Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSguard and other malware [CLOSED]


  • This topic is locked This topic is locked

#16
Subzero

Subzero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Excal,

I'm currently running the Panda Activescan and its taking time. It has so far disinfected many virus and still running. I can hopefully complete this and later post the report tonight. Spygate tells that lot of processes are trying to access the network but doesn't allows them to do so until I grant permission which is good. There are still some hidden process / spywares that remains to be cleaned. I hope Activescan can catch and clean all those. I'm finally beginning to believe that I will soon have a malware free PC.

My PC is running better compared to few days back and I hope that once the remaining malware is gone - it will run smooth like butter :tazz:

Thanks !
  • 0

Advertisements


#17
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok, post another HiJackthis also when you post the activescan results.


Thanks,

:tazz:

Excal
  • 0

#18
Subzero

Subzero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Excal,

Please find the latest ActiveScan & Hijackthis report. Activescan log shows that it has disinfected multiple occurence of Parite.B virus but it keeps coming every time I reboot. I guess multiple versions of Parite.B and svchost.exe are the only 2 biggg problems left on my PC (hopefully) though spygate firewall prevents unauthorised access :tazz:

Also I keep on getting the message that original versions of windows system files have been replaced by unrecognized version and that it may make the system unstable. It then asks me to enter Windows XP CD Rom but the problem is that my PC came with bundled XP software and I don't have the original CD. Do you think updating windows with latest Win Update will help restore the original versions of affected system files ?

Thanks !

Attached Files


Edited by Subzero, 22 August 2005 - 12:29 PM.

  • 0

#19
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please download http://www.kaspersky.com/personal-usa (trial version)

Install and update

after update is done, please close we will use it later

Boot into safe mode.



Open Kasperky

go into settings, then choose additional settings.

check off the box that says "Log all reports"

do a system scan

At the end of the scan, it will give you options on bad files it found.

YOU DO NOT WANT TO DELETE THEM!

Choose the option that allows you to clean or heal

Reboot into normal mode and run another activescan, and post the results of both scans.

Thanks,

:tazz:

Excal
  • 0

#20
Subzero

Subzero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Excal,

I ran Kaspersky & ActiveScan as per your suggestion.

Apologise that it took me little long to post. The problem has been that whenever I ran ActiveScan... midway the computer shutdown itself without giving any warning and I have to run Activescan for the 4th time. Attached are reports from both the runs.

I think I still have problem with svchost.exe and wmiprvse.exe. These both utilities try to contact outside sites and even get contacted from outside. Luckily the Spygate blocks the access bothways. The other problem is that Spygate tells me that IExplorer.exe has changed since I last ran it. IExplorer also has started to use high CPU time between 50 to 85%. This makes my CPU running at almost 100 capacity and maybe thats the reason why my machine has been doing automatic shutdown without warning.


Thanks !

Attached Files


Edited by Subzero, 25 August 2005 - 08:31 PM.

  • 0

#21
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • IExplorer
    (not sure of the path)
  • Click on the submit button
  • Please post the results in your next reply.

  • 0

#22
Subzero

Subzero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Excal,

I submitted the explorer.exe file to the site and the results are OK. I guess the explorer.exe was modified by SP1 or automatic windows update. I'm submitting my latest hijack logs. Just to add, my PC has remained stable for 2 hrs this time without crashing. I tried to delete the O23 entry thru hijack but that didnt work.

Thanks

Attached Files


  • 0

#23
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
HiJackthis still looks clean.

:tazz:

Excal
  • 0

#24
Subzero

Subzero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Excal,

You are right but the svchost problem is still around. The spygate firewall keeps warning me from time to time that "Generic host process...." either the svchost tried to contact some other server outside or some remote server tried contacting svchost. Though spygate prevents unauthorised access, the point is that the svchost problem is still there. Is there something that I could do to fix this issue ?

Thanks !
  • 0

#25
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Generic Host processes for Win32 is a legit program to be contacting the internet.

The SVCHost might be legit, it depends what process its attached to.

how mnay SVChosts do you have running in your proccess?


Please post a fresh HJT log.


Thanks,

:tazz:

Excal
  • 0

Advertisements


#26
Subzero

Subzero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Excal,

I see 4 instances of svchost.exe running as per Task Window. I have attached the latest hijackthis log but it shows only 2 such process running. I keep getting messages from spygate about external port attacks. There are also attempts to connect to sites that looks legitimate (phising) such as www.windowsupdate.com etc


Thanks !

Attached Files


Edited by Subzero, 29 August 2005 - 08:46 PM.

  • 0

#27
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download rkfiles http://skads.org/special/rkfiles.zip and unzip the contents to a new folder on your desktop


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

REBOOT TO SAFE MODE. This tool MUST be run in safe mode!

Once in safe mode, double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. The log file will be C:\log.txt

Reboot back to normal mode and post the contents of log.txt in your next post and the startup list

Create a Startup List:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notebook onto your post

  • 0

#28
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP