|
| ||
| College Woes Dear [anyone who can help me out] I'm in some serious need of help currently. I recently transfered to a large university an am now in computer virus hell. The universities network was plagued by all sorts of malware, spyware an the lot. My decent pc that never gave me a problem is now bogged down to the point where using the internet is unthinkable. The campus has given me a copy of Norton Antivirus in order to aid my troubles but I'm afraid thats not doing much. To be more specific I believe what I have is called systemantic (sp?) corp. edition 8.1x or something like that. I've run numerous scans on the system since the installation an everytime i run the scan i find new types of worms and trojans. This weekend i decided to take my comp back home to work on it an get away from the network and back to my cable modem in hopes that i could actually surf the internet from home. I'm not to knowledgable when it comes to security, firewalls, and virus infections for that matter. this simply never was a problem from my home network. Anyway, being at home hasnt helped i still cant really utilize the internet. just about every link to a site leads to the "cannot find server, DNS error" message. I also tried to do some scans at home hoping that if i moved off the college network i could get rid of some of the worms for good. I think that worked because the scans arent' finding any more viruses. But i just cant seem to understand how to get my internet back up an running. I would really appreciate any help i could get on this matter. Also, i'm writing this post from my mac at home which is accessing the internet just fine. I wasnt able to post from my comp because of the dns error. also, for the same reason i havent been able to download hijack, i dont know if that will be an issue or not. I just really need a helping hand at this point, i have to have the comp running, i have to rely on it for school thanks, kyle |
| ||
| Re: College Woes You need to be able to somehow install a few programs on your computer to help get it up & running. Can you download to another computer then save the programs to disk? Hijackthis will fit on a floppy, the others will not. If you can do that, I will give some links for you. Download & instal Adaware from here & update it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.' Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.' Select 'activate in-depth scan' before starting scan. When the scan is finished select 'next.' Remove what it finds by placing a check in the box to the left of the object. Reboot Download & instal Spybot S&D from here. Update it before scanning. After the scan is complete, have spybot fix everything marked RED. On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop (in a folder on the desktop is fine) & not directly on your hard drive). If you have anything disabled in MsConfig, please re-enable it/them. Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system. |
| ||
| Re: College Woes here's the log file crunchie. also, i've ran the programs you suggested an they didnt detect much, adaware found some info tracking cookies that i had deleted. an spybot found something named aurora which i had removed. also i ran another complete scan w/ symantic an it detected nothing. Logfile of HijackThis v1.98.2 Scan saved at 1:38:29 PM, on 8/29/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svxhost.exe C:\WINDOWS\DELLMMKB.EXE C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\System32\win32x.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\System32\winmep.exe C:\WINDOWS\System32\windrvl32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kyle A. Hegge\Desktop\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_0 1.src"); (C:\Documents and Settings\Kyle A. Hegge\Application Data\Mozilla\Profiles\default\pc97vkw1.slt\prefs.js) O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe O4 - HKLM\..\Run: [mismo] win32x.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Windows Firewall Security] winmep.exe O4 - HKLM\..\Run: [Windows Update Client Service] windrvl32.exe O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\yshyiwt.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite\kpp.exe" "C:\Program Files\Kazaa Lite\kazaalite.kpp" /SYSTRAY O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe O4 - HKLM\..\RunServices: [mismo] win32x.exe O4 - HKLM\..\RunServices: [Windows Firewall Security] winmep.exe O4 - HKLM\..\RunServices: [Windows Update Client Service] windrvl32.exe O4 - HKLM\..\RunOnce: [SVX Control Service] svxhost.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\RunOnce: [SVX Control Service] svxhost.exe O4 - Startup: Trillian.lnk = ? O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_42.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1591d119607b08d...zip/RdxIE2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co.../client/wuweb_ site.cab?1093021963046 O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_1_5_0.cab |
| ||
| Re: College Woes Open Task Manager & end process on the following: win32x.exe winmep.exe windrvl32.exe Delete them manually now. C:\WINDOWS\System32\win32x.exe C:\WINDOWS\System32\winmep.exe C:\WINDOWS\System32\windrvl32.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': R3 - Default URLSearchHook is missing O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe O4 - HKLM\..\Run: [mismo] win32x.exe O4 - HKLM\..\Run: [Windows Firewall Security] winmep.exe O4 - HKLM\..\Run: [Windows Update Client Service] windrvl32.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\yshyiwt.exe O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe O4 - HKLM\..\RunServices: [mismo] win32x.exe O4 - HKLM\..\RunServices: [Windows Firewall Security] winmep.exe O4 - HKLM\..\RunServices: [Windows Update Client Service] windrvl32.exe O4 - HKLM\..\RunOnce: [SVX Control Service] svxhost.exe O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe O4 - HKCU\..\RunOnce: [SVX Control Service] svxhost.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - -Netster Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\Program Files\ClearSearch-folder C:\WINDOWS\System32\yshyiwt.exe-file Reboot normally after doing the above then post a fresh log please. Go here for an on-line scan & set it to autoclean for you. Try this scan as well. |
| All times are GMT -4. The time now is 3:24 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC