Gman
Ad-Aware Post for gmad[CLOSED]
Started by
gmad
, May 17 2005 10:00 PM
#16
Posted 25 May 2005 - 09:34 PM
Gman
#17
Guest_thatman_*
Posted 26 May 2005 - 08:08 AM
Hi gmad
Sorry the change it now at the bootm of the first post.
http://forums.skads....hp?showtopic=80
At the bottom of the first post you will see this Attached File remv3.zip ( 21.79k ) Number of downloads: 576
Now download the remv3.zip
Instructions
>> Download the attachment and unzip the contents to a permanent folder[/b]
>> Reboot into safe mode and unhide all files and folders
>> Doubleclick on remv3.bat to run it. Wait untill the dos window closes.
>> Post the contents of c:\log.txt after rebooting into normal mode.
Kc
Sorry the change it now at the bootm of the first post.
http://forums.skads....hp?showtopic=80
At the bottom of the first post you will see this Attached File remv3.zip ( 21.79k ) Number of downloads: 576
Now download the remv3.zip
Instructions
>> Download the attachment and unzip the contents to a permanent folder[/b]
>> Reboot into safe mode and unhide all files and folders
>> Doubleclick on remv3.bat to run it. Wait untill the dos window closes.
>> Post the contents of c:\log.txt after rebooting into normal mode.
Kc
#18
Posted 26 May 2005 - 09:30 PM
Ok Thatman, thank you, here's the new log....
The batch is run from -- C:\Documents and Settings\Greg Madrigal\Desktop
Files Found.................
----------------------------------------
clfmon.exe
pxhping.exe
mqbckup.exe
dllhostxp.exe
rdshost32.exe
winsrv32.dll
d3dxov.dll
msacmx.dll
hdr.dll
subsys.exe
dnsping.exe
iecust.exe
sp2chek.exe
clfmon.exe
hdr.dll
Files Not deleted.................
----------------------------------------
Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Files]
"service.exe"=""
"msacmx.dll"=""
"d3dxov.dll"=""
"winsrv32.dll"=""
"ie4unit.exe"=""
"ipxroutex.exe"=""
"rdshost32.exe"=""
"rshe.exe"=""
"net2.exe"=""
"mqsvch.exe"=""
"dllhostxp.exe"=""
"extrac16.exe"=""
"mqbckup.exe"=""
"pxhping.exe"=""
"rdpnr.exe"=""
"slservc.exe"=""
"clfmon.exe"=""
"hdr.dll"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes]
"ie4unit.exe"=""
"ipxroutex.exe"=""
"service.exe"=""
"rdshost32.exe"=""
"rshe.exe"=""
"net2.exe"=""
"mqsvch.exe"=""
"dllhostxp.exe"=""
"extrac16.exe"=""
"mqbckup.exe"=""
"pxhping.exe"=""
"rdpnr.exe"=""
"slservc.exe"=""
"clfmon.exe"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegKeys]
"{98DBBF16-CA43-4c33-BE80-99E6694468A4}"=""
"{A5366673-E8CA-11D3-9CD9-0090271D075B}"=""
"Files"=""
"Ms4Hd"=""
"Processes"=""
"RegKeys"=""
"RegValues"=""
"Vendor"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegValues]
"clfmon.exe"=""
"dllhostxp.exe"=""
"pxhping.exe"=""
"service.exe"=""
Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 7C3C-7DD8
Directory of C:\WINNT\system32
msi.dll
Finished
The batch is run from -- C:\Documents and Settings\Greg Madrigal\Desktop
Files Found.................
----------------------------------------
clfmon.exe
pxhping.exe
mqbckup.exe
dllhostxp.exe
rdshost32.exe
winsrv32.dll
d3dxov.dll
msacmx.dll
hdr.dll
subsys.exe
dnsping.exe
iecust.exe
sp2chek.exe
clfmon.exe
hdr.dll
Files Not deleted.................
----------------------------------------
Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Files]
"service.exe"=""
"msacmx.dll"=""
"d3dxov.dll"=""
"winsrv32.dll"=""
"ie4unit.exe"=""
"ipxroutex.exe"=""
"rdshost32.exe"=""
"rshe.exe"=""
"net2.exe"=""
"mqsvch.exe"=""
"dllhostxp.exe"=""
"extrac16.exe"=""
"mqbckup.exe"=""
"pxhping.exe"=""
"rdpnr.exe"=""
"slservc.exe"=""
"clfmon.exe"=""
"hdr.dll"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes]
"ie4unit.exe"=""
"ipxroutex.exe"=""
"service.exe"=""
"rdshost32.exe"=""
"rshe.exe"=""
"net2.exe"=""
"mqsvch.exe"=""
"dllhostxp.exe"=""
"extrac16.exe"=""
"mqbckup.exe"=""
"pxhping.exe"=""
"rdpnr.exe"=""
"slservc.exe"=""
"clfmon.exe"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegKeys]
"{98DBBF16-CA43-4c33-BE80-99E6694468A4}"=""
"{A5366673-E8CA-11D3-9CD9-0090271D075B}"=""
"Files"=""
"Ms4Hd"=""
"Processes"=""
"RegKeys"=""
"RegValues"=""
"Vendor"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegValues]
"clfmon.exe"=""
"dllhostxp.exe"=""
"pxhping.exe"=""
"service.exe"=""
Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 7C3C-7DD8
Directory of C:\WINNT\system32
msi.dll
Finished
#19
Posted 26 May 2005 - 09:34 PM
Thatman, Winpatrol promted we when "clfmon.exe" &
"dllhostxp.exe" tried to add themselves back to the startup registry after I rebooted into regular Windows after running "remv3.bat."
I of course denied it. FYI...
"dllhostxp.exe" tried to add themselves back to the startup registry after I rebooted into regular Windows after running "remv3.bat."
I of course denied it. FYI...
#20
Guest_thatman_*
Posted 27 May 2005 - 02:55 AM
Hi gmad
Please read through the instructions before you start (you may want to print this out).
Please download all items to your desktop first.
Please download and install these programs - don't run them yet!!
Download Pocket Killbox and unzip it; save it to your Desktop.
Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove
cwsserviceremove.zip
Download CW-Shredder at the link below:
CWShredder
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
Reboot into Safe Mode: Click here if you don't know how to do this.
Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Scan with AdAware and let it remove any bad files found.
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Double click on the cwsserviceremove and when asked to merge say yes.
Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
C:\WINNT\system32\winsrv32.dll
C:\WINNT\system32\msupgr.exe
C:\WINNT\system32\msacmx.dll
C:\WINNT\system32\dnsping.exe
C:\WINNT\system32\dllhostxp.exe
C:\WINNT\system32\d3dxov.dll
C:\WINNT\system32\subsys.exe
C:\WINNT\system32\pxhping.exe
C:\WINNT\system32\mqbckup.exe
C:\WINNT\system32\sp2chek.exe
C:\WINNT\system32\rdshost32.exe
C:\WINNT\system32\rcpie.dll
C:\WINNT\system32\msupgr32.exe
C:\WINNT\system32\iecust.exe
Let the system reboot.
Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.
Kc
Please read through the instructions before you start (you may want to print this out).
Please download all items to your desktop first.
Please download and install these programs - don't run them yet!!
Download Pocket Killbox and unzip it; save it to your Desktop.
Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove
cwsserviceremove.zip
Download CW-Shredder at the link below:
CWShredder
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
Reboot into Safe Mode: Click here if you don't know how to do this.
Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Scan with AdAware and let it remove any bad files found.
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Double click on the cwsserviceremove and when asked to merge say yes.
Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
C:\WINNT\system32\winsrv32.dll
C:\WINNT\system32\msupgr.exe
C:\WINNT\system32\msacmx.dll
C:\WINNT\system32\dnsping.exe
C:\WINNT\system32\dllhostxp.exe
C:\WINNT\system32\d3dxov.dll
C:\WINNT\system32\subsys.exe
C:\WINNT\system32\pxhping.exe
C:\WINNT\system32\mqbckup.exe
C:\WINNT\system32\sp2chek.exe
C:\WINNT\system32\rdshost32.exe
C:\WINNT\system32\rcpie.dll
C:\WINNT\system32\msupgr32.exe
C:\WINNT\system32\iecust.exe
Let the system reboot.
Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.
Kc
#21
Posted 28 May 2005 - 02:22 PM
Ok, looking better already!!!
Here is my new A.B. log(but I could NOT update. Says- An Error has occurred while updating!
Scanned at: 11:03:47 AM on: 5/28/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
The PandaSoftware ActiveScan only produced an unknown file to my desktop named -track=17490.url
I did a Trend Micro scan too which produced nothing that I know of.
Here is my new HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 1:19:08 PM, on 5/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\TDK\Digital MixMaster\DMM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\EXPLORER.EXE
C:\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1FDD6F-EEAD-420A-9E3C-E8CD3B379B6F}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E76F92-72E8-4D3B-99AA-4AE946E25CE1}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F78818-E1B4-4DD7-B906-4C5EC873A8BC}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Here is my new A.B. log(but I could NOT update. Says- An Error has occurred while updating!
Scanned at: 11:03:47 AM on: 5/28/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
The PandaSoftware ActiveScan only produced an unknown file to my desktop named -track=17490.url
I did a Trend Micro scan too which produced nothing that I know of.
Here is my new HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 1:19:08 PM, on 5/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\TDK\Digital MixMaster\DMM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\EXPLORER.EXE
C:\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1FDD6F-EEAD-420A-9E3C-E8CD3B379B6F}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E76F92-72E8-4D3B-99AA-4AE946E25CE1}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F78818-E1B4-4DD7-B906-4C5EC873A8BC}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
#22
Guest_thatman_*
Posted 29 May 2005 - 01:45 AM
Hi gmad
The PandaSoftware ActiveScan only produced an unknown file to my desktop named -track=17490.url
You will find that in your Favorites folder
Have you tryed to update Ewido yet.
Please read through the instructions before you start (you may want to print this out).
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Click on Fix Checked when finished and exit HijackThis.
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.
How is the system running now please let me know
Kc
The PandaSoftware ActiveScan only produced an unknown file to my desktop named -track=17490.url
You will find that in your Favorites folder
Have you tryed to update Ewido yet.
Please read through the instructions before you start (you may want to print this out).
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Click on Fix Checked when finished and exit HijackThis.
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.
How is the system running now please let me know
Kc
#23
Posted 29 May 2005 - 02:07 PM
Hello again Thatman, we are making progress for sure. I don't have any IE problems with hijackings or redirects anymore! However, I am still unable to update Ewido. I have no firewall at this time(that I know of) so I am dumfounded there.
I deleted the 2 files in HijackThis that you wanted me to.
Panda won't seem to scan either. I get an ERROR ON PAGE message. I can do the Trend Micro scan though. I tried to include the file that Panda produced on a prior scan, but it won't allow me to attach as is a .url type folder. FYI-I have cable broadband.
The other problems that I am still having, are that when I reboot, the computer usually freezes somewhere between the BIOS running and opening the first program from the desktop. Sometimes, it doesn't even enter BIOS (I don't here the two beeps from the CPU after powering up.) I just get a dark screen.
Seems that I usually have to do a hard reboot at least twice before I can run properly anymore.
Here is my new HJ log....
Logfile of HijackThis v1.99.1
Scan saved at 1:03:47 PM, on 5/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis[1]\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1FDD6F-EEAD-420A-9E3C-E8CD3B379B6F}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E76F92-72E8-4D3B-99AA-4AE946E25CE1}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F78818-E1B4-4DD7-B906-4C5EC873A8BC}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
I deleted the 2 files in HijackThis that you wanted me to.
Panda won't seem to scan either. I get an ERROR ON PAGE message. I can do the Trend Micro scan though. I tried to include the file that Panda produced on a prior scan, but it won't allow me to attach as is a .url type folder. FYI-I have cable broadband.
The other problems that I am still having, are that when I reboot, the computer usually freezes somewhere between the BIOS running and opening the first program from the desktop. Sometimes, it doesn't even enter BIOS (I don't here the two beeps from the CPU after powering up.) I just get a dark screen.
Seems that I usually have to do a hard reboot at least twice before I can run properly anymore.
Here is my new HJ log....
Logfile of HijackThis v1.99.1
Scan saved at 1:03:47 PM, on 5/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis[1]\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1FDD6F-EEAD-420A-9E3C-E8CD3B379B6F}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E76F92-72E8-4D3B-99AA-4AE946E25CE1}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F78818-E1B4-4DD7-B906-4C5EC873A8BC}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
#24
Guest_thatman_*
Posted 29 May 2005 - 03:06 PM
Hi gmad
Is this your ip
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1FDD6F-EEAD-420A-9E3C-E8CD3B379B6F}: NameServer = 69.50.166.94,69.31.80.244
Please run a check for any of the following files delete if found
Using Windows Explorer, locate the following files/folders, and delete them: [b]If found
clfmon.exe
pxhping.exe
mqbckup.exe
dllhostxp.exe
rdshost32.exe
winsrv32.dll
d3dxov.dll
msacmx.dll
hdr.dll
subsys.exe
dnsping.exe
iecust.exe
sp2chek.exe
clfmon.exe
hdr.dll
C:\WINNT\system32\winsrv32.dll
C:\WINNT\system32\msupgr.exe
C:\WINNT\system32\msacmx.dll
C:\WINNT\system32\dnsping.exe
C:\WINNT\system32\dllhostxp.exe
C:\WINNT\system32\d3dxov.dll
C:\WINNT\system32\subsys.exe
C:\WINNT\system32\pxhping.exe
C:\WINNT\system32\mqbckup.exe
C:\WINNT\system32\sp2chek.exe
C:\WINNT\system32\rdshost32.exe
C:\WINNT\system32\rcpie.dll
C:\WINNT\system32\msupgr32.exe
C:\WINNT\system32\iecust.exe
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)
Exit Explorer.
Try any of the folloing scans
http://www.ravantivirus.com/scan/
http://www.bitdefend...can/licence.php
Kaspersky Worm Removal Tool
Follow up with an online Trojan scan at any of the following:
TrojanHunter
http://www.computerc.../reviews-8.html
a2 Scanner
http://www.emsisoft..../software/free/
Trojan Remover
http://www.simplysup...r/download.html
Post back with the results.
Kc
Is this your ip
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1FDD6F-EEAD-420A-9E3C-E8CD3B379B6F}: NameServer = 69.50.166.94,69.31.80.244
Please run a check for any of the following files delete if found
Using Windows Explorer, locate the following files/folders, and delete them: [b]If found
clfmon.exe
pxhping.exe
mqbckup.exe
dllhostxp.exe
rdshost32.exe
winsrv32.dll
d3dxov.dll
msacmx.dll
hdr.dll
subsys.exe
dnsping.exe
iecust.exe
sp2chek.exe
clfmon.exe
hdr.dll
C:\WINNT\system32\winsrv32.dll
C:\WINNT\system32\msupgr.exe
C:\WINNT\system32\msacmx.dll
C:\WINNT\system32\dnsping.exe
C:\WINNT\system32\dllhostxp.exe
C:\WINNT\system32\d3dxov.dll
C:\WINNT\system32\subsys.exe
C:\WINNT\system32\pxhping.exe
C:\WINNT\system32\mqbckup.exe
C:\WINNT\system32\sp2chek.exe
C:\WINNT\system32\rdshost32.exe
C:\WINNT\system32\rcpie.dll
C:\WINNT\system32\msupgr32.exe
C:\WINNT\system32\iecust.exe
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)
Exit Explorer.
Try any of the folloing scans
http://www.ravantivirus.com/scan/
http://www.bitdefend...can/licence.php
Kaspersky Worm Removal Tool
Follow up with an online Trojan scan at any of the following:
TrojanHunter
http://www.computerc.../reviews-8.html
a2 Scanner
http://www.emsisoft..../software/free/
Trojan Remover
http://www.simplysup...r/download.html
Post back with the results.
Kc
#25
Posted 30 May 2005 - 08:36 PM
Hello Thatman,
I searched for, but did not find any of the files you asked about. Looks like Killbox really works!
Here are the results from the RAV online scanner:
Scan started at 5/30/2005 2:35:14 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\backup\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\outlook.pst->Attachment.298: "message.pif" - Win32/Netsky.Q@mm -> Infected
C:\RECYCLER\S-1-5-21-1060284298-1580436667-839522115-1000\Dc33.frB4EF - Trojan:Win32/Small.BX -> Infected
Scanned
============================
Objects: 121900
Directories: 5283
Archives: 11084
Size(Kb): -731016
Infected files: 2
Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 1504
Here are the results of BitDefender Online Scanner-
Scan started at 5/30/2005 2:35:14 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\backup\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\outlook.pst->Attachment.298: "message.pif" - Win32/Netsky.Q@mm -> Infected
C:\RECYCLER\S-1-5-21-1060284298-1580436667-839522115-1000\Dc33.frB4EF - Trojan:Win32/Small.BX -> Infected
Scanned
============================
Objects: 121900
Directories: 5283
Archives: 11084
Size(Kb): -731016
Infected files: 2
Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 1504
I will run others and post later.
I searched for, but did not find any of the files you asked about. Looks like Killbox really works!
Here are the results from the RAV online scanner:
Scan started at 5/30/2005 2:35:14 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\backup\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\outlook.pst->Attachment.298: "message.pif" - Win32/Netsky.Q@mm -> Infected
C:\RECYCLER\S-1-5-21-1060284298-1580436667-839522115-1000\Dc33.frB4EF - Trojan:Win32/Small.BX -> Infected
Scanned
============================
Objects: 121900
Directories: 5283
Archives: 11084
Size(Kb): -731016
Infected files: 2
Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 1504
Here are the results of BitDefender Online Scanner-
Scan started at 5/30/2005 2:35:14 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\backup\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\outlook.pst->Attachment.298: "message.pif" - Win32/Netsky.Q@mm -> Infected
C:\RECYCLER\S-1-5-21-1060284298-1580436667-839522115-1000\Dc33.frB4EF - Trojan:Win32/Small.BX -> Infected
Scanned
============================
Objects: 121900
Directories: 5283
Archives: 11084
Size(Kb): -731016
Infected files: 2
Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 1504
I will run others and post later.
#26
Guest_thatman_*
Posted 30 May 2005 - 11:15 PM
Hi gmad
Run killbox and delete the following:
C:\backup\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\outlook.pst->Attachment.298: "message.pif"
C:\RECYCLER\S-1-5-21-1060284298-1580436667-839522115-1000\Dc33.frB4EF
How is the system running now and from my last post is that you IP address
Kc
Run killbox and delete the following:
C:\backup\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Outlook\outlook.pst->Attachment.298: "message.pif"
C:\RECYCLER\S-1-5-21-1060284298-1580436667-839522115-1000\Dc33.frB4EF
How is the system running now and from my last post is that you IP address
Kc
#27
Posted 30 May 2005 - 11:18 PM
Will do Thatman!
I'm sorry, I do not know how to tell my IP address.
It's running much better except for the freezing up when restarting.
I'm sorry, I do not know how to tell my IP address.
It's running much better except for the freezing up when restarting.
#28
Guest_thatman_*
Posted 03 June 2005 - 01:55 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users