Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

strange process running


  • This topic is locked This topic is locked

#31
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP

I was using IE...
OMG I'm running Panda now and it isnt even half done and i alrewady have 7 viruses!!!!!!!!!! :tazz:

View Post


Yep and that's why we told you to go to the Malware Forum right off the bat.. But, based on your later answers and your inability to validate XP and get the SP1 update, I can see why you were so hesitant..

Murray
  • 0

Advertisements


#32
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
I did... I just don't have many things on my computer. 93% free hard drive space baby :tazz:
  • 0

#33
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Here is my Panda Log:


Incident Status Location

Virus:W32/Gaobot.JQK.worm Disinfected C:\RECYCLER\S-1-5-21-1417001333-1580818891-1343024091-1003\Dc1.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP30\A0002500.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002799.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002800.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002816.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002850.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\WINDOWS\system32\cool.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:W32/Gaobot.JQK.worm Disinfected C:\WINDOWS\system32\f.exe
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.BCW.worm Disinfected C:\WINDOWS\system32\libsysmgr.exe
I'm suprised I had 11!!!
  • 0

#34
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
That does no good here.. that's what the Malware Forum is all about..

As for you HJT log, all browser windows MUST be closed before you run the program and HJT MUST be installed to its own folder..

Murray
  • 0

#35
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
OK I'll try that.
  • 0

#36
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
New HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 3:23:28 PM, on 9/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125799960991
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F37B04EE-83F4-4A24-8896-F45D6C7D25EA}: NameServer = 65.17.128.3 65.17.128.7
  • 0

#37
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Run the validation assistant once more.. Let's see if what PandaScan found did any good..

Murray
  • 0

#38
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
hang on. after i did panda the first time im running it again and so far it has 3.
  • 0

#39
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Have you thought that just maybe my computer doesn't like activex controlls?
  • 0

#40
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
No.. But it does mean you are running a pirated/illegal version of XP..

Thus, this post is closed until you get a legal version as will all other posts concerning the problems you are having with this system..

Murray
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP