• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

G

Graham

Flightless Bird
Ive run the Microsoft One Care Scan . its reporting 3 issues it
'cannot' fix

Browser modifier win32/BaiduSobar

trojanDownloader Win32/QQHelper.KA

these 2 are showing a path to a received file
ha_winvideocapture_jy.exe

(which I can see in the rx file file list )

Program Win32/ PigSerch is also found

As far as I know , the exe file has not been run (by
me) ..looking on the web seems there is no simple way to remove
these from the pc ?

AVG dose not report the file or the pigserch ...

Q whats the best path to take .. I have deleted the file and
emptyed the rec/bin .. but is that enough , and what to do about
the pigserch ?

tnx - G ..
 
G

Graham

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

On Jan 17, 8:04 pm, Graham <g0...@hotmail.com> wrote:
> Ive run the  Microsoft One Care  Scan . its  reporting 3  issues it
> 'cannot'  fix
>
> Browser modifier   win32/BaiduSobar
>
> trojanDownloader Win32/QQHelper.KA
>
> these 2 are  showing a  path to  a  received file
> ha_winvideocapture_jy.exe
>
> (which I can see in the rx file file  list )
>
> Program  Win32/ PigSerch is also  found
>
> As  far as I know  , the exe file  has not  been  run (by
> me) ..looking  on the  web seems there  is no  simple  way to  remove
> these from the  pc ?
>
> AVG  dose  not  report the  file or the  pigserch ...
>
> Q  whats the  best  path  to  take .. I have  deleted the  file  and
> emptyed  the  rec/bin .. but  is that enough , and what to  do about
> the  pigserch  ?
>
> tnx - G ..



Is this tool ok ?

http://www.securitystronghold.com/gates/pigsearch.html#Technical
 
D

DL

Flightless Bird
http://www.symantec.com/security_response/writeup.jsp?docid=2005-101816-5730-99&tabid=3

many other google hits
http://www.malwarebytes.org/


"Graham" <g0nbd@hotmail.com> wrote in message
news:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegroups.com...
> Ive run the Microsoft One Care Scan . its reporting 3 issues it
> 'cannot' fix
>
> Browser modifier win32/BaiduSobar
>
> trojanDownloader Win32/QQHelper.KA
>
> these 2 are showing a path to a received file
> ha_winvideocapture_jy.exe
>
> (which I can see in the rx file file list )
>
> Program Win32/ PigSerch is also found
>
> As far as I know , the exe file has not been run (by
> me) ..looking on the web seems there is no simple way to remove
> these from the pc ?
>
> AVG dose not report the file or the pigserch ...
>
> Q whats the best path to take .. I have deleted the file and
> emptyed the rec/bin .. but is that enough , and what to do about
> the pigserch ?
>
> tnx - G ..
>
 
T

thanatoid

Flightless Bird
Graham <g0nbd@hotmail.com> wrote in
news:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
oups.com:

<SNIP>

> Q whats the best path to take .. I have deleted the
> file and emptyed the rec/bin .. but is that enough ,
> and what to do about the pigserch ?


The best path to take is to delete ALL MS "security" software
(this MAY mean having to reinstall the entire OS, no personal
experience, see below) and get a decent AV and a few good anti-
malware programs.

False positives are rampant these days and while I have never
(and will never) use ANY MS software except for the OS (I have
learned computing on MS OS's starting in the early 1990's and I
am not about to start from scratch - although I am intrigued by
recent Linux developments), I wouldn't be surprised if MS led
the pack - ignoring its own spyware, of course.

--
There are only two classifications of disk drives: Broken drives
and those that will break later.
- Chuck Armstrong (This one I think, http://www.cleanreg.com/,
not the ball player. But who knows. I can't remember where I got
the quote. But it's true.)
 
G

Graham

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

On Jan 17, 8:35 pm, thanatoid <wait...@the.exit.invalid> wrote:
> Graham <g0...@hotmail.com> wrote innews:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
> oups.com:
>
> <SNIP>
>
> > Q  whats the  best  path  to  take .. I have  deleted the
> > file  and emptyed  the  rec/bin .. but  is that enough ,
> > and what to  do about the  pigserch  ?

>
> The best path to take is to delete ALL MS "security" software
> (this MAY mean having to reinstall the entire OS, no personal
> experience, see below) and get a decent AV and a few good anti-
> malware programs.
>
> False positives are rampant these days and while I have never
> (and will never) use ANY MS software except for the OS (I have
> learned computing on MS OS's starting in the early 1990's and I
> am not about to start from scratch - although I am intrigued by
> recent Linux developments), I wouldn't be surprised if MS led
> the pack - ignoring its own spyware, of course.
>
> --
> There are only two classifications of disk drives: Broken drives
> and those that will break later.
>  - Chuck Armstrong (This one I think,http://www.cleanreg.com/,
> not the ball player. But who knows. I can't remember where I got
> the quote. But it's true.)


Ok ... but the exe file was in the rec'd list .. and i cannot
see any odd software in the add/remove
software listing ...... can only assume the pig removal too is
a valid item .. and not a spoof link as well ?

G ..
 
D

DL

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

You dont need any tool to remove the infection, I allready posted a link to
manual removal, and to a malaware scanning app

"Graham" <g0nbd@hotmail.com> wrote in message
news:1ce3dee8-9de1-41f0-810d-efacaa0bdf0e@a32g2000yqm.googlegroups.com...
On Jan 17, 8:35 pm, thanatoid <wait...@the.exit.invalid> wrote:
> Graham <g0...@hotmail.com> wrote
> innews:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
> oups.com:
>
> <SNIP>
>
> > Q whats the best path to take .. I have deleted the
> > file and emptyed the rec/bin .. but is that enough ,
> > and what to do about the pigserch ?

>
> The best path to take is to delete ALL MS "security" software
> (this MAY mean having to reinstall the entire OS, no personal
> experience, see below) and get a decent AV and a few good anti-
> malware programs.
>
> False positives are rampant these days and while I have never
> (and will never) use ANY MS software except for the OS (I have
> learned computing on MS OS's starting in the early 1990's and I
> am not about to start from scratch - although I am intrigued by
> recent Linux developments), I wouldn't be surprised if MS led
> the pack - ignoring its own spyware, of course.
>
> --
> There are only two classifications of disk drives: Broken drives
> and those that will break later.
> - Chuck Armstrong (This one I think,http://www.cleanreg.com/,
> not the ball player. But who knows. I can't remember where I got
> the quote. But it's true.)


Ok ... but the exe file was in the rec'd list .. and i cannot
see any odd software in the add/remove
software listing ...... can only assume the pig removal too is
a valid item .. and not a spoof link as well ?

G ..
 
P

PA Bear [MS MVP]

Flightless Bird
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via...

Consumer Security Support home page
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
.. http://mvps.org/winhelp2002/unwanted.htm
.. http://inetexplorer.mvps.org/tshoot.html
.. http://www.mvps.org/sramesh2k/Malware_Defence.htm
.. http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com


Graham wrote:
> Ive run the Microsoft One Care Scan . its reporting 3 issues it
> 'cannot' fix
>
> Browser modifier win32/BaiduSobar
>
> trojanDownloader Win32/QQHelper.KA
>
> these 2 are showing a path to a received file
> ha_winvideocapture_jy.exe
>
> (which I can see in the rx file file list )
>
> Program Win32/ PigSerch is also found
>
> As far as I know , the exe file has not been run (by
> me) ..looking on the web seems there is no simple way to remove
> these from the pc ?
>
> AVG dose not report the file or the pigserch ...
>
> Q whats the best path to take .. I have deleted the file and
> emptyed the rec/bin .. but is that enough , and what to do about
> the pigserch ?
>
> tnx - G ..
 
T

Twayne

Flightless Bird
In news:Xns9D0394B08B859thanexit@188.40.43.245,
thanatoid <waiting@the.exit.invalid> typed:
> Graham <g0nbd@hotmail.com> wrote in
> news:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
> oups.com:
>
> <SNIP>
>
>> Q whats the best path to take .. I have deleted the
>> file and emptyed the rec/bin .. but is that enough ,
>> and what to do about the pigserch ?

>
> The best path to take is to delete ALL MS "security" software
> (this MAY mean having to reinstall the entire OS, no personal
> experience, see below) and get a decent AV and a few good anti-
> malware programs.


Do not give advice on things where you have "no personal experience" because
it'll always be wrong, as you are here. Having to reinstall is ludicrous.
"decent AV and a few good anti-malware programs" is almost meaningless.
If you want to use poor terminology, then give some examples of what you
mean. You meant Anti-virus and Spyware detectors, and that would have at
least allowed nearly anyone reading this to Google for more information.
While I admit MS is really bad at AV and malware detection, it's better to
be clear and concise whenever possible.

>
> False positives are rampant these days and while I have never


Actually, that's something I've never heard alleged. If one is encountering
many false positives then they need to either think about the apps they're
using and possibly tightening up their surfing methodologies. IME it's
unusual to get many false positives if any at all. I would expect such a
situation to be demographically or geographically centered.

HTH,

Twayne




> (and will never) use ANY MS software except for the OS (I have
> learned computing on MS OS's starting in the early 1990's and I
> am not about to start from scratch - although I am intrigued by
> recent Linux developments), I wouldn't be surprised if MS led
> the pack - ignoring its own spyware, of course.
 
T

Twayne

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

In news:1ce3dee8-9de1-41f0-810d-efacaa0bdf0e@a32g2000yqm.googlegroups.com,
Graham <g0nbd@hotmail.com> typed:
> On Jan 17, 8:35 pm, thanatoid <wait...@the.exit.invalid> wrote:
>> Graham <g0...@hotmail.com> wrote
>> innews:af9dc8ac-4a59-49a4-92dd-06cd281d85c2@u41g2000yqe.googlegr
>> oups.com:
>>
>> <SNIP>
>>
>>> Q whats the best path to take .. I have deleted the
>>> file and emptyed the rec/bin .. but is that enough ,
>>> and what to do about the pigserch ?

>>
>> The best path to take is to delete ALL MS "security" software
>> (this MAY mean having to reinstall the entire OS, no personal
>> experience, see below) and get a decent AV and a few good anti-
>> malware programs.
>>
>> False positives are rampant these days and while I have never
>> (and will never) use ANY MS software except for the OS (I have
>> learned computing on MS OS's starting in the early 1990's and I
>> am not about to start from scratch - although I am intrigued by
>> recent Linux developments), I wouldn't be surprised if MS led
>> the pack - ignoring its own spyware, of course.
>>
>> --
>> There are only two classifications of disk drives: Broken drives
>> and those that will break later.
>> - Chuck Armstrong (This one I think,http://www.cleanreg.com/,
>> not the ball player. But who knows. I can't remember where I got
>> the quote. But it's true.)

>
> Ok ... but the exe file was in the rec'd list .. and i cannot
> see any odd software in the add/remove
> software listing ...... can only assume the pig removal too is
> a valid item .. and not a spoof link as well ?
>
> G ..


The best way to tell, if it's really important to you, is to look for the
"virus" and see what it involves at some reliable source that keeps track of
such data. Usually I start at Norton.com for that kind of thing. If nothing
there, then Google always turns something up. So far anyway.

HTH,

Twayne
 
T

thanatoid

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

Graham <g0nbd@hotmail.com> wrote in
news:1ce3dee8-9de1-41f0-810d-efacaa0bdf0e@a32g2000yqm.googlegr
oups.com:

<SNIP>

> Ok ... but the exe file was in the rec'd list .. and
> i cannot see any odd software in the add/remove
> software listing ...... can only assume the pig removal
> too is a valid item .. and not a spoof link as well ?


The summary of my post is: "onecare" will certainly do SOMEthing
for your security etc. But it is not to be trusted, as are none
of MS "security" apps.

This is why I am not going to bother entering the guessing game
of the details of what MS software has told you. You can Google
for that malware. There are hundreds of sites that deal with
that - some are trustworthy, some just try to scare you into
buying their crap.

If you don't want to reformat and reinstall - which would also
get rid of whatever problems you may or may not be having -
install Spybot Search and Destroy and Malwarebytes' Anti-Malware
and see what they say. Both free, as all software should be, for
home use anyway.


--
There are only two classifications of disk drives: Broken drives
and those that will break later.
- Chuck Armstrong (This one I think, http://www.cleanreg.com/,
not the ball player. But who knows. I can't remember where I got
the quote. But it's true.)
 
T

thanatoid

Flightless Bird
"Twayne" <nobody@spamcop.net> wrote in
news:uv7f56#lKHA.3792@TK2MSFTNGP02.phx.gbl:

<SNIP>

> HTH,


It didn't.


--
There are only two classifications of disk drives: Broken drives
and those that will break later.
- Chuck Armstrong (This one I think, http://www.cleanreg.com/,
not the ball player. But who knows. I can't remember where I got
the quote. But it's true.)
 
J

Jose

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

On Jan 17, 3:04 pm, Graham <g0...@hotmail.com> wrote:
> Ive run the  Microsoft One Care  Scan . its  reporting 3  issues it
> 'cannot'  fix
>
> Browser modifier   win32/BaiduSobar
>
> trojanDownloader Win32/QQHelper.KA
>
> these 2 are  showing a  path to  a  received file
> ha_winvideocapture_jy.exe
>
> (which I can see in the rx file file  list )
>
> Program  Win32/ PigSerch is also  found
>
> As  far as I know  , the exe file  has not  been  run (by
> me) ..looking  on the  web seems there  is no  simple  way to  remove
> these from the  pc ?
>
> AVG  dose  not  report the  file or the  pigserch ...
>
> Q  whats the  best  path  to  take .. I have  deleted the  file  and
> emptyed  the  rec/bin .. but  is that enough , and what to  do about
> the  pigserch  ?
>
> tnx - G ..


MS is not in the malicious software detection and removal business.

Here are some folks that are:

Download, install, update and do a full scan with these free malware
detection programs, then troubleshoot any remaining issues:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.
 
G

Graham

Flightless Bird
Re: Msoft 'onecarescan' finds 2 high 1 medium .. but NO fix

On Jan 18, 1:02 pm, Jose <jose_e...@yahoo.com> wrote:
> On Jan 17, 3:04 pm, Graham <g0...@hotmail.com> wrote:
>
>
>
>
>
> > Ive run the  Microsoft One Care  Scan . its  reporting 3  issues it
> > 'cannot'  fix

>
> > Browser modifier   win32/BaiduSobar

>
> > trojanDownloader Win32/QQHelper.KA

>
> > these 2 are  showing a  path to  a  received file
> > ha_winvideocapture_jy.exe

>
> > (which I can see in the rx file file  list )

>
> > Program  Win32/ PigSerch is also  found

>
> > As  far as I know  , the exe file  has not  been  run (by
> > me) ..looking  on the  web seems there  is no  simple  way to remove
> > these from the  pc ?

>
> > AVG  dose  not  report the  file or the  pigserch ...

>
> > Q  whats the  best  path  to  take .. I have  deleted the  file  and
> > emptyed  the  rec/bin .. but  is that enough , and what to  do about
> > the  pigserch  ?

>
> > tnx - G ..

>
> MS is not in the malicious software detection and removal business.
>
> Here are some folks that are:
>
> Download, install, update and do a full scan with these free malware
> detection programs, then troubleshoot any remaining issues:
>
> Malwarebytes (MBAM):  http://malwarebytes.org/
> SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/
>
> They can be uninstalled later if desired.- Hide quoted text -
>
> - Show quoted text -


OK Thanks for the advice and the links ...pc looks to be running
a lot faster now

I ran the trend micro dos removal tool yesterday , that reported
a odd three letter name , to day I ran the super anti
tool that found 3 infectios which it removed , the 'what is
running on you pc' is not showing any unsafe apps or dlls ..
it did show 'kontiki' which may of been installed by the bbc
iplayer . i have removed this .. assume that is a good
idea ..looking at the web comments on it ..

I will re run the microsoft onecare scan , and see if it detects
anything ..

Avg did not show up any of the problems which I find odd ,
unless the free vesrion is limited ? the system is fully
up to date running sp3 and ie8

Tnx - G ..

I
 
Top