Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Infection?


  • This topic is locked This topic is locked

#1
ktownkatman

ktownkatman

    Member

  • Member
  • PipPipPip
  • 168 posts
When I hit ctrl alt del, i oonly get the little green bar by the time on the bottom of my screen. No window shows up. When I try and load some pages with internet explorer, is says "this page cannot be found blah blah blah... " but then its loading it says something about dns error where my status bar is. ad-aware came clean. no antivirus:'-(. Running panda now. And also when I ry and download something i click save then the download window comes up blank with no save to window. Here is my hjt log.


Logfile of HijackThis v1.99.1
Scan saved at 10:37:11 PM, on 9/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Andy H\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescpe.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125799960991
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F37B04EE-83F4-4A24-8896-F45D6C7D25EA}: NameServer = 65.17.128.3 65.17.128.7
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)


I have recently had a problem with libsys32.exe (MALWARE) so i went in safe mode and deleted. may this be the problem??

Please help. Thanks.


'~ktownkatman~'
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is this HijackThis scan done in Normal Mode or Safe Mode? If Safe Mode, it won't be very helpful for us. So make sure it's posted in Normal Mode. But before you do that:

Please read the first link in my signature and follow the steps outlined there. You must install XP SP1a (hold off on SP2 until your computer is clean). Without SP1a, you are wide open to re-infection. When you are ready, post the new HijackThis log here.
  • 0

#3
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
OK I fixed the taskmanager problem (just needed to restart). the HJT log was in normal mode ( i just dont like to run many programs(93%HD space free baby!)). I'll try and download SP1a but in the meantime can u help me remove the infection(28.8Kbs Dialup :tazz:)?
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. I see where you're going at. OK, do this for the time being then:

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
  • Click on Windows Validation Assistant
  • Click on the Validate Now button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click continue
  • When it says "Validation Complete" please click Continue to return to your previous activity
  • Copy what it says and paste it here.
Since you're on dialup, I suggest ordering the CD directly from Microsoft, free of charge.

Just report back what that site says before we go on.
  • 0

#5
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Sorry to jump in on your thread, Kevin!


ktownkatman:

Your other threads were already closed as you were found to be using an illegal copy of Windows. We have already told you we do NOT offer assistance to anyone on this site if they are running a pirated version of Windows. Thus, I am closing this thread also.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP