Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running very poorly! [RESOLVED]


  • This topic is locked This topic is locked

#46
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It's your computer, I'm letting you make the call on this one! :tazz:

I'll just say if it were on my computer, I would have already deleted it LOL

OR, we can try just disabling it for now, until we find out any information from the place you uploaded the file to...

;)
  • 0

Advertisements


#47
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Let's just try disabling it for now:

Press CTRL ALT DELETE, click on the Processes tab and end the following:

INETSVC.EXE

Exit Task Manager.

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

Internet Service Manager (or INETSVC)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok. Exit.

And on that note, I think I'm going to bed. Need to give my brain a rest from this nasty stuff!!
  • 0

#48
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
I've found stuff on the internet about Inetsvc.exe and everyone says it is bad.There is also Inetmgr.exe I guess they are related I dont understand to much of what people are saying about viruses I just know they are bad.
  • 0

#49
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
My task manager does not open so I cant disable it like that sorry :tazz:
  • 0

#50
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yes, I know about that one. However, location is important with all files. The location of the file you're talking about is in Program Files. This is in Windows which is why I didn't know what it was... And, they just responded as to what it was: Sdbot.xd worm. So we're definitely deleting it!!

Open HiJackThis click on None of the above just start the program. Click on Config, click on Misc Tools. Click on "Open Process Manager". Scroll down until you find this:

C:\WINDOWS\System32\INETSVC.EXE

click on it to highlight it, then click Kill Process - answer yes to the prompt!

Then do this:

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

Internet Service Manager (or INETSVC)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok. Exit.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):

INETSVC

Click ok.

It should pull up information about the service, then ask if you want to reboot. Click YES.

After it reboots, go into Windows Explorer and make sure this file is gone:

C:\WINDOWS\System32\INETSVC.EXE

Post a new HiJackThis log and Let me know if you received any error messages or had any problems.

Edited by bananafanafo, 29 April 2005 - 02:46 AM.

  • 0

#51
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
my task manager does not open :tazz: ;) ;)
  • 0

#52
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Post #50 please (edited) :tazz:
  • 0

#53
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
I'm sorry I'm an idiot I will open HJT and kill the process.It must be getting late for me I cant even comprehend what I am reading :tazz: ;)
  • 0

#54
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
:tazz: Yep, I understand that! Hopefully, it'll run better once we get rid of that worm...
  • 0

#55
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'm going to bed now! :tazz:

Shut down your computer!! We don't want it to "pick up" anything else!
  • 0

Advertisements


#56
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
Well I've had a serious problem.My computer wouldn't log on to windows it said NTLDR is missing and told me to ALT+CTRL+DEL to restart I did it about a hundred times and it would just come up as the same message so I had to do an emergency restore with my millenium restore disc.Then when I checked the services hwclock was back so I rebooted inj safe mode and deleted the files and deleted it in the registry with regedit I hope I did good.Now I cant download hijackthis :mad: maybe you can help.
  • 0

#57
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do you not have the XP CD? Missing NTLDR error is not good at all...
  • 0

#58
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
No When I bought the comp last year it just came with the restore cd I used netscape to download hijackthis and here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 4:43:06 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\mswin32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\mswin32.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Netscape\Netscape 6\HijackThis.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Service Drivers] mswin32.exe
O4 - HKLM\..\RunServices: [Windows Service Drivers] mswin32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Service Drivers] mswin32.exe
O4 - HKCU\..\RunServices: [Windows Service Drivers] mswin32.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#59
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
for some reason my comp shuts down hijackthis after it is on for 15-30 seconds.
:tazz:
  • 0

#60
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Your computer keeps getting infected with a bunch of worms. They are making use of the vulnerabilities in XP - it seriously needs to be patched! Ugh! We get rid of one worm, but the next day there is another worm.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP