Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I Don't Get It [CLOSED]


  • This topic is locked This topic is locked

#1
Racer_X69

Racer_X69

    New Member

  • Member
  • Pip
  • 8 posts
Today when I logged on to my computer I found it was running really slow, so i rebooted but only to find the same result. I did a virus scan online with Mcafee and found a Trojan named QHosts-2. It gave me the location of it and I deleted a file called hosts 20020116-165750.backup
It also gives another location in the registry...HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "easywww" but when I went to that location I found nothing. I searched with spybot, ad-aware, and hi-jack this and found nothing there. So what I wanted to know was how to properly remove it, how do I know if I did remove it already and why my PC was running so slow?
Can someone help me out please. <_<
  • 0

Advertisements


#2
tazz1964

tazz1964

    Member

  • Member
  • PipPipPip
  • 608 posts
Hi Racer_X69
Welcome to geekstogo
rerun the virus you did and see if it finds anything. run your hijack this and post it here and some one will look at it to make sure its ok. make sure that you do a defrag and delete your temp files on a regular bases.and always have a anti virus program running and do a regular updates.
<_<
  • 0

#3
Racer_X69

Racer_X69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok I ran Hijack This and here's the log

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Documents and Settings\Roy 3\My Documents\My eBooks\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Please post the entire log. <_<
  • 0

#5
Racer_X69

Racer_X69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
K, I scaned again and this is the log I saved.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Documents and Settings\Roy 3\My Documents\My eBooks\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\vTuner\vTuner.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
C:\Program Files\Internet Explorer\iexplore.exe

Edited by Racer_X69, 31 January 2004 - 12:52 PM.

  • 0

#6
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP