Posts by caperjack

Nice catch caperjack :D.

Morning Crunchie! Thanks ,just nosing around :)

I went to this website www.webzcan.com/Vulns/WZV10132.htm and it said the above

I am beginning to think the above website is a scam to try and get you to buy their product. I have went to it on antoher computer and it said the same thing. Plus I have never not ran antivirus software. let me know what you think.

I think that ,that is just a definition of how the program would report the virus when it founf it ,the site does not offer a scan of you computer that i could find .not to worry its not telling you that you have the virus

run hijack and fix .
O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

,,,,,,,,,,,,,,,,
then run these free online Virus scan

Be sure to Check off Auto Fix on this site

http://housecall.trendmicro.com/housecall/start_corp.asp
please run this one also to be sure .

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

I think these are related .

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=82676&VName=WORM_SPYBOT.LL&VSect=T

I believe I have a kuang2 virus on my computer, I guess it is a virus, I have run my mcafee virus scanner as well as a few online ones and it did not pick it up. Does anyone know what this is or how to get rid of it. Thanks

What made me look for this was when I went to www.hackerwatch.org

I believe i have gray hair !Why because i see it when i look in the mirror!
Why do you believe you have a kuang2 virus ,that scaners won't detect .

Hi :)
Ya i am just in there and have registered at their forum as well. I don't think that Netscape is that outdated, i have heard lots of people complaining it to be "slow" and whatever, well none of that here.... compared with IE, my Netscape is a well-greased lightning bolt, and i never ran into any problem with sites not willing to open or Java crashing or whatever. I am using the current version since half a year or so, and never cought a trojan, virus etc... never been hijacked (yes, i DO visit web sites known for doing that) and therefor, i wish to keep Newtscape at least untill i really tested Firefox.

Hence, as long as i didn't find a way to have them both on my PC, Firefox will be left out.........

Kind regards

Thanh

I have had all 3 on at one time and don't see why you are having aproblem installing firefox.The more popular firefox becomes the more proplems it will have just like IE! Sometime in the near future someone is going to make a big money offer and it will be SOLD :)just like netscape was !
I would suggest deleting the setup and downloading it again to your deskto and run the install from the desktop .Firefox Download

boot to safe mode to empty the temp folders ,
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

following the fix instructions in the other post fix these,,
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\bundle.exe
the next one is
Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

,,,,,,,,,,,,,,,
You need to empty the temp folders as suggested above ,
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !

O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll

O4 - HKLM\..\Run: [lhzuoznszg] C:\WINDOWS\system32\hmktauvn.exe

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\system32\hmktauvn.exe,,,,,delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

THANX ILL TRY IT OUT TY SO MUCH

If you don't allready have Service Pack 2 you should download it or get a copy first ,to install before you go on the net after the reinstall because you will get nastie viruses before you get a chance to get to windows updates .

Caperjack,

THANK YOU so very much. Your suggestions FIXED the problems!!! Yeah. I truly appreciate your help.

To Comatose and everyone else, thanks for your patience and all your help. :D

Glad to have helped :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

   See this link for a listing of some online & their stand-alone antivirus programs:

   Virus, Spyware, and Malware Protection and Removal Resources

2. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
3. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

   For a tutorial on Firewalls and a listing of some available ones see the link below:

   Understanding and Using Firewalls

4. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to …

Most Hijackthis help sites will not even help you untill you do windows updates ,so I think you should at least go and get the critical updated if you haven't all ready .
,,,,,,,,,,,,,,,,,,,,,
Also a trip to windows updates ,This Way Please .And have a Safe Trip !!:)
WINDOWS UPDATES

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll

O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe

this is not bad but is not need at startup and is a rescource hog !
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Real-time Monitor.lnk = ?

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

Fix this unless you set it up youself!

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

I find some fixing this ,givin that you are taking to the sony site i would fix it .
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\enhupdt.exe,,,,,,,,,,,delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

I got mine setup tighter than a drum and can download form both ,Go figure !!

When i click on your killbox link i get a redirect to bleeping computer and an open ie page. seems to be running but no down load forthcoming. I went to and joined bleepingcomp. and tried to download killbox but got the same blank, running page. anything else i can do to dl killbox?

Try downloading it from here
http://www.downloads.subratam.org/KillBox.exe

I cant get the killbox to download!!! what next?

:(

EDIT: Sorry MIsss Read your post .

They keep messing with the page that has the qoologic.zip :(. I will upload it for you.
Yep. Enable all in Msconfig, then reboot and post those logs.
I'm off to bed. 2 am here, 2005. Happy new year :D.

Happy New Year Crunchie!!!

when you check them in hijack you need to then click on FIX Checked .
and you need to delete the files in safe mode that DMR suggested you delete.

Then , download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of calsp.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Ok you say you have spy-bot ad-aware and cwshredder ,i think its now time to run them, and clean some of that mess up! and then post a new log .please follow this
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Hi! To start with I would like you to do this

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.

Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to …

First you may want to setup Ad-Aware here is how to .after setup reboot computer inSafe mode and run ad-aware ;
Reboot to SAFE run ad-aware
How to start computer in safe mode
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list.

Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window.

1. In the ‘General’ window make sure the following are selected:
• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under ‘Click here to select drives + folders’, choose:
• All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

4. Click the ‘Tweak’ button and select:
• Under the ‘Scanning Engine’:
• Unload recognized processes during scanning
• Include basic Ad-aware settings in logfile
• Include additional Ad-aware …

post you hijackthis log if you wish!:)

Thanks again Caperjack :cheesy:
i installed the spyware blaster & Guard, and hopes this will help for some time
I also gonna try to keep all things updated ON TIME.

i never really had any serious problems so far, so i thought everything was OK,
seems that i was mistaken

anyway A BIG THANK YOU :D :cheesy: :D

You are welcome ,glad to be able to help .don't forget to update those 2 programs regularly !

looks ok to me ,You might want to check out the info here ,

Edit Computercops site is down

check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
when all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
I you get the missing file MSVBVM60.DLL error download and install this ,
http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98ME/EN-US/vbrun60sp5.exe

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [Sys29] C:\WINDOWS\SYSTEM\WINPDN32.EXE

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\SYSTEM\WINPDN32.EXE.............delete thid file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Format It ! I would have by now !:)

TRy unchecking it reboot computer and go back in a check it again and reboot computer again ,see what happens

Just want add that when you run hijackthis you are suppost to have all windows closed including ,IE ,this shows that you have browsre windows open when you ran the scan .

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

What DLL files are you getting on startup!!!
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

F2 - REG:system.ini: Shell=Explorer.exe winsock.scr

I suggest fixing all of these 016s'as they will come back when you need to go to the site the next time .

O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab

reboot computer and post a new log

Hi ,I use Norton and not Trend micro ,but im sure there must be something in it settings /or options to set to auto protect or run at startup .

check in Start/Run /MSCONFIG/startup and see if whom ever fixted the computer unchecked it to keep it from running .

Go to C:\WINDOWS\INF\sr.inf and right click it. Select "Install." That usually fixes things with SR

The above is from the link in the other post you mentioned you were at .

The INF folder is a hidden folder !
Show hidden files & folders

Try this Trojan Scan , full working 30 day Demo.
http://www.misec.net/trojanhunter/

Please run one or both of these free online Virus scan

http://housecall.trendmicro.com/housecall/start_corp.asp

Check auto clean with the trendmicro

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Then post a new hijackthis log again ,thanks

Please Download CWShredder from HERE Reboot to SAFE mode to run swshredder. Press the "Fix Button" Let it fix all variants.

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot ,should also be run in safe mode

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it …

This is a help fourm ,not a chat fourm ,you will have wait for a response!!
You should be able to open Symatic and edit it to allow these programs to have axces to the net !
Chec kNortons site .
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2001080113323336?Open&src=&docid=2004101207033236&nsf=nip.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

http://www.computerhope.com/issues/ch000365.htm

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prmd_stp_hwpg.asp

Mine works and I have SP2 so i don't think it that !
Try deleting you Temporary internet files.

I just read that if you have a shortcut to notpad on you desktop or in you Quick launch it can cause this ,so i copied a shortcut to notpad to my desktop and i can no longer view source!!

Try system restor back to earlier date ,or try botting to XP disk and run the Repair .

Never heard of it before but a simple google search on "track changes on"found this .
http://www.shaunakelly.com/word/trackchanges/HowTrackChangesWorks.html

Glad to hear you got it fixed ,now can you come here and fix this old IBM ,thats driving me nuts

Ok, my goal now is to get this to work on my current level of W98, or to find a cheap Win98SE update.

I saw in another forum that may be able to use a WinXP driver to get around this problem, but need more understanding. Does anyone see this as a good solution?

Thx.

Bob

I assumme you have been here but ,if not it might help!.
http://h10025.www1.hp.com/ewfrf/wc/document?product=95211&os=20&lc=en&cc=us&dest_page=softwareCategory&tool=softwareCategory&dlc=en&docname=c00045244

Try this/
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q185/5/01.ASP&NoWebContent=1

If you don't find any viruses ,I would try this ,go to control panel , add & remove programs /,add & remove windows components ,accessories and uncheck paint if it checked ,ok you way out then go back in and reinstall paint .

The first computer I had 98se on was a p166 32 megs of ram use it for about 4 yrs.
I wouldn't put xp on it if i were you .
As for upgrading to 98SE all you need is a 98SE disk and from the boot disk run setup making sure to install it in the c:\windows folder,so that it over writes the win98 ,[not the c:\windows000 folder that it might choose] and install it over the 98 version .I have done this on numerisous ocations with 95 and 98 .

Get rid of Windows ME and get a real OS!!

Ok Thank you so much!

Your welcome :)

I can't get Mario Teaches Typing 2 to work it does the the title movie thing and I think freezes befor that it says youu may want to change to 256 color. Can some one please help.

Assumming you are using winxp,Right click on the Mario icon ,go to properties ,compatiability and check off run in 256 colors .

no comments with your log ,did you run the peper fix and if so did it make any difference ,all the file that the fix should have removed are still in you log !!

Hi, you have a Peper infection

Download the removal tool :

http://downloads.subratam.org/PeperFix.exe

Make sure you are connected to the net and run it. If asked by your firewall for permission to access the net, please grant permission.

Reboot and run it a second time while connected to the net.
.....................................

Then , unzip hijackthis to a folder of its own like c:\HJT\hijackthis.exe

then reboot computer again,
and make sure all windows and browser windows are closed and run hijackthis again and post a fresh log .