Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running very poorly! [RESOLVED]


  • This topic is locked This topic is locked

#61
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Try downloading this by right-clicking and "Save Target As":

ftp://ftp.f-secure.com/anti-virus/tools/f-sdbot.exe

When it's done click "open" a black window will open up, just let it scan your computer until it's done. Hopefully this will find that worm.
  • 0

Advertisements


#62
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
I'm using netscape to access the internet because nothing else works and when I right click that there is no option to save target as...
  • 0

#63
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Just click on the link to download it then.
  • 0

#64
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
I was able to download that program and run it and it seemed like it sent mt hijackthis shortcut to the recycling bin and thats all,ohh it gave me some instructions that I didnt really understand to do after infection removal,and I still cant access my norton anti virus software.
  • 0

#65
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It didn't say anything was infected on the screen?

I'll be back in just a little bit - going to eat! I'll be thinking about what to do next!
  • 0

#66
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
no it didnt say anything was infected on the screen this is so frustrating I'm am almost ready to give up!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • 0

#67
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
If I'm not giving up either are you!!

I need you to reboot into safe mode.

While in Safe Mode, run HiJackThis and place a check next to the following items and click FIX CHECKED:

O4 - HKLM\..\Run: [Windows Service Drivers] mswin32.exe
O4 - HKLM\..\RunServices: [Windows Service Drivers] mswin32.exe
O4 - HKCU\..\Run: [Windows Service Drivers] mswin32.exe
O4 - HKCU\..\RunServices: [Windows Service Drivers] mswin32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Using Windows Explorer look for the following file and delete it:

C:\Windows\mswin32.exe
C:\Windows\System32\mswin32.exe

Reboot into normal mode. In the meantime I'm going to put together a list of important programs I need you to download since you can download stuff with Netscape at the moment!!
  • 0

#68
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Download as many of these programs as you can (especially killbox) in this order. Download them to your desktop:

http://www.atribune....ads/KillBox.exe

http://www.silentrun...ent Runners.vbs

http://skads.org/special/rkfiles.zip

http://www.atribune....nloads/find.zip

http://www.atribune....oads/l2mfix.exe

http://downloads.sub.../DllCompare.exe
-Right click on your desktop, click new, folder, and name it dllcompare and save it there.

http://www.ewido.net/en/download/

I know it's a lot of programs, but you have a rootkit and many worms that are running amok and we have to find them!
  • 0

#69
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
ok I'm back and ready to be frustrated :tazz: I will start on that right away and let you know when I finish.
  • 0

#70
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
:tazz: I'll be here!!
  • 0

Advertisements


#71
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
mswin32 I have deleted it everywhere you said to and I did a windows explorer search and its coming up in a folder called recycler and I cannot delete them beacause I get and error saying access is denied or the folder is write protected???here is a new hijackthis log too.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:35 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\scrtkfg.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WSup.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\Netscape\Netscape 6\netscp6.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\dumprep.exe
C:\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50245
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Joey\Application Data\Mozilla\Profiles\default\6hdgikqx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Service Drivers] mswin32.exe
O4 - HKCU\..\RunServices: [Windows Service Drivers] mswin32.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#72
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, let me look at your log real quick!

Edited by bananafanafo, 30 April 2005 - 01:02 AM.

  • 0

#73
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ah you're computer is picking up a bunch of spyware CRAP! :tazz:

Were you able to download the programs?

Edited by bananafanafo, 30 April 2005 - 12:53 AM.

  • 0

#74
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
No I wasnt and I dont know why.norton is updated and running right now it deleted a bunch of stuff so I made a new log for you to look at.
  • 0

#75
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You couldn't download anything, not even with Netscape?? :tazz:

There are some patches that you desperately need for your computer.

Also, what do you mean you don't have the XP cd but restored it with a millenium cd?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP