Results 1 to 10 of 10

Thread: removal of Redtube malware> Svchost.exe alert is okay and is not rootkit/malware rela

  1. #1
    stevesmith Guest

    Default removal of Redtube malware> Svchost.exe alert is okay and is not rootkit/malware rela

    when i run a virus/spyware scan my zonealarm security suite finds nothing.
    when j run spybot search and destroy it finds Redtube
    it deletes it and next scan it is there again.
    why doesnt zone alarm security suite v 7.483 find and remove this,
    thanks ,steve.

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    jolesole Guest

    Default Re: removal of Redtube malware

    Screenshot? Path? Did you install maybe Zango or Antivirus2008?

  3. #3
    stevesmith Guest

    Default Re: removal of Redtube malware

    no i didnt install either

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: removal of Redtube malware

    What is the exact file location and the name of the file (as seen in the folder location)?

    Oldsod.
    Best regards.
    oldsod

  5. #5
    stevesmith Guest

    Default Re: removal of Redtube malware

    09.09.2008 06:30:30 - found: Redtube Bookmark (Firefox: default)

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: removal of Redtube malware

    Just remove the redtube bookmark from the firefox browser and the spybot will then stop detecting it.
    Oldsod.
    Best regards.
    oldsod

  7. #7
    stevesmith Guest

    Default Re: removal of Redtube malware

    i do not have a redtube entry in my firefox bookmarks

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: removal of Redtube malware


    <blockquote><hr>stevesmith wrote:
    i do not have a redtube entry in my firefox bookmarks
    <hr></blockquote>

    What does this mean:

    "09.09.2008 06:30:30 - found: Redtube Bookmark (Firefox: default)"

    Was there no file and folder location given or to be found?
    Oldsod.
    Best regards.
    oldsod

  9. #9
    dflanagan Guest

    Default rootkits

    Sorry for cutting in but could you look at my post for root kits and svchost.exe and throw me a hint or two? I've been having dreams about bolt cutters &amp; motherboards !

    DFlanagan

  10. #10
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: rootkits


    <blockquote><hr>DFlanagan wrote:
    Sorry for cutting in but could you look at my post for root kits and svchost.exe and throw me a hint or two? I've been having dreams about bolt cutters & motherboards !

    DFlanagan
    <hr></blockquote>


    Svchost.exe alert is okay and is not rootkit/malware related.

    Best do a ZA database reset and start the ZA fresh again.
    This may resolve your printer issue at the same time.

    Do this first:
    [*]Boot your computer into the Safe Mode[*]Navigate to the c:\windows\internet logs folder[*]Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder[*]Clean the Recycle Bin[*]Reboot into the normal mode[*]ZA will be just like new with no previous settings or data


    After the immediate reboot back to the Normal mode or boot, select the Trusted network for the first ZA " new network found" window. Do not select the Internet Zone.

    Then in the first few alerts and even maybe the first alert given by the ZA, there will be the svchost.exe (generic host process) is acting as a server to 0.0.0.0 at port 135. ALLOW THIS and use the always option.
    (your printer and the svchost.exe are often internconnected and blocking this off maybe casuing the printer issues!).

    Then do this:

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
    2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
    3. Click OK and Apply. Then do the same for the DHCP server.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    DO NOT give the generic host process (svchost.exe) the Internet Server rights. This is not needed and it is a security risk.

    Extra help is found at Guru Hoov site for the DNS/DHCP

    Next to set the printer:
    Is this a networked printer or connected directly to the computer?
    Important to know what to help with first before going in to deep.
    But as a general rule, the printer drivers in the ZA Program list must have both trusted access and trusted server. So must the windows spool*.exe.
    If it is networked printer, then the IP of the printer server and the printer must be added as Trusted into the Zones.

    The Program Control slider should be at Medium or Auto*. And the Trusted Zone Security slider should be at Medium not High.
    The Internet Security Zone slider should be at High.

    Also make sure any of the printer executibles and driver listed are with the three green bars or the Super in the Trust Column, and right click each one and open the Options and check the first two items listed and apply and ok.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. need malware removal help
    By arkeat in forum Malware Discussion
    Replies: 5
    Last Post: February 5th, 2011, 12:52 AM
  2. Malware Removal Tool Downloads Blocked
    By catholichome in forum Access Issues
    Replies: 1
    Last Post: April 17th, 2009, 08:50 AM
  3. Malware removal tool
    By grandmere in forum General - Questions that don't fit any other category
    Replies: 0
    Last Post: November 5th, 2008, 02:41 AM
  4. Malware Removal Helps Thread
    By oldsod in forum Malware Discussion
    Replies: 32
    Last Post: October 13th, 2008, 11:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •