Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

About HCLEAN and public thanks to CRUSTYOLDBLOKE [RESOLVED]

Started by tarambana , Aug 18 2005 12:49 PM

  • This topic is locked This topic is locked

#1
tarambana
Posted 18 August 2005 - 12:49 PM

tarambana

    New Member

  • Member
  • Pip
  • 3 posts
Recently I suffered the HCLEAN intrusion, aka COOLBAR SEARCH (or something like that). I looked for a lot of antispyware proggies but nothing could eliminate this troyan.
Yesterday night I discovered this forum and the thread http://www.geekstogo...showtopic=50745
In despite of was hard for me (think that people must to adquire "intermediate" knowledge for execute), the fine (and prompt!) response from CRUSTYOLDBLOKE to STISM was medicine for my affected system (windows XP).
After ran silent runners, fixed HKLM/.../windowsNT/.../WinLogon by your archive (fixware.reg), then RKFILES and finally Killbox, I experienced a very better speed rate in my notebook.
After that (about six hours of work) I ran the latest version of HiJackthis and the results was fine, so CRUSTY I'm grateful and my respects for your good skill and -specially- your desire to share.

However I'm concerned about one entry that changes its name in each session (in this, the name is "dmfoi.exe", located at system32).

I cuted/pasted the HiJackthis log (look dmfoi.exe value, but in other sessions this one changes its name, taking other executable from system32).

Experts please tell me if this log looks ok or not, and if you can, tell me what about this curiosly "change of name".

Logfile of HijackThis v1.99.1
Scan saved at 03:40:22 p.m., on 18/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4serv.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\ARCHIV~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\ARCHIV~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\ARCHIV~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Archivos de programa\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\GetRight\getright.exe
C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Archivos de programa\Microsoft Office\Office\MSACCESS.EXE
C:\Archivos de programa\Outlook Express\msimn.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.178.185.56:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Archivos de programa\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\ARCHIV~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\ARCHIV~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\ARCHIV~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [NPDTray] C:\ARCHIV~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Archivos de programa\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmfoi.exe] C:\WINDOWS\System32\dmfoi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [runload32] MsNetHelper.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Archivos de programa\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Download with GetRight - C:\ARCHIV~1\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\ARCHIV~1\GetRight\GRbrowse.htm
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: SecureAppletX71 - https://sib1.interba...reAppletX71.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe

That's all, thanks in advance and sorry for my english (I speak spanish).

Tarambana
  • 0

Advertisements

#2
Crustyoldbloke
Posted 19 August 2005 - 05:47 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Sorry for the wait.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [dmfoi.exe] C:\WINDOWS\System32\dmfoi.exe
O4 - HKCU\..\Run: [runload32] MsNetHelper.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files, and delete them:

C:\WINDOWS\System32\dmfoi.exe
MsNetHelper.exe

Exit Explorer, and reboot as normal afterwards.
  • 0

#3
tarambana
Posted 19 August 2005 - 01:46 PM

tarambana

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Crusty, your response was prompt and fine. Anyway I executed almost the same instructions before your post. Also checked the system with PANDA ANTIVIRUS ONLINE AND TRENDMICRO ONLINE and results was good.
I executed CWSHREDDER for some additional suspicious entries and then I ran DISKCLEANER for clean all; and REGSEEKER for clean the Registry.
However I needed execute HiJackThis one more time for fix some values that you reffered.
So I followed your instructions and this is the result on HJT:

Logfile of HijackThis v1.99.1
Scan saved at 03:58:08 p.m., on 19/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\tp4serv.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\ARCHIV~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\ARCHIV~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\ARCHIV~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Archivos de programa\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\GetRight\getright.exe
C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Archivos de programa\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.178.185.56:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Archivos de programa\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\ARCHIV~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\ARCHIV~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\ARCHIV~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [NPDTray] C:\ARCHIV~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Archivos de programa\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Archivos de programa\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Download with GetRight - C:\ARCHIV~1\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\ARCHIV~1\GetRight\GRbrowse.htm
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: SecureAppletX71 - https://sib1.interba...reAppletX71.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Archivos de programa\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\Smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe

I think that this log is good, but I'll appreciate your more qualified opinion.

Finally I have a couple of questions:

1. What do you think about Windows XP Service Pack 2, I recently tried to download from Microsoft Update but I couldn't do the job (maybe the site is overcharged?). Tried to update my system a lot of times but nothing, so tired, I decided to inactivate the automatic update and, since one year ago, I work with Sygate Personal Firewall -in combination with Norton Antivirus 2005- with good results (low attack rate and good performance).
Since Microsoft insists in the critical need to patch WinXP with SP2, I'm confused because -in despite of the alert- I have not several troubles without the update.
In my opinion, since the vulnerabilities rests on the system' opened ports listening (like 80, 8080, etc.) the good skill closing or making stealth those ones will be the most guarantee for a secure computer. I frequently visit the site www.grc.com (SHIELDS UP!), a great and secure site for analysing open or not stealth ports, and in general the results are fine for me (now I passed the test with top conditions, all ports are STEALTH: again, SPECIAL THANKS CRUSTY AMIGO!)

2. In despite of the good results, I'm experiencing some low velocity over some processes (random, maybe the first open of IExplorer, Access, etc.) Curiosly, after the "first opening" of program, the re-opening is fast (?). Is possible that some entry showed in this HJT log produce some low performance (or it's simply responsability of NORTON AV? :tazz: )

Concerning the thread http://www.geekstogo...showtopic=50745, you're wrong Crusty, YOU'RE SUPERHUMAN (I will eliminate all the cryptonyte for defend you :) )

Well CRUSTY that's all, sorry for my language, thank you again and I must to say that you'r a real GAUCHO (in my country, this expression is for people who always try to help).

Greetz from ARGENTINA to all the GTG team
Tarambana
  • 0

#4
Crustyoldbloke
Posted 19 August 2005 - 02:01 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Your log is fine, but you really must get at least service pack 1a.. Please try and validate your windows version and try updating gain, perhaps from another site if you can't do it from Microsoft site.

The speed of computers is a very complex subject and not one where anyone can give a definitive answer without masses of information, but in essence, the more security you have, the slower the PC.

I have never seen the need for another Firewall other than the built-in one in XP. I have used the Gibson Research Centre for many years and always found complete stealth.
  • 0

#5
tarambana
Posted 19 August 2005 - 08:23 PM

tarambana

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Windows SP2 installed as you recommended. The trouble of installation in Windows update was my sygate firewall. I will not use again because SP2 has its own firewall. Well, I'll see the upgrade, thanks for all.

Tarambana
  • 0

#6
Crustyoldbloke
Posted 20 August 2005 - 06:30 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
You are very welcome and I am glad that you were able to download the security patches.

I will leave this thread open for a few days in case of misfortune.

buena suerte!
  • 0

#7
Crustyoldbloke
Posted 30 August 2005 - 01:22 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP