Hi,

I noticed something on my PC that makes me suspect I have been infected with another Trojan not being detected by ZA, Pest Patrol, McAfee or MooSoft cleaner.

I may sound paranoid, but I installed all of these programs after I was hit with the BFT.exe back door hacker Trojan a few weeks ago. I wiped the drive and rebuilt the O/S two weeks ago. I saw something regarding MooSoft on this forum and decided to download the 30-day evaluation. It worked like a charm and the cleaner did not detect anything.

The PC was working well and just yesterday, I noticed something very strange. Upon boot up after the usual scanning processes, occur my CPU utilization is still high at, 76% - 100 % in some cases, but nothing is detected.

Pest Patrol doesn't detect anything untoward, nor does it detect a key logger being active. However, whenever I try to access MooSoft Cleaner, the app won’t load, but I receive no error either. It's almost as if the system ignores my request to execute the program. If I continue to call up cleaner eventually the system crashes or halts.

Another thing I notice when executing programs or moving the mouse is this legacy ghostly shadow on my monitor. Not that was not there before and for all appearances it looks like video frames of the icons with a hint of transparency. If I didn’t know any, better I would say it looks like snapshots are being taken. ZA informed me the VSHWIN386.exe was requesting access to the Internet for the very first time, so I did not grant it, as the program didn't seem to ring a bell to me. My kid was using the computer under her own ID and not the Admin, but Admin showed up as being the last one logged in. Nobody other than myself has the admin password.

I suspect that this may have been intentional and that somehow this managed to bypass all of the level of securities I put in place.

Here are me questions.

What tools are passwords protected that I can install that are good Trojan killers?
MooSoft unfortunately doesn't offer that level of security and I need the ability to lock down the programs.

Is it possible for a Trojan or spy program to bypass pest patrol?

Does anyone know what vshwin386.exe is?
Is there some back door Admin account pre-built in Win 2K I should disable?

Any help would be greatly appreciated.

Julia

vshwin is a part of Mcafee and allows files to be scanned as they are opened

I think this will help you!
03/11/2000
Yesterday we heard that a McAfee automated virus update had caused PCs to freeze up - something that wasn't appreciated by sys admin and those wishing to, say, use their computer. Details were sketchy but you readers have come up trumps and emailed us all the relevant info. A McAfee employee also helped explain how to fix the problem.

Basically, an update file to inform the virus scanner of new variants caused an outdated version of the scanning software (its "engine") to continuously scan files on your computer (looks like a file override problem). Since virus scanning is a priority task, this activity managed to consume 99 per cent of processor power, leaving the computer completely frozen for any other tasks you may want to do. Apparently you can still do some work on the machine but it will be very, very slow.

The old engine, version 4.0.02, is a year-and-a-half old and should really have been updated to the new 4.0.70 version, which apparently works fine with the latest update. Now, some have said that people are daft to not have updated the engine and this is true enough but of course nothing is as simple as it seems. One sys admin informed us that he'd been trying to upgrade his companies virus engines for months but neither he nor McAfee could find a way to do it. We don't know the full reasons why this might be so, but it does demonstrate that there may be many users who legitimately have the old engine and presumably aren't terribly happy at the moment.

So what's the solution? Well, you're gonna have to stop the scanning software. Then you can either delete it and reinstall it, preferably with the new and latest versions or download McAfee's superdat fix file (sdat4103.exe - the offending dat file that has caused all the problems is 4102.dat) and install it. This is a bit of a pain in the arse and we'd advise only those happy with mucking about with a PC's inner workings to do it. If you're a layman, the IT support boys will probably be around sometime today.

If you're running Win 9x, you could sort it out yourself, but with NT, it'll most likely need administrator access to get at the relevant files. Below therefore are a range of suggestions. We'll put McAfee's first

Sorry and this
http://www.theregister.co.uk/content/1/14459.html

its simple to get most of the info you need go to google and paste in this case, "vshwin" and you will find sites with this subject!

Tim good luck and stay safe

hi julia,
yes its possible for a trojan, virus, and or worm to block, bypass, and render useless any program. you may have a trojan that is blocking your anti-virus, and or anti-trojan from working.
it could be one of the many such as bugbear, or one of the bionet versions. to be sure go to www.thepublicworks.com, security section and link to pcflank and do their trojan and port scans, if something is found, then link to wilders.org and download a free 30 day trial of Trojan Hunter and scan your machine. also when at thepublicworks.com link to Regprot and download their free registry monitor, link to Sysinternals and download their free process and port monitor(Process Explorer and TDImon.)
as for vshwin.exe its a general component of mcaffee's anti-virus scanner and it appears that there is a problem with it. go to google and do a search on it.
if you are using mcaffee i would suggest that you drop it and get a better anti-trojan such as nod32 or kapersky labs. as for the best anti-trojan look into Boclean.
hope this helps,
murve

All,

I can't thank everyone enough for all of the information. I know I did perform and upgrade to the latest MacAfee .dat file, so this explains alot. I was thinking of jumping over to Norton antivirus anyway, so now would be a good time. I did use the Trojan hunter and luckily enough the results showed negative. I will check the registry monitor and the other suggestions listed above.

I am truly greatful for all of the responses and the help.

Thanks,
J.

Julia,

If you are really concerned about trojans there is a program called Trojan Remover, which is not a real time scanner like The Cleaner, but it does scan all the areas that trojans usually launch from when you use it.

It is free for 30 days and you can get it from www.simplysup.com. I have The Cleaner and Trojan Remover as backup, but I am paranoid!!

This will be of use to THE CLEANER users and/or would-be users:

The comments below are from a user on the moosoft.com forum, The Cleaner developer:

__________
Posted: Mon Feb 24, 2003 1:12 pm Post subject: Updates?

it's been well over a month now and still there has been no updates for the database, what gives?
__________

And if you read others comments in there, you'll see that UPDATES are a major weakness for THE CLEANER, as there are often large time periods in between updates.

And many also mention their horrible service and support, unanswered emails, calls, etc.

Too bad, as I had heard rumors about this recently, but am beginning to see in print since the last month or earlier.