View Poll Results: How many of you are using IPSec?
- Voters
- 16. You may not vote on this poll
-
I am currently using IPSec
-
I am not currently uing IPSec
-
I plan on implementing IPSec on my network soon.
-
December 26th, 2004, 01:26 PM
#21
Greeting's
Those 2 Ip's in the trusted zone look very fishy and they shouldn't be there at all remove them.
This IP are registered to some internet service provider and these don't have a up and running website anyway you should remove them.
Analysis of your Hijackthis Log shows that your internet explorer version is old. the latest is .
6.0.2900.2180. So go to windows update and download all updates.
for detailed analysis of your log go to http://www.hijackthis.de/logfiles/c7...908db5fb2.html
anyway just try running all your malware remover program's once in safe mode and then again in normal mode. with updated definition file's ofcourse and I just wanted to know if housecall (online scan) found any trojan's and/pr viruses also when was the last virus detected by norton.
Plus i hope you have downloaded and installed a firewall its very important you do so to add a layer of security.
and if you want a nifty little program to delete all cookies for you download cookiemonster from http://www.ampsoft.net/
and better still if you want a software do delete all your online junk as wekk as windows temp file donwload CCleaner from http://www.ccleaner.com/.
Keep us updated
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
December 26th, 2004, 06:09 PM
#22
Next, please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf .
Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults. This will clean out your 015's.
Next, reboot and post a fresh log and we'll see if your log stays clean.
-
December 26th, 2004, 07:32 PM
#23
byte wrangler, he has windows 98 and because of that I don't think he will be able to get the latest internet explorer because of compatability issues...
-
December 26th, 2004, 08:31 PM
#24
Greeting's :
Okay I found this URl from where you can download latest patch (actually Service Pack) for other version's of windows except WINDWOS XP.
http://www.microsoft.com/windows/IE/nonxp.mspx
Moreover I hope "Roshaz" you tell us if your windows is completely updated because a completely patched (updated) windows or for that matter any software is always required if you want to secure system.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
December 27th, 2004, 11:05 AM
#25
Banned
well let that be a lesson to you to use a fire wall at all times and use an upto date antivirus
rest leave it to M$ guys!!!!
-
December 29th, 2004, 01:45 PM
#26
Junior Member
hi friends
thanks for the constant help which you all have provided.
i downloaded DelDomains from the internet and installed it but my screen is not retreshing and getting hanged as i move the page down button
a sample is givenm below
i have the latest updates from NAV. i am also attaching the hijack this log file
pls c and tell me how to remove other stuff
thanks once again
roshaz
Came as strangers,
met as friends ,
Parted as one
-
December 29th, 2004, 01:47 PM
#27
Junior Member
and as i m minimising the browser it does not go to the tool bar but goesa some where else
Logfile of HijackThis v1.99.0
Scan saved at 6:17:34 PM, on 12/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {26DD753A-59AA-11D9-8423-4C00DF6EEEDD} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - (no file)
O2 - BHO: (no name) - {9274D048-5431-11D9-8423-4C00531E4DC6} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [LVCOMSX] c:\windows\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O18 - Filter: text/html - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
O18 - Filter: text/plain - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
Came as strangers,
met as friends ,
Parted as one
-
December 29th, 2004, 03:52 PM
#28
Even if you didn't think that file worked something cleared the 015's from your log......
Now to finish the clean-up.
Please select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O18 - Filter: text/html - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
O18 - Filter: text/plain - {26DD7539-59AA-11D9-8423-4C002FBC70AA} - (no file)
Then, while in safe mode, run the CWShredder (click here to download).
Run the Housecall scan again and Ad-aware in safe mode.
Then reboot and post a fresh HijackThis log.
-
December 29th, 2004, 06:13 PM
#29
Follow these guys' instructions closely, and you should be alright. But if you don't understand how and why you got infected, this is a waste of time, as you'll be infected with crap all over again within a day or two.
Here's what got you in so much trouble:
i have been downloading all sorts of things into the comp.
You must be very very careful what you download from where and exercise a lot of discretion. Many worms, viruses, and other forms of malware piggyback atop otherwise innocent files, so anything you download is potentially infectuous. Until you get out of your newbie stage especially, you should only download files from well-known, trusted websites (and even then, you're still very much at risk) and scan every single thing you download with NAV.
Going download-crazy will get you every time, especially if you're a newbie.
I highly suggest taking a couple of days to sit down and just research basic computer security (start by reading tutorials here at AO). Start your learning by focusing on viruses, trojans, worms, spyware, adware, firewalls, and antivirus programs. Just do a search on each and start studying. We can tell you what to do here every step of the way, but if you're only doing as you're told and not actually understanding what it is you're doing and why, you're just going to wind up in this situation all over again soon.
Good luck getting cleaned up and keep us posted.
-
January 4th, 2005, 02:47 PM
#30
Junior Member
hi everybody
thanks for the constant help you all were providing during my mayhem days
Its been a week and my computer is running well
HAPPY NEW YEAR!!!!
ROSHAZZ
Came as strangers,
met as friends ,
Parted as one
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|