[Subzero]

Hi Excal,

I'm currently running the Panda Activescan and its taking time. It has so far disinfected many virus and still running. I can hopefully complete this and later post the report tonight. Spygate tells that lot of processes are trying to access the network but doesn't allows them to do so until I grant permission which is good. There are still some hidden process / spywares that remains to be cleaned. I hope Activescan can catch and clean all those. I'm finally beginning to believe that I will soon have a malware free PC.

My PC is running better compared to few days back and I hope that once the remaining malware is gone - it will run smooth like butter

Thanks !

[Advertisements]

Ok, post another HiJackthis also when you post the activescan results.


Thanks,



Excal

[Excal]

Ok, post another HiJackthis also when you post the activescan results.


Thanks,



Excal

[Subzero]

Hi Excal,

Please find the latest ActiveScan & Hijackthis report. Activescan log shows that it has disinfected multiple occurence of Parite.B virus but it keeps coming every time I reboot. I guess multiple versions of Parite.B and svchost.exe are the only 2 biggg problems left on my PC (hopefully) though spygate firewall prevents unauthorised access

Also I keep on getting the message that original versions of windows system files have been replaced by unrecognized version and that it may make the system unstable. It then asks me to enter Windows XP CD Rom but the problem is that my PC came with bundled XP software and I don't have the original CD. Do you think updating windows with latest Win Update will help restore the original versions of affected system files ?

Thanks !

Attached Files

•  Activescan_20050822.txt   72.06KB   100 downloads
•  hijackthis.txt   2.23KB   77 downloads

Edited by Subzero, 22 August 2005 - 12:29 PM.

[Excal]

Please download http://www.kaspersky.com/personal-usa (trial version)

Install and update

after update is done, please close we will use it later

Boot into safe mode.



Open Kasperky

go into settings, then choose additional settings.

check off the box that says "Log all reports"

do a system scan

At the end of the scan, it will give you options on bad files it found.

YOU DO NOT WANT TO DELETE THEM!

Choose the option that allows you to clean or heal

Reboot into normal mode and run another activescan, and post the results of both scans.

Thanks,



Excal

[Subzero]

Hi Excal,

I ran Kaspersky & ActiveScan as per your suggestion.

Apologise that it took me little long to post. The problem has been that whenever I ran ActiveScan... midway the computer shutdown itself without giving any warning and I have to run Activescan for the 4th time. Attached are reports from both the runs.

I think I still have problem with svchost.exe and wmiprvse.exe. These both utilities try to contact outside sites and even get contacted from outside. Luckily the Spygate blocks the access bothways. The other problem is that Spygate tells me that IExplorer.exe has changed since I last ran it. IExplorer also has started to use high CPU time between 50 to 85%. This makes my CPU running at almost 100 capacity and maybe thats the reason why my machine has been doing automatic shutdown without warning.


Thanks !

Attached Files

•  Kasperky_25th_Aug.txt   279.95KB   68 downloads
•  Kasperky_25th_Aug.txt   159.97KB   106 downloads

Edited by Subzero, 25 August 2005 - 08:31 PM.

[Excal]

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  • IExplorer
  (not sure of the path)
  
• Click on the submit button
  
• Please post the results in your next reply.

[Subzero]

Hi Excal,

I submitted the explorer.exe file to the site and the results are OK. I guess the explorer.exe was modified by SP1 or automatic windows update. I'm submitting my latest hijack logs. Just to add, my PC has remained stable for 2 hrs this time without crashing. I tried to delete the O23 entry thru hijack but that didnt work.

Thanks

Attached Files

•  hijackthis.txt   2.17KB   82 downloads

[Excal]

HiJackthis still looks clean.



Excal

[Subzero]

Hi Excal,

You are right but the svchost problem is still around. The spygate firewall keeps warning me from time to time that "Generic host process...." either the svchost tried to contact some other server outside or some remote server tried contacting svchost. Though spygate prevents unauthorised access, the point is that the svchost problem is still there. Is there something that I could do to fix this issue ?

Thanks !

[Excal]

Generic Host processes for Win32 is a legit program to be contacting the internet.

The SVCHost might be legit, it depends what process its attached to.

how mnay SVChosts do you have running in your proccess?


Please post a fresh HJT log.


Thanks,



Excal

[Subzero]

Hi Excal,

I see 4 instances of svchost.exe running as per Task Window. I have attached the latest hijackthis log but it shows only 2 such process running. I keep getting messages from spygate about external port attacks. There are also attempts to connect to sites that looks legitimate (phising) such as www.windowsupdate.com etc


Thanks !

Attached Files

•  hijackthis.txt   2.55KB   76 downloads

Edited by Subzero, 29 August 2005 - 08:46 PM.

[Excal]

Download rkfiles http://skads.org/special/rkfiles.zip and unzip the contents to a new folder on your desktop


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

REBOOT TO SAFE MODE. This tool MUST be run in safe mode!

Once in safe mode, double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. The log file will be C:\log.txt

Reboot back to normal mode and post the contents of log.txt in your next post and the startup list

Create a Startup List:

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Check off the 2 boxes next to the Box that says "Generate StartupList log"
• Click on the button "Generate StartupList log"
• Copy and past the StartupList from the notebook onto your post

[Excal]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.