Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Do I have a malware attack

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Do I have a malware attack

    The HJT is clean. Cloaker.exe is part of the HP package.

    All is in order.

    Oldsod
    Best regards.
    oldsod

  2. #12
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Do I have a malware attack

    Those original results from the Rootkit Revealer are acceptable. If you google the findings or check with their forum, you will see if is found by many and is perfectly acceptable.

    Oldsod
    Best regards.
    oldsod

  3. #13
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Do I have a malware attack

    Run the RKU and then get amazed at the large resuts. That will keep anybody busy for a while- the hooks found alone be impressive. Such results must be carefully examined without any emotion. Anything from the keyboard to the fw to the av has hooks at the kernel layer. Upon seeing the results, the user should actually know what is valid or not. Or at least make an attempt to find out and learn out for themselves. That is part of the process for using these specialized types of scanners.

    There are HJT tutorials. They are very informative and helpful for deciphering the HJT logs. Any user that does a regular HJT should definitely check those tutorials out.

    like this....

    http://www.bleepingcomputer.com/tuto...utorial42.html

    http://www.aumha.org/a/hjttutor.php

    Best regards.

    Oldsod
    Best regards.
    oldsod

  4. #14
    zaswing Guest

    Default Re: Do I have a malware attack

    Krishan also asked about ctfmon.exe. Yeah, it's a recurring "pest"
    Unfortunately it's part of Microsoft Office for alternative languages, alternative inputs, and other such things. Next to impossible to disable. Should stay with no further worry.
    I don't know about clocker.exe. Googling indicates it might be some sort of a scheduling program, but maybe not. No HP finds.Just my five cents.

  5. #15
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Do I have a malware attack

    Hi zasuiteuser

    It is not clocker.exe, but cloaker.exe. That does show as HP components as shown in the correct locations/registry.

    Ctfmon.exe is not appearing as malware, but genuine.

    Sometimes disabling the language packs and just using the default and basic language packs will keep ctfmon.exe appearances to a minium. But MS Office software will use it as well as OSE.exe. It is not harmful in any way and does need allowed Internet access. Just the Ask for Internet Zone is sufficent. OpenOfice does not need the ctfmon.exe. I have removed completely ctfmon.exe from the laptop, but that is a drastic move by itself. It does not have to be done by most users.

    Oldsod
    Best regards.
    oldsod

  6. #16
    zaswing Guest

    Default Re: Do I have a malware attack

    Oldsod, I know ctfmon is no harm (if in proper place and checksum). It's just a nuisance when you don't use it. I need language packs 5-6/year. It's worse than sin to be running all the time. But I stopped fighting it a long time ago, it really takes no resources, nothing.

    Oooops! CLOAKER.exe, got it. Thanks.

    Sorry, krishan, for confusing, if I did.

  7. #17
    krishan Guest

    Default Re: Do I have a malware attack

    Thanks for the info, will learn more about it
    krishan

  8. #18
    krishan Guest

    Default Re: Do I have a malware attack

    no problem, thanks for everyone's input.I have got a more pressing issue, after upgrade to 6.5.737 from 6.0.667, pc just keeps rebooting (I haven't stopped auto reboot. Only why to stop it is go into safe mode and do /clean uninstall and go back to 6.0.667, and also when I go to 6.5.737 to 7.0.xxx nwix.exe which is also in the program list in 6.0.667 causes a ZA pop-up for access in versions after 6.0.667 and then ZA locks up if I say yes. haaaaaaaaaaaaa
    I wonder if someone can tell me, is **bleep** firewall full stealth in internet zone? like ZA PRO
    krishan

  9. #19
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Do I have a malware attack

    Any beeps or BSOD or code shwoing about the incident? It does sound like something is in conflict with the ZA. What do the logs of the Event Viewer show? There should be some logs about this in the WINDOWS\Internet Logs. Although some will be written in non-human languages.


    Tried contacting the ZA Technical Support about this? Use the link below.

    As for **beep** firewall, I can not say since I have no idea what **beep** really is about.

    Oldsod
    Best regards.
    oldsod

  10. #20
    krishan Guest

    Default Re: Do I have a malware attack

    Hi
    I did not collect any, but I have started from stratch and loaded "beep" firewall, after a little learning about how to setup trusted LAN I am working without any issues. I will give this a while, really just waiting for ZA to release a safe vista version so I can upgrade to vista. I have the disk for vista but not still going with it, have to confirm flight sim 2004 will work with vista and also office 2003.
    krishan

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •