Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: JS.Feebs

  1. #11
    starburst Guest

    Default Re: JS.Feebs

    Hello,

    Wow! I come home from work and have tons of replies! Thanks a lot!

    I followed all of your suggestions... Were you saying that mine was a false positive as well, or just Patrick's? Because over the past couple days, I was having problems with more than just Gmail. I would receive a "page not displayed" message in Yahoo, Google, Ebay, Hotmail, etc., but of course upon refreshing I would eventually receive a page, and that sounds like the symptoms of the virus I supposedly have.
    Starting with the 3.ca.com site, I scanned and received a "no viruses" result. Scanning with Stinger gave me two results: "W32/Polip" and "W32/Polip!mem". I'm a bit confused about whether they were removed, because I can view them under "List Viruses" but they are not listed in the window that the "Remove" button is in. Did it automatically get rid of them for me? (My apologies for not being totally computer-savvy.)

    Then I did BitDefender, and it gave me this result:



    C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

    Infected with: Trojan.Downloader.Istbar.SW

    C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

    Disinfection failed

    C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

    Deleted


    Was the virus that BitDefender found connected with the original JS.Feebs at all, or is that a totally different one?

    Then I scanned using Dr. Web's CureIt, and that too said I had no viruses. I will do another ZoneAlarm scan next to see if the JS.Feeb is still popping up there. Am I still infected with JS.Feeb? What is my next step (if any)? Thanks so much for your patience and assistance. You guys have always been tremendously helpful the few times I've had to post here.

    Starburst

    Message Edited by starburst on 12-14-200604:35 PM

  2. #12
    starburst Guest

    Default Re: JS.Feeb in Gmail

    In addition to my large reply (which I posted out of order, hope it still showed
    up in notifications), I would like to add that I have just done a ZoneAlarm scan (I always do the deep system scan) and it did not find any viruses! This is a good sign, yes? JS.Feeb is not hiding anywhere, is it? (At the same time, I never deleted *it* specifically, so... where did it go?)

    If this was a false positive, would you guys still recommend changing the passwords I used over the past few days? The only reason why I ask is because I have a *tremendous* amount of passwords... more than I ever thought possible. If it was a false alarm, I'd hate to take the time if I didn't have to, but ultimately it's important to me to be protected.

    Thanks again for any assistance you can provide.

    Starburst

  3. #13
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: JS.Feebs

    Actually the ysbactivex.dll is another type of malware.

    http://www.greatis.com/appdata/d/y/ysbactivex.dll.htm

    Just go to the folder that is shown and open it and just delete the .dll

    This a free tool to remove Istbar>

    http://www.symantec.com/security_res...632-99&tabid=3

    or from here>

    http://www.majorgeeks.com/Symantec_A...ool_d4784.html

    Actually the JS.Feebs could very well be a mistaken identification or false positive. The other poster has the exact ame issue.

    Oldsod
    Best regards.
    oldsod

  4. #14
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: JS.Feeb in Gmail

    Okay send the false identification to>

    http://www.zonelabs.com/store/conten...are_report.jsp


    Hopefully when the new ZASS and ZAAV versions 7.x comes either this month or the next month, all of these type of problems go away.


    Oldsod
    Best regards.
    oldsod

  5. #15
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: JS.Feeb in Gmail

    Hi!well, difficult to say, JS.Feeb is a quite virulent worm that deletes/removes file and services of many antivirus including ZA. The fact that you are still able to run ZA means that it was probably not the JS.Feeb worm... but a false positive. However, you had other infections...To be sure that you are clean I would run these tools: AVG Antispyware: http://www.ewido.net/en/download/(trial)Superantispyware: http://www.superantispyware.com/download.html(free)and finally:Prevx anti-malware: http://info.prevx.com/downloadprevx1.asp(free up to first infection)Well, now....If you check with all these tools.... you should be quite sure (99%) that your machine is clean.And look forward to the new ZA 7 with a new poweful antivirus and improved antispyware...Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #16
    starburst Guest

    Default Re: JS.Feebs

    I did the scan last night and JS.Feeb appeared to be gone... but then this morning it popped up again, twice.

    When I did the Symantic scan, it told me I didn't have ixtbar on my system.

    I'm in the middle of trying everyone's suggestions, downloading and scanning, but Guru Oldsod, what did you mean by this:

    "Actually the ysbactivex.dll is another type of malware.

    http://www.greatis.com/appdata/d/y/ysbactivex.dll.htm

    Just go to the folder that is shown and open it and just delete the .dll"

    Do you mean go to the folder that it showed in the scan, Downloadable Program Files? Because when I go in there, it just lists the names of programs and how large they are; it doesn't have .dll files... Or did you mean download the scan listed on the above website? Sorry for my ignorance. Thanks!

    Message Edited by starburst on 12-15-200609:06 AM

  7. #17
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: JS.Feebs

    LOL You are pestered not by one false positive, but two.

    Yes, I just meant open the DownLoad folder and just delete the rogue .dll
    Since it is not there, then there is now issue and it is just another false positive. The usual things listed are Java and WebControl and these are very safe. What else is listed in the folder and we can get a clearer idea of what is there, in terms of any possible threats. This will help clear things up.

    My guess would be the PC is actually clean and has no malware.

    Oldsod
    Best regards.
    oldsod

  8. #18
    starburst Guest

    Default Re: JS.Feebs

    LOL!! Well, I guess that is a good thing. At least now I have tons of
    nifty
    anti-malware stuff to use in case I ever *do* need it.

    Just finished BitDefender again and this time they found nothing, so you're probably right! Also did the AVG, Super AntiSpyware, and Prevx1, and if they did find problems, they deleted them, and they were mostly lesser spyware, with a couple (non-related) trojans. I have never had false positives before!! Thanks for the introduction.

    Here is the other stuff in the Downloadable Program Files. It automatically lets me copy and paste the ID, but I dunno if that helps you at all. Otherwise I can copy and paste the the CodeBase, most of which are recognizable to me (Yahoo, MSN, etc.).

    {7A32634B-029C-4836-A023-528983982A49}{9F1C11AA-197B-4942-BA54-47A8489BB47F}{E87A6788-1D0F-4444-8898-1D25829B6755}{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}{73954DC6-A1B2-4157-966F-D9914A39F59C}{91602283-B7B5-11D3-A32A-005004B0E00E}{5F8469B4-B055-49DD-83F7-62B522420ECC}{7F8C8173-AD80-4807-AA75-5672F22B4582}{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}{9A54032D-31F7-400D-B184-83B33BDE65FA}{4F1E5B1A-2A80-42CA-8532-2D05CB959537}{C3DFA998-A486-11D4-AA25-00C04F72DAEB}{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}{D27CDB6E-AE6D-11CF-96B8-444553540000}{215B8138-A3CF-44C5-803F-8226143CFC0A}{17492023-C23A-453E-A040-C7C580BBF700}{7B297BFD-85E4-4092-B2AF-16A91B2EA103}{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
    Thanks for all your help! Hopefully I am virus-free now.

    Starburst


  9. #19
    starburst Guest

    Default Re: JS.Feeb in Gmail

    Ran all those tools and got rid of a few non-related things (as I said in my other post), though JS.Feeb is still popping up (according to ZASS) when I go to Gmail, despite the fact that I deleted Temp Internet Files.
    I'm going to assume
    this is a false positive even
    though it keeps coming back?

    Starburst

  10. #20
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: JS.Feebs

    First, viruses do not appear in the Downloaded Program folder.

    But ActiveX and some BHO and some browser plugins will show in this folder. But it was worth while to check these over and then you can get a clearer picture of what is actually being used and what is involved as far as security is concerned.




    {7A32634B-029C-4836-A023-528983982A49}

    MSN Chat

    (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab ...



    {9F1C11AA-197B-4942-BA54-47A8489BB47F}

    MS updater

    - http://v4.windowsupdate.microsoft.co...122.8095949074 ...




    {E87A6788-1D0F-4444-8898-1D25829B6755}

    MSN Chat

    (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab ...




    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

    Panda Online Scan

    (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab



    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

    BitDefender Online Scan

    (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab ...


    {73954DC6-A1B2-4157-966F-D9914A39F59C}

    (Vividence Connector Launcher) - http://task.vividence.com/download/C...orLauncher.cab ...

    * This one is a grey area. it could be considered malicious and it maybe considered safe.* *It is up to you to decide what way to go with this.** It is a BHO and some consider it to be malware.* *The IE may work slower because of this BHO.* *Not needed and probably not wanted*



    {91602283-B7B5-11D3-A32A-005004B0E00E}

    Discover why

    (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab ...

    * This one is a grey area. it could be considered malicious and it maybe considered safe.* *It is up to you to decide what way to go with this.** It is a BHO and some consider it to be malware.* *The IE may work slower because of this BHO.* *Not needed and probably not wanted*



    {5F8469B4-B055-49DD-83F7-62B522420ECC}

    Face Book

    (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab ...


    * Please keep in mind that I am of the older generation and I am not only set in my ways, but in my approaches to PC security.* *I complusively block all ads and banners and any third party ads/banners and abhor any software that does these things.* * I put this in the same category as spyware, but it is your personal decision- I maybe old, but still reasonable *
    *see>

    http://www.thecrimson.com/article.aspx?ref=510331

    http://en.wikipedia.org/wiki/Facebook

    *JMHO*


    {7F8C8173-AD80-4807-AA75-5672F22B4582}



    ZA Scanner

    (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37880.cab ...


    {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}

    MSN Chat

    (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab




    {9A54032D-31F7-400D-B184-83B33BDE65FA}

    MSN File Updater

    MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab .



    {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

    MSN Photo Updater

    (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab ...



    {C3DFA998-A486-11D4-AA25-00C04F72DAEB}

    MSN Photo Updater

    (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab .


    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}

    Microsoft Office Updater

    Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab ...

    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

    Apple Quick Time Player Plugin

    [%program_files%]\quicktime\qtplugin. ocx [%PROGRAM_FILES%]\quicktime\qtplugin.ocx ...


    {D27CDB6E-AE6D-11CF-96B8-444553540000}

    Flash Player Plugin

    "http://download. macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" ...

    {215B8138-A3CF-44C5-803F-8226143CFC0A}


    TrendMicro HouseCall Online Scan

    Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/

    {17492023-C23A-453E-A040-C7C580BBF700}

    Windows genuine Advantage

    (Windows Genuine Advantage) - http://go.microsoft.com/

    {7B297BFD-85E4-4092-B2AF-16A91B2EA103}

    eTrust scanner (ZASS antivirus)

    (WScanCtl Class) - http://www3.ca.com/securityadvisor/...nfo/webscan.cab ...


    {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

    Yahoo Helper

    YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll ...

    To remove any or all of the the three items, just ask and we can do that. It is your personal decision and of course it is your machine. It is your decision, not mine. I just gave some opinions about those three. Personally, if I was much younger, I would be using those too.

    Oldsod
    Best regards.
    oldsod

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •