1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

Discussion in 'Windows XP' started by Graham, Jan 17, 2010.

  1. Graham

    Graham Flightless Bird

    Ive run the Microsoft One Care Scan . its reporting 3 issues it
    'cannot' fix

    Browser modifier win32/BaiduSobar

    trojanDownloader Win32/QQHelper.KA

    these 2 are showing a path to a received file
    ha_winvideocapture_jy.exe

    (which I can see in the rx file file list )

    Program Win32/ PigSerch is also found

    As far as I know , the exe file has not been run (by
    me) ..looking on the web seems there is no simple way to remove
    these from the pc ?

    AVG dose not report the file or the pigserch ...

    Q whats the best path to take .. I have deleted the file and
    emptyed the rec/bin .. but is that enough , and what to do about
    the pigserch ?

    tnx - G ..
     
  2. Graham

    Graham Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    On Jan 17, 8:04 pm, Graham <g0...@hotmail.com> wrote:
    > Ive run the  Microsoft One Care  Scan . its  reporting 3  issues it
    > 'cannot'  fix
    >
    > Browser modifier   win32/BaiduSobar
    >
    > trojanDownloader Win32/QQHelper.KA
    >
    > these 2 are  showing a  path to  a  received file
    > ha_winvideocapture_jy.exe
    >
    > (which I can see in the rx file file  list )
    >
    > Program  Win32/ PigSerch is also  found
    >
    > As  far as I know  , the exe file  has not  been  run (by
    > me) ..looking  on the  web seems there  is no  simple  way to  remove
    > these from the  pc ?
    >
    > AVG  dose  not  report the  file or the  pigserch ...
    >
    > Q  whats the  best  path  to  take .. I have  deleted the  file  and
    > emptyed  the  rec/bin .. but  is that enough , and what to  do about
    > the  pigserch  ?
    >
    > tnx - G ..



    Is this tool ok ?

    http://www.securitystronghold.com/gates/pigsearch.html#Technical
     
  3. DL

    DL Flightless Bird

    http://www.symantec.com/security_response/writeup.jsp?docid=2005-101816-5730-99&tabid=3

    many other google hits
    http://www.malwarebytes.org/


    "Graham" <g0nbd@hotmail.com> wrote in message
    news:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegroups.com...
    > Ive run the Microsoft One Care Scan . its reporting 3 issues it
    > 'cannot' fix
    >
    > Browser modifier win32/BaiduSobar
    >
    > trojanDownloader Win32/QQHelper.KA
    >
    > these 2 are showing a path to a received file
    > ha_winvideocapture_jy.exe
    >
    > (which I can see in the rx file file list )
    >
    > Program Win32/ PigSerch is also found
    >
    > As far as I know , the exe file has not been run (by
    > me) ..looking on the web seems there is no simple way to remove
    > these from the pc ?
    >
    > AVG dose not report the file or the pigserch ...
    >
    > Q whats the best path to take .. I have deleted the file and
    > emptyed the rec/bin .. but is that enough , and what to do about
    > the pigserch ?
    >
    > tnx - G ..
    >
     
  4. thanatoid

    thanatoid Flightless Bird

    Graham <g0nbd@hotmail.com> wrote in
    news:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
    oups.com:

    <SNIP>

    > Q whats the best path to take .. I have deleted the
    > file and emptyed the rec/bin .. but is that enough ,
    > and what to do about the pigserch ?


    The best path to take is to delete ALL MS "security" software
    (this MAY mean having to reinstall the entire OS, no personal
    experience, see below) and get a decent AV and a few good anti-
    malware programs.

    False positives are rampant these days and while I have never
    (and will never) use ANY MS software except for the OS (I have
    learned computing on MS OS's starting in the early 1990's and I
    am not about to start from scratch - although I am intrigued by
    recent Linux developments), I wouldn't be surprised if MS led
    the pack - ignoring its own spyware, of course.

    --
    There are only two classifications of disk drives: Broken drives
    and those that will break later.
    - Chuck Armstrong (This one I think, http://www.cleanreg.com/,
    not the ball player. But who knows. I can't remember where I got
    the quote. But it's true.)
     
  5. Graham

    Graham Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    On Jan 17, 8:35 pm, thanatoid <wait...@the.exit.invalid> wrote:
    > Graham <g0...@hotmail.com> wrote innews:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
    > oups.com:
    >
    > <SNIP>
    >
    > > Q  whats the  best  path  to  take .. I have  deleted the
    > > file  and emptyed  the  rec/bin .. but  is that enough ,
    > > and what to  do about the  pigserch  ?

    >
    > The best path to take is to delete ALL MS "security" software
    > (this MAY mean having to reinstall the entire OS, no personal
    > experience, see below) and get a decent AV and a few good anti-
    > malware programs.
    >
    > False positives are rampant these days and while I have never
    > (and will never) use ANY MS software except for the OS (I have
    > learned computing on MS OS's starting in the early 1990's and I
    > am not about to start from scratch - although I am intrigued by
    > recent Linux developments), I wouldn't be surprised if MS led
    > the pack - ignoring its own spyware, of course.
    >
    > --
    > There are only two classifications of disk drives: Broken drives
    > and those that will break later.
    >  - Chuck Armstrong (This one I think,http://www.cleanreg.com/,
    > not the ball player. But who knows. I can't remember where I got
    > the quote. But it's true.)


    Ok ... but the exe file was in the rec'd list .. and i cannot
    see any odd software in the add/remove
    software listing ...... can only assume the pig removal too is
    a valid item .. and not a spoof link as well ?

    G ..
     
  6. DL

    DL Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    You dont need any tool to remove the infection, I allready posted a link to
    manual removal, and to a malaware scanning app

    "Graham" <g0nbd@hotmail.com> wrote in message
    news:1ce3dee8-9de1-41f0-810d-efacaa0bdf0e@a32g2000yqm.googlegroups.com...
    On Jan 17, 8:35 pm, thanatoid <wait...@the.exit.invalid> wrote:
    > Graham <g0...@hotmail.com> wrote
    > innews:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
    > oups.com:
    >
    > <SNIP>
    >
    > > Q whats the best path to take .. I have deleted the
    > > file and emptyed the rec/bin .. but is that enough ,
    > > and what to do about the pigserch ?

    >
    > The best path to take is to delete ALL MS "security" software
    > (this MAY mean having to reinstall the entire OS, no personal
    > experience, see below) and get a decent AV and a few good anti-
    > malware programs.
    >
    > False positives are rampant these days and while I have never
    > (and will never) use ANY MS software except for the OS (I have
    > learned computing on MS OS's starting in the early 1990's and I
    > am not about to start from scratch - although I am intrigued by
    > recent Linux developments), I wouldn't be surprised if MS led
    > the pack - ignoring its own spyware, of course.
    >
    > --
    > There are only two classifications of disk drives: Broken drives
    > and those that will break later.
    > - Chuck Armstrong (This one I think,http://www.cleanreg.com/,
    > not the ball player. But who knows. I can't remember where I got
    > the quote. But it's true.)


    Ok ... but the exe file was in the rec'd list .. and i cannot
    see any odd software in the add/remove
    software listing ...... can only assume the pig removal too is
    a valid item .. and not a spoof link as well ?

    G ..
     
  7. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    NB: If you had no anti-virus application installed or the subscription had
    expired *when the machine first got infected* and/or your subscription has
    since expired and/or the machine's not been kept fully-patched at Windows
    Update, don't waste your time with any of the below: Format & reinstall
    Windows. A Repair Install will NOT help!

    Microsoft PCSafety provides home users (only) with no-charge support in
    dealing with malware infections such as viruses, spyware (including unwanted
    software), and adware.
    https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

    Also available via...

    Consumer Security Support home page
    https://consumersecuritysupport.microsoft.com/

    Otherwise...

    1. See if you can download/run the MSRT manually:
    http://www.microsoft.com/security/malwareremove/default.mspx

    NB: Run the FULL scan, not the QUICK scan! You may need to download the
    MSRT on a non-infected machine, then transfer MRT.EXE to the infected
    machine and rename it to SCAN.EXE before running it.

    2. Now run a thorough check for hijackware, including posting requested logs
    in an appropriate forum, not here.

    Checking for/Help with Hijackware:
    .. http://mvps.org/winhelp2002/unwanted.htm
    .. http://inetexplorer.mvps.org/tshoot.html
    .. http://www.mvps.org/sramesh2k/Malware_Defence.htm
    .. http://www.elephantboycomputers.com/page2.html#Removing_Malware

    **Chances are you will need to seek expert assistance in
    http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
    http://www.spywarewarrior.com/viewforum.php?f=5,
    http://www.dslreports.com/forum/cleanup,
    http://www.bluetack.co.uk/forums/index.php,
    http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

    If these procedures look too complex - and there is no shame in admitting
    this isn't your cup of tea - take the machine to a local, reputable and
    independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002
    www.banthecheck.com


    Graham wrote:
    > Ive run the Microsoft One Care Scan . its reporting 3 issues it
    > 'cannot' fix
    >
    > Browser modifier win32/BaiduSobar
    >
    > trojanDownloader Win32/QQHelper.KA
    >
    > these 2 are showing a path to a received file
    > ha_winvideocapture_jy.exe
    >
    > (which I can see in the rx file file list )
    >
    > Program Win32/ PigSerch is also found
    >
    > As far as I know , the exe file has not been run (by
    > me) ..looking on the web seems there is no simple way to remove
    > these from the pc ?
    >
    > AVG dose not report the file or the pigserch ...
    >
    > Q whats the best path to take .. I have deleted the file and
    > emptyed the rec/bin .. but is that enough , and what to do about
    > the pigserch ?
    >
    > tnx - G ..
     
  8. Twayne

    Twayne Flightless Bird

    In news:Xns9D0394B08B859thanexit@188.40.43.245,
    thanatoid <waiting@the.exit.invalid> typed:
    > Graham <g0nbd@hotmail.com> wrote in
    > news:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
    > oups.com:
    >
    > <SNIP>
    >
    >> Q whats the best path to take .. I have deleted the
    >> file and emptyed the rec/bin .. but is that enough ,
    >> and what to do about the pigserch ?

    >
    > The best path to take is to delete ALL MS "security" software
    > (this MAY mean having to reinstall the entire OS, no personal
    > experience, see below) and get a decent AV and a few good anti-
    > malware programs.


    Do not give advice on things where you have "no personal experience" because
    it'll always be wrong, as you are here. Having to reinstall is ludicrous.
    "decent AV and a few good anti-malware programs" is almost meaningless.
    If you want to use poor terminology, then give some examples of what you
    mean. You meant Anti-virus and Spyware detectors, and that would have at
    least allowed nearly anyone reading this to Google for more information.
    While I admit MS is really bad at AV and malware detection, it's better to
    be clear and concise whenever possible.

    >
    > False positives are rampant these days and while I have never


    Actually, that's something I've never heard alleged. If one is encountering
    many false positives then they need to either think about the apps they're
    using and possibly tightening up their surfing methodologies. IME it's
    unusual to get many false positives if any at all. I would expect such a
    situation to be demographically or geographically centered.

    HTH,

    Twayne




    > (and will never) use ANY MS software except for the OS (I have
    > learned computing on MS OS's starting in the early 1990's and I
    > am not about to start from scratch - although I am intrigued by
    > recent Linux developments), I wouldn't be surprised if MS led
    > the pack - ignoring its own spyware, of course.
     
  9. Twayne

    Twayne Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    In news:1ce3dee8-9de1-41f0-810d-efacaa0bdf0e@a32g2000yqm.googlegroups.com,
    Graham <g0nbd@hotmail.com> typed:
    > On Jan 17, 8:35 pm, thanatoid <wait...@the.exit.invalid> wrote:
    >> Graham <g0...@hotmail.com> wrote
    >> innews:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
    >> oups.com:
    >>
    >> <SNIP>
    >>
    >>> Q whats the best path to take .. I have deleted the
    >>> file and emptyed the rec/bin .. but is that enough ,
    >>> and what to do about the pigserch ?

    >>
    >> The best path to take is to delete ALL MS "security" software
    >> (this MAY mean having to reinstall the entire OS, no personal
    >> experience, see below) and get a decent AV and a few good anti-
    >> malware programs.
    >>
    >> False positives are rampant these days and while I have never
    >> (and will never) use ANY MS software except for the OS (I have
    >> learned computing on MS OS's starting in the early 1990's and I
    >> am not about to start from scratch - although I am intrigued by
    >> recent Linux developments), I wouldn't be surprised if MS led
    >> the pack - ignoring its own spyware, of course.
    >>
    >> --
    >> There are only two classifications of disk drives: Broken drives
    >> and those that will break later.
    >> - Chuck Armstrong (This one I think,http://www.cleanreg.com/,
    >> not the ball player. But who knows. I can't remember where I got
    >> the quote. But it's true.)

    >
    > Ok ... but the exe file was in the rec'd list .. and i cannot
    > see any odd software in the add/remove
    > software listing ...... can only assume the pig removal too is
    > a valid item .. and not a spoof link as well ?
    >
    > G ..


    The best way to tell, if it's really important to you, is to look for the
    "virus" and see what it involves at some reliable source that keeps track of
    such data. Usually I start at Norton.com for that kind of thing. If nothing
    there, then Google always turns something up. So far anyway.

    HTH,

    Twayne
     
  10. thanatoid

    thanatoid Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    Graham <g0nbd@hotmail.com> wrote in
    news:1ce3dee8-9de1-41f0-810d-efacaa0bdf0e@a32g2000yqm.googlegr
    oups.com:

    <SNIP>

    > Ok ... but the exe file was in the rec'd list .. and
    > i cannot see any odd software in the add/remove
    > software listing ...... can only assume the pig removal
    > too is a valid item .. and not a spoof link as well ?


    The summary of my post is: "onecare" will certainly do SOMEthing
    for your security etc. But it is not to be trusted, as are none
    of MS "security" apps.

    This is why I am not going to bother entering the guessing game
    of the details of what MS software has told you. You can Google
    for that malware. There are hundreds of sites that deal with
    that - some are trustworthy, some just try to scare you into
    buying their crap.

    If you don't want to reformat and reinstall - which would also
    get rid of whatever problems you may or may not be having -
    install Spybot Search and Destroy and Malwarebytes' Anti-Malware
    and see what they say. Both free, as all software should be, for
    home use anyway.


    --
    There are only two classifications of disk drives: Broken drives
    and those that will break later.
    - Chuck Armstrong (This one I think, http://www.cleanreg.com/,
    not the ball player. But who knows. I can't remember where I got
    the quote. But it's true.)
     
  11. thanatoid

    thanatoid Flightless Bird

    "Twayne" <nobody@spamcop.net> wrote in
    news:uv7f56#lKHA.3792@TK2MSFTNGP02.phx.gbl:

    <SNIP>

    > HTH,


    It didn't.


    --
    There are only two classifications of disk drives: Broken drives
    and those that will break later.
    - Chuck Armstrong (This one I think, http://www.cleanreg.com/,
    not the ball player. But who knows. I can't remember where I got
    the quote. But it's true.)
     
  12. Jose

    Jose Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    On Jan 17, 3:04 pm, Graham <g0...@hotmail.com> wrote:
    > Ive run the  Microsoft One Care  Scan . its  reporting 3  issues it
    > 'cannot'  fix
    >
    > Browser modifier   win32/BaiduSobar
    >
    > trojanDownloader Win32/QQHelper.KA
    >
    > these 2 are  showing a  path to  a  received file
    > ha_winvideocapture_jy.exe
    >
    > (which I can see in the rx file file  list )
    >
    > Program  Win32/ PigSerch is also  found
    >
    > As  far as I know  , the exe file  has not  been  run (by
    > me) ..looking  on the  web seems there  is no  simple  way to  remove
    > these from the  pc ?
    >
    > AVG  dose  not  report the  file or the  pigserch ...
    >
    > Q  whats the  best  path  to  take .. I have  deleted the  file  and
    > emptyed  the  rec/bin .. but  is that enough , and what to  do about
    > the  pigserch  ?
    >
    > tnx - G ..


    MS is not in the malicious software detection and removal business.

    Here are some folks that are:

    Download, install, update and do a full scan with these free malware
    detection programs, then troubleshoot any remaining issues:

    Malwarebytes (MBAM): http://malwarebytes.org/
    SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

    They can be uninstalled later if desired.
     
  13. Graham

    Graham Flightless Bird

    Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

    On Jan 18, 1:02 pm, Jose <jose_e...@yahoo.com> wrote:
    > On Jan 17, 3:04 pm, Graham <g0...@hotmail.com> wrote:
    >
    >
    >
    >
    >
    > > Ive run the  Microsoft One Care  Scan . its  reporting 3  issues it
    > > 'cannot'  fix

    >
    > > Browser modifier   win32/BaiduSobar

    >
    > > trojanDownloader Win32/QQHelper.KA

    >
    > > these 2 are  showing a  path to  a  received file
    > > ha_winvideocapture_jy.exe

    >
    > > (which I can see in the rx file file  list )

    >
    > > Program  Win32/ PigSerch is also  found

    >
    > > As  far as I know  , the exe file  has not  been  run (by
    > > me) ..looking  on the  web seems there  is no  simple  way to remove
    > > these from the  pc ?

    >
    > > AVG  dose  not  report the  file or the  pigserch ...

    >
    > > Q  whats the  best  path  to  take .. I have  deleted the  file  and
    > > emptyed  the  rec/bin .. but  is that enough , and what to  do about
    > > the  pigserch  ?

    >
    > > tnx - G ..

    >
    > MS is not in the malicious software detection and removal business.
    >
    > Here are some folks that are:
    >
    > Download, install, update and do a full scan with these free malware
    > detection programs, then troubleshoot any remaining issues:
    >
    > Malwarebytes (MBAM):  http://malwarebytes.org/
    > SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/
    >
    > They can be uninstalled later if desired.- Hide quoted text -
    >
    > - Show quoted text -


    OK Thanks for the advice and the links ...pc looks to be running
    a lot faster now

    I ran the trend micro dos removal tool yesterday , that reported
    a odd three letter name , to day I ran the super anti
    tool that found 3 infectios which it removed , the 'what is
    running on you pc' is not showing any unsafe apps or dlls ..
    it did show 'kontiki' which may of been installed by the bbc
    iplayer . i have removed this .. assume that is a good
    idea ..looking at the web comments on it ..

    I will re run the microsoft onecare scan , and see if it detects
    anything ..

    Avg did not show up any of the problems which I find odd ,
    unless the free vesrion is limited ? the system is fully
    up to date running sp3 and ie8

    Tnx - G ..

    I
     

Share This Page