Blaster Worm, I think, cannot remove!

Reply

Join Date: Apr 2004
Posts: 8
Reputation: Simonsl8er is an unknown quantity at this point 
Solved Threads: 0
Simonsl8er Simonsl8er is offline Offline
Newbie Poster

Blaster Worm, I think, cannot remove!

 
0
  #1
May 7th, 2004
Hi,

I keep getting the SVCHOST.exe error (running W2k SP4) but have tried all of the blaster removal/patch tools and cannot get rid of it!!

It is really annoying me as it seems to stop me from runing Windows Update and from loging into websites (like this one) that need passwords - Hotmail is a prime example.

I hope that someone can shed some light on this... What log files etc do I need to run and post here?

Thanks

Si
Reply With Quote Quick reply to this message  
Join Date: Apr 2004
Posts: 8
Reputation: Simonsl8er is an unknown quantity at this point 
Solved Threads: 0
Simonsl8er Simonsl8er is offline Offline
Newbie Poster

Re: Blaster Worm, I think, cannot remove!

 
0
  #2
May 7th, 2004
Well, I think that I may have got it sorted!! It was a varient (f) of the Blaster worm..

Can someone have a quick look at the HJT log and let me know if they see anything there that shouldn't be cause i'm not sure what to look for!

Logfile of HijackThis v1.97.7
Scan saved at 14:44:11, on 07/05/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\DfrgNtfs.exe
C:\Backup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Thanks
Si
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 362
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Blaster Worm, I think, cannot remove!

 
0
  #3
May 7th, 2004
Moved to the new Security forum, as that's where virus/spyware/malware/etc. questions now belong.

"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Feb 2002
Posts: 626
Reputation: MAD_DOG is on a distinguished road 
Solved Threads: 13
MAD_DOG's Avatar
MAD_DOG MAD_DOG is offline Offline
Practically a Master Poster

Re: Blaster Worm, I think, cannot remove!

 
0
  #4
May 8th, 2004
Sad we had to create a fourm for spyware what is the world coming to haha.
Jimmy
E-Mail - jimmy@fiberops.net
Chief Information Officer (CIO) of FiberOps
Reply With Quote Quick reply to this message  
Join Date: Aug 2003
Posts: 9,763
Reputation: caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold 
Solved Threads: 511
Team Colleague
caperjack's Avatar
caperjack caperjack is offline Offline
Posting Prodigy

Re: Blaster Worm, I think, cannot remove!

 
0
  #5
May 8th, 2004
Originally Posted by MAD_DOG
Sad we had to create a fourm for spyware what is the world coming to haha.
One coming for Formatting ,you wanna be the host !
Fallen Heroes Song ,
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
Reply With Quote Quick reply to this message  
Join Date: Feb 2002
Posts: 626
Reputation: MAD_DOG is on a distinguished road 
Solved Threads: 13
MAD_DOG's Avatar
MAD_DOG MAD_DOG is offline Offline
Practically a Master Poster

Re: Blaster Worm, I think, cannot remove!

 
0
  #6
May 8th, 2004
Yeah start it up we can call it Why You Should Reformat Instead Of Fixing The Problem. I should write an article on that. Hmmmmm thanks. You got me thinking.
Jimmy
E-Mail - jimmy@fiberops.net
Chief Information Officer (CIO) of FiberOps
Reply With Quote Quick reply to this message  
Join Date: Aug 2003
Posts: 9,763
Reputation: caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold 
Solved Threads: 511
Team Colleague
caperjack's Avatar
caperjack caperjack is offline Offline
Posting Prodigy

Re: Blaster Worm, I think, cannot remove!

 
0
  #7
May 8th, 2004
Originally Posted by Simonsl8er
Well, I think that I may have got it sorted!! It was a varient (f) of the Blaster worm..

Can someone have a quick look at the HJT log and let me know if they see anything there that shouldn't be cause i'm not sure what to look for!

Logfile of HijackThis v1.97.7
Scan saved at 14:44:11, on 07/05/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\DfrgNtfs.exe
C:\Backup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Thanks
Si
Log is clean ,good job
Fallen Heroes Song ,
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pdf phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect report research risk rogueantivirus rootkit samhain sans search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume vulnerability war warning windows worm yahoo zero-day zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC