-
January 19th, 2005, 09:15 PM
#11
If its okay with you why dont you post your Hijack this log here. And also see how many program are at start-up. Also one more thing why dont you try defragmenting your hard drive ( I would recommend diskeeper. its an excellent software)
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
January 19th, 2005, 10:30 PM
#12
As I understand it Netsky collects email addresses from infected machines address books and then it picks one address at random and pretends to be from that address. In nutshell, Netsky has infected a computer that had your address in its address book..
Utter and absolute BULLSHIT - netsky and many other Viruses Will scan documents in your computer looking for email addies. Any virus writter wirth his salt knows that there are richer pickings in the header information of a email than you would find in the best corporate address book.. in saying that I spot a virii yesterday that uses the Windows address book..would be the first one in a long time..
If you want info on viruses go to the people who come up with the cures.. the AV companies..
where do I go for info..
http://securityresponse.symantec.com/
is my first port of call..
for info on netsky: http://securityresponse.symantec.com...tsky.p@mm.html
But remember Netsky is not the only Virus that farms a PC for email addies, and is not the only one that uses the "Mail Delivery Error" method of delivery
If your recieving a lot of these messages it is very likely that a pc on the domain (I am assuming that the pc is member of a larger network) is infected.. the admin could look for unusual traffic from a machine on Port 25.
As for your machine.. Follow through on the information given above.. to be certain that it is clean (prolly full of parasite crap - that is Adware -spyware)
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
January 20th, 2005, 06:50 AM
#13
Junior Member
As requested by ByteWrangler, Hijackthis log is as follow:
Logfile of HijackThis v1.98.2
Scan saved at 10:57:24 AM, on 1/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
d:\oracle\oracle9i\bin\ORACLE.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Security\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{05A3ABD6-64ED-4605-B55F-FDC9F8B798E5}: NameServer = 202.144.115.4,202.144.66.6
ByteWrangler:
Honestly, I can't do defragmentation at this stage. As I have to finish lots of assignment of this sem module and have to prepare for the exam which is drawing near.. Sorry !
Und3ertak3r:
What do you think about Symantec support? Had you ever get a chance to call them and ask for support ? If not then go and ask for help, you'll change your opinion on the same day.
©opy®ight:
I had follow your suggestions and found that hardly some seconds(30-40) difference in booting when disabled norton at bootup. As stated earlier, being a kid and developer, I have plenty of application of my win2k box wiz..MS SQL Server 2000, Oracle 10g, Apache, J2SDK 1.3, Visual Studio dot net and what not... but none of them are booting at startup. I'll run thw application as and when needed.
With Thanks!
BigZero
-
January 20th, 2005, 11:11 AM
#14
Greeting's:
The first line of your Hijackthis log shows that your version is old. you may want to download the newer version from : http://www.hijackthis.de/downloads/hijackthis_199.zip.
besides that i see no malware entries in the log. have you done an online scan in last few days also have you installed a firewall ?
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
January 20th, 2005, 01:16 PM
#15
Junior Member
Thanks BW
ByteWrangler,
There is hardly a difference between the newer version and 1.98.2.
Yes, I have done online scan in last few days. You might be wondering as you couldn't see any O16 DPF entries in the log. It's because I had remove all the O16 entries from the log when did the HJT scan last to last time.
As of now there is no firewall on my machine.
With Thanks !
BigZero
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|