Author Topic: "AVAST CONNECTION TIME OUT". A VIRUS ?  (Read 16779 times)

0 Members and 1 Guest are viewing this topic.

grunewald

  • Guest
"AVAST CONNECTION TIME OUT". A VIRUS ?
« on: December 27, 2005, 12:35:54 AM »
I keep getting annoying pop up messages continuously like the following:

avast! connection timeout
Internet connection timeout elapsed. Continue waiting ?

(winlogon.exe -> mta-v1.level3.mail.vip.mud.yahoo.com:25)

YES - NO


The address bit (after winlogon) is different every time.
In addition my browser is slow and there is a strange looking blue screen in my task bar that displays those strange addresses when the mouse is placed over it but it is not clickable.
I had a virus incident earlier and avast identified some.
But there was another process called "sywscvs.exe" which is known to be malware and it was appearing in the popup screen in place of "winlogon". This one I terminated and deleted but the problem continues.

I don't know what settings to modify and I believe it is a virus (that cannot be handled effectively by avast).

At one stage the computer shut down, after winlogon tried to access something like an illegal memory.

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #1 on: December 27, 2005, 02:09:40 AM »
that blue screen looking like program is also shown in "control panel - taskbar properties" and it keeps chaning name continuously !

timcan

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #2 on: December 27, 2005, 02:23:21 AM »
grunewald,can you get avast to do a boot time scan?

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #3 on: December 27, 2005, 03:00:18 AM »
I tried adaware and it removed something.
When I rebooted the machine the blue thing was n't there but it came back a little afterwards.
I start boot scan in the morning - can't tell it's going to complete without crash.
May be it needs hijack and some other removal tool associated with it - I used to have those.

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #4 on: December 27, 2005, 12:22:34 PM »
I did boot time scan and nothing showed up - problem remains

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #5 on: December 27, 2005, 12:48:24 PM »
HIJACK LOG
----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:45:55 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\MSSQL\BINN\SQLSERVR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\LSASS.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Temp\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosmicway.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\system32\msjcf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134350571345
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #6 on: December 27, 2005, 04:02:58 PM »
This is an on-line analysis of your log file http://hijackthis.de/logfiles/2c36856b32aa201ed22663c144830f31.html there are a couple of Unknown entries and 1 classed as Nasty, they can also be scanned via the site. A handy bookmark for the future http://hijackthis.de.

Fix these
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\system32\msjcf.exe
See http://www.bleepingcomputer.com/startups/MSOffice32-13683.html

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
See http://www.liutilities.com/products/wintaskspro/processlibrary/sywsvcs/

Nasty
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
See http://www.bleepingcomputer.com/startups/Shell-12302.html
« Last Edit: December 27, 2005, 04:04:32 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #7 on: December 27, 2005, 09:45:39 PM »
Deleted the above files from safe mode, using "autoruns" - the stuff reappeared nevertheless.

The new hijack log file:


Logfile of HijackThis v1.99.1
Scan saved at 10:53:26 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\MSSQL\BINN\SQLSERVR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Temp\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosmicway.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134350571345
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

« Last Edit: December 27, 2005, 09:54:57 PM by grunewald »

..::ReVaN::..

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #8 on: December 27, 2005, 10:17:18 PM »
Your HijackThis log is clean.Have you tried these online scanners? Trend Micro Housecall , Bitdefender online scan , Kaspersky online scan

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #9 on: December 28, 2005, 01:42:33 AM »
I will try those scanners now.
Tried spybot also but it says "nothing found".

What about winlogon.exe ?
That's the one appearing in the Avast message as well.

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #10 on: December 28, 2005, 10:54:46 AM »
Kasperski found 15 viruses but he 's not removing them
-----------------------------------------------------------------------------

Number of viruses found: 15
   Number of infected objects: 55
   Number of suspicious objects: 0
   Duration of the scan process: 10447 sec

Infected Object Name - Virus Name
C:\Documents and Settings\nick\Local Settings\Temp\782.tmp   Infected: Trojan-Proxy.Win32.Agent.hs
C:\Documents and Settings\nick\Local Settings\Temp\a.exe   Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Documents and Settings\nick\Local Settings\Temp\jav1.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav2.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav3.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav4.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav5.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav6.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav7.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav76B.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav8.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav9.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\javA.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\javB.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\javC.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\javD.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\8R4JQHGV\1[1].htm   Infected: Exploit.HTML.Mht
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\8R4JQHGV\mng[1].exe   Infected: Trojan-Proxy.Win32.Agent.hs
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\8R4JQHGV\ms1[1].txt   Infected: Trojan-Downloader.Win32.Tiny.al
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\SDUFSDIJ\kl[1].txt   Infected: Trojan-PSW.Win32.Agent.bu
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\SDUFSDIJ\tool3[1].txt   Infected: Packed.Win32.Klone.b
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\UN4TQDO7\free[1].anr   Infected: Trojan-Downloader.Win32.Ani.c
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\UN4TQDO7\loaderadv470[1].exe   Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\UN4TQDO7\paradise[1].raw   Infected: Packed.Win32.Klone.b
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\UN4TQDO7\toolbar[1].txt   Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\YDML4PC7\country[1].htm   Infected: Trojan-Dropper.Win32.Raven
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\YDML4PC7\drsmartload[1].exe   Infected: Trojan-Downloader.Win32.Adload.l
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\YDML4PC7\hosts[1].txt   Infected: Trojan.Win32.Qhost.el
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\YDML4PC7\tool1[1].txt   Infected: SpamTool.Win32.Mailbot.o
C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\YDML4PC7\xpladv470[1].wmf   Infected: Trojan-Downloader.Win32.Agent.acd
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP104\A0014216.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014264.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014277.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014287.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014305.exe   Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014311.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014417.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014424.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014440.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014452.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014464.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014476.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP105\A0014489.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP106\A0014544.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP106\A0014550.sys   Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP106\A0014552.exe   Infected: Trojan-Dropper.Win32.Raven
C:\System Volume Information\_restore{A58A4824-291E-490A-8270-91BA662BA92F}\RP106\A0014556.sys   Infected: SpamTool.Win32.Mailbot.b
C:\WINDOWS\country.exe   Infected: Trojan-Dropper.Win32.Raven
C:\WINDOWS\hosts   Infected: Trojan.Win32.Qhost.el
C:\WINDOWS\kl.exe   Infected: Trojan-PSW.Win32.Agent.bu
C:\WINDOWS\ms1.exe   Infected: Trojan-Downloader.Win32.Tiny.al
C:\WINDOWS\system32\paradise.raw   Infected: Packed.Win32.Klone.b
C:\WINDOWS\tool1.exe   Infected: SpamTool.Win32.Mailbot.o
C:\WINDOWS\tool3.exe   Infected: Packed.Win32.Klone.b
C:\WINDOWS\toolbar.exe   Infected: Trojan-Downloader.Win32.Adload.j

Scan process completed.

..::ReVaN::..

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #11 on: December 28, 2005, 11:41:05 AM »
First you'll have to disable SYSTEM RESTORE and clean it out(if you don't know how click HERE and read my post i posted screenshots on how to do it) also clean out your temporary internet files, then run Kaspersky online scanner again except this time click CLEAN INFECTIONS(or something like that i don't remember what it was since it's been a long time kaspersky detected an infection with me) after the scan is finished OK?
« Last Edit: December 28, 2005, 11:48:23 AM by ..::ReVaN::.. »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #12 on: December 28, 2005, 01:38:41 PM »
These and some others are also in Temp so you need to clear all temp locations.
Quote
C:\Documents and Settings\nick\Local Settings\Temp\782.tmp   Infected: Trojan-Proxy.Win32.Agent.hs
C:\Documents and Settings\nick\Local Settings\Temp\a.exe   Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Documents and Settings\nick\Local Settings\Temp\jav1.tmp   Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\nick\Local Settings\Temp\jav2.tmp   Infected: Trojan-Spy.Win32.Hsow.d
It is helpfull to periodically clear out the temp folders, before a major scan as this will remove the need to scan many files in temp locations. Here are a couple of tools to help with that ClearProg - Temp File Cleaner or CCleaner - Temp File Cleaner, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #13 on: December 28, 2005, 07:06:53 PM »
***

You can also use Internet Sweeper to clean out your temp. files as well as history, etc. You can set it to clean what you want to be cleaned. Internet Sweeper can be set to clean each time the computer is started.

http://www.geocities.com/Internet_Sweeper/

Hope this helps you.    :)


***

grunewald

  • Guest
Re: "AVAST CONNECTION TIME OUT". A VIRUS ?
« Reply #14 on: December 29, 2005, 12:19:18 AM »
Used Kasperski free trial and it deleted some 20-30 viruses, including the offending msctl32.dll (using the delete at start up option).
I don't see the avast related timeout message now but unfortunately the spam machine came back to life.
It does n't have a name either, but its icon looks like a grey monitor with a bluo screen (is it called etowin ?).
Also when I ran Kasperski for the first time, I left it unattended because it was taking long and the pc crashed with a "winlogon" error screen.

re. disable system restore - ran kasperski in safe mode and it does n't allow

Is avast now capable to deal with the situation ?

--------------------------------------------------------------------------------------------------------------------
Below is the new hijack logfile:

Logfile of HijackThis v1.99.1
Scan saved at 1:19:03 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\MSSQL\BINN\SQLSERVR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Temp\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosmicway.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134350571345
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
-----------------------------------------------------------------------------------------------------------------

modification: "avast connection time" out returned now
« Last Edit: December 29, 2005, 12:51:58 AM by grunewald »