic Starter Members 22 posts ID: 19   Posted October 5, 2010 Rootkit.TDSS found + cure + However, have you ran malwarebytes yet?

Would it make sense to System Restore to before the first attempt at installing AVG 8 Free then un-install AVG 7.5 free before again downloading a fresh copy of AVG 8 Right or wrong I remove them all so I get a clear picture if it's the usual BHO issue or something else. We will most likely have to reset IE's settings. https://forums.malwarebytes.com/topic/64173-bho-wormradarcom-iesiteblockernavfilter/ Thank you for helping us maintain CNET's great community.

Turn off any router or hub that your computer may be plugged into. 3. If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion BHO - is AVG uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\aorxy5k1.default\ FF - plugin: c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ----

Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. If you're not already familiar with forums, watch our Welcome Guide to get started. scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) Thank you ktbaird, Dec 14, 2011 #5 johnb35 Administrator Staff Member Messages: 38,125 Open internet explorer, goto tools, manage addons, and click on search providers on the left.

But not systematically. I have uninstalled Ashampoo Firewall and switched MS Firewall on and AVG updates without any problem. When the scan is complete, click OK, then Show Results to view the results. Problem persists March 31, 2009 16:46 Re: Update fails #3 Top kateline Novice Join Date: 31.3.2009 Posts: 31 You didn't provide us all the information that we

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. MWB cleaned them OK.1st running of HJT => I found "BHO: WormRadar.com IESiteBlocker.NavFilter" entry and cleaned it. johnb35, Dec 14, 2011 #6 (You must log in or sign up to reply here.) Show Ignored Content Share This Page Tweet Your name or email address: Do you already have We'll have a look at them here and run a couple of scans.Let's continue with the following steps.Step 1.Filescan:Using Internet Explorer please go to VirSCAN.org FREE on-line scan service Copy and

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. That is RKU should have been run only after GMER had finished and the log was incomplete.Never run two tools /Antivirus-softwares or firewall at the same time, they will most likely Uncheck the rest.

Wait for a couple of minutes. 7.

Microsoft recommends you analyze the software that made these changes for potential risks. If cured we can always add what helpers we want again.-> Let me put it another way. The log can also be found at C:\rsit\log.txt. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\god\AppData\Local\ema.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

same type of freezeing issue tbird390, Jul 24, 2010 #13 dvk01 Derek Moderator Malware Specialist Joined: Dec 14, 2002 Messages: 50,434 that sounds like an antivirus or something checking pages Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List The firewall warns me that I'm then not protected until I restart. or may not help..Carol Flag Permalink This was helpful (0) Collapse - Correction :( by Carol~ Forum moderator / June 25, 2008 7:13 AM PDT In reply to: Re: BHO -

I see it says IESiteBlocker, but I thought IE 7 already had a good site blocker.Many thanks in advance.Mark Discussion is locked Flag Permalink You are posting a reply to: BHO Now, 2 "infected elements" + I clic "remove").And now I start OTS.exe and will post the results.ark.txtmbam_log_2010_10_05__19_31_26_.txt Share this post Link to post Share on other sites Tag_    New Member O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs BHO: WormRadar.com IESiteBlocker.NavFilter Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services,

Short URL to this thread: https://techguy.org/937194 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? The problem was that from times to times it redirect to random pages and was hanging on google-analytics... Please copy and paste the contents of that file here.Step 2.ComboFix:Download ComboFix from one of these locations:Link 2Link 3* IMPORTANT !!! If so, follow the preparation guide here: http://www.bleepingcomputer.com/forums/topic34773.html Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #3 TulsaRose TulsaRose Topic Starter Members 366 posts OFFLINE Gender:Female

Proffitt Forum moderator / June 25, 2008 7:17 AM PDT In reply to: BHO - is AVG 8 using them? but I am having a hard time knowing why such a program is on my computer.Was found in Hyjack This.O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllThank you, QuiMThere the webrowsers still acting funny. Double-click mbam-setup.exe and follow the prompts to install the program.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) R3 - URLSearchHook: (no name) - {f864ba3f-9878-458a-ba2b-dad32bcbc472} - C:\Program Files\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (file missing) O2 - BHO: Let me know if you are having any issues with your system. atapi.sys driver seems strange too. It looks as you've had avast installed on this computer at some time as well.

This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. I have to use the arrow keys to move between the profiles then use enter key to have it start log in. One day something push my old drive letters one letter away. You may need to right click on it and select "Save"Double click inside the Custom Scan box at the bottomA window will appear saying "Click Ok to load a custom scan