Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Reply
 
Thread Tools Display Modes
Old 15. May 2012, 06:27 PM   #21 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

today, the 15th may, i decided to search my computer for soft32, i found 3 items, last modified in 2004, (i dont kno0w what that means, computer isnt that old). is there more to look for? and how do i remove these?
placou 1968 is offline   Reply With Quote
Old 15. May 2012, 07:15 PM   #22 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

Tssoft32 files do not seem to be Soft32 files.. so they should be best left alone.

As for your previous post.. I am seriously lost, because I can't make much out of it, and many things are just plain confusing.

First, I don't think we discussed Soft32 before, apart from this thread.. atleast I don't remember discussing it elsewhere. If we did, please direct me to that post/thread.

Quote:
Originally Posted by placou 1968 View Post
1. I downloaded it, setup or installation of it was placed on desk top in form of an icon of a kid.
That's confusing. According to the link that you posted at the end, it seems that you downloaded the setup from Mozilla Firefox homesite... but, above you say that the icon was in the form of a kid.

The setup icon of Firefox does not come in the form of a kid.

Whereas the setup of Firefox installer from Soft32, which in turn downloads the actual Firefox setup, does come in the form of icon of a kid, with glasses.

Quote:
Originally Posted by placou 1968 View Post
9. ASK was offered at the time of download firefox
Again, if you had downloaded the Firefox from its home site of www.mozilla.org ... the setup installation does not contain any third party, or extra bundled software at all. So, ASK could not have been offered at the time of download of Firefox.

Are you really certain that you downloaded Firefox from the Mozilla site? Because, according to what you describe, and from your screenshots.. it seems that you had in fact downloaded the Firefox setup from Soft32.

The Firefox setup downloaded from the Mozilla site, is in the name of "Firefox Setup 12.0" ... whereas in the screenshot from your first post ... Hitman Pro detects Soft32 in the setup named "Moz Firefox" ... which again seems to indicate that the setup was downloaded from Soft32.

So, what is the actual case?

Quote:
Originally Posted by placou 1968 View Post
4. the other icons remain the same, but when you r. click properties i would find "for instance" target/paths were not correct it might say, c/programs/guest/documents/mozillafoxfire.exe, when you were looking at properties for say "imgur" (what i described is an example only, not specific) i knew that was a problem and i came here, not knowing what kind of problem.
It's not clear what you are trying to say here. You have lost me.

If you want us to be able to help you... you have to be quite clear with what you write.. and it should be coherent. Also, you need to exactly answer what we ask.

I will again ask... which of the shortcuts were not correct? Please write their names, with their path against them.

Generally, installed programs on the computer, should be installed in C:\Program Files folder.

So, please, post the exact path which you find is incorrect. Please do not post the "for instance" path. We need exact things.

Quote:
Originally Posted by placou 1968 View Post
5. the different icon appeared after turning on computer from a 3 day on purpose shutdown, and i had no mozilla firefox browser, just the icon that had changed, and i dont recall where the target and path were pointed, but it wasnt there.
Well, a changed icon does not mean that the software is not there. According to the screenshot, I can see that the shortcut to Mozilla Firefox is there.. just the icon is changed.

I ask again, by clicking that shortcut, does Firefox start up? If yes, Firefox is still installed on your system.

And I cannot figure out how the icon can change when the computer was in shut down state. And why was it shut down "on purpose" for 3 days? Any particular reason behind it?

You say that your ISP often helps you providing remote assistance. Can it happen, that any member from the ISP accessed your computer without your knowledge, and changed things around? Just a possibility.. I am taking a guess.

Or maybe, someone else is able to use your computer via the remote assistance somehow. That can explain the change of the icon.

Quote:
Originally Posted by placou 1968 View Post
6. i did not try the other icons to see if they worked, knew they wouldnt at time and didnt know what that would cause in computer.
Again not clear what you are trying to say.

You did not try other icons? Just knew that they wouldn't? Were you taking a guess? It's a request, please post exact things, and not guesses, because otherwise it would be very difficult for us to help you at all.

Quote:
Originally Posted by placou 1968 View Post
8. SPECULATION ONLY, maybe hitman uploaded the captures, made a determination and removed the items? its set to ask before doing, but i dont know if that is a constant, i dont catch much with it
I had made that speculation too.. but it won't happen unless :

1. Hitman Pro is still in 30 days mode. If it has been installed beyond 30 days, it can only scan and find malware.. it cannot clean them.

2. If it did indeed clean up.. it will only mess with Firefox files, because it found an infection in them. But, if you downloaded from Mozilla site... or even Soft32 site, an infection in Firefox installed files should not be there.

It alerted about the Firefox setup from Soft32, which I guess is the downloader of Soft32 which downloaded the actual Firefox setup.. but even then, it should not clean the Firefox files after installation... as it detects trouble only with Soft32 installer.

So, Hitman Pro cannot be considered responsible for missing Firefox.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 15. May 2012, 09:04 PM   #23 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

Quote:
Originally Posted by placou 1968 View Post
today, the 15th may, i decided to search my computer for soft32, i found 3 items, last modified in 2004, (i dont kno0w what that means, computer isnt that old). is there more to look for? and how do i remove these?
Placou do not attempt to delete those files. While tsssoft.ac_ files in your i386 folder are files copied from the installation disk by the manufacturer, the tsssoft.acm file is an audio compression file driver, that's important for playing video game sounds (especially for older games, for example Fallout Free on my PC uses .acm files).

Quote:
Originally Posted by placou 1968 View Post
1. I downloaded it, setup or installation of it was placed on desk top in form of an icon of a kid.
That's the logo of Soft32.
Quote:
Originally Posted by placou 1968 View Post
2. i began the installation , everything worked fine upon completion, i used it as i thought was proper, no knowingly bad sites..etc.
3. the icon started out as an orange round ball ?, type looking as if it was rolling indicating fast i suppose. I do know it to be the icon related to that product.
4. the other icons remain the same, but when you r. click properties i would find "for instance" target/paths were not correct it might say, c/programs/guest/documents/mozillafoxfire.exe, when you were looking at properties for say "imgur" (what i described is an example only, not specific) i knew that was a problem and i came here, not knowing what kind of problem.
  • Allright so what happened here actually is that, as per '1' you first downloaded a setup file from Soft32 database. It is not the actual installation file of Firefox. This is actually the Soft32 downloader for downloading Firefox setup from Soft32 database. This Soft32 downloader icon has a boy with glasses and was placed on the desktop.
  • Now as per '2' and '3' you were not installing Firefox on your system. In '2' you were actually running the Soft32 downloader for downloading the "real" Firefox setup. In '3' you got the Firefox installer that has the stylised fox on fire around the world which is the "installer" file for installing Firefox, and it was not the Firefox icon after installation. This is why it's target path is set to c/programs/guest/documents/mozillafoxfire.exe, which is the default location for downloaded software from Soft32.
  • What you had to do now, is to "run" this installer to install Firefox onto the System at C:\Program Files. You never actually told that you ran "this" installer so that Firefox gets installed into the system. You only checked the shortcut paths and then posted your problem in this thread

Quote:
Originally Posted by placou 1968 View Post
5. the different icon appeared after turning on computer from a 3 day on purpose shutdown, and i had no mozilla firefox browser, just the icon that had changed, and i dont recall where the target and path were pointed, but it wasnt there.
errm.....actually I can answer this properly without furthur info, but what I believe is that one of your programs got replaced with "Mozilla Firefox" title. I cant deduce how it happened. It is this program that appears on your desktop as shortcut.
Quote:
Originally Posted by placou 1968 View Post
6. i did not try the other icons to see if they worked, knew they wouldnt at time and didnt know what that would cause in computer.
I thought you just said in your first post that many shortcuts had different paths and now you're mentioning that you didn't try anything? um...
Quote:
Originally Posted by placou 1968 View Post
7.hitman only caught it after installation was complete, i scanned the installation icon and contents with mbam, mse but hitman was the only one that caught it.
8. SPECULATION ONLY, maybe hitman uploaded the captures, made a determination and removed the items? its set to ask before doing, but i dont know if that is a constant, i dont catch much with it
The infection found by Hitman is a heuristic detection and not an actual infection. As I posted my VirusTotal results of a Soft32 downloader file in an earlier post, 5/42 antiviruses triggered a heuristic detection, which may not necessarily be an actual infection. This is why MBAM or other antiviruses doesn't trigger an infection for the same setup file.
Quote:
Originally Posted by placou 1968 View Post
9. ASK was offered at the time of download firefox

i DID hit the wrong button after unchecking the ASK toolbar questions that was provided, and right you are, i read it twice, and im able to comprehend well, but i did hit the wrong button.
So there you are. I hope you would be careful next time

Quote:
Originally Posted by placou 1968 View Post
The good news is...after following the instructions of "george' to the letter, and taking my time to do it as correctly as possible and when i finished, I called my ISP, (and there a company every living being in the world has heard of) under remote connection i was told this, "from the screen shots, and the cleanup you have done, you could work here, theres not a trace left that i can find, i notice we use the same tools so that helped also" thats a compliment back to "george", and I thank very much as well, but i cant take your credit.
in the address bar i typed, http://www.techsupportalert.com/free...efox.com....it tool me to (below)
http://www.mozilla.org/en-US/firefox...rom=getfirefox
thats where i started from, all i did was hit download
You're welcome. I don't think your computer was infected or hacked in the first place, you just got some confusion and also unknowingly installed the Ask toolbar. Luckily that saved me a great deal of time or otherwise we would have needed ComboFix to go through advanced processes. Glad to see that your PC is clean now.
__________________
If you seek for attention, do common things in life in an uncommon way!

Last edited by George.J; 15. May 2012 at 09:09 PM.
George.J is offline   Reply With Quote
Old 16. May 2012, 02:50 PM   #24 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

referencing back to the previous post in which we discussed soft32, its in this forum, thread title, "questions about possible antivirus change,' post #25. you had seen "softhelp", not "soft32" in address bar, and advised me it was not trustworthy. I dont know if softhelp and soft32 are related or not, but thats where i posted a capture of several warning/error messages, and captured a trojan...etc.
again, I have never heard of soft32, i have no idea how i wound up there. it was not intentional
placou 1968 is offline   Reply With Quote
Old 16. May 2012, 05:40 PM   #25 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

Softhelp and Soft32 are obviously different.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 17. May 2012, 06:48 PM   #26 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

Placou, I guess we'll take our discussion to this thread, instead of fixes being recommended in private. First of all, I would like to advice you one thing. You should not receive tech repair from 2 different sources, because both of the parties will be recommending different tools and methods, this might lead to conflicts and you might not obtain the desired results. So either you should let your ISP, ATT to recommend fixes for you and follow it (since you're already paying for it), and then post back the results in the thread, or follow the advices being recommended here.

  • First all your log reports of TDSSKiller should be available in the C: directory. You may upload the logs in a notepad file attached to the thread. It's better than posting it directly on this thread. TDSSKiller doesn't remove any infections unless you specifically let it to do so. So there's no chance that the rootkits were removed during scanning procedure.
  • Secondly, is your wife's wireless PC and your's shared by any means? In that case if her PC is infected, there's a good reason that the rootkits might have got into your system, if the disks are shared with infected content, or even with the remotely connected computer. Because during the first time scanning that I had asked you to do, there was no rootkits were found as you told, but later TDSSKiller caught 4 of them. At any cost during the disinfection process, do not share your computer (except with your ISP whom you trust, I believe their system is not infected ).
  • Thirdly, from the screenshots that you've sent me, about the hmpsched.exe error, it refers to an error in your Hitman Pro scheduler configuration, you may try re-installing the application. I don't think there's a need to report that error to Microsoft. Appcombat.txt is used for reporting errors to microsoft and contains the information about the problem. Reading the text file would let users with technical knowledge know what's the problem. It's not really important, but you can upload that file in this thread. You can find out the path to it from the 2nd screenshot. Are you sure you're running a legal copy of Windows?
  • Finally did you actually try to run Firefox browser and browse, after downloading it from Soft32 and installing it on your system? Because from your reports, I guess it's not yet installed on your system.
__________________
If you seek for attention, do common things in life in an uncommon way!

Last edited by George.J; 17. May 2012 at 06:55 PM.
George.J is offline   Reply With Quote
Old 17. May 2012, 07:10 PM   #27 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

And finally when your ISP has finished diagnosing the PC, we will provide furthur support and certain scans you may want to run as adviced, with attached logs for observation.
__________________
If you seek for attention, do common things in life in an uncommon way!
George.J is offline   Reply With Quote
Old 20. May 2012, 07:56 PM   #28 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default copy from kaspersky

[InfectedObject]
Type: Service
Name: ATI Smart
Type: n/a (0x110)
Start: Auto (0x2)
ImagePath: C:\WINDOWS\system32\ati2sgag.exe

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\ati2sgag.exe
md5: 7970df1f4bef2ee5e3f88b66d470ccda



[InfectedObject]
Type: Service
Name: iaStor
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: SYSTEM32\DRIVERS\IASTOR.SYS

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
md5: 309c4d86d989fb1fcf64bd30dc81c51b


[InfectedObject]
Type: Service
Name: PrismXL
Type: n/a (0x110)
Start: Auto (0x2)
ImagePath: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
md5: 33d7285f12d934268a34206dfc4ad1b3

[InfectedObject]
Type: Service
Name: tap0901
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: system32\DRIVERS\tap0901.sys

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\tap0901.sys
md5: 1e89de7a4fb7a854ebb241d0aa8996dd
placou 1968 is offline   Reply With Quote
Old 21. May 2012, 01:32 AM   #29 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

Please post the TDSSKiller log in it's entirety. Go to C: directory and then upload it in full, or copy-paste it here.
__________________
If you seek for attention, do common things in life in an uncommon way!
George.J is offline   Reply With Quote
Old 21. May 2012, 02:22 PM   #30 (permalink)
Senior Member
 
Join Date: Oct 2011
Posts: 187
Default

have i found it?

http://i.imgur.com/hdSLi.jpg

Last edited by Anupam; 21. May 2012 at 02:28 PM.
placou 1968 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 01:59 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.