|
| ||
| i can't get rid of this "server busy" virus... Lately, a "server busy" window has been popping up whenever i am using the internet, and i can't seem to get it to go away. It has two options, "switch to" and "retry", but neither seem to do anything. Any help that i could get would be greatly appreciated! I have added my hijack this log if that helps. Thanks. Johnnboy281 Logfile of HijackThis v1.99.1 Scan saved at 4:35:05 PM, on 9/4/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\System32\Fast.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Winamp3\winampa.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\??plorer.exe C:\Program Files\tslw\csno.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\JON WERTZ\Desktop\virus programs\new hijack this\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {B404CC6B-95D3-1A44-27C3-77CD07F8BA38} - C:\WINDOWS\system32\ntui.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe" O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [M0tPo.exe] c:\documents and settings\jon wertz\local settings\temp\M0tPo.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Rivpzql] C:\WINDOWS\system32\??plorer.exe O4 - HKCU\..\Run: [Sulm] C:\Program Files\tslw\csno.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SearchAssistant= O15 - Trusted IP range: 206.161.125.149 O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe |
| ||
| Re: i can't get rid of this "server busy" virus... Hi Jon, welcome to DaniWeb :D Please follow the suggestions and instructions in the links below. When you finish, go to Add or Remove Programs in your Control Panel and remove (if present): tslw Then scan with HijackThis and have it fix the following: O2 - BHO: (no name) - {B404CC6B-95D3-1A44-27C3-77CD07F8BA38} - C:\WINDOWS\system32\ntui.dll (file missing) O4 - HKLM\..\Run: [M0tPo.exe] c:\documents and settings\jon wertz\local settings\temp\M0tPo.exe O4 - HKCU\..\Run: [Rivpzql] C:\WINDOWS\system32\??plorer.exe O4 - HKCU\..\Run: [Sulm] C:\Program Files\tslw\csno.exe O14 - IERESET.INF: SearchAssistant= If this IP address is not related to your ISP, have HJT fix this O15 entry as well -- O15 - Trusted IP range: 206.161.125.149 Close any open windows, other then HijackThis, and hit Fix checked. Go to the following locations and delete the highlighted files and folder: C:\WINDOWS\system32\ntui.dll C:\WINDOWS\system32\??plorer.exe C:\Program Files\tslw Go to C:\documents and settings\jon wertz\local settings\temp and delete the entire contents of the folder (but not the folder itself). If any of these files cannot be deleted, try booting into Safe Mode first. Empty your Recycle Bin and reboot (normally). Close any open browser windows, scan with HijackThis, and post a new log please. |
| ||
| Re: i can't get rid of this "server busy" virus... Thanks so much for all the help that you have given me thus far! Sorry it has taken me so long to post a reply, but school is keeping me busy. Anyways, I noticed two things that i thought i would ask about. One, the 014 search assistant wasn't corrected using hijack this, so i was wondering what you thought i should do. Furthermore, i found a program in my system tools, Add or Remove programs list entitled "OIN", which i learned stands for Outerinfo network, which is some advertising agency. My guess is that i should remove this. What do you think? Thanks for the help. Johnnyboy281 Logfile of HijackThis v1.99.1 Scan saved at 11:42:03 PM, on 9/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\Fast.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Winamp3\winampa.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\devldr32.exe C:\Documents and Settings\JON WERTZ\Desktop\virus programs\new hijack this\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe" O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SearchAssistant= O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe |
| ||
| Re: i can't get rid of this "server busy" virus... Hi DarkWarrior088, First of all- welcome to DaniWeb :) We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need. In light of the above, I've split your post into its own thread, which is located here: http://www.daniweb.com/techtalkforums/thread44061.html For a full description of our posting guidelines and general rules of conduct, please see this page: http://www.daniweb.com/techtalkforum...niweb_policies Thanks for understanding. |
| ||
| Re: i can't get rid of this "server busy" virus... Quote:
Hello, I'm a newb and i read all the required readings and other items and followed the directions however when i scanned with Hijackthis the items that you refered to such as the O2 and what not were not there under that name. Also the tslw wasn't in add or remove programs but i still have the "server busy" virus. What would you recommend to fix this problem. |
| All times are GMT -4. The time now is 5:50 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC