Avast WEBforum
Other => Viruses and worms => Topic started by: kristin on October 22, 2006, 01:36:34 AM
-
I know this might not be the place to ask for help, but I dont know where else to go :-[
I posted in the annoyances.org forum, but Ive had no relplies.
Im feeling desperate.
Last night was a nightmare. I was attempting to "fix" and help my boyfriend with his laptop, by installing avast (his Norton trial had expired and he had no antivirus software on his computer. Earlier that day he said a popup had appeared saying a worm was found.) I just recently installed avast on my computer (desktop) and everything worked very smoothly for me.
Once I installed it, I began to scan his computer. Only to find 17 viruses. It wouldnt let me move them to the "chest", I got an error message every time, Im not exactly sure what it said, but I attempted to move each one to the chest as the scan went on but none of them would work, and being the idiot I am, I permanently deleted them (not sure if this was the problem or not). There was a warning saying a Trojan was found in the operating systems memory, and advised me to restart to boot into the scan that preforms before your computer loads // sorry Im not sure of the exact wording, or the name of this scan. Only it said I couldn't preform this action, something about the client wouldn't let me. So, I bypassed it and continued with the rest of the scanning. Once I deleted everything though, I realized I couldn't connect to the internet =\ After restarting his computer the program boot me into the "blue screen scan", before the computer loaded, I let it do its thing, and once it the computer started I had major hangs. I couldn't even go to my computer > network settings. It would freeze every time, causing me to restart. I still couldn't connect to the internet.
I started to panic. Avast was causing me to lag, 5 or 6 popups would all come at once saying my firewall was blocking the mail support, I didn't know what to do. It seemed that ever since I deleted all those viruses/ad ware/Trojans - you name it, he had it... the computer when crazy. So I checked to see if there was a backup/recovery in avast but couldn't find anything. I freaked out, and I attempted to remove avast all together. Which was very difficult, seeing my computer would freeze every time I went into the control panel. After, numerous tries I eventually got avast off his computer. I began to wonder if I had made a big mistake doing this? So I did some googling on the desk top downstairs to find things such as this: http://www.avast.com/eng/virus_detection_and.html
all those win32.(s) look familiar, did I delete things necessary to run his computer? Im not sure what to do now? I think the only reason he hasnt killed me yet, is because the laptop was bought from a friend (its about 3 years old and filled with junk), and he originally wanted to wipe the thing clean and start over, but I posted to the annoyances.org forum and from the advice of people there decided against a clean install because Im not sure about the drivers and all the wireless stuff, where to find them // if Id run into a ton of problems.
But now he has no internet connection.. and its my fault. I already tried going through each and everyone of the steps found here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=430816&prodTypeId=321957&prodSeriesId=430816&objectID=c00055392 Still cannot connect to the internet. There is two icons in the tray, next to the clock. One says limited or no connectivity, the other says network cable unplugged. Please, any advice to help me fix this would be GREATLY appreciated.
Like I said, I know this might not be the forum to post this in, because I dont blame avast, the program is wonderful and was just doing its job. I just think the computer is severely infected. The only program, besides the mcAfee firewall, he has on the computer is Spybot, which I put on their last night as well, and ran today. There was 31 problems found, and 31 problems fixed.. but still no luck on the internet connection.
Also
In case its important : His laptop is a Compaq presario 2200 - with windows XP
Our desktop is a Dell Dimension E310 - with windows XP
Cable Modem - Motorola Surfboard SB41000
Wireless Router - D-Link DI-624
and when I was checking out his network settings, neither the motorola or the D-link was shown , 2 other local area networks appeared that I never heard of..(limited or no connectivity & network cable unplugged) But I dont know much about wireless so that might be normal?
THANKS to anyone who can help
-
:) Hi :
WHICH Windows XP ? Professional or Home Edition ?
Is there an "additional" "SP1" or "SP2" next to
Win XP ? If yes, which one ?
And EXACTLY what did you do to "remove" Norton
from his computer ?
-
Hi kristin,
With a badly infected computer, there is never any guarantee that it will be possible to clean up the system without leaving it unstable. If you still want to try, I suggest you work through the steps in this guide very carefully:
http://www.wilderssecurity.com/showthread.php?t=50662
On an unstable system, I would substitute Trend Micro Sysclean at step 10/14. This is a stand alone virus scanner which doesn't need to install.
You can find download links here:
http://www.geocities.com/dontsurfinthenude/antivir2.htm
Sysclean runs safely is safe mode: you may get a warning from the system before running in safe mode, but you can go ahead with the scan without any worries.
You will find a section at the end which addresses your internet connection problem:
internet connection has been broken
If you work through these steps and you a left with an unstable system, a reinstall may be the only option. You may be able to download drivers and software you need from company websites.
If the computer seems stable at the end, you can reinstall avast!
Please then read the page linked to at the bottom of the above guide which should help you avoid reinfection:
Securing your Computer when it is Clean
-
Spiritsongs : Thank you for the response. Im not sure how to reply directly to you, or if Im doing this right, but Im new to the forum ??? so bare with me, please :)
He's running XP Home Edition on his computer.
Its funny you ask how I uninstalled Norton because I didnt even mention that I did that.
When I tried to install Avast the program told me Norton was already installed on his computer and may cause problems? The two of them working together? I think thats what happened. Im really sorry, Ive been doing so much installing/uninstalling lately that its hard to remember. Im not sure if that was my computer (the desktop Im currently on) that I got that message on. But Im PRETTY sure it was his. But I did for a FACT uninstall Norton from his computer that day. I went to add/remove programs and uninstalled it, but I know its not completely gone from his computer because theres still a pop up every time I start his computer from Norton saying that I have no anti virus software "what to do about this" and such.
I just dont know what to do. I was just trying to help him. I know avast is a good program, and I know his computer is infected with viruses... but some how I lost all internet connection. And every day I promise him Ill get it fixed.
Not to throw this out there and to sound stupid, but would it be possible to try a system restore? I dont know much about it, Ive never used it before. And he just recently bought this computer.. about 5 weeks ago. So I really have no idea where the restore point will take me. But could it maybe give his internet connection back, so that I could start over. I keep telling him that his computer was infected and we both know it was, but atleast he could browse the web. :-X Now he says it makes a fancy TV tray (to eat off of) .. I feel horrible.
-
FreewheelinFrank, thank you for all the links.
I looked through them though, and it seems that I would need an internet connection to do these steps? (He doesnt have an internet connection)
I know I messed up. I didnt realize his computer was so badly infected until after the avast scan. Since I dont know much about what happened that night or why he lost his internet connection it just feels to me like I "woke up the viruses" that theyre blocking me from everything now.
I will do it the right way next time though, so thank you again.
If I cant come up with anything/ a solution to the internet problem.. in the next couple of days, I will start searching for every thing I need for a clean install on his computer.. do you recommend any websites for this? Or just type in the name of his computer.. do a search and see what I come up with?
I really know nothing at all about drivers and wireless, all Ive dealt with was buying a computer plugging it in, and there you go. The wireless router hookup was my biggest challenge so far.
I just wish I could fix this for him. :-\
-
If you've deleted spyware sitting between the computer and the internet, I doubt you'll get a connection back with System Restore.
Better to follow the advice I mentioned above:
You will find a section at the end which addresses your internet connection problem:
internet connection has been broken
-
If you can't get a connection, you can always download the programs on another computer and burn then to a CD: don't forget to download the latest definition files if applicable.
But the advice above may restore you connection anyway.
-
Unfortunately there really isn't much to go on without an indication of what malware was detected and dealt with, but there is a possibility that it could have been something like NewDotNet which gets entangled with your connection settings and removal could cause this issue with connection.
Now this is a guess that it might be something like NewDotNet, but trying this should do any harm certainly you shouldn't be any worse of.
Lost Internet Connection - To recover you internet connection, try downloading and running WinsockXPfix: http://www.snapfiles.com/get/winsockxpfix.html
NEWDOTNET - Check out this topic http://forum.avast.com/index.php?topic=21608.0
No need to do all of this. For XP SP2, try Windows Start button, Run, type 'netsh winsock reset' without the quotes - this should be enough to fix the issue.
-
FreewheelinFrank :
I have off of work today, so I am trying to steps you listed above.
I burned the installation files for all the programs listed on www.wilderssecurity.com onto a CD and put them onto his computer.
The only problem Ive run into so far, is that Step 1 on here
http://www.wilderssecurity.com/showthread.php?t=50662
the wilders.org site will not load for me. (to get an antivirus program)
So I downloaded the AVG trial here
http://www.grisoft.com/doc/trial/lng/us/tpl/tpl01
I would have used avast again, but I didnt know if I should try using that program again this soon.
I took off system restore, and booted into safemode, and began running AVG, the scan is taking forever, there must be a ton of files on this computer. I was 45 minutes into the scan, and the computer powered off, battery died. :-\ I plugged it into the wall, and Im now attempting the scan again.
Something I noticed though, while booting into safemode, the log on screen. There is administrator, and also Dan (my boyfriend's log on names), but when starting the computer in normal mode there is only Dan's account and "guest" ..
Ive also noticed, that when searching files, the computer's previous, previous, owner's name "James G. Stephen" is all over the computer. .. is there a way to change this. To delete his name from the computer? I know this is a minor detail, and Im not too worried about it now. Since I have no internet connection anyway, and might end up doing a clean install.
Also.. (sorry I know Im full of questions)..
I was reading this
http://forums.techguy.org/windows-nt-2000-xp/499568-guide-reinstall-windows.html
to try and educate myself on how to reinstall XP
and I realized we dont have a re installation disk, or any of the information about this laptop.
It was bought from a friend he works with, and had another previous owner even before his friend, the "James G. Stephen" guy..
Its a hand me down. Is a re install going to be even more trouble?
Do you have any recommendations?
-
DavidR :
I tried the advice you gave me : Windows Start button, Run, type 'netsh winsock reset'.
That didnt work :-\ so I downloaded WinsockXPfix and ran that. It said the process was completed, when I went to close it, it said "program not responding" and it did not fix it either.
Thank you for trying though :)
-
As I mentioned before, Trend Micro Sysclean is a much better bet with an unstable computer because you don't need to install it- installing a program on an infected computer can leave the program unstable itself.
When booting into safe mode, choose the administrator account.
If AVG does finish a scan, I would still recommend scanning with Sysclean.
Then scan with the other programs recommended in the wilderssecuity.com link.
You may find that the system becomes more stable and responsive, or you may find that malware has damaged the system to the point that it remains unstable, in which case reinstalling the OS is probably the best option.
Computers usually come with a recovery disc which will restore the hard disc to factory settings.
If you don't have this disc, life will be difficult if you need to reinstall the OS!
For the moment, your best option seems to be to carry on with the cleaning process and see if you have any luck.
It is possible to change the name used to set up the computer. I remember seeing a program which offered to do this. If I remember what it was, I'll post it. I'm sure it's also possible to do this by mucking about with system settings, but I've never tried it myself. Maybe somebody else can help you.
-
:) Hi Kristin :
Your boyfriend's computer was "messed up" BEFORE you
attempted to counter his total disregard for protecting it;
based on his "attitude", perhaps it would be best not to
have him be able to access the net, since it would be
shortly "infected" thereafter !? Perhaps it would be best
to keep it as a "fancy TV tray" !?
-
Spiritsongs:
No, no ???
its nothing like that at all.
He doesnt have the wrong attitude. He just bought the computer about 5-6 weeks ago, there was no indication that there were viruses on the machine. When he first got it, he told me he wanted to do a clean install, because of the general condition its in. Cluttered. And the fact that it was owned by at least two other people (that I know of) So I posted to annoyances.org, about doing this. They told me Id run into trouble since I didnt have the disks/drivers/wireless cards, and because of my lack of knowledge of the subject. He does have a McAfee firewall, and he did have norton, for an antivirus. The trial for Norton went up the night that I downloaded avast. I didnt know that he had McAfee on his computer, because sometimes it loads on start up, other times it doesnt. So I was going to install Zone Alarm on his system, because Ive always used that firewall, and trust it. Once I noticed that he did infact have McAfee, a purchased version of it.. Im assuming, since there is no indication of it being a trial. I left it alone. With his concent (he doesnt know as much about computers as I do - we live together and have a desktop, but he NEVER uses it, other than to check the weather on occasion - the laptop was his first computer, and dont you think he deserves a chance to learn?) he told me to "do what I thought was best", so I downloaded avast, and ran the scan. Thats when I came to this forum, because within the time that I downloaded avast, and removed Norton (which I thought I did, but I guess I didnt) -- something went wrong. He has no internet connection. And because when I ran Avast, and ran spybot for the first time, and saw all the viruses on his computer I know that it was messed up before I ever even touched the thing.
It was just a step by step process. I would have eventually helped get his computer to a stable point. And I would have taught him how to take care of it..
only now he doesnt have an internet connection. When he says things like using it for a fancy tv tray, its a joke. Hes not really blaming me. I just want to fix it for him.
Because he did pay for it. $400, for a used piece of crap, obviously.. but still.. he paid for it.
-
okay, so this is where Im at.
I ran the antivirus program, I ran stinger, I ran the anti Trojan program, I ran spybot.
No Viruses were found using any of these programs.
I ran Adaware
The Scan Summery was:
8 MRU
48 Tracking Cookie
3 Broadcast PC
1 Coulomb Dialer
Under critical objects was a bunch of tracking cookies
type : IE Cache entry
object: Documents & Settings\Guest\Cookies\Guest@
and a whole bunch of different locations (48 of these)
type: file
category: Dialer
Object: C:\program files\online services\people pc\utilities\atl browser.exe
Name: Broadcast PC
(3 of these)
Under Negligible Objects
Type:MRU list
Description:List of recently opened documents
most recent applications to use microsoft direct3d
most recent applications to use microsoft direct3d
most recent applications to use microsoft directx
most recent applications to use microsoft directx
most recent applications to use microsoft directdraw
Windows Media SDK
Windows Media SDK
I removed these
and ran VX2 Finder (ive never used this program before so Im not sure what Im supposed to do)
it said :
Files Found ---
Guardian Key --- is called:
UserAgent String
SV1
So I clicked on Useragent$
and it asked "Delete the user agent string?"
I clicked cancel.
Clicked on Restore Policy
"This will reset the SeDebugPrivilege for administrators, if you already removed the VX2.Better Internet Files using recovery console."
I clicked cancel.
Because Im not sure what that means?
The next step is to boot into normal mode. I still dont have an internet connection.
Should I try the Winsock XP Fix again, should I do this in Safe mode.
I still havent tried to delete the corrupted registry keys - do I do this in safe mode or normal.
Thanks again, for anyone who is still trying to help me
-
IT WORKS!! ;D
I did the Winsock XP Fix again in safe mode, and when it rebooted.
Internet connection is there !!
Thank you so much FreewheelinFrank for all your help.
You are my new Hero ;)
-
Congratulations you did well!
Cookies are not a serious problem: no need to worry about them.
MRU's are nothing to worry about.
Looks like Ad-Aware found one dialer: not something you want on a dial-up connection because it will connect to a premium rate line: that's been deleted.
Doesn't look like VX2 Finder found anything: I think you did the right thing to cancel it.
If you have an internet connection, update Ad-Aware, Spybot, your AV program and the anti-Trojan program and scan again- these things often find more the second time around.
Ten can you post a HijackThis! log please? This will let us see what is running on your computer and check there is no malware left.
http://www.bleepingcomputer.com/tutorials/tutorial42.HTML
-
thank you! ;D
You have no idea how happy I am right now.
I updated all the programs I put on here today already, and scanned the computer again. Found some more stuff, mostly the same thing as last time : cookies and MRU's
Looks like Ad-Aware found one dialer: not something you want on a dial-up connection because it will connect to a premium rate line: that's been deleted.
Im using wireless though?
Anyway, I already posted a HJT log at
http://www.techspot.com/vb/menu28.html
would you like me to post it here too?
I figured this is the avast! forums, that Id better not bother people here with a HJT log.
The link you left at the bottom said 404error : Page not found
:-\
thanks again. for everything.
-
Try this link, http://www.bleepingcomputer.com/forums/tutorial42.html.
Since you have already had a prompt response at the TechSpot forums http://www.techspot.com/vb/showthread.php?t=61538, which have indicated two items that need fixed (correctly), I would say stick with them unless you have problems. The above bleeping computers tutorial link may help you with things they may talk about. I would have looked at you log file but as a guest at their forums, I don't have permission to open it.
-
David I dont mind a second opinion. I havent had any troubles after the removal of the things he said remove.
Everything seems to be doing really well actually.
But if you'd like to take a look, by all means. Hope copy and paste is okay. I dont see a way to attach a file ?
This was done just now, after I fixed those other 2 things.
Logfile of HijackThis v1.99.1
Scan saved at 5:12:34 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\AOL\1109013133\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109013133\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx460035df\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Smckwntsssii - SMC - (no file)
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA02D Shared\Service\Software Jukebox v2.0 Service File.exe
By the way, I was wondering, we dont use AOL at all, removing it from the computer shouldnt cause problems should it?
-
Well firstly I see multiple AVs installed and neither of them are avast ?
Having two (or more) resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.
Have you uninstalled avast ?
Aside from the multiple AVs there doesn't apear to be any major issues, you should be able to fix the AOHell entries if as you said you don't use it any more. However, you have an AOHell running process:
C:\Program Files\Common Files\AOL\1109013133\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109013133\ee\AOLSoftware.exe
Since I have never used AOHell I don't know how to get rid of it completely.
-
multiple?
hmm, well I did uninstall avast the night that everything went wrong. It was causing my computer to lag, because a pop up kept appearing saying the mail support wasnt turned on or something along those lines, multiple popups, all coming at once, saying the same thing, and I couldnt go into my computer > network settings and such because of all the popups, I was more concerned with the loss of the internet. I installed AVG today because I was following the steps in a link FreewheelinFrank gave me and step one was to have a antivirus software installed, I didnt know if I should go back to avast yet, since I didnt know what the problem was to begin with.
I dont know what the other AV could be. I completely uninstalled Norton earlier.
I will eventually go back to avast, I have it on my other computer, Im just scared right now. Even though its uninstalled its still listed in My Programs. Im scared of more problems. I just want to enjoy a computer thats running for a bit.
AOHell is listed in my tray, it runs on start up waiting to be used, but I dont use it and I dont want to, the previous owner must have.
I used to have Aol on my old computer, and Im convinced it messed my IE up, so I wont go back to it. I already tried removing it from add/remove programs, but it seems to be all over my computer.
Thats fine if you dont know how to remove it, Ill look around.
Thanks again.
-
Sorry I just saw the McAfee stuff and wasn't sure if it was AV and Firewall.
I didn't know if I should go back to avast yet, since I didnt know what the problem was to begin with.
Well who has been helping you through this, I know one thing for sure you don't get this kind of support with AVG free.
I assume we are still talking about your brothers system, but installing avast on an already compromised system and one that also had Norton on it is a risky business. Getting rid of the remnants of Norton can be as difficult as getting rid of a virus and remnants can have a huge potential for conflict, which can have avast disable elements of itself to avoid this potential, this might have been what you were seeing in avast not working fully.
The NAV add remove programs uninstall often leaves remnants as many posts in the forums attest. A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=)
You can also download SymNRT, a Norton uninstall tool (http://fileforum.betanews.com/detail/SymNRT/1125124391/1) that uninstalls all Norton 2004/2005/2006 products and run this off-line.
Sorry I'm coming to your party a bit late and playing catch-up, Spiritsongs asking how you removed Norton is really related to what I have given above as the add remove programs uninstall often proves insufficient and can cause conflict with avast!. You need to go hunting the registry entries, etc. this is what the SymNRT removal tools do.
-
:) Hi Kristin :
Concerning using Ad-Aware in the future : the Ad-Aware
Support Forums recommend UNCHECKING the "Search for
negligible risk entries" Setting AND CHECKING ( turn the
red indicator to green ) the "Search for low-risk threats"
Setting just below it; this is so the no-threat "MRU"s do
NOT appear in the "Scan Summary". ALL "critical objects"
found by Ad-Aware should 1st be "quarantined", UNLESS
they are "tracking cookies" and/or "Alexa", which can be
directly "Deleted". 48 Tracking cookies in your scan
results indicate a cookie "problem", best "controlled" by
using a "cookie manager", such as the GOOD & FREE
"Cookiewall".
To learn HOW to better use & understand the program,
click the "Help" tab in the left column of the GUI. Info on
"removing" "critical objects" is found in the "Performing
your 1st scan" topic, which is listed under "Getting
started".
Nowadays, it is best to have a program "geared" to
detecting & quarantining trojans, worms, etc and the
FREE ver of "SUPERantispyware" from :
www.superantispyware.com is VERY GOOD.
-
I actually recommended a stand alone virus scanner because avast! was unstable:
On an unstable system, I would substitute Trend Micro Sysclean at step 10/14. This is a stand alone virus scanner which doesn't need to install.
avast! was unstable because it was installed on an infected system (I guess). If you want to uninstall AVG and install avast!, it should function correctly now.
You can also uninstall Trojan Hunter now.
You could try a registry scan with TuneUp Utilities (free working trial) after uninstalling AVG and before installing avast! again. This should clean up any registry problems causing errors or instability.
http://www.tune-up.com/
You need to download the latest version of Sun Java, as you are running an old version which can be exploited by malware.
Download the latest version here:
http://www.java.com/en/download/index.jsp
Then go to Control Panel>Add/Remove Programs and remove all older versions of Sun Java (This is important!).
-
TuneUp is also the program I was thinking of which will allow you to easily change the name Windows is registered to:
(Mine is registered to the shop I bought it from, something I never bothered to change.)
(http://donaldbroatch.users.btopenworld.com/registration.jpg)
Customize & Analyze>TuneUp SystemControl>Administration>System>General
You will need to scroll down to see the administration window on the left.