+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 24
  1. #1
    Users Awaiting Email Confirmation
    Join Date
    Sep 2005
    Posts
    172
    BG Level
    3
    FFXI Server
    Bahamut

    Help me out, computer issue virus/worm

    I think it is one of those mass mailing worms, Norton didn't find it (even scanned in safe mode).

    What happens when I boot up is in the screenshot, Norton scans emails and then I get error messages about email rejected or IP banned etc and what ever emails it is sending, is not to email addresses that I recgonize.

    Any program that would be good to download to find and fix this? Preferably a free program

    Thanks for any help you can give guys!

    Juju

    http://i13.photobucket.com/albums/a2...creenshot2.jpg[/img]

  2. #2
    Relic Shield
    Join Date
    Apr 2005
    Posts
    1,572
    BG Level
    6

    hijackthis.exe from http://www.radiosplace.com

    Post the log here if you don't know what it means.

  3. #3
    Users Awaiting Email Confirmation
    Join Date
    Sep 2005
    Posts
    172
    BG Level
    3
    FFXI Server
    Bahamut

    Thanks, i'll try it late tonight or tomorrow. At work all day and going to the Piston's game tonight so won't have a chance to get to it till then. And ya, i'll post what I get because i'm sure I won't know what it means! LOL.

    Juju

  4. #4

    Format and reinstall, only way to be sure.

  5. #5

    Delete your system32 folder.

  6. #6
    Campaign
    Join Date
    May 2006
    Posts
    6,872
    BG Level
    8
    FFXIV Character
    Syaoran Li
    FFXIV Server
    Gilgamesh
    FFXI Server
    Asura
    WoW Realm
    Area 52

    Why does everyone want to destroy Juju's computer? lol

  7. #7
    Users Awaiting Email Confirmation
    Join Date
    Sep 2005
    Posts
    172
    BG Level
    3
    FFXI Server
    Bahamut

    They just like being meanies.

    My husband also chatted with some of his IS folk at work today, so got some advice there too.

    I'm trying not to format/reinstall, but if this bugger can't be found, that is what i'm going to have to do. ; ;

  8. #8
    Campaign
    Join Date
    May 2006
    Posts
    6,872
    BG Level
    8
    FFXIV Character
    Syaoran Li
    FFXIV Server
    Gilgamesh
    FFXI Server
    Asura
    WoW Realm
    Area 52

    Quote Originally Posted by Jujubie
    They just like being meanies.

    My husband also chatted with some of his IS folk at work today, so got some advice there too.

    I'm trying not to format/reinstall, but if this bugger can't be found, that is what i'm going to have to do. ; ;
    All I have to say if you reformat: save your FFXI macros somewhere......I can't even remember how many times I have had to remake mine. ~_~

  9. #9

    Quote Originally Posted by Jujubie
    They just like being meanies.

    My husband also chatted with some of his IS folk at work today, so got some advice there too.

    I'm trying not to format/reinstall, but if this bugger can't be found, that is what i'm going to have to do. ; ;
    I'm not being mean.. if the virus is even halfass sophisticated it won't be removable. How are you or a virus scanner going to do anything when it has altered windows to not reveal its location, authorize its shutdown, or even let you delete it?

    The only way to get access to the files is to take the drive out and put it in another computer or boot from your XP CD in recovery console. Of course this only works if you know which files to look for.. There are some decent rootkit detection programs and methods out there, but you really needa know what you are doing and its always faster/easier/safer to simply reinstall even if you do.

  10. #10
    Campaign
    Join Date
    May 2006
    Posts
    6,872
    BG Level
    8
    FFXIV Character
    Syaoran Li
    FFXIV Server
    Gilgamesh
    FFXI Server
    Asura
    WoW Realm
    Area 52

    I didn't mean you exactly. It does seem to be the only way to go. I just mean the people trying to get her to delete her hard drive without knowing it lol.

  11. #11
    Salvage Bans
    Join Date
    Sep 2005
    Posts
    769
    BG Level
    5

    I have to agree, formatting is always the fastest way to get rid of a pesky pesky virus.

    With all the time you spend snooping for files and its alterations and everything, you'll just be like wipe, and go again.

    Best thing I can say is if you are determined to delete the files that are causing corruption:

    1: disconnect from the internet
    2: turn off system restore
    3: reboot into safe mode
    4: run your virus scan

    A ton of virus files hide in system restore, and the only way of checking them is to have it turned off. Also with safemode you're booting windows into a safer enviroment.

    If you can eventually find the culprits sometimes they are not deletable, because of virus sophistication, you'll need to either A: boot your machine into a linux OS (landog, knoppix, something along these lines) and then eventually get to your system root. What I'm describing here is kind of difficult, and thats why I recommend Format and Re-Do.

  12. #12
    Cerberus
    Join Date
    Nov 2006
    Posts
    443
    BG Level
    4
    FFXI Server
    Titan

    post a screen shot of you process(ctrl + alt +del) and it seems your problem is norton just kill(the process in process tab[rename the kernel in norton folder]) it and use other means to get the virus....and i dont know why you using such useless antivirus like norton.....at least use nod32 or AVG,
    now regarding the virus that thing must be on your process too and start up with your pc download tune up utilities that will help you with task manager and startup and clean your pc. if you need links for these programs send me a PM.

  13. #13
    Users Awaiting Email Confirmation
    Join Date
    Sep 2005
    Posts
    172
    BG Level
    3
    FFXI Server
    Bahamut

    Got the link for AVG from someone today, gonna use that and probably will end up uninstalling Norton.

    Thanks for your help guys, i'll try all this stuff tonight and let you know the outcome.

  14. #14

    Quote Originally Posted by Devek
    Quote Originally Posted by Jujubie
    They just like being meanies.

    My husband also chatted with some of his IS folk at work today, so got some advice there too.

    I'm trying not to format/reinstall, but if this bugger can't be found, that is what i'm going to have to do. ; ;
    I'm not being mean.. if the virus is even halfass sophisticated it won't be removable. How are you or a virus scanner going to do anything when it has altered windows to not reveal its location, authorize its shutdown, or even let you delete it?

    The only way to get access to the files is to take the drive out and put it in another computer or boot from your XP CD in recovery console. Of course this only works if you know which files to look for.. There are some decent rootkit detection programs and methods out there, but you really needa know what you are doing and its always faster/easier/safer to simply reinstall even if you do.
    Be smarter than the virus writer.

    to the op: Download Autoruns from Sysinternals. This should let you see every program that is configured to run when your computer starts, even programs that attempt to hide themselves from public view and not be visible to normal methods of determing run-at-start programs. If you can't make sense of what the program tells you, screenshot it and post here. You should see a suspicious app running though.

  15. #15
    Chram
    Join Date
    Jun 2006
    Posts
    2,864
    BG Level
    7
    FFXIV Character
    Patty Fleur
    FFXIV Server
    Ultros
    FFXI Server
    Caitsith
    WoW Realm
    Burning Blade

    I had that before >> I just ctrl alt del, ctrl+click 5-10, end task. Usually closed all of them, and stopped. The virus stopped after a while >>

  16. #16

    Quote Originally Posted by Jujubie
    Got the link for AVG from someone today, gonna use that and probably will end up uninstalling Norton.

    Thanks for your help guys, i'll try all this stuff tonight and let you know the outcome.
    Norton causes more problems than viruses do.. ask anyone who ever answered the phones at an ISP

  17. #17

    Quote Originally Posted by divisortheory
    That's a really nice little app, thanks. That'll come in handy one day I'm sure.

  18. #18

    Quote Originally Posted by Devek
    Quote Originally Posted by Jujubie
    Got the link for AVG from someone today, gonna use that and probably will end up uninstalling Norton.

    Thanks for your help guys, i'll try all this stuff tonight and let you know the outcome.
    Norton causes more problems than viruses do.. ask anyone who ever answered the phones at an ISP
    I had Norton, it went apeshit on me. Kept having a little reminder thing pop up over and over and over and over. Click it off, it'd pop back up. Deleted that shit,

  19. #19
    Users Awaiting Email Confirmation
    Join Date
    Sep 2005
    Posts
    172
    BG Level
    3
    FFXI Server
    Bahamut

    Quote Originally Posted by Janice
    hijackthis.exe from http://www.radiosplace.com

    Post the log here if you don't know what it means.

    Here is the log, let me know if you see something. Thanks!


    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:29 AM, on 12/2/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA FA.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Fraps\FRAPS.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\services.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX48.109\Hijac kThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:3647
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA FA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKCU\..\Run: [WinMedia] C:\361101032253072.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

  20. #20
    Relic Weapons
    Join Date
    Oct 2006
    Posts
    301
    BG Level
    4

    361101032253072.exe sounds kind of suspicious <_< if I see something I don't recognize I usually run it through google. (Not literally run obviously, but I like getting a bunch of results, usually they say what it does without even clicking on a link and you get a good number of forum posts if it's anything serious.)

    Might want to check this out, looks like that one might be your problem.

Quick Reply Quick Reply

  • Decrease Size
    Increase Size
  • Remove Text Formatting
  • Insert Link Insert Image Insert Video
  • Wrap [QUOTE] tags around selected text
  • Insert NSFW Tag
  • Insert Spoiler Tag

Similar Threads

  1. Help me out ; Car issues
    By Senoska in forum General Discussion
    Replies: 22
    Last Post: 2006-07-14, 18:37
  2. [color=red](|[/color]Help Me Out![color=green]|)[/color]
    By Jingles in forum General Discussion
    Replies: 8
    Last Post: 2004-11-24, 11:13