|
||||||
|
Title: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 26th, 2005, 11:43pm I have a virus/(something) that has rendered both my DSL ISP anti-virus and my secondary anti-virus dead in the water. I've found only one online scan system that this bastage has yet to prevent downloading but it will detect only and not clean. My desktop will go haywire with everything bouncing around and my mouse will jump all over etc. Help? I've run the sober cleaner in safe mode and 3 times it came up clean, but I'm convinced I have something here. Please help....desperate here. |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Cerberus on Dec 26th, 2005, 11:55pm hrmmm.... could be a multitude of tings... I find myself at a loss as to even where to begin. Software I've found usefull: Including but not limited to, Avast Anti-virus (Thanks Svenn) :) Ad Aware SE Pro Spybot search and destroy Beyond that...I got windows firewall and the firmware firewall for the router... have experienced fewer problems with those than I EVER did with Norton and/or Zonealarm (Avast doesn't play nice with zonealarm or vice-versa?) Norton blows balls...ifn ya get this figgrd out make the switch. 'Bus Modified to add: Oh yeah, Netscape is waaaay better thatn IE ;) |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 26th, 2005, 11:59pm Spy Bot and Ad Aware are dead as well...refuses to update and refuses to load and run. Whatever this bastage is, it's killing all my tools. Only thing that is still running but detects nothing is Corp edition of Pest patrol. edit to add... Total number of scanned files: 110482 Number of viruses found: 9 Number of infected objects: 77 Number of suspicious objects: 2 Duration of the scan process: 8231 sec |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by chewy on Dec 27th, 2005, 12:14am Try Yahoo anti spy. |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by burnt-toast on Dec 27th, 2005, 7:53am A name of the virus(s) would be helpful - do you have anything that lists them? Is your virus scan software kept up to date, this is important if these are new or mutated virus'. It appears that at least one is allowing remote access and control of your system. Try disabling your DSL/network connection - pull the cable from the DSL modem if you have to and run your virus scanning tools offline. This may help. I don't believe Spybot/AdAware are going to be very helpful. You may try running a virus scan/clean via the CD if you continue to have your installed virus software blocked. If you can recover - look into a hardware firewall to compliment any software firewall that you are running, keep your virus scan software updated and be extremely cautious with downloads and E-mail. But you have more pressing matters to address. Tom |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Drk^Angel on Dec 27th, 2005, 9:13am Slash and burn... Format and reinstall... Ya should be more careful about the PFDAN..................................... Drk^Angel |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Rock_Lobster on Dec 27th, 2005, 9:18am Post a screen shot of your process list in here. Somewhere recently I told someone of a utility they could download to get a cutable/pasteable task list... www.iarsn.com... download TASKINFO. /OH NOES!!11! THE HAXXORS STOLED MY MEGAHURTZ!! |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by maffumatt on Dec 27th, 2005, 3:04pm get the zonealarm firewall, its free and is about the best there is. Also go to shields up at http://www.grc.com/x/ne.dll?rh1dkyd2 and let them scan your ports. You will be surprised as to what the results will be. Wont help you now but may stop furthere intrusions. I use the avast antivirus, it works very well. Windows firewall sucks, the zonealarm one is great, it tells you of every attempt to enter any port, tells who is doing it and what their computers address is. Follow the advice on shields up, stealth all your ports. My 2 cents |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Opus on Dec 27th, 2005, 5:09pm You can try STINGER (http://us.mcafee.com/virusInfo/default.asp?id=stinger) It is made for those nastys that disable your scanners. The real cure is in my sig. Opus/Paul [smiley=smokin.gif] |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Ueli on Dec 27th, 2005, 5:36pm I agree with maffumatt, ZoneAlarm is a great firewall. Mine has blocked 133222 access attempts since April, that's about 555 per day. One great feature is a CRC check before a program is allowed access to the net, no chance for the Greeks to infect programs. (It was the Greeks that did the dirty trick with the wooden horse, not the Trojans ;;)) I use AntiVir (free from http://www.hbedv.com/en/ as virus scanner. It includes a guard for incoming traffic. They are faster with updating for new threats than McAffe or Norton! I never had any active malware on my system. Ueli [smiley=smokin.gif] |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 27th, 2005, 7:29pm on 12/27/05 at 09:18:10, Rock_Lobster wrote:
I can't seem to get a screen shot of my task manager. |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 27th, 2005, 7:34pm Quote:
That was my secondaryanti-virus in addition to the anti virus I get along with my yahoo dsl service. Neither one was working. Stil having alot of problems, downloaded and ran the avast and there was something in windows I had no other option but to delete, and then there was folder, c:\hiberfil.sys access denyed error 0xc0000022 Whatever the hell that is. I'm about to scream and I came down with the flu today too. I'm just NOT in the mood for this SHITE today!!!!1 |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by cootie on Dec 27th, 2005, 7:51pm Did you get a flu shot.....am jus curious if so cuz last time I got one I got MAJOR SICK and got it around new years eve....had a big party I had planned I had to go to also and back had flared up MAJOR.....flu shot didn't cover the rite strains that year. I had one this year and do NOT want to get it......hopein it was a good shot this time. Anyhow.....I had a bug in my old computer years ago that made stuff go NUTS like you explained but it only did it a day then POOF it was gone. I read there are sum designed "jus" to do that and only last a day or so many hours but whenever ya got it it was programmed to attack a certain day at a certain time. Hope ya get it figured out cuz there is nothin more frustrateing then a wacked out computer !! There too big to throw out a window or kick Pam |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Opus on Dec 27th, 2005, 9:35pm on 12/27/05 at 19:34:43, Redd715 wrote:
Google is your friend (http://www.softwarepatch.com/tips/hiberfil-sys-xp.html) Did you try Stinger? Opus/Paul [smiley=smokin.gif] |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by BobG on Dec 27th, 2005, 9:50pm There are only 2 types of computers: 1. Those that have died . 2. Those that are going to die. There are 2 rules about putting important and un-important stuff into a computer: 1. Important stuff, don't do it. You WILL loose it. 2. Un-important stuff. See rule 1. If your computer screws up for any reason, kiss it goodbye, toss it over the fence and go buy a new one. At least that's what I do. ;;D |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Linda_Howell on Dec 27th, 2005, 10:02pm The voice of Vegas has spoken. Computers were invented in Las Vegas so therefore believe what Bob has said. ;;D Linda |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by BobG on Dec 27th, 2005, 10:44pm LMAO [smiley=laugh.gif] |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Opus on Dec 27th, 2005, 10:59pm on 12/27/05 at 21:50:33, BobG wrote:
Don't toss it, send it to me, I will pay the shipping. That is unless it is a dell. Opus/Paul |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Rock_Lobster on Dec 27th, 2005, 11:56pm on 12/27/05 at 21:50:33, BobG wrote:
Crom laughs at your nonexistant geek skills. http://billmon.org/archives/conan.jpg |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by BobG on Dec 28th, 2005, 12:01am Crom has nonexistent hygiene skills. [smiley=laugh.gif] |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Rock_Lobster on Dec 28th, 2005, 12:03am on 12/27/05 at 19:29:09, Redd715 wrote:
You ignored the 'taskinfo' download. Here is another download for you to ignore... http://www.download.com/3001-8022_4-10379544.html Download that, execute, then select 'do a system scan and save a log file'. When the text box pops up cut & paste it here. |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Carl_D on Dec 28th, 2005, 1:03am Redd, did you try running your anti-virus in safe mode? Soem viruses will be running in normal mode and disable certain programs, but if it is in safe mode, those viruses 9 times out of 10 will also be disabled and elminated. Also, you may have to write down each filename that is infected and go into your computer manually and remove the files yourself. I had a virus that would not delete using the anti-virus, so put the puter in safe mode, found the file and deleted it. It's worth a try if you haven't already. If all else fails, reformat and start clean. Peace, Carl |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by catlind on Dec 28th, 2005, 9:22pm Try getting HijackThis and running it in safe mode. If you don't know much about CLSID's and resident programs, you can look up the hijackthis log codes by typing them into google. I've used it for numerous computers that have a 'ghost' virus that can't be found and been able to recover without having to format. Cat |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Rock_Lobster on Dec 29th, 2005, 12:02am on 12/28/05 at 21:22:58, catlind wrote:
Exactly... that is what my link is to. |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 29th, 2005, 12:22am Logfile of HijackThis v1.99.1 Scan saved at 11:19:38 PM, on 12/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\Program Files\Logitech\ImageStudio\LowLight.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE C:\DOCUME~1\HPAUTH~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 29th, 2005, 12:24am R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O1 - Hosts: ds.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 29th, 2005, 12:26am O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\HP Authorized Custom\Local Settings\Temporary Internet Files\Content.IE5\AYND1VXZ\access[1].exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU) O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\HP Authorized Custom\Local Settings\Temporary Internet Files\Content.IE5\AYND1VXZ\access[1].exe (file missing) (HKCU) O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://www.turkcode.com//chm.chm::/windllserv.exe O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Dec 29th, 2005, 12:26am O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/controls/chat/msnchat42.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {8C478082-E5D8-4D17-A1A0-3EE4746EE22C} (????.lnk) - http://partnership.yagames.net/m_pc/partnerregister.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,11/mcgdmgr.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323 O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10a.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\system32\catsrvut.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Sean_C on Dec 29th, 2005, 12:29am Peg you need to bring it to a computer guy for real. Sometimes you can do more damage than good. Its probably a very inexpensive problem to fix too. Just my own experiences :-/ Sean........................... |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Racer1_NC on Dec 29th, 2005, 9:30am on 12/29/05 at 00:26:21, Redd715 wrote:
After a quick read of the logs, this one jumps out. I believe it to be a exploit of a Windows flaw, long since patched. Remove it with Hijack This. Delete your IE cache. Delete this one as well.... Quote:
And this one.... Quote:
Redd, does your system have all the MS updates installed? Bill |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Drk^Angel on Dec 29th, 2005, 9:41am I recommend that you also delete Windows... It's not neccesary, and just causes problems... :P PFDAN............................ Drk^Angel P.S. Don't send your broken 'puter to Opus... Ya don't wanna know what he uses 'em for... Send it to me... :P DA |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by catlind on Dec 29th, 2005, 10:17am F0, F1, F2, F3 - Autoloading programs from INI files What it looks like: F0 - system.ini: Shell=Explorer.exe Openme.exe F1 - win.ini: run=hpfsched What to do: The F0 items are always bad, so fix them. The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. Pacman's Startup List can help with identifying an item. You can find the rest of the codes at: http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis_2.htm Go through each one and determine if it's something you recognize or if it's something that should be removed. Cat |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by TomM on Dec 29th, 2005, 11:00am Hit a restore point from before you got infected. TomM |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Opus on Dec 29th, 2005, 5:40pm on 12/29/05 at 09:41:37, Drk^Angel wrote:
DRK, Whats so wrong with building a cluster? Anyway I have 5 boxs that will work just fine. Did you hear about the new exploit? (http://blogs.washingtonpost.com/securityfix/2005/12/exploit_release.html) All you have to do is visit a web page and render a certain image file to get your microsoft windows box 0wn3d. Opus/Paul [smiley=smokin.gif] |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by TomM on Dec 30th, 2005, 8:51am Paul--want my 386DX? 8Mb Ram, 1200 baud internal modem, 2- 130 Mb hard drives. That was a kick ass machine when I built it in 1990. TomM |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Drk^Angel on Dec 30th, 2005, 9:45am Good news is... Firefox and Opera users have to actually accept the download and install before their systems get fuq'd. Bad news is... When's the last time a Windoze user ever read a window before pressing yes? Gotta love the irony of the virus pretending to be a AV/anti-spyware program. "Your system is infected..." Really?? LOL PFDAN.................................. Drk^angel |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Phil L on Jan 1st, 2006, 12:44am Well, easy for me to get lost here. Have absolutly no idea what any of you are talking about. When my computor breaks, I call one of my son's and if there not available, then I just shoot it. |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Drk^Angel on Jan 1st, 2006, 10:20am Isn't shooting your son over a 'puter problem a bit extreme? PFDAN............................... Drk^Angel |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Jasmyn on Jan 1st, 2006, 10:48am Peg, how you're doing? Got it sorted yet? |
||||||
|
Title: Re: DAMN IT!!!!! (not CH) Post by Redd715 on Jan 1st, 2006, 11:41am No I don't have it sorted out yet. Some things are cleared up, but others are still hiding somewhere in here. |
||||||
|
Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1! YaBB © 2000-2003. All Rights Reserved. |