Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: need help/advice

  1. #1
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121

    need help/advice

    to make a long story short i tried to find a crack for an old school game that i wanted to sample for another 60 minutes or so more after the trial ran out and ended up getting some crap on my computer. it wasnt worth it.

    symptoms:
    - startup of Firefox/IE i get IE popups for a couple stupid companies and those annoying spyware removal tools (the hoax ones you know?)
    - in safe mode when i run a virus scan or use the internet internet conks out, iget one use of firefox and after a while it dies anyway (like not just web pages, like everything, vnc, ssh, just outbound connections in general)
    - scanners and forensics continue to come up with stuff, but im not sure when it's all said and done
    - vstools toolbar in IE

    what i did:
    booted in safe mode
    used adaware scanner (just the free no protection mode) and got a lot of crap off
    used avast scanner and got nothing off
    internet conked out halfway through avast scan and rebooted normally to see results
    still had popups
    rebooted in a tuneup backup
    no popups this time but did notice vstools toolbar in IE (didnt install it), oops i lied, while writing this message i got one, nice (sarcasm)
    used hijackthis and uninstalled
    hijackthis had some interesting logs
    went through Program files and deleted some some stuff in Common Files that was obvious junk

    what im planning on doing :
    cleaning up the rest of Program Files
    getting feedback from you guys and cleaning up what ever u think i should
    doing an online scan in safe mode if i have ninernet (housecall, pandascan, etc.)
    never downloading game cracks again/allowing stuff through virus protection and noscript, most retarded thing ive done all year

    questions:
    would u look at this hijackthis log and tell me what u think (attached to bottom)
    any other ideas or suggestions u guys might have?
    how do i know when im clean?

    another thing that might help, a lil while back i got a rootkit from someone through aim, people only generally talk to me if they are from school, but apparently someone on the internet (a forum like this one i presume, only place where i give my sn) got my sn and sent me a link. they had a female sn and asked if i would look at a picture and tell them if it was ok if they could put it on their blog, so of course i opened link, software installed and i immediately started crying knowing exactly what had happened, lol. rebooted using a partition wizard i had a few weeks later when stuff started breaking (media player, email, word, etc.) and deleted the new partition under my windows one, and while i was at it reformatted and reinstalled windows. anyway i could still have issues from this episode. i only bring it up cause it up cause it was only a month ago. sigh, no more looking for cracks ever again, and no tlaking to strange people
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    Try pasting your HJT log into this:

    http://www.hijackthis.de/

    It will tell you ones that are certainly bad and then you just Google your way through the "yellow entries"

    Try EWIDO and A-Squared, and run all your scans in safe mode

    In answer to your question: you will never know if your system is clean unless it is a fresh install that hasn't been accessed physically by anyone else and has never been on the internet.

    Otherwise I just look on it as "a working assumption given lack of evidence to the contrary"


  3. #3
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    thnx, used the log analyzer and got rid of another
    will try EWIDO and A-Squared
    leading a Bible study tonight and will be gone for like 4 or 5 hours, so im thinking ill just leave it running when i leave for there. thnx nihil
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  4. #4
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    so, i used ewido and a-squared in safe mode. They caught some stuff, but im still not able to get any internet while in safe mode. any ideas? i can vnc to my server (how im currently typing this message) and ping google and make outbound connections, but when i use a web browser (IE and Firefox) i get cannot find server errors. What is that? any ideas? i did have this problem back in the old routkit when trying to get rid of that in safe mode, so it just a safe mode issue? i can usually use it (internet) once or twice before it dies. let me know what u guys think.

    ill probably just do a fresh install (i've gotten a fresh install, with all my personal files and applications reinstalled down to a single day so maybe if i have a day off school and no work ill do it), but until then, any and all ideas will be much appreciated. thnx again guys
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  5. #5
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I gave your HJT log the once over. What's this one here?

    O4 - HKLM\..\Run: [pixgbvm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pixgbvm.dll,lgsgnmd

    I'm not turning up anything on that pixgbvm.dll when I google it. Not a good sign.

    You running Safe Mode with networking? Might be your winsock's corrupted. Download and run LSP-Fix. There's typically only three files in a healthy WinXP winsock:

    mswsock.dll
    winrnr.dll
    rsvpsp.dll

    There's some legit apps that MAY add files to your winsock (some VPN's) but it's a safe bet to remove anything beyond those three.

    Hope this helps...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #6
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    tried LSP fix, just gave me the three normal files. nothing odd there. thnx for the tool though, something else to put in my bag of tricks
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    In all your cleaning, you didn't mention that you turned off System Restore before scrubbing it down. That could contribute to a reoccuring problem.

    cheers
    Connection refused, try again later.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Can't you edit startup files in windows by running Msconfig or something? maybe you could snoop around there -- it couldn't hurt.

    I don't know if there are any Windows virus scanners for linux, but if there are, pop in a Linux LiveCD and do a full scan.
    ...This Space For Rent.

    -[WebCarnage]

  9. #9
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Once you clean that **** off, remove execute permission from the local settings folder and properly configure IE (namely zones).
    Real security doesn't come with an installer.

  10. #10
    if u r running that box behind a router then maybe u should try resetting the router... my friend had this problem once (not virus attack or anything) and he reset the router and it was back to normal and weeks later his router died... so just a thought... it might be just ur router going crazy

    [EDIT]
    in my friend's case, only his web browser and stuff is dead, he could still connect to AIM etc but cant get any traffic thru the web browser
    [/EDIT]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •