Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus? cannot log onto certain sites [RESOLVED]


  • This topic is locked This topic is locked

#1
l plater

l plater

    Member

  • Member
  • PipPip
  • 63 posts
Hi jarenien and darth-ash

here is my log.
I did notice csrss is back
I did the ewido scan again, but this time it only found 42 plus thousand items. then while deleting them it shuts down the computer etc
many many thanks for helping.


Logfile of HijackThis v1.99.1
Scan saved at 11:30:44 PM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\home\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe (2).lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

Advertisements


#2
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Update Ewido. Then close the program

Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Run Ewido Security Suite
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post that log here when you are done.

Edited by skate_punk_21, 29 August 2005 - 07:23 AM.

  • 0

#3
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi ,I cannot update any program, so I deleted ewido and dowloaded a new one,
so here is the result
thanks very much

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:57:49 AM, 8/30/2005
+ Report-Checksum: 5C820619

+ Scan result:

C:\Documents and Settings\home\Cookies\home@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\home\Cookies\home@e-2dj6wfkikmdjsfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\home\Cookies\home@e-2dj6wfl4shazeco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\home\Cookies\home@e-2dj6wfloolczsdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\home\Cookies\home@e-2dj6wjlycpdpakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\home\Cookies\home@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\home\Cookies\home@sensis.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.345:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.353:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.71i : Cleaned with backup
:mozilla.381:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.386:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.387:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.388:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.389:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.390:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.402:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.441:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.442:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.478:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.479:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.480:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.481:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.482:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.483:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.484:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.485:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.486:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.487:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.488:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.489:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.490:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.491:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.492:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.493:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.494:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.564:C:\RECYCLER\NPROTECT\00000669.MOZ -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.361:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.71i : Cleaned with backup
:mozilla.389:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.394:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.395:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.396:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.397:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.398:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.410:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.449:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.450:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.486:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.487:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.488:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.489:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.490:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.491:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.492:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.493:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.494:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.495:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.496:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.497:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.498:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.499:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.500:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.501:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.502:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.572:C:\RECYCLER\NPROTECT\00000742.MOZ -> Spyware.Cookie.Smartadserver : Cleaned with backup


::Report End
  • 0

#4
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
It shows a lot of mozilla, while I cannot use mozilla at the moment, it wont connect, says cannot connect, connection refused.
so I can only use internet explorer.
  • 0

#5
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Please download MWav eScan

Double-click mwav.exe and unzip it to its predetermined Directory (C:\Kaspersky)

Locate "kavupd.exe" in the New Folder and Double Click to Update.

If it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!


When you see Updates downloaded Successfully, please press enter to continue but dont run it yet, go ahead and close it out for now.

Now go to the Kaspersky folder-> Locate and Double Click "mwavscan.com" to launch the MWAV Scanner!

Once opened-> Leave the "Default Settings ticked" and add a "tick" to"Drives"-> this will light up "All Drives"-> Add a "tick" to "Scan all Files"-> Click "Scan Clean" to begin!

This Scan may take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!

Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!

Open a Blank Notepad Page and Paste the results (Ctrl+V) to it and Save it to your Desktop!

Post that log in your next reply.

Edited by skate_punk_21, 29 August 2005 - 08:02 PM.

  • 0

#6
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
here is my mwav escan
I could not update it, even the first upload went wrong.
the date on it said 2005/08/24

so hopefully its alright, thanks


File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05780000.VBN infected by "Backdoor.Win32.Landis.c" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05780000.VBN infected by "Backdoor.Win32.Landis.c" Virus. Action Taken: File Renamed.

I saved it in word.
could not find notepad.
  • 0

#7
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
still nothing,
Can you tell me the sites you cannot log on to??
  • 0

#8
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
hi . here is my reply


Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Downloading catalog file, not available.
Connecting to liveupdate.symantec.com...
Downloading catalog file, not available.
Unable to connect to host
LiveUpdate could not retrieve the catalog file of available Symantec product and component updates. Please verify that you are able to connect to the Internet and run LiveUpdate again.
LiveUpdate session is complete.

Microsotf update
[Error number: 0x80072EFD]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

All programs in program file

Firefox site refused

Thunderbird could not connect to server

Symantec unable to start the integrator, please reboot and try again

Microsoft antispyware update

Trojanhunter live update unable to contact server

All the other spyware/virusware etc

msn hotmail etc

banks etc

the links that you post in sent email, cannot go through there, have to go on server, find site,and go through there
same with the links for spyware/virus etc.

checked all firewalls, in modem, Microsoft etc
cannot check Norton. It does not work, but have not been able to delete it, message comes u “ the installation is missing the file instopts.dat”

one more question. Does MWAV have a uninstall link? It does not have it here like the other programs.

At startup this csrss runs, has no commands and it does not say that it is a Microsoft file
I have disabled it once 2 days ago when even google would not show up and I could not go onto any site at all. All this time I have been able to email in outlook express only.
Before this started to happen we hadmozilla as our default and used that

Hope this helps. Thank you heaps
  • 0

#9
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Mwav was never installed, just delete its folder.
This sounds like a hardware problem to me, but try this,
Go to Start | Run and type cmd
in the dos window that appears type: ping www.yahoo.com
Copy the reply into this thread in your next post.
  • 0

#10
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\home>ping www.yahoo.com

Pinging www.yahoo.akadns.net [66.94.230.44] with 32 bytes of data:

Reply from 66.94.230.44: bytes=32 time=190ms TTL=50
Reply from 66.94.230.44: bytes=32 time=189ms TTL=50
Reply from 66.94.230.44: bytes=32 time=188ms TTL=50
Reply from 66.94.230.44: bytes=32 time=187ms TTL=50

Ping statistics for 66.94.230.44:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 187ms, Maximum = 190ms, Average = 188ms

C:\Documents and Settings\home>
  • 0

Advertisements


#11
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Download WinsockFix http://www.greyknigh...sockFix.sfx.exe and uncompress it.

Then double-click on the uncompressed file to run it. Click "Fix Winsocks." when it is Done you will have to reboot your machine, tell me if there are any changes.
  • 0

#12
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi, no change after winsocks, still no windows update or logging on to sites
with windows /microsoft it gives a error no, I looked that up and did all the steps, did not help

I have been cleaning up big time, hardly anything left on this pc and still does not work

thanks for helping
  • 0

#13
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
What Norton products do you currently have they you are having trouble uninstalling?
  • 0

#14
l plater

l plater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
in program files are currently Norton internet security. this is unable to start integrator. does not work. at startup a balloon comes up saying antivirus is not on, and it wont let me turn it on. it says the program in startup box is not valid, make sure the folder exist and path is correct.
on properties it show a date of may 2005.

and Symantec client security 9/1/2005 rev 7. this is newly installed from a friend but wont automatically update. have been updating manually.
so hard to tell when its installed over the old one.

I have bought a new disk. Symantec anti-virus enterprise edition 9.0.3.
have not installed it yet.
was waiting on your advise.
how can I completely wipe all of the old norton and symantec, because it does not work in the control panel.

and I will have to go offline.
so waiting for your answer. thank you
  • 0

#15
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
this could be complicated.... with that many installations of norton products its gonna be a mess to remove. and We will likely have to take the 2 existing installations out.

first i'd like to ask what year the Norton Internet Security is from.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP