According to my Norton Security Log the vmain.class Trojan Horse entered my computer on 5/3/10 and Norton quarantined it on 6/5/10. The risk is rated as “High” and it also indicates that fewer than 10 people in the Norton Community have “used” this file. This really concerns me as I understand the file is a key logger, and I just found a second key logger titled Spyware.WALogger.
I also just uncovered Win32.TrojanClick.Swad.b and Spyware.SnoopStick and finally Malware.Packer.Gen.
I feel like I am being targeted as I found that someone was trying to steal my idenity through a credit card "take over". Can someone please tell me about each of these infections and let me know if I should be as concerned as I obviously am.
P.S. I am running Vista... I hope it has protected me from some of these.
Norton found vmain.class trojan and but none of the others so I can not find "More Details" on those. I did check the details of this one and Norton indicates that no other action is necessary because it has been quarantined.
SpywareWALogger and Win32,trojanclick.swad.b and Spyware.SnoopStick were found by Arovax.
Malware.Packer.Gen was found by Malwarebytes.
The thing that is really concerning me now is that I just found SpywareWALogger and Spyware.SnoopStick on my wife's computer as well usnig Arovax. I also found Spyware.BEveryware and Spyware.SpyArsenalLog on her machine along with about 17 other items that I assume are adware of some sort.
This has me very concerned because I understand that many of these Spyware programs have to be installed manually... meaning that someone had access to both of our computers and we have no one else living in the house.
Can someone please tell me how I might find out WHEN these programs were installed? Norton shows the dates for vmain.class trojan, but since it did not find the others I am hoping there is a way to to see this somehow even if I have to take the machines to a local technician.
Below is where these things were found on my machine.
According to my Norton Security Log the vmain.class Trojan Horse entered my computer on 5/3/10 and Norton quarantined it on 6/5/10. The risk is rated as “High” and it also indicates that fewer than 10 people in the Norton Community have “used” this file. This really concerns me as I understand the file is a key logger, and I just found a second key logger titled Spyware.WALogger.
I also just uncovered Win32.TrojanClick.Swad.b and Spyware.SnoopStick and finally Malware.Packer.Gen.
I feel like I am being targeted as I found that someone was trying to steal my idenity through a credit card "take over". Can someone please tell me about each of these infections and let me know if I should be as concerned as I obviously am.
P.S. I am running Vista... I hope it has protected me from some of these.
I am not a technician so please bear with me. I assume by "real time" that you mean it runs on it's own... It does not run in the background or on it's own. You have to open it to scan.
It's a trial version that Dell told me to use when I could not get more help from Norton without going to the Norton Pay per Incident Service (as you can see I have number of issues here and at $90 each I'm not sure I can afford the "pay additional" service). Dell said it would be fine with Norton as long as I didn't run both at the same time.
I remain very interested in trying to find out when (and how) these programs got on our machines... Especially those that have to be manually installed.
Did this other program clean up the infections or just tell you they were there? Do you have any software being used to track your childrens online activities?
I would suggest a full scan with the free version of SUPERAntiSpyware to see if that finds anything.
Here is a free on demand antimalware scanner. It is safe to use on demand with your Norton product.
The download button is on the right hand side. Please be careful not to download Spyware Doctor which is on the left side. Also, please don't forget to update the program each time before use of it. In fact you can update it every day just in case some malware may prevent you from updating it.
Please come back and let us know if SAS found anything.
Thank you for these links. I will download and run the scans as you recommend.
I did quarantine the infections on my machine using the Arovax software. I did not yet quarantine the infections on my wife's machine fearing that to do so might somehow pose a problem it terms of trying to find out when and how the infections got there.
I am particularly interested in determining when the manual installations took place.
I will let you know what SUPERAntiSpyware turns up.
If it does find something... do your recommend immediate quarantine?
If it finds anything, let the program clean it up. It will quarantine it in the process. You can post the log back here. You can also post the log from Malwarebytes that you said you ran.
Hello SlowGuy Excuse me for wanting to backup to the point floplot made. Dell told you "it would be fine with Norton as long as you didn't run both at the same time". Arovax Shield is Real Time > * Real time protection automatically monitors PC for unwanted malware. * Enhanced detection and removal engine improves on the thoroughness, accuracy, speed, and efficiency of detecting and blocking all forms of spyware parasites. Are you managing to somehow disable all Real Time functionality for one while running the other. I am at a loss as to why Dell recommended Arovax Shield. If Dell referred you to Arovax AntiSpyware I don't find it as Vista compatible. The Arovax site has news headlines from 2007. The links to Softpedia and Snapfile end in 2007. The last update for Arovax Shield looks like 2007. If you have Arovax Shield ...please look at the website and consider the scan results accordingly. Maybe you have a new incarnation and I'm just not finding it. Anything is possible.
I return the thread to the OP Topic under discussion.
The actual name of the Arovax product that I have is Arovax AntiSpyware 2.1.153 . As far as I can tell it only runs when I open it and do a scan. Your point is well taken about the updates from 2007 although I did seem some 2009 reviews of it online.
I really am relying on help from the good people on this forum because I think you are a lot more knowledgeable and current than the help that I get when I call into these various support services. As my name indicates, I am a "slow guy" when it comes to computer technicalities.
Perhaps I have just gotten myself confused and upset (with false positives) by following Dell's recommendation to use Arovax. With all of these "key loggers" coming on the heels of an attempted identity theft issue I may be a bit paranoid.
I more than welcome continued thoughts on this for all of you with expertise in this area. I don't want to waste anyone's time if this is a "false alarm". On the other hand, if I am missing something, I sure want to follow up on it.
Perhaps a log from HiJackThis will shed some light on what is actually installed in your computer and may give some indication from where these malwares are coming from if indeed they are there. Has this Arovax program cleaned up what it found?
Please download HiJackThis from http://free.antivirus.com/hijackthis/ Choose the executable and save it on your desktop. Run the file and select the first option on the main menu "Do a system scan and save a log file". When this is finished, Notepad will open with the log file in it. Save the log file and attach it to a post here via the Add Attachments Please don't attempt to fix anything that it shows until someone checks out the log. Thanks.
Thanks again to you floplot, and all who have resonded.
I just spent the last 5 hours on the phone with Dell Service Station (a pre-paid tech support service that I have with them). They did "Remote Access" work on my computer. According to this latest represntative, the first rep should never have installed Arovax... he confirmed the idea that the Arovax software may not be accurate in determining threats.
He ran installed new versions of Malwarebytes, SuperAntispyware and some other Trojan Remover... then he removed everything but Norton and checked over the registry and the machine in general. According to Dell, I should be fine now so I will trust their work and see how it goes. If additional issues raise their ugly heads, I will try the HiJackThis download as suggested.
P.P.S. Anyone considering any of these other programs should also know that they did not want to un-install. The Dell Technician had to use something other than the Windows Uninstaller. Arovax took the most time to finally get off the machine.
Most security programs have their own removal tools to use in addition to add/remove or the Windows Uninstaller. For future use if you have the need to use it, here are the instructions to remove Malwarebytes
However, it is a good idea to keep the free versions of Malwarebytes and SUPERAntiSpyware in your computer and update and run them like once a week just to double check on your Norton product.