can't stay on line

Reply
1 2

Join Date: Mar 2004
Posts: 13
Reputation: moxin is an unknown quantity at this point 
Solved Threads: 0
moxin moxin is offline Offline
Newbie Poster

can't stay on line

 
0
  #1
Jun 2nd, 2004
Hi i can't stay online long when surfing the web.!!!! Why? any help it great! here is hijack this log file

Logfile of HijackThis v1.97.7
Scan saved at 4:14:05 AM, on 6/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...AB?38004.94875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by15fd.bay15.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B4830-2FC7-47F1-9152-D66BEFBB37E7}: NameServer = 142.177.1.2 142.177.129.11
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 362
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: can't stay on line

 
0
  #2
Jun 2nd, 2004
Hi moxin,

I'm moving this to our new (or perhaps not-so-new by now) Security forum; that's where we're now concentrating spyware-related troubleshoots.



When you say that you "can't stay on line", what exactly do you mean, and what type of Internet connection do you have?


By the way, this looks a bit odd:

"[rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe".

Does that entry really have a double ".exe" extension?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Feb 2002
Posts: 898
Reputation: Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light 
Solved Threads: 28
Moderator
Tekmaven's Avatar
Tekmaven Tekmaven is offline Offline
The C# Man, Myth, Legend

Re: can't stay on line

 
0
  #3
Jun 2nd, 2004
Get rid of these:

O4 - HKLM\..\Run: [rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/...nfo/webscan.cab

I'm not sure about the nameserver line (it probably should be gotten rid of too, but I don't know if you actually have one set).
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B4830-2FC7-47F1-9152-D66BEFBB37E7}: NameServer = 142.177.1.2 142.177.129.11
-Ryan Hoffman

.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
Reply With Quote Quick reply to this message  
Join Date: Feb 2002
Posts: 898
Reputation: Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light 
Solved Threads: 28
Moderator
Tekmaven's Avatar
Tekmaven Tekmaven is offline Offline
The C# Man, Myth, Legend

Re: can't stay on line

 
0
  #4
Jun 2nd, 2004
Upon further reasearch, the nameserver line is definatly bad. In fact, its probably the one causing your problems.
-Ryan Hoffman

.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
Reply With Quote Quick reply to this message  
Join Date: Aug 2003
Posts: 9,761
Reputation: caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold 
Solved Threads: 511
Team Colleague
caperjack's Avatar
caperjack caperjack is offline Offline
Posting Prodigy

Re: can't stay on line

 
0
  #5
Jun 3rd, 2004
Search IP here .
http://www.arin.net/whois/
Fallen Heroes Song ,
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
Reply With Quote Quick reply to this message  
Join Date: Feb 2002
Posts: 898
Reputation: Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light Tekmaven is a glorious beacon of light 
Solved Threads: 28
Moderator
Tekmaven's Avatar
Tekmaven Tekmaven is offline Offline
The C# Man, Myth, Legend

Re: can't stay on line

 
0
  #6
Jun 3rd, 2004
Its... really not legit :-P.
-Ryan Hoffman

.NET Specialist / Webmaster, Extended64.com.
Please do not email or PM me with support questions. Please direct them to the forums instead.
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 13
Reputation: moxin is an unknown quantity at this point 
Solved Threads: 0
moxin moxin is offline Offline
Newbie Poster

Re: can't stay on line

 
0
  #7
Jun 3rd, 2004
I got rid of the one that were there, but I'm still having trouble with being able to surf the web after about 10 min's. It IE says I have a dns error I believe but can't be sure because the error flashes so fast I can't read it all. I have DSL Is that what you needed? Thx for the help so far. Still something is not quite right!
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 14
Reputation: nic_m_moon is an unknown quantity at this point 
Solved Threads: 1
nic_m_moon's Avatar
nic_m_moon nic_m_moon is offline Offline
Newbie Poster

Re: can't stay on line

 
0
  #8
Jun 3rd, 2004
Originally Posted by moxin
I got rid of the one that were there, but I'm still having trouble with being able to surf the web after about 10 min's. It IE says I have a dns error I believe but can't be sure because the error flashes so fast I can't read it all. I have DSL Is that what you needed? Thx for the help so far. Still something is not quite right!
you have the sasser worm it infects IE go to symantec and find the removal tool, but I strongly recommend Norton Antivirus to protect you from further issues.
I'm cracking down on viruses one donut at a time.
Virus Killer :evil:
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 14
Reputation: nic_m_moon is an unknown quantity at this point 
Solved Threads: 1
nic_m_moon's Avatar
nic_m_moon nic_m_moon is offline Offline
Newbie Poster

Re: can't stay on line

 
0
  #9
Jun 3rd, 2004
Oh duh forgot to tell you that the file with the isue was C:\WINDOWS\system32\lsass.exe.
I'm cracking down on viruses one donut at a time.
Virus Killer :evil:
Reply With Quote Quick reply to this message  
Join Date: May 2004
Posts: 33
Reputation: xxplosive is an unknown quantity at this point 
Solved Threads: 1
xxplosive's Avatar
xxplosive xxplosive is offline Offline
Light Poster

Re: can't stay on line

 
0
  #10
Jun 4th, 2004
hi there

to get rid of the sasser worm virus please click the below link to get the removal tool

CLICK HERE

and i suggest you download AVG 6.0 FREE EDITION to detect further worm/trojan infections and get rid of them!

while downloading you should try WEBROOT SPY SWEEPER to get rid of any spyware that may be causing problems.

I hope you problem is sorted soon!

Lee.
ILLMATICRHYMEZ FORUMS
CLICK HERE TO VISIT!


======================
FREE STUFF TO HELP YOU
======================
AVG ANTI VIRUS
SPY SWEEPER
ADD YOUR SITE HERE
FREE AFFILATES PROGRAMME
FREE PHOTOSHOP MADE GRAPICS
WEB SITE REVIEWS
FREE JAVA SCRIPTS
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC