Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

major xp problem


  • Please log in to reply

#16
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
You may have Hacker Defender. Hacker Defender installs a device driver which hooks the Windows API. It allows it to hide a directory with a particular name while allowing files to exist there, hide open ports from a port scanner while allowing connections to and from that port, hide processes in memory from process managers along with other cute tricks. Anything protected by Hacker Defender is a real pain to find and remove.
In order to detect whether you are infected by HackDefender, please download this utility: http://bagpuss.swan....torv0[1].62.zip

If you are infected you can try the following: If your system drive (usually C is formatted with the FAT32 file system, simply create a bootable floppy, boot from it, and delete the directory from the command prompt.

If your system drive is formatted with the NTFS file system, download Bart's PE builder from http://www.nu2.nu/pebuilder/ in order to create a pre installed environment cd image. Burn that image and boot using the CD, use then the utilities inside the PE in order to delete this folder.

You can read more on HackDefender here: http://bagpuss.swan....comms/hxdef.htm
  • 0

Advertisements


#17
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
It's the same thing again mate, It wont open the downloaded zip file, it says in Task Manager that Winzip is running 98% but nothing's happening.
  • 0

#18
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
We do in fact have a big problem here. Are you able to use another pc to at least download these tools. When you have them on disc you can then see which you can run on your own after we kill some of the bad programs running here. Or it could be Windows itself.

More importantly for now, i need you to jot down all the processes in your task manager and post them here. Dont worry about size, just be sure to spell them correctly as they show...case sensitive. Thanks
  • 0

#19
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OK here they are:
OPERA.EXE
WZQKPICK.EXE
CalCheck.exe
Netscp.exe
SpySweeper.exe
Freedom.exe
ctfmon.exe
mwsoemon.exe
taskmgr.exe
Winampa.exe
realsched.exe
JUSCHED.EXE
E_S10IC2.EXE
EXPLORER.EXE
WDFMGR.EXE
SVCHOST.EXE
SAgent2.exe
AVGSERV.EXE
SPOOLSV.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
LSASS.EXE
SERVICES.EXE
WINLOGON.EXE
CSRSS.EXE
SMSS.EXE
dtnav.exe
System
System Idle Process
  • 0

#20
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Ok can you uninstall Freedom. And see if you get back some pc usage from there. You could have your Windows Firewall running to, but if not make sure it is for your protection
You might have three anti virus scanners running.
  • 0

#21
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
It wont let me remove it from add/remove programs in control panel. An install shield box is coming up loading halfway then disappearing.
  • 0

#22
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Ok, stop AVG from running. We need to work on getting speed back. In task manager stop avg. Let me know now if it works.
  • 0

#23
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OK stopped Freedom and AVG in task manager.
  • 0

#24
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
So how is your pc usage? can you uninstall one of the visrus programs?
  • 0

#25
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Nope, It's exactly the same as before.
  • 0

Advertisements


#26
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Ok i missed this one. Uninstall if you can mwsoemon.exe Check in Program files for a folder called: mywebsearch, my search bar, myspeedbar (or anything that looks like this )Also look for Fun Web Products Easy Installer and remove that too if you find it
If you can't uninstall, kill the process mwsoemon.exe in task manager and if that doesnt work because it starts mwsoemon.exe1~ or whatever let me know.

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

mwsoemon.exe

Try Hijack after this.
  • 0

#27
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OK mate, I couldn't find any in program files but I rebooted in safe mode and searched for the files. 2 were mwsoemon e-mail plug-ins and 1 was a mwsoemon PF file . These are now deleted but there is still no change although mwsoemon isn't in task manager anymore. By the way they were mywebsearch files, if that makes any sense to you cos it doesn't to me. Thanks,, tom
  • 0

#28
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi tommkell

Please try this it will work for Hijackthis

Rename Hijackthis.exe to one of the following

Hijackthis.com

Hijackthis.scr

then post your log

kc <_<
  • 0

#29
tommkell

tommkell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Hello Thatman, I'm not sure how to do this. I renamed it on the desktop but then it becomes Hijackthis.com.exe, and still doesn't work. I don't know how to change the exe bit at the end.
  • 0

#30
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi tommkell

Lets get started <_<

1} from your post it reads like this ( Hijackthis.com.exe, ) ok

1a)Copy this [ hijackthis.com ] DO NOT COPY THE [ ]

2)Now right click on the HijacKthis Icon

2a} Now click Rename

2b} You will see that the item is now Highligted Hijackthis.com.exe,

3}Now paste the first item into the box the press OK

It will now look like this hijackthis.com


kc :D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP