1. Launch Task Manager to look out for suspicious process running
2. Run netstat to look for funny ports open and in listen state
3. Run reputable anti-spy ware to detect malware existence
4. Reboot into safe mode, delete the folder you saw, find any instance of
the questionable term in registry and delete them.
HTH.
"luishugo" <luis...@discussions.microsoft.com> wrote in message
news:B31D43E6-BA98-4696...@microsoft.com...
Just curious, is that the exact word for word error message? For example,
perhaps "need" is actually "needs?" Is there anything else in the message?
To check your computer for spyware, search www.google.com to find download
locations for the following programs: spybot search and destroy, Adaware,
and CWShredder for starters.
Also, make sure you are running an antivirus program that automatically
downloads the latest updates at least each week, www.grisoft.com is free
antivirus.
> I am new to these newsgroups, so please excuse me if I'm jumping in at
> the wrong place, but I don't know where else to start. I'm running Win
> XP pro, recently after running SpyBot, it found two registry entries
> changed, AntiVirusDisableNotify! and AntiVirusOverride!, both = dword:
> 0. Now I find that Alerter Service DLL (ALRSVC.DLL) is disabled. I
> searched the MS help database and came up with nothing. Am I safe to
> turn these back on? Does it sound like a virus or trojan on my system?
> Any help will be most appreciated. Thanks, Tom
>
What you have done is to hijack someone else's thread. This isn't a good
thing to do because it prevents both parties - you and the Original
Poster - from getting good help. You are having difficulties posting
because you are using the web interface, which is awful. You should use
a newsreader instead; information on that is below.
For expediency's sake, here is the answer to your question (next time
make a new post). The latest Spybot gives a Security Settings warning
if the any of the alerts from XP's Service Pack 2 Security Center are
turned off. They may be turned off on purpose; for instance, I always
disable the alerts for the antivirus on my own machines. If this fits
your situation, I wouldn't worry about it. However, if you or a tech
didn't change the default Security Center settings (or you don't have
XP SP2), then you should probably investigate this further. Here are
some general malware removal instructions which you can follow:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Then if you need more help, make a new post including all details about
your machine and what you've done.
Using newsgroups:
Since you are using the web interface, you may not realize that this is
really a newsgroup. You will get far more out of this resource if you
learn to use a newsreader. There are many good newsreaders for Windows,
but you can use Outlook Express since you already have it. Here are
some links to information about newsgroups:
http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlookexpressnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/default.aspx?scid=/support/news/howto/default.asp
- Set Up Newsreader
http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
The DisableNotify and AntiVirusOverride reports are new to Spybot v1.4 with
the 25 Jul-05 database installed. The DWORD values of 0 (zero) are the
defaults which would be found in the Registry (e.g.,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride) if DisableNotify and AntiVirus Override had *not*
been enabled. The DWORD values on your machine are probably 1 (one).
There's an ongoing discussion about this in the Spybot Support forum at
Net-Integration. See:
http://forums.net-integration.net/index.php?showtopic=32260
Chances are that you're running an anti-virus application (e.g., AVG) which
Security Center isn't able to monitor (or at least wasn't able to, in the
past) and that when Security Center gave you an Alert about this a while
ago, you'd chosen the ["Allow me to monitor the anti-virus myself"] option.
Spybot's just bringing this to your attention.
Check this setting via Control Panel > Security Center > Virus Protection.
You may find a new notice there telling you that Security Center is now able
to monitor your anti-virus application (e.g., AVG v7.0.388) and, if so, I
recommend that you allow it.
Should you allow Spybot to "fix" this "problem" and Security Center cannot
monitor your anti-virus application, you'll know soon enough.
Spybot should only be used by advanced users, Tom.
Alerter Service being disabled is not a cause for concern IMO:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q330904
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security