•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 397,802 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,455 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 848 | Replies: 3
 |
•
•
Join Date: Aug 2006
Posts: 5
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
i did uinstall one of the av programs as u said and here is my new log
Logfile of HijackThis v1.99.1
Scan saved at 12:00:01, on 27.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
C:\Programfiler\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programfiler\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\sTyLe\Skrivebord\CHijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programfiler\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Programfiler\Morpheus\Morpheus.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programfiler\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:00:01, on 27.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
C:\Programfiler\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programfiler\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\sTyLe\Skrivebord\CHijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programfiler\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Programfiler\Morpheus\Morpheus.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programfiler\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
•
•
Join Date: Aug 2006
Posts: 5
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
hope anybody can respawn
•
•
Join Date: Aug 2006
Posts: 5
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
plz can anybody here help me?
i really need to fix my prob im doing much school work on it
i really need to fix my prob im doing much school work on it
•
•
Join Date: Jul 2006
Location: a few 1000 miles east of the east coast
Posts: 277
Reputation:
Rep Power: 3
Solved Threads: 10
Posting Whiz in Training
Hi sTyLe,
what I (sorry) overlooked in your first log is that you are running XP apparently without any service packs. Connecting a PC to the internet without these (and all subsequent hoftfixes) is more than "not recommended". Your IE is outdated too. Whatever you will try to remove your malware, the same or other will come back sooner or later this way: Even old and known malware can exploit all the loop holes in your system and no antivirus software can really protect you this way. I can't see a firewall either (connected via a router?). All this messes up things pretty bad - updating this system may even fail now due to the infections. (Try anyway)
The antivirus guys here (and everywhere) need much more information on what happens on your computer, which malware your AV scanners possibly reported and how the infection manifests itself in detail. What exactly is on the popup window? Is there a clue (maybe in the title bar) which program sends the window? Is it an ad?
Apart from the reference to RWNT.EXE I can't see anything unusual on the log. Together with the popups, this points to an infection which can't be removed that easy - you will have to run several tools and maybe online scans to identify them and then several steps to remove them may follow. This usually takes some days, so if you need your computer for school work, wiping and reinstalling (this time with Service Packs + hotfixes) would be probably faster and you get rid of your nasties, too.
Read in this forums how to set up your system to avoid infections.
I wish I could help you better, but maybe somebody comes with a better suggestion for you. Good luck!
what I (sorry) overlooked in your first log is that you are running XP apparently without any service packs. Connecting a PC to the internet without these (and all subsequent hoftfixes) is more than "not recommended". Your IE is outdated too. Whatever you will try to remove your malware, the same or other will come back sooner or later this way: Even old and known malware can exploit all the loop holes in your system and no antivirus software can really protect you this way. I can't see a firewall either (connected via a router?). All this messes up things pretty bad - updating this system may even fail now due to the infections. (Try anyway)
The antivirus guys here (and everywhere) need much more information on what happens on your computer, which malware your AV scanners possibly reported and how the infection manifests itself in detail. What exactly is on the popup window? Is there a clue (maybe in the title bar) which program sends the window? Is it an ad?
Apart from the reference to RWNT.EXE I can't see anything unusual on the log. Together with the popups, this points to an infection which can't be removed that easy - you will have to run several tools and maybe online scans to identify them and then several steps to remove them may follow. This usually takes some days, so if you need your computer for school work, wiping and reinstalling (this time with Service Packs + hotfixes) would be probably faster and you get rid of your nasties, too.
Read in this forums how to set up your system to avoid infections.
I wish I could help you better, but maybe somebody comes with a better suggestion for you. Good luck!
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
Linear Mode
- Helping yourself: What to do before starting a new thread or posting a HiJackThis log (Viruses, Spyware and other Nasties)
- Help with HiJackThis log, please (Viruses, Spyware and other Nasties)
- problems with MSIESH.DLL (Viruses, Spyware and other Nasties)
- Another hijackthis log (Viruses, Spyware and other Nasties)
- hijackthis log (Viruses, Spyware and other Nasties)
- Stu's Hijackthis log file. (Viruses, Spyware and other Nasties)
- Bridge.dll error please help me here is my hijackthis log file! (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
- HijackThis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Have Trojan Horse Please Help
- Next Thread: zlob.czc TROJAN
