|
Hardware and Software Discuss hardware, software and security related stuff |
|
Thread Tools | Search this Thread | Display Modes |
#1
|
||
|
Security Problem Please Help!?!
Ok, I was on limewire and I was trying to download a program and in all my infinite wisdom decided oh wth i'm desperate i'll click this .exe. so what dose this .exe do...it installs trojans and a lot of other stuff.
My problem: I think I've removed most of the big viruses/trojans. I'm worried about the Internet Explorer taht opens every 5-10 minutes to some site, the decreased speed of my computer, etc...it also opens up my FF to a antiviruspro site or something like that. What should I do...keep in mind I'm not very computer smart in that sense . thanks for your help! Last edited by Scott; 03-09-2007 at 12:47 AM. |
#2
|
||
|
best to reinstall if you can...
__________________
04' Dodge SRT-4, Mopar Stage 3, 406whp/436wtq |
#3
|
||
|
reinstall windows?
woot this sounds like fun heh. ok. i'll talk to my dad about it tomorrow i guess i'll be having one fun weekend EDIT: Probably serves me right. P2P isn't going to be on my computer anymore EDITEDIT: Running spysweeper, and norton anti virus. if it runs ok from there and the gay pop ups go away I think I'll be fairly happy and I'll call it good (and not reinstall). I'm gonna delete all temp files/cookies and all that too. |
#4
|
||
|
also try spybot and mcafee stinger.. search for them on google
__________________
04' Dodge SRT-4, Mopar Stage 3, 406whp/436wtq |
#5
|
||
|
ok. i think it's always good to use multiple programs, they pick up what the other ones seem to miss .
|
#6
|
|||
|
Use multiple programs in SAFE MODE, try to get a copy off killbox also. This incase some jackass program is booted during start and doent want to be shut off. You can use killbox to make sure the process is killed.
After cleaning up, reboot in safe mode again and see what happens, and run some more scans. The finally you can boot in normal modus. If the problem keeps coming back, then you might want to think of a reinstall.. It should be the last alternative.
__________________
<- Sponsored by Chris Found on Youtube: Quote:
|
#7
|
||
|
I've done the same thing as you before lol. I knew 95% it was a Trojan, but I just downloaded it anyway to see what it actually had...
Download ''HijackThis'' here: http://www.download.com/HijackThis/3...-10379544.html Do a scan, and save the logfile, then .zip it up, then attach it through here. The scan will basically do a log that will show what's running on your computer, and there can always be nasty little pieces of *bleep* running in the background without you knowing. The program will also scan for brower hijacks, etc. Chris
__________________
Intel Core Duo E7300 2.66GHz // SuperTalent DDR2 800 2GB // ASUS nVidia GeForce 8400GS 512MB // Western Digital 7200RPM 320GB SATA // LG GH-20LS 20X SATA DVD-RAM // Windows XP Pro 32-bit // Thermaltake XP550 NP 430W // Thermaltake SOPRANO SECC Black |
#8
|
|||
|
Quote:
Scan saved at 11:00:23 PM, on 3/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\VentSrv\ventrilo_svc.exe C:\Program Files\VentSrv\ventrilo_srv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\DOCUME~1\GLENR~1.MCD\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.utah.edu:8080 O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CPQEASYACC] "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation O4 - HKLM\..\Run: [2chkdsk] "rundll32.exe" "C:\WINDOWS\system32\phunasiv.dll",setvm O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Startup: Registration Brothers In Arms EiB Demo.LNK = E:\BIA_Demo\Support\Register\RegistrationReminder. exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {A7D43CBC-89DE-4738-93A7-AC83BE3392DF} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093216221031 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\GLENR~1.MCD\LOCALS~1\Temp\ThereInstall Helper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/...les/ie/IDA.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe |
#9
|
||
|
srry for the double post...but i'm gonna be doing 2 things.
1. Uninstalling IE to help fix this mes... 2. Tomorrow after some WoW Time I'll be running the safe mode and scanning over again. 3. I'm hoping to eventually reformat computer just because of the worthless junk I have on it heh. --- jonm. any other advice is appreciated, though I think I may be fine *not sure * |
#10
|
||
|
the log looks ok to me.
if you're looking for ather apps to try... http://www.kaspersky.com/virusscanner http://www.ewido.net/en/download/ and dont do stupid things again |
#11
|
||
|
Best antivirus program ever invented -> NOD32
Get a trail here -> http://www.eset.com/download/index.php Its cheaper then Norton aswell (and better) and it uses alot less ram, scans faster and use another search metod then most antivirus software (a smart scan) Bought a copy to both computers and its working great! |
#13
|
|||
|
antiviruspro site
you mean Anti-virus Pro 2007 that is a fake item it will load virus into your system to make you think you had some in the first place. it a nice item at all, be sides steal your bank info key-logger Trojan try what Steve said Quote:
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic] |
#14
|
||
|
I Googled everything I thought looked suspicious and it all looks fine.
Just before you do go reformat (if that's what you're planning to do), download ''AdAware SE'': http://www.download.com/3000-2144-10045910.html That program is a very good program. It's almost NEVER let me down! Just make sure you update definitions before a scan. And when you do a scan, do a FULL system scan! Chris
__________________
Intel Core Duo E7300 2.66GHz // SuperTalent DDR2 800 2GB // ASUS nVidia GeForce 8400GS 512MB // Western Digital 7200RPM 320GB SATA // LG GH-20LS 20X SATA DVD-RAM // Windows XP Pro 32-bit // Thermaltake XP550 NP 430W // Thermaltake SOPRANO SECC Black |
#15
|
||
|
wow you have alot of stuff running and starting at boot
my Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 11:46:07 PM, on 3/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\mysql\bin\mysqld.exe C:\apache\bin\Apache.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Misc/Homepage/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{F796BB6B-485B-4A8B-8755-FF0F9A118AEA}: NameServer = 192.168.1.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\apache\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: mysql - Unknown owner - C:\mysql\bin\mysqld.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)
__________________
04' Dodge SRT-4, Mopar Stage 3, 406whp/436wtq |
#16
|
||
|
well the problem i have has grown really serious. It's called Trojan.Vundo, and all the adware/virus/etc removers will not work. i've tried to remove it manually, but all the registry entries it told me to delete didn't exist. I can't login to regular mode and do anything cuz of how slow it is, I just have to logon to safe mode, which I can't connect to the internet. I might take it to my dad (comp genious) but that's a lotta work and a lotta gas money . Any tips besides reformat(which I may have to do)!?
|
#17
|
||
|
Have you tried the trojan.Vundo removal program from symantec?
http://www.symantec.com/smb/security...112210-3747-99 IcI |
#18
|
||
|
that would be too easy!
|
#19
|
|||
|
Quote:
I tried it, and for some reason the vundo remover can't even find the stupid trojan...but my antivirus can (but the anti virus can't delete it, dumb huh?) With further research it seems like a lot of people are having problems (and are having as much trouble as me). I've found a couple possible answers, and put them on my ipod (downloaded them off the school machine) so in safe mode I can pull them off and run em'...i pray it gets that trojan.vundo. BTW this honestly has been the gayest time of my life...i've dealt with viruses before but this one has like gotten so entertwined :P |
#20
|
||
|
Hope you get it figured out... I don't know how it is done since I haven't done it, but I'll toss it out for what it is worth: Could try using knoppix to do a virus scan.
The idea being by doing a scan out side of a windows environment, the trojan can't run. Maybe the applications cant remove it do to files being in use, etc. the Book 101 knoppix tips and tricks explains how to do this. This link explains how (and the advantages to doing so): http://www.enterprisenetworkingplane...0952_3389801_2 I have to give you credit though with trying to fix this. If I was in your shoes I would have most likely done a low-level format with in hours of your first post, using knoppix to back up any files IcI |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Border Security | KU43 | Humor & Jokes | 0 | 01-19-2011 10:25 PM |
security | VooDoo- | Hardware and Software | 1 | 07-06-2009 01:33 AM |
[Security] Microsoft Security Advisory (917077) | Hellfighter | Hardware and Software | 0 | 03-30-2006 03:27 PM |
[Cybra security] U.S. Department Of Homeland Security | Hellfighter | General Chat | 1 | 08-01-2005 10:09 AM |
Security Update | Steve | News | 2 | 12-18-2002 07:12 PM |