Jump to content


Photo

:c(Cautious & Suspiciouswith XP home


  • This topic is locked This topic is locked
8 replies to this topic

#1 spr

spr

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 July 2004 - 09:20 AM

:thumbsdown:
I noticed after using a proggie my friend told me was Awesome "XNews,
as u know, a news group.
Noticed, Taskmon.exe in my System config. Utility :hmmm:
Not on XP :gasp:
So researched & came up that it must be "My Doom",mind ya i know i've got something @ this point :thumbsdown:
After doing variuos online scans that proved uneventful,i knew it had redesigned itself & was giving me the "Slip"! :ph34r:
Its still in my sys bcause i went to msconfig, where i found,msconfig althrough the
Sys.ini tab :thumbsdown:
Can I be helped or should i do the...FormatC:\???
Helpme :wtf:
Is my worry not necessary? :scratchhead:

Edited by spr, 25 July 2004 - 01:15 PM.


#2 spr

spr

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 July 2004 - 09:22 AM

:deal:
sorry!! i poisted a reply to my own post....
Not thinking too clear these daze...lol
not intentional

Edited by spr, 25 July 2004 - 01:12 PM.


#3 discogail

discogail

    "All you need is a gorilla and a dream"

  • Emeritus
  • Pip
  • 86 posts

Posted 25 July 2004 - 05:05 PM

Yeah...you're not being too clear here.......have you got an Antivirus program installed?
AVG
http://free.grisoft.com/freeweb.php is a recommended free one...if you don't.

perhaps you should download HijackThis from
http://www.spywarein.../HijackThis.exe
to a folder of your choice......doubleclick to open."Scan"...then "Save Log"...when it opens in notepad.......copy (edit..select all..copy) & paste (CTRL-V) the log into your next reply.......

#4 spr

spr

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 July 2004 - 04:04 PM

Logfile of HijackThis v1.97.7
Scan saved at 15:23:36, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen P. Rodems\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

:thumbsup: DISCOGAIL.......Heres the log...u requested...sorry about the lack of specifics, as u can see i have a resident A/V... have scanned till i'm ble in the face...Online & otherwise, with sys restore disabled..& in Safe Mode...
Afriend, like I said gave me XNews, i usuall dont do thing like that, being Almost P2P similar...As i see it, Trojan & Virus Alley! :thumbsdown:
Also the hijack log i looked@ two days ago had Items that are missing now...had
2-016's& a 014..If that means anything :whistle: obtw all my previous scans turned up 0=ZERO...
I should also tell ya,I went into the registry,Made a B/U.
Found items under the search assistant in HKLM that resembled or were, run narrator.exe,taslmon,AVGGun,Extrap.exe,Register Real,World Trade Center.txt...I deleted them all from the registry...tree & all. I tried to get rid of XNews but of course its entries in Add/Remove were Gone/Even in Start>All Proggies..So Deleted in My Computer C:\Program Files.. theres Still a lil' bug on this Unit...I'm
getting an Intermittent DOS..Once in a gr8 while... Also in the Error Log in Help &
Support I've been getting alot of DCOM errors...this may be due to the times i went in 'Safe Mode'... this seemed to all begin when XNews became part of my Third Party Stuff..i saw in HKLM>software>Microsoft>Current Version>Run...MSCONFIG...Pc health binaries, or somethin like that...I deleted it too...I'm prolly really messin my O/S up! :alarm: ... :wtf:

#5 discogail

discogail

    "All you need is a gorilla and a dream"

  • Emeritus
  • Pip
  • 86 posts

Posted 26 July 2004 - 04:25 PM

I find nothing wrong in your log....Extrap.exe was a trojan for example...but you're just deleting stuff ........& mucking about in the registry...
can you find a good restore point & do a System Restore?

#6 spr

spr

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 July 2004 - 07:43 PM

Discogail...the only good restore point is..Yseterday, because scanning with my A/V i shut off sys.restore& used safe mode...so that not an option...
Although,I am not @ this timehaving any issues but an ocassional DOS
which could be a busy server..eh?
My last & Most Important Inquiry is,
How do i know if I'm CLEAN???

#7 discogail

discogail

    "All you need is a gorilla and a dream"

  • Emeritus
  • Pip
  • 86 posts

Posted 27 July 2004 - 09:15 AM

Well...I'd say to update NAV..do a full scan............
Doublecheck at Trend Micro Housecall
http://housecall.ant...start_frame.asp

Go to aČ free
and d/l..update & run aČ..............

Go to Stop IE hijacking before it happens
and implement the suggested browser settings...as well as d/l..updating and enabling all protection in Spyware Blaster.
.... follow the links for Adaware & Spybot............
and before running Adaware, update by using the Globe icon.
Shut down and restart Ad-Aware.
Now press "Scan Now", "Select drives\folders to scan" and select the active partition (usually C: ), then 'next', and let Ad-Aware scan your drives.
It may find a number of "bad" files and registry keys. Click 'Next' again.
Rightclick in that pane and choose "select all" and click 'next'.
If it asks you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.........

after installing Spybot......hit.."Search for Updates".....get them all.......(Download Updates)........then "Check for Problems".......after the scan is complete..allow Spybot to remove everything listed in RED......

Go to Windows Update
http://windowsupdate.microsoft.com/
and install all critical updates for your computer.

And remain vigilant....

#8 spr

spr

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 27 July 2004 - 05:47 PM

Discogail tysvm for ur enept & Solid advice..
I have, so far , followed all ur advice/ues adaware & spybot with spywareBlaster,Religously, although SpywareGuard is a New one on me..
U think it'l be over doing it abit gail?
they do mention compatible issues with the implementation of this software,but state "It's Workable" through adjustments...So, Once again thanx
will continue the tasks u set-out for me &
I will always remain Vigilant ;)

#9 spr

spr

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 July 2004 - 04:47 AM

Discogail things seem to be getting worse i got an email stating someone had opened an account under my daughters Email addy:(
This is really getting sickening...as i Know my family has No Accounts with Ebay
Also this is another odd thing occasionally when i right click a short-cut, my whole O/S flashes,as if its gonna crash... :alarm: :wtf:
All the things u sent in our last correspondence were carried out as stated..Zero Results :techsupport:

Edited by spr, 28 July 2004 - 04:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button