Author Topic: Help please :(  (Read 5631 times)

0 Members and 1 Guest are viewing this topic.

Halloween

  • Guest
Help please :(
« on: May 24, 2004, 01:02:27 PM »
Im pretty sure i have a worm or something on my computer but as of yet Panda virus scanner (Or something like that.. Im a novice to computers lol..) as well as Ad-Aware 6.0 and a little 350ish kb avast virus detector, but none of those found anything..

It seems that when i got this virus it deleted Nmain.exe for norton, some file for ad-aware, and something in Aim.. (Actually the ad-aware and Aim folders werent even there any more :-\\.. Redownloaded ad-aware) Anyways, each time i open a new Ie window it tries to update Ms Frontpage w/Windows Installer.. If i right click Ms Outlook (dont blame me parents use it lol) it brings it up several times..

Ive ran Hijack This, heres the log for it though i honestly dont know what 75% of the processes running are, or what any of what it reports are..


Logfile of HijackThis v1.97.7
Scan saved at 4:48:44 AM, on 5/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Documents and Settings\Morgan\My Documents\Downloads\aswclnr.exe
C:\Documents and Settings\Morgan\My Documents\Downloads\aswclnr.tmp
C:\WINDOWS\System32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks to anyone who can help :-\\.. This is quite annoying...
« Last Edit: May 24, 2004, 01:03:22 PM by Halloween »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Help please :(
« Reply #1 on: May 24, 2004, 01:22:35 PM »
And what makes you think that you actually are infected by a worm?

Halloween

  • Guest
Re:Help please :(
« Reply #2 on: May 24, 2004, 01:24:56 PM »
Mmm.. Thought worms were mostly what messed with frontpage like that, but i guess it couldnt be :-\.. Just downloaded the home edition of avast and am scanning with it now but dont have much hope lol.. Nothin else has found it why would this >.<

Halloween

  • Guest
Re:Help please :(
« Reply #3 on: May 24, 2004, 01:25:50 PM »
Though to be fair i said 'worm or something' ;-)

Halloween

  • Guest
Re:Help please :(
« Reply #4 on: May 24, 2004, 02:13:00 PM »
Hmm..

Im not sure thisll help, but heres the target whatever-it-is changed Aim to. C:\RECYCLER\NPROTECT\00006776.exe

Hoping maybe someone else had that but <Shrugs> Who knows ???

Oh, also, Avast found 3 viruses but still having the same problem :(.. About to try Bit Defender..
« Last Edit: May 24, 2004, 02:13:46 PM by Halloween »

galooma

  • Guest
Re:Help please :(
« Reply #5 on: May 24, 2004, 02:26:20 PM »
if you go loading more than one A/V program on your pc then your problems will increase dramatically . these programs work best alone. if u dont like Norton i applaud you but uninstall it first before loading another .If you want more protection then get in this order ,firewall , Spybot, Adaware, Spywareblaster, Spywareguard . That oughta do it .No conflicts and use little  resources . These can all be freeware and are available all over the place but the quickest would be" links to almost everything "in general topics of this forum
« Last Edit: May 24, 2004, 02:30:35 PM by galooma »

Halloween

  • Guest
Re:Help please :(
« Reply #6 on: May 24, 2004, 02:31:34 PM »
Thanks for the advice :-).. In the nick of time too.. So just using BitDefenders online scan (hoping it does what Panda's online scan didnt do and finds something.)

Most likely ill get rid of Norton after this debacle, once i get Avast set up since Avast found things Norton didnt in a scan 2 days ago.. Hmm, would Avast interfere with Ad-aware or.. ?

No luck removing whatever it is making these window installers appear though yet :-(.. They seem to open with each new window i open now lol
« Last Edit: May 24, 2004, 02:32:46 PM by Halloween »

galooma

  • Guest
Re:Help please :(
« Reply #7 on: May 24, 2004, 02:39:37 PM »
problem u face is your trying to get antivirus to detect trojan maybe or browser hyjack and thats not always thier speciality . Try those programs i mentioned and i bet you they fix your probs , if you take your time and read the installation / setup notes, another hint  put internet explorer to one side and download firefox or opera browser. They have been designed to be less effected by all the gunge floatin around on the web..Just my 0.02cents worth ;)

Halloween

  • Guest
Re:Help please :(
« Reply #8 on: May 24, 2004, 02:42:00 PM »
Hehe.. Ill give em a go tomorrow.. Done got a migrane from this pos computer lol.. Didnt know i was setting Avast or any of those to just detect trojans, or that that even was a setting lol.. (Yes im comp illiterate when it comes to AV programs..)

Thanks for the tips though, will defiently try those programs when i wake :P..

galooma

  • Guest
Re:Help please :(
« Reply #9 on: May 25, 2004, 05:11:33 AM »
A little more reading for you if you are not keen on reformatting every coule of weeks.http://www.wilderssecurity.com/showthread.php?t=27971 :D