Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 45

Thread: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Hi Cindy

    If you uninstall the SpyBot and clean all files left and reinstall the SpyBot, do you think the SpyBot will have the file found once again or perhaps the SpyBot does not even find any further issues and the file is no longer there.

    Oldsod
    Best regards.
    oldsod

  2. #12
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    BTW I do not use a dedicated spyware scanner.

    Process Explorer, AutoRuns, HJT, KAV6, ZA Triple Defense firewall, some times some HIPS such as AntiHook 2.6 or SSM 2.3, host list blocking bad sites, a few commands to check a few things out, a harden Windows, a safe browser such as Opera or FireFox and some windows tools builtin the OS is really all I am using. Have had not issues with spyware in years or any malware either.

    Oldsod
    Best regards.
    oldsod

  3. #13
    bridezilla Guest

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Hi. Sorry this took me so long, was at school from 8:30 am until 5, and then walked the dogs. I think I did pretty well on my exam, I don't know why but all biology majors are required to take a semester of C++, and it's a big pain in the butt for me. The class requires a lot of work, and I'm overwhelmed enough with molecular biology, biochemistry, finishing organic chem 2 and physics 2 from last semester, and trying to get them all done in time to graduate May 19. (with decent grades) It sure was easier the first time around in college. I plan on going to vet school, but I need to take the GRE exam, and I have not had a spare minute to study for it yet.

    Okay, I wasn't clear enough about spybot finding the file, I found the file in the spybot tools menu when I was looking at system startup. It has a blank space next to the box that was checked signifying it started with the pc. I unchecked the box immediately, looked at the blurb Paul Collins had written about it and proceeded to search for the file he said it would be in, 'system32.exe'. I have tried searching everywhere on the computer and cannot find the file, but when I check the startup menu in Spybot, it is still there, so far the check mark has not come back. I did notice one thing yesterday that slipped my mind, and it happened again today as well. (I wrote the entire error message down and now I cannot find it) When the pc starts, I get an error message that says a dll file has been illegally moved, and because of that RTHDCPL and another file/program will not run, and I should contact the vendor. I know I did not move anything illegally. I can certainly try removing spybot and reinstalling, then looking through the start up again. In the meantime I will look for the paper where I wrote the error message verbatim.

    Cindy

  4. #14
    bridezilla Guest

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Then I want to learn exactly what you do. I only use Firefox and Opera, and I don't know enough about the hosts file to know what to do, heck half the time when ZA asks me what I want to do, and if I know whether or not a certain program requires access to whatever, I don't know then either. I have Verizon Fios internet, and a d-link air extreme plus wireless router, which I know should have some type of hardware firewall, but I don't know enough to play with it, because then I might not be able to get online at all. I wrote to d-link asking about the firewall and told them about the problems I had been having and they thought that I might be getting pinged too often, and I should change something, but I don't know what.

  5. #15
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Hi

    Sounds like you will graduate and do very well. You courses are heavy and time intensive. You seem like you will make a great vet. Curious to know, if you going to be a small animal or large animal vet. The small animal area is popular.

    Okay lets get to business.....

    http://www.processlibrary.com/directory/files/rthdcpl/

    http://www.liutilities.com/products/...brary/rthdcpl/

    I think I have this on the laprop. If it is missing, then uninstall the sound driver and the extra control panel feature and re-install them from the drivers disk (if it came with the PC) or from the realtek driver download site. Or from the PC vendor download site- your make and model usually is enough to get the correct download menu. Maybe this file got clobbered in some previous scan and just needs replacing.

    I haven't used SpyBot in years, so my exact memory of what it is described is dim.

    Check the startups.

    So do this: open Start and select Run and type in msconfig and ok. In the System Configuration Utility, select the Startup tab and see if there is any mention of the system32.exe It can be diabled here just by using the Windows if it is found.

    Second way to check is with Windows. Open Start and All Programs and then Accessories and open System Tools. Select System Information and under Software Enviroment select Start Programs. Look for the file again. If it is found then at least you are forewarned.

    Both methods of checking are done without any additional security applications. It does take time, but is can be done and done well.

    Also there is this to check and do>

    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. For each of the following registry keys, locate the key, click the key, on the Edit menu, click Delete, and then click Yes to confirm the deletion:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\SystemSAS system32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\CMD cmd32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\SystemSAS system32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\CMD cmd32.exe

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\SystemSAS system32.exe

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\CMD cmd32.exe

    HKEY_Local_Machine\Software\Krypton
    3. Locate, and then click the following key in the registry:
    HKEY_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    4. On the Edit menu, click Modify.
    5. Type Explorer.exe, and then press ENTER.
    6. Locate, and then click the following key in the registry:
    HKEY_CURRENT_USER\SOFTWARE\Kazaa\LocalContent
    7. Delete any values that refer to the C:\%Windir%\UserTemp or the C:\%Windir%\User32 folders.
    8. Locate, and then click the following key in the registry:
    HKEY_CURRENT_USER\SOFTWARE\iMesh\Client\LocalConte nt
    9. Delete any values that refer to the C:\%Windir%\UserTemp or the C:\%Windir%\User32 folders.
    10. Quit Registry Editor.
    11. Restart your computer.

    Exerpted from here>

    http://support.microsoft.com/kb/833767

    There is a good chance that the SpyBot is seeing one of these keys and deleting these leftovers may solve the SpyBot problem.

    Just some ideas.
    Oldsod

    Message Edited by Oldsod on 04-04-2007 10:15 PM
    Best regards.
    oldsod

  6. #16
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Basic routers will do SPI and NAT. Both options should be enabled in the router and usualy that is set by default. The usual default factory setting of the router is set at a medium secuirty and not a high security. So there is room for improvement.

    Some basic suggestions (because I have never been in your router and do not know it capabilities) since I did find a manual online but was unsure if the model was correct....

    To drop the constant pinging, it may be fixed by disabling the reply to pings, in the router. Also uncheck the UPnP if no network devices such as networked printers or game boxes are used. Disable the Remote Logins if you never login to the router outside of your home.

    Make sure the VPN is disabled if it not used and uncheck the IDENT option (port 113) if shown. Both will work together to be used.

    To enhance the security of the router and your home wireless security, make sure the MAC of the PC is entered in the router and set to not accept any other MAC addresses. Plus change the default login password and name to enhance security. Make sure the WEP or WPA is enabled and your password is changed every few months or so.

    Some info to get past the lingo and what is going on....

    http://www.dailywireless.com/feature...ss-lan-021507/

    http://www.us-cert.gov/cas/tips/ST05-003.html

    http://www.practicallynetworked.com/...ess_secure.htm

    http://www.microsoft.com/windowsxp/u.../wireless.mspx

    http://www.pcmag.com/article2/0,4149,844020,00.asp

    http://www.ezlan.net/

    http://en.wikipedia.org/wiki/Wireless_LAN

    Oldsod
    Best regards.
    oldsod

  7. #17
    zaswing Guest

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Cindy, Oldsod gave you everything you need. But just in case, here's more. I hope nobody minds me budding in, but I've seen these two.

    Re: system32.exe seen by S&D. Me too. It's invisible.
    See list of registry keys in this link
    http://www.sophos.com/virusinfo/anal...2agobotku.html

    I have none of the keys, it installed from the OEM CD as far as I recall. Soon after rebuilding the computer, I ran S&D before attaching to the internet, and it was there again. Also there s no system32.exe anywhere on my computer. I decided to disable it using Spybot startup list, ignore it long ago, and it just stays in the Spybot list, disabled to this day. I would not be surprised if it wasn't meant for something OEM related such as them checking serial number of the motherboard. Pure speculation.

    Re: RTHDCPL error - might this be related? Do you have Realtec Audio driver?
    http://forum.notebookreview.com/showthread.php?t=114948

    Hey, that's a pretty ambitious course work in school isn't it? Good luck

    Message Edited by zasuiteuser on 04-04-200710:37 PM

  8. #18
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Hi zasuiteuser

    You are not buddng in at all! It is always nice to have more company!

    Your council is always appreciated!

    Ummh.. I never seen this system32.exe on the Toshiba OEM, if that is the OEM you meant. But the Toshiba does have a re-occuring dead registry key related to the original DVD recovery installation. That key goes nowhere and it always reappears on the next boot. Solved by the pure Windows OS install.

    Thank you for joining and your input is always important and more than helpful.

    Oldsod
    Best regards.
    oldsod

  9. #19
    bridezilla Guest

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Wow, you are terrific! Small animal is where I will be, holistic as well. We currently have a holistic vet and she has been a real blessing. And thank you for the vote of confidence, I just want to help animals and make compassionate care affordable for all who want it. You can pretty much figure I'm not in it for the money, I have had some heartbreaking experiences with a dog that was my heart, he developed hemangiosarcoma of the spleen, and I never would have been able to care for him in the time he had left if I wasn't all ready a vet tech and able to receive discounts on his emergency care, etc. Vet medicine has turned into a strict business only proposition for a lot of vets I have been around, not that making money is bad, but prices have gotten ridiculously high, I don't want to ever turn someone away who really wants to help their pet, and just cannot afford to pay thousands of dollars. Off the soapbox.

    I will print out the message and follow each step. I found the error message - RTHDCPL.EXE - Illegal System DLL Relocation, The system DLLuser32.dll was relocated in memory. The app will not run properly. The relocation occurred because the DLL C:\Windows\system32\HHCTRL.OCX occupied an address range reserved for windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

    I took a short nap until 15 minutes ago, I was up until 5 am studying. I need to do some things with the resident hounds (one is 17, a Chesapeake Bay/Lab Retriever mix, and the other is a 3 year old Golden/Lab mix. After I take care of them, I will start on the list, and I will let you know how it all turns out. If I happen to nod off, which is very possible, I will do it all first thing in the am. Thursday is my only easy day, no early am classes, just C++ lab from 2-3:30. I just cannot thank you enough for all your time and kindness. I'm sure I will be talking to you again soon with the results.

    God Bless You.
    Cindy

  10. #20
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Spybot found Agobot-Ku worm, not able to find file or find with Zone Alarm

    Everyone loves their pet-if they are the true animal lover. I have had several dogs who were always my best buddies and companions.

    Hmm.. C:\Windows\system32\HHCTRL.OCX But the OCX file designation of a file means this is an ActiveX file.So make sure the OSFirewall of the ZA, the Spysweeper and the SpyBot and the what ever else is running is set to allow the activeX componenes to run. This may help.

    Also the SpySweeper, if i recall, has a memory guard. Disable that and reboot to see if the dll will now run and function.

    Oldsod
    Best regards.
    oldsod

Page 2 of 5 FirstFirst 12345 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •