03-23-2008, 06:35 PM | #1 (permalink) |
Just here for the beer.
Location: Ft. Lauderdale, Floriduh
|
Got a big prob. Please help me/
Hi all. I have been attacked with a virus. Using Spybot I get the message "22:30 Registry change denied. Identified as: User decision. Resident denied the change of PrxChk (Catagory Shell Services) based on your black list." Help me please. Win WP Pro, new Dell Computer. I usually can take care of myself. This one has me stumped.
__________________
I like stuff. |
03-23-2008, 07:03 PM | #3 (permalink) |
Her Jay
Location: Ontario for now....
|
Found this on the SpyBot Forums, hope it helps. It seems to be for RealUpgrade, but maybe the solution will be similar.
http://forums.spybot.info/showthread.php?p=173035
__________________
Absence makes the heart grow fonder |
03-23-2008, 07:04 PM | #4 (permalink) |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
re: PrxChk
do you use a proxy system of some sort? as far as data being backed up; it's not a bad idea if you haven't already backed up to back up now, just be aware that your backup may also be infected. also, a virus caught by an adaware program? that's not normal. you ran virus scans and you got to hits, but with S&D you get that? it is more suspect of a false positive than anything in my book. One of the reasons that I think that sometimes too much information is just too much information to stress out over.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. Last edited by Cynthetiq; 03-23-2008 at 07:06 PM.. |
03-23-2008, 07:47 PM | #5 (permalink) | |
Young Crumudgeon
Location: Canada
|
Quote:
On to solving the problem. First of all, don't panic. It does nothing to solve your problem. Google tells me that prxchk is a utility for use with proxy servers. Whether it's actually malware or not is something I don't know, as I've never really investigated, although preliminary research seems to suggest that it's benign. You've managed to put it on your blacklist for registry changes in Spybot S&D, whether intentionally or by accident; to solve the problem, all you need to do is take it off the list. Follow the instructions in the link provided by Silent_Jay, replacing 'RealUpgrade' with 'prxchk' and report back if that doesn't solve your problem. Note: backing up data is a very good idea in general and in this situation in particular. You may safely back up any mp3 files, txt files and jpg, bmp or png image files, as none of those are capable of carrying malicious code. Microsoft office file formats (.doc, etc) are susceptible to macro viruses, but they're pretty rare. No programs should be backed up (installers or other exes) as they're all potential vectors to spread a worm. The general rule of thumb is that data files are okay, program files are not, although that's not hard and fast. Several Microsoft file formats in particular are vulnerable to various types of malware. I'm also a big fan of keeping a liveboot cd handy (Knoppix, Ubuntu etc) for catastrophic failures. These will require you to learn the basics of navigating within Linux, but it's not that difficult and can potentially be a lifesaver in the event of a full OS crash.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
|
03-23-2008, 07:56 PM | #6 (permalink) | |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
Quote:
I agree that the heuristics are quite similar in some aspects and that there are many places they logicially overlap. I have found many trojans on peoples machines that listed in adaware and virus applications. That makes sense since trojans have been embedded into websoftwares. Where I find it fishy is that he runs spybot and (insert virus software) doesn't state anything and appears silent based on the post.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
|
03-24-2008, 01:29 AM | #7 (permalink) |
has a plan
Location: middle of Whywouldanyonebethere
|
There is no reason to get overly paranoid. I wouldn't suggest taking the hard drive out and putting it into a friends computer for safe scanning.
For some other scans, here is my list. I recommend a-squared, ad-aware, cwshredder, and housecall. Run a Hijack-this scan and post the logfile here or at their forums. |
03-24-2008, 10:40 AM | #10 (permalink) |
Knight of the Old Republic
Location: Winston-Salem, NC
|
Spybot says that the registry change was denied so the virus (if that's what it is) is actually not doing anything on your system. Unless Spybot keeps bugging you, the malware is probably not hurting your system at all.
|
03-24-2008, 07:04 PM | #12 (permalink) | |
Young Crumudgeon
Location: Canada
|
Quote:
Do you use prxchk for anything? If not, the simplest solution may be to just get rid of it. You might be able to do an uninstall through the control panel, but if not you can still do it manually. EDIT - As so often happens, another option occured to me immediately after hitting reply. In fact, I'm feeling sort of stupid for not thinking of it earlier. Have you tried running ad-aware? If not, install the latest version and try that. If we are dealing with some sort of malware, Ad-aware may be able to pick it up and remove it. If it doesn't (and if you haven't tried it already) I would highly recommend removing prxchk from the blacklist, as I'm reasonably sure at this point that it is in fact benign. If neither Norton or Ad-aware (both with the latest definitions, I'm assuming) pick it up, it's probably safe.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame Last edited by Martian; 03-24-2008 at 07:08 PM.. |
|
03-24-2008, 11:31 PM | #14 (permalink) | |
has a plan
Location: middle of Whywouldanyonebethere
|
Quote:
Since you are using Tea Timer with spybot, why not just tell tea timer to deny the registry change and have it remember that action? Also, are you making sure to immunize your system after every spybot update? |
|
Tags |
big, me or, prob |
|
|