0

i have critical system errors i tried hijack
and here is my log

Logfile of HijackThis v1.99.1
Scan saved at 22:31:47, on 25.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
C:\Programfiler\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\programfiler\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\Messenger\msmsgs.exe
c:\programfiler\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\sTyLe\Lokale innstillinger\Temp\Midlertidig mappe 1 for hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programfiler\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Programfiler\Morpheus\Morpheus.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programfiler\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

4
Contributors
6
Replies
7
Views
10 Years
Discussion Span
Last Post by DMR
0

hope anybody can respond to my post sry for posting it here but didnt know how to make my own thread thats why i posted it here
a window shows up every 10-15 second and says windows found 55 critical system errors

0

sry for posting it here but didnt know how to make my own thread thats why i posted it here

On the top of the page, below "Threads in Viruses, Spyware and other Nasties Forum" is a grey button on the left side. It says "post a new thread" and this is my first recommendation for you, too. Only a few people will find your posting here.

Unfortunately I am not a virus removal expert so I can't help you much. The only unusual thing I can see in your log is
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
something that looks like debris from Win32/IRCBot.worm.98304.AL or a similar caliber. Read more here:
http://info.ahnlab.com/securityinfo/virus_view_eng_new2.jsp?SEQ_NO=2909

You also ran HJt from the download archive in a temporary folder. This is not recommended. Create a new older like C:\HJT and copy the HiJackThis.exe to that folder. Then run it again and post the log to your new thread, together with information on what happened, which virus scanners were used before and what they found. Good luck!

0

"Piggybacked" post, and Xpenetrator's perceptive response, split into a new thread.

0

sTyLe,

Your HijackThis log also indicates that you are running two antivirus programs (McAfee and AVG) at the same time. That is definitely not recommended, as multipe AV programs can interfere with each other and cause conflicts and instabilities. (Note that running multiple antispyware programs is a different story- those types of utilities can coexist peacefully.

Please uninstall one or the other of the AV programs, and follow Xpenetrator's advice about moving HijackThis.exe, before we continue.
In terms of unzipping the hijackthis file to a new folder, please do the following:

* Create a new folder for HijackThis outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder you downloaded and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and click "OK".
* Click "Next", and then click "Finished"; a window dispaying the newly-extracted hijackthis.exe file should open.
* Double-click on the hijackthis.exe file to verify that the program works.

0

I think that Is not a virus or a spyware. You have to disable the messenger service from Control Panel-Administration tools-Services (I think it is named so, my XP is in italian). In the list of services you have to search for Messanger and select it then dx click choosing Properties. You have to Stop (click on the button on the bottom) and then to modify the type of starting from Auto to Disable. Then press OK and restart Windows.

Ciao, ciao.

hope anybody can respond to my post sry for posting it here but didnt know how to make my own thread thats why i posted it here
a window shows up every 10-15 second and says windows found 55 critical system errors

0

I think that Is not a virus or a spyware.

Yes, it is; as Xpenetrator indicated, the rwnt.exe file is a component of one of the IRC worms. However, your suggestion of disabling Windows' Messenger Service (which is not MSN Messenger) is good advice, and should be followed.


sTyLe,

The following info in your HJT log's header shows that you are running a totally "virgin" version of Windows XP. That is, no Service Packs, Security/Bug Fixes, etc. have been installed.:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running such an outdated, unpatched version of Windows, your system will almost certainly get reinfected in no time. You should use the Windows Update feature to bring your system up to a fully-patched version of Service Pack 1 (note that upgrading to Service Pack 2 on an infected system is not recommended!). Once you've done that, the info in your log's header should read as follows:
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.