Help Me Out!!! Virus Plz - Page 3

View Poll Results: How many of you are using IPSec?

Voters
16. You may not vote on this poll
  • I am currently using IPSec

    7 43.75%
  • I am not currently uing IPSec

    6 37.50%
  • I plan on implementing IPSec on my network soon.

    3 18.75%
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: Help Me Out!!! Virus Plz

  1. #21
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's


    Those 2 Ip's in the trusted zone look very fishy and they shouldn't be there at all remove them.
    This IP are registered to some internet service provider and these don't have a up and running website anyway you should remove them.

    Analysis of your Hijackthis Log shows that your internet explorer version is old. the latest is .
    6.0.2900.2180. So go to windows update and download all updates.

    for detailed analysis of your log go to http://www.hijackthis.de/logfiles/c7...908db5fb2.html

    anyway just try running all your malware remover program's once in safe mode and then again in normal mode. with updated definition file's ofcourse and I just wanted to know if housecall (online scan) found any trojan's and/pr viruses also when was the last virus detected by norton.

    Plus i hope you have downloaded and installed a firewall its very important you do so to add a layer of security.

    and if you want a nifty little program to delete all cookies for you download cookiemonster from http://www.ampsoft.net/
    and better still if you want a software do delete all your online junk as wekk as windows temp file donwload CCleaner from http://www.ccleaner.com/.

    Keep us updated
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #22
    Senior Member
    Join Date
    Feb 2004
    Posts
    202
    Next, please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf .

    Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults. This will clean out your 015's.

    Next, reboot and post a fresh log and we'll see if your log stays clean.


  3. #23
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    byte wrangler, he has windows 98 and because of that I don't think he will be able to get the latest internet explorer because of compatability issues...
    I am the uber duck!!1
    Proxy Tools

  4. #24
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's :

    Okay I found this URl from where you can download latest patch (actually Service Pack) for other version's of windows except WINDWOS XP.

    http://www.microsoft.com/windows/IE/nonxp.mspx

    Moreover I hope "Roshaz" you tell us if your windows is completely updated because a completely patched (updated) windows or for that matter any software is always required if you want to secure system.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #25
    Banned
    Join Date
    Apr 2004
    Posts
    410
    well let that be a lesson to you to use a fire wall at all times and use an upto date antivirus
    rest leave it to M$ guys!!!!

  6. #26
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    hi friends
    thanks for the constant help which you all have provided.
    i downloaded DelDomains from the internet and installed it but my screen is not retreshing and getting hanged as i move the page down button
    a sample is givenm below
    i have the latest updates from NAV. i am also attaching the hijack this log file
    pls c and tell me how to remove other stuff

    thanks once again
    roshaz
    Came as strangers,
    met as friends ,
    Parted as one

  7. #27
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    and as i m minimising the browser it does not go to the tool bar but goesa some where else
    Logfile of HijackThis v1.99.0
    Scan saved at 6:17:34 PM, on 12/29/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\LVCOMSX.EXE
    C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {26DD753A-59AA-11D9-8423-4C00DF6EEEDD} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - (no file)
    O2 - BHO: (no name) - {9274D048-5431-11D9-8423-4C00531E4DC6} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [LVCOMSX] c:\windows\SYSTEM\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
    O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O18 - Filter: text/html - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
    O18 - Filter: text/plain - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
    Came as strangers,
    met as friends ,
    Parted as one

  8. #28
    Senior Member
    Join Date
    Feb 2004
    Posts
    202
    Even if you didn't think that file worked something cleared the 015's from your log......

    Now to finish the clean-up.

    Please select the following with HijackThis. With all windows (including this one!) closed, please select "fix.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    O18 - Filter: text/html - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
    O18 - Filter: text/plain - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)


    Then, while in safe mode, run the CWShredder (click here to download).

    Run the Housecall scan again and Ad-aware in safe mode.

    Then reboot and post a fresh HijackThis log.


  9. #29
    Follow these guys' instructions closely, and you should be alright. But if you don't understand how and why you got infected, this is a waste of time, as you'll be infected with crap all over again within a day or two.

    Here's what got you in so much trouble:

    i have been downloading all sorts of things into the comp.
    You must be very very careful what you download from where and exercise a lot of discretion. Many worms, viruses, and other forms of malware piggyback atop otherwise innocent files, so anything you download is potentially infectuous. Until you get out of your newbie stage especially, you should only download files from well-known, trusted websites (and even then, you're still very much at risk) and scan every single thing you download with NAV.

    Going download-crazy will get you every time, especially if you're a newbie.

    I highly suggest taking a couple of days to sit down and just research basic computer security (start by reading tutorials here at AO). Start your learning by focusing on viruses, trojans, worms, spyware, adware, firewalls, and antivirus programs. Just do a search on each and start studying. We can tell you what to do here every step of the way, but if you're only doing as you're told and not actually understanding what it is you're doing and why, you're just going to wind up in this situation all over again soon.

    Good luck getting cleaned up and keep us posted.

  10. #30
    Junior Member
    Join Date
    Dec 2003
    Posts
    22

    Thumbs up

    hi everybody

    thanks for the constant help you all were providing during my mayhem days
    Its been a week and my computer is running well

    HAPPY NEW YEAR!!!!

    ROSHAZZ
    Came as strangers,
    met as friends ,
    Parted as one

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides