Lsass.exe

[rikkkki]

This is kind of inane but I just figured out redlof is folder spelled backwards.......

I guess that's one way of covering up the real thing huh? Guess what? All that work and THEN I find out Kaspersky does NOT remove anything. I had 107 cooties and then your'e supposed to send the results to them for analizing :!:. Of course that froze up

[cholla]

cak46: I was over at the movies topic I think I know how you figured out redlof & folder.I understand about the viruses better .I am always trying to learn more though.

Basically they need to be invited in like a vampire.

[cholla]

69 RAT I didn't know the Kaspersky didn't get rid of the viruses because it always found 0 viruses in my OS.Sorry about that.At least it found some the other antiviruses didn't.I think they have a trial  verson of their antivirus not the online one.

[cak46]

Cholla:  Yeah, The majority are usually invited knowingly or unknowingly, but then some you get just because you are on a network with another machine that has a virus.  Sasser is good for this, I think mydoom as well.  RPC viruses come in thru an old exploit thats been fixed now but I'm sure there are others out there.  Even others exploit your IE and other parts of the os and drop themselves onto your system... . Computer to computer.    How nice, eh?  Open ports to the internet are bad if they are unprotected ( firewall, router combo).  Dial up isn't so bad, but you can pick some up if you pick the part of the web you surf badly or go to a site that is virused up.. 

RedRum....RedRum....  Actually, I figured out the folder thing first and that gave me the idea for the other 

69Rat:  If you are running another anti-virus system, you may have issues installing a new one while the old is running.

[cholla]

cak46 the Kaspersky I gave the link to is all online it does a DL to your OS like trendmicro does

but I guess it doesn't remove what it finds.I just thought if there is a trial version 99RAT might use it & just not purchase it.Probably wouldn't hurt to uninstall his current antivirus if thats what he does.

[rikkkki]

Cholla:

[rikkkki]

cak46 the Kaspersky I gave the link to is all online it does a DL to your OS like trendmicro does

but I guess it doesn't remove what it finds.I just thought if there is a trial version 99RAT might use it & just not purchase it.Probably wouldn't hurt to uninstall his current antivirus if thats what he does.

I didn't see if you can buy this version. but I did know it was online only.It seemed quite thorough, I just wish the mail had taken, maybe they do have a fix after they get the info,,,,,,,,,,,

[cak46]

OK. Here goes. The mail did go thru. It finished sending AFTER I rebooted :!: But, read what I just received in my mail.

BTW.cak46 I did have my anti virus disabled during this Kaspersky scan. And also, no .tcp>? or whatever it was,  I forgot, I came up clean in the first place  :oops:

Read this:

Looks like their mail system didn't like the size of the email and spit it back.......  Did you download the trendmicro sysclean or use their AV a while back? 

Edit:  For AV, Avast seems to be helping me greatly with the machine I'm cleaning.  Right now, all scans are negative......... keepin' my fingers crossed.......

[rikkkki]

Looks like their mail system didn't like the size of the email and spit it back.......

[cak46]

I didn't post it cause it was clean and I didn't send it anywhere either after I ran it( I ran it again last night-still clean) thanks for PM info-it's fixed

Cool.  Better safe.... 

Can you remind me what anti-virus you are running?

[rikkkki]

Weren't we on Avast a while ago, for something else? I can't remember. Is that scan an online thing only or do you download it and then run it

EDIT I'm running McAfee AV

[cak46]

Weren't we on Avast a while ago, for something else? I can't remember. Is that scan an online thing only or do you download it and then run it

EDIT I'm running McAfee AV

It's a 60 day trial download (full version though).  Had to do that with this machine I'm working on. If I connected to the net, it would have knocked my router offline again.  (Took all of 30 seconds for my firewall router to hiccup and shut itself off when I first attached the machine)  Doing trendmicro for the 5th time on this profile, clean so far.  Last scan I'll do on it is the Avast.  It came up clean the last time.  Hell of it is this machine has four user profiles so when I'm done with this one, to be sure, I need to go in and scan each of the other profiles.  Don't want to leave anything to chance.

[rikkkki]

It's a 60 day trial download (full version though).

[rikkkki]

NEWS FLASH :!: I don't how this happened, but I just got an a email from Kaspersky. They said just get rid of all my "deleted" mail from that folder and that should take care of it. How did they know that when the mail didn't go through :

BTW They are in MOSCOW RUSSIA  :!:

BTWx2 I don't know why, I mean, there's only about 310 "deleted items" in there  :haha:

[cak46]

Four user profiles on one machine. Whew, that's almost like working with four systems, so to speak :!: Well it is in a way. I'm in the market for a better AV than McAfee, especially after reading the review in Maximum PC. :!: It got a 5 where TrendMicro got 8 (out of 10). I've never seen them give a 10 to anything cause all goodies have some sort of neg's. 9 is what they call "KickAss" Great mag to say the least.

Could see if they have a trial of their AV.  I think this is it, but not sure.  They do have a demo. http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm. 

Still got the Rbot.axo worm.  Can't get rid of it.  One lousy file and 3 registry entries that just keep coming back.  Forgot the name of the file so I'm running trend again    Used to get that mag a long time ago.  Just don't have time to read much anymore. 

Just saw your post.  Ouch!  I can't say much though, at work right now I have right around 1800 in my inbox 

Moscow... Didn't know that.    (not sure what this icon is doing, but I am distracted by bright and shiny objects on occasion...  :haha:)  Hmmmm.... Check your sent folder to see how many emails went out.... could be it sent twice.  AVG (Grisoft) is in the Czech Republic.............. 

Edit: Spelling.............

[MYRIAGON]

69RAT....I'm not sure if you can get online with your infected PC, but trend micro has a online scanner and virus removal here--------> http://housecall.trendmicro.com/

Hope that helps you. 

[rikkkki]

Could see if they have a trial of their AV.

[rikkkki]

69RAT....I'm not sure if you can get online with your infected PC, but trend micro has a online scanner and virus removal here--------> http://housecall.trendmicro.com/

Hope that helps you.

[cak46]

LOL that icon is supposed to be shaking  I'm on Avast right now and their AV v4 for Home is FREE with all the goodies. I will download this tonight and check it out AVG caused me more grief just like what your'e going through right now. I couldn't get rid of the program. There were 5 reg keys that came back EVERYTIME I got rid of them, sooooooooooooo I bought a new puter, simple enough-it was ready to be retired anyhow (166 mhz pentium)

Sounds good.  AVG hasn't given me much problem on my machine, but it would not install on the machine I'm working on.  Too bad it gave you a hrd time, but at least you got a new 'puter out of the deal    I must sign off for the eve or I'll look like  in the morning!

:wave: 

Back again!  Finally decided to risk it and bring that pavilion on line.  No problems thus far, but still coming up with rbot.axo....  My problem...  How did the Avast Go, 69 RAT?

[rikkkki]

Hey Dude: Hey so far, I really like Avast! It has a goodly amount of tweaks and yet it is quite simple, so far. And it already updated with new "defs"

[cak46]

Hey Dude Hey so far, I really like Avast! It has a goodly amount of tweaks and yet it is quite simple, so far. And it already updated with new "defs" : The 60 day thing you were talking about is that they want you to register within 60 days, but not to buy. It's for updating purposes. After, I think, 14 months you register again, and so on, but for free. A business has to pay and anybody that is using their puter for profit. It's quite refreshing to see this, especially since I've been paying for McAfart, I mean, ahhhh, for quite awhile. ESPECIALLY since the Maximum PC article.

BTW Avast came up clean :roll:.

BTW Yesterday I sold a DOS manual on ebay to a woman. Which is no big deal, but I got an email from her and she used to be a DOS programmer :!: Wants to brush up on her skills. :!: Boy I wish I had some knowledge about the basics, there's so much one can do if he knows some of the basic commands. I can do it if I follow directions. I mean the whole system is based on DOS but we don't have to be smart in that area because of Bill Gates,,,,,,,,,,,,,,,,,

Not really DOS anymore....  I miss the limitless expanse of empty memory from my good ole command prompt of times past....  I wonder if the XP COMMAND PROMPT gives you some of the same functionality you had with dos.  Haven't looked at it a whole lot, but with Big Brother XP watching over it, not sure what you could do with it.

I've been paying for McAfart, I mean, ahhhh, for quite awhile  :haha:

BTW:  That Pavilion picked up that virus again.  Must not have gotten it out after all.  Saw it when it happened.... was keeping a close eye on my router....  At least it didn't kick the router offline.  I think the Agent.214 is back....

Try searching your registry for LSA and see what you can find... don't delete anything, just kinda look around and if there aren't too many entries, see if you can list the file names..... 

[rikkkki]

Hi guys  :!: No, cak46, I did not re-flash my trenchcoat, I mean bios  :shock:  :haha: I get nervous everytime I go to do so and and a window pops and warns me that, basically, I could ruin the whole maryann. It's almost like a disclaimer. I would be rewriting the version I have since there is no newer one as of yet. Oh well, no pain, no gain right  :

BTW I registered with Avast. First reg will last about 14 months and then you re-register each year after that for free. That's cool So it just might be the end to    McAfart

[cak46]

Hi guys :!: No, cak46, I did not re-flash my trenchcoat, I mean bios :shock: :haha: I get nervous everytime I go to do so and and a window pops and warns me that, basically, I could ruin the whole maryann. It's almost like a disclaimer. I would be rewriting the version I have since there is no newer one as of yet. Oh well, no pain, no gain right :

BTW I registered with Avast. First reg will last about 14 months and then you re-register each year after that for free. That's cool So it just might be the end to McAfart

And you already flashed the old trench once already?? :haha:

Yeah, no sense in overwriting the existing bios.  I've flashed bios on quite a few machines, haven't lost one yet....  Famous last words, next one I do, there she goes into the dumpster.    Ewido malware scanner is pretty good.  It picks on the files, not just the registry entires.  After doing all of the other scans, did that one and it found 90 files and a fistful of registry entries.  After I did that, did Spybot and found only 3 minimal adware programs. Couldn't hurt to try it. http://www.ewido.net/en/  Put the HP back on the net.  No issues thus far but its back offline until I get sp2 into it and adaware update.  Update for AdAware would not download for some reason, which made the ole eyebrow twitch    Thats good on the avast!  Might switch to it on my machine!   

[rikkkki]

And you already flashed the old trench once already?? :haha:

Yeah, no sense in overwriting the existing bios.

[cak46]

I have had same problem with AdAware. One time it was cause there was a new upgrade. Finally got it fixed. I will do the link and let you know

BTW I just found mail from MS in my deleted folder I don't know why it goes there, it just does. I will post it if it's pertinent to anything. He probably wants to know how my parallel install went, which at this point I just don't think it will take care of the problem if it's only for testing purposes. I mean if I could transfer my goodies to the fresh install, that would be great, but otherwise,,,,,, :roll:

Actually, I just bought this trenchcoat especially for this occasion. I might consider doing it to my computer and shock it into submission :haha:

Not a bad idea!  :haha:  Maybe your computer knows something we don't about the mail from MS  :haha: 

OK.  Let's look back at this thing.  You run a registry cleaner, so if there is no file associated with an entry, I would assume that it would remove it.  So, If the registry entry is valid, then the driver file (or object) is then either corrupted or you do not have permission to run it (which I doubt).  Next, you have reinstalled over your existing install of xp, so it most likely is not an XP file, but rather a third party file for software or hardware.  You have done a number of installs and uninstalls of different software over the past coupla months and the issue reared its ugly head when you tried to install/uninstall Silent Hunter, of which you had alot of trouble. Uou also had some spyware, etc. on your machine at the time as well. 

Were you ever able to see your hidden devices?