[Resident_Blonde]

Panda Scan? Why would I go outside of my Antivirus program?

But I will do a full Malware scan and then paste what it found and also do another NOD scan.

Thanks for helping me out... But have you ever heard of something like this happening? "the auto download"

[Advertisements]

Hi Staci

Nod is a great AV app, but it can be very usefull to use the online scans like pada as a double check.

Regarding the auto download, its known in the trade as a "drive by", and used to be common, tho the patches from MS have sorted most of the routes for it to infect. the main thing is that your HJT log showed no signs of an infection , and drive bys DO leave their marks all over an hjt log.

can you post a new hjt log for me now, i want to see if anything has changed.

Jock

[ukbiker]

Hi Staci

Nod is a great AV app, but it can be very usefull to use the online scans like pada as a double check.

Regarding the auto download, its known in the trade as a "drive by", and used to be common, tho the patches from MS have sorted most of the routes for it to infect. the main thing is that your HJT log showed no signs of an infection , and drive bys DO leave their marks all over an hjt log.

can you post a new hjt log for me now, i want to see if anything has changed.

Jock

[Resident_Blonde]

Here ya go hun...



Logfile of HijackThis v1.99.1
Scan saved at 11:39:31 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\MY DOCUMENTS\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\HP PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

[ukbiker]

Hiya

well that log is still clean . Just to make sure though, could you please post the results from the online scan that I asked for earlier.

UKBiker

[Resident_Blonde]

Sorry hun...

I have been so busy this weekend, on Friday ran to Fort Wayne to my sister in-laws, then on Saturday and Sunday I picked green beans and tomatoes, and canned them yesterday and today.

Still have a bag full of beans still yet waiting to be canned. But I will get on it tomorrow.

Sorry, just running in circles on weekends...

Chat with ya tomorrow And thanks!



:wub

[Resident_Blonde]

Hey Biker

Well, I did the scan "It only took FOREVER!" LOL But it kept coming up about something of Microsoft Outlook. But did not know what it was actually wanting me to do. dunno. Something about it not being filed right or something...

But it stated that I was clean.

So I guess that the "drive by" did not do any harm heh?



Scan finished Personal Folders\Tasks\Welcome to Tasks!Scan reportSelect a device to scan...
My Computer
Local Disks
Floppy Disk
My Documents
Email
Other Media
Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0

[ukbiker]

Hiya Staci

Great, looks like you are OK. Given that you were on AOL at the time, and you have their coach and check up apps running, I think it was probably AOL doing something AOL ish that you noticed, certainly there is no sign of malware. Lat me have a think about some apps to improve your security, tho its pretty good with NOD as it is.

Regarding the Access problems you mentioned to me, are you able to access any other secure sites?

UKBiker

[Resident_Blonde]

THANKS

and you have their coach and check up apps running,

I did not know that these are actually running Is it something that has to be running you think?

Regarding the Access problems you mentioned to me, are you able to access any other secure sites?

Yeah, other than Cinergy.com... I can get to the home page, but no further I just dont understand and cant figure it out.

What comes to your mind?

[ukbiker]

Hi staci



Congratulations , your log is clean

So now that your PC is clean, how do you keep it that way?

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Glad to have been of help

UKBiker

[Resident_Blonde]

Hi again Biker


Ok, I have:

CW Shredder
Spyware Blaster
Spybot Search and Destroy
Ad-Aware
CCleaner
RegSeeker
NOD32
ZA

My puter is a 1997, and adding more would probably send me to the over priced puter place to buy a new puter

You listed 3 that I dont have... And worried about my space and I have my website program and construction site on my puter... I dont know how much more protection I can add...

Ok, worries... And also, I dont use IE... My browser is AOL...


And I so much appreciate your help hun TY!

[ukbiker]

Hiya

AOL browser is IE rebadged, same weaknesses and vulnerabilities, just stick with getting spywareblaster and spywareguard. Both are small and good.

UKBiker

[Resident_Blonde]

OK (sighs) I'll add Spyguard (kicks foot along floor and pouts)

[ukbiker]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.