Jump to content


Photo

Errr, not sure where to ask this....


  • Please log in to reply
23 replies to this topic

#1 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 09:40 PM

Hey everyone --

I'm really confused and not sure if I'll explain this right, but I'm having some issues. Well, for starters, my dad managed to get a virus on the computer over the weekend. It kept making two screens pop up in internet explorer (we use AOL) and one of them would turn the whole screen white and pretty much freeze the computer so I couldn't turn it off, or restart with ctrl+alt+delete.

Anyway, long story short a friend recommended that I download the cwshredder, it found cws.smartsearch.2 on my computer and I deleted it. And I also did another virus search and there was two suspicious files - loaderadv74[1] and tour2_14.art, dunno if that matters to anyone - deleted them. Did an adware search and got rid of all that too.

Now, things might sound peachy keen cos I can get online again and nothing bothers me. But I'm still having a problem with opening folders on the computer. Like pretty much any of the folders on the computer - my computer, the recyclin bin, the control panel...basically anything that opens in windows I can't open. Well, let me rephrase that, some of them start to open, and then become unresponsive and then when I do ctrl+alt+delete either it will shut down, or a blue screen comes up saying that my system is either busy or unstable, and then when I try ctrl+alt+delete again it won't restart like it's suppose to. Or the folder just won't even open, and it'll tell me explorer is not responding.

So, pretty much my question is, is this because of the virus -it wasn't happening before we got it, so I'm assuming it is... and how can I fix it? It's driving me nuts, and even more so my mother keeps asking me things that I don't know and she's driving me nuts! So any help you can offer would be MUCH appreciated!!!

Thanx,
Keri

#2 Bladeoz

Bladeoz

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 25 May 2004 - 10:55 PM

Yeah - I know what mothers are like when they expect you to be able to fix everything when a computer goes wrong :)

It sounds like whats happened to one of my other computers recently, luckily for me ad-aware fixed it. But I didn't delete anything that wasn't meant to be there b4. I know that some spyware/adware can delete or damage programs if they are just straight out deleted - for example Webhancer, which disables internet access.

What system are you running? 98? I'd say that you should save all your major files and then probably re-install windows. Do you know where the spyware originated from, maybe a re-installation of it and then a proper uninstallation via ad-aware or even the install/uninstall window could be a possibility. Either way, make sure your data is safe mate b4 deleting files that could stuff your OS.

*bloody spyware*

hope i've been a bit helpfu mate.
Just watch'in a bad dream I never wake up from

#3 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 11:12 PM

Hey

Thanks for replying...I don't have a copy of windows at the moment, the computer wasn't actually even mine, it was my grandma's and we just sort of inherited it lately cos our's broke thanks to my lovely dad. And it's just a refurbished computer that my aunt had picked up cheap for my grandma, but she doesn't use it. But I suppose I can pick up a copy of windows at some point this week.

The only thing is, it was doing this before I even deleted anything at all...I maybe should have said that earlier, I dunno if that makes a difference. I bought this program today called vcom fix-it utilities 5...there's a ton of things on it, it's a little overwhelming cos I don't really know what I'm doing haha. I did the wizard scan thing, but I think all it really did was clean it up and make space and defrag. I just thought I'd ask on here before I really did anything incase someone had some advice... other than reinstalling windows since a- I don't have it and b- I can't save anything cos I can't get into any folders. But thank you for your help, that might actually be the only answer I get whether I really like it or not...

Cheers,
Keri

#4 Bladeoz

Bladeoz

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 25 May 2004 - 11:27 PM

depending on file sizes, try accessing via MSDOS, you might be able to copy the files onto disk via there. Also, if you really need to grab important files and you are going to reninstall - delete un-important programs: IE: word, office in general, and games etc in order to allow your computer some more room to work with. DEFRAG the disk again and then scan disk it. It sounds like theres a major error with Windows. Is it just Explorer that it is having issues with? If so, re-install might be the only option, otherwise if not - reinstall that portion of windows.

If you have two computers, two harddrives - install the other computer's hard drive into your damaged computer (into the appropraite slave and master sections) and then transfer the files via DOS. If you cant access the folders in DOS, then you might have a big issue there...

Wait for a while before you uninstall windows - possibly posting on windows tech help sites - as they will be able to give you better assistance than myself with this issue. Also wait here - others maybe able to assist you :)

Good luck with all mate, keep me posted - I got to get to my lecture :)
Just watch'in a bad dream I never wake up from

#5 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 May 2004 - 03:50 PM

Me again...

So, I decided to go to microsoft and see if I could find anything there, and I've noticed that when I try to get into the updates page or try to post a question on the boards, my aol just completely disappears...

and also on the program I bought yesterday, it's got this thing called the file undeleter, you can use it to get files you accidentally deleted or if you've had a virus...but the problem is whenever I try to run it, the whole thing becomes unresponsive too! And it's only when I try to run that part of the program, all the rest of the system searches and what not work on it though.

is it possible that the virus is still on my computer? And also, I checked to see which version of the java virtual machine I have cos on microsoft it said you couldn't get infected with version 3810...and that's what I have

soooooooo confused!

#6 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 May 2004 - 07:23 PM

Ok, so I did have a varient of the cws trojan - cws.smartsearch.2 ...and I got rid of it...but now I'm still having problems getting into things, like folders on my computer and whatnot. I decided to do, err, a certain scan that shall remain nameless in my post cos every time I mention it my aol shuts down...but let's just say it's rather common on here and I'm sure someone will need to see it to help me out.

I asked a friend how she managed to get her's up, cos she had similiar problems, and she told me to start my computer in safe mode with networking....but I don't have that option. I have windows 98. So, I don't know how I can post it on here so someone can help me. I can however tell you there's some stuff that says something about greatsearch.biz on the log and she said it's spyware... if I delete that maybe then would I be able to post it on here?

I'm so completely lost and confused at the moment. Oh and she also told me to tell you I can get into my regestry editor.

Utterly lost....
Keri

#7 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 May 2004 - 10:35 PM

Well, I'm starting to get a little impatient with all this computer stuff...I know I need to be patient. But since I can't seem to post my you know what log (god I feel like someone from Harry Potter who is afraid to say Voldemort's name haha) on the forum directly I was trying to think of another way to get it on here. I decided to email it as an attachment and just directly in an email, to my yahoo address from my aol one just to see if it'd let me send it there. And both worked. And I could open it and it didn't throw me offline like when I've tried to post it here.

So, my question is, is there anyone on the forum that I could maybe email it to and they could look at it, or perhaps just post it on the forum for me so someone can look at it and maybe help me out. I'm not entirely sure I'm allowed to even ask this, and I really hate to ask, but if I can't get the computer into safe mode with networking, I'm really not sure how else I'll ever be able to get my log up so someone can help me. If I'm not supposed to ask, Im sorry! But if you can help, feel free to email me - [Email address removed. Not a good idea to show it in a public forum. People can send you email by clicking your E-Mail button, below. - cnm]

Thanks!
Keri

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 May 2004 - 11:09 PM

It's not clear why you can't post your log.

Make sure you have the latest HijackThis.
Please do this.
Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 27 May 2004 - 10:30 AM

Good luck, Kerr :)

I hope you get your computer fixed soon. You are in good hands with the people on this forum. Although, I still have some minor annoyances the Trojan is gone. So hang tough and don't touch anything like cnm said. :)

Carol

#10 2katholito

2katholito

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 27 May 2004 - 05:02 PM

Keri K I am really new here but I got a lot of help!!! Just a suggestion: first do not add anything new to your system until you are sure it is clean and free of whatever attacked!
Go to http://www.spywarein.../HijackThis.exe
Save HJT in a permanent folder. Double click HijackThis, use the Scan button. Then Save Log in notepad and post it here. Someone with more smarts than I have can look at it and help you further!! Hang in There!
Stop and Smell the Flowers!
It is said that Patience is a Virtue. When you ask for help here, it is a necessity.

Ad-aware, HijackThis, Spybot S&D

#11 2katholito

2katholito

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 27 May 2004 - 05:37 PM

I also responded to your other thread with same suggestion as cnm. I am a helper trainee. You HAVE to have patience. Not only is it a virtue, it is a a necessity here with so many people needing help. It took me five week to get rid of all the stuff I had ( not the admin fault!) and I learned a geat deal. First thing: do not second guess anyone who offers to help and go off on your own- it will make for disaster usually. Second thing: never forget to say Thank You. This is all voluntary help.
And We Care.
Stop and Smell the Flowers!
It is said that Patience is a Virtue. When you ask for help here, it is a necessity.

Ad-aware, HijackThis, Spybot S&D

#12 2katholito

2katholito

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 27 May 2004 - 06:26 PM

Keri: you need to stay in your initial posting thread > I am only a helper trainee but I now have found you in three separate places tonight.
This will make it very hard for an expert to find you and provide the help you need. Be patient
Stop and Smell the Flowers!
It is said that Patience is a Virtue. When you ask for help here, it is a necessity.

Ad-aware, HijackThis, Spybot S&D

#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 May 2004 - 07:40 PM

Your three threads merged to here. Stick to just this one, please. Hit ADD REPLY, not NEW TOPIC.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 29 May 2004 - 01:06 PM

Hey --

Sorry I never posted sooner. Every time I tried aol would just shut down, even when I wasn't trying to put up my log. I guess it was part of the problem. It did the same thing to me when I tried to go to microsoft and get updates there.

Sorry about the trouble I caused but I was having such a hard time dealing with this and explaining how messed up things were. I do appreciate the help and I understand that people are busy here... but it's hard not to get frustrated with your mother and grandma both asking every 5 minutes if it's fixed yet and what's wrong with it haha. I just wanted to fix it asap!

Anyway, I fixed the problem and got rid of greatsearch.biz and the .dll's that kept making it come back. I can get back into my folders now and everything seems to be in working order again. I did research on other pages and tried to find out as much as I could about what other people did that also had this same varient.

I'm gonna post a copy of my log now though, maybe someone can check it to make sure everything is fine. Thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 1:35:36 PM, on 5/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-SCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

F1 - win.ini: load=ptsnoop.exe
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Program Files\FSI\F-Prot\F-STOPW.EXE"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\FIX-IT\MEMCHECK.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Startup: Fix-It.lnk = C:\Program Files\VCOM\Fix-It\mxtask.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8008.8319328704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macrom...abs/swflash.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...55/sdcregie.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.../20/SassCln.CAB

#15 2katholito

2katholito

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 05 June 2004 - 09:37 AM

Keri: has anyone looked at your log yet???? Just curious- or is your system "down " again?
Stop and Smell the Flowers!
It is said that Patience is a Virtue. When you ask for help here, it is a necessity.

Ad-aware, HijackThis, Spybot S&D

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 June 2004 - 09:48 AM

Good work, Kerr_82. :) Log looks clean to me.

Tick and fix this one item:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
-FunWebProducts

Everything seem to be working OK now?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 05 June 2004 - 01:01 PM

Hey - Well, no one has said anything to me, so I'm assumng no one has looked at my log. Things seem to be ok with the computer. Though my aol is acting up, being kind of slow and not responding sometimes. And on some pages a lot of the pictures don't show up, it's just like a square with a little red x in it...I dunno what could be the problem with that. I tried to reinstall aol thinking maybe I just deleted something, but it's still giving me crap. It's only online that I'm having issues now, so I dunno what the deal is.

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 June 2004 - 01:05 PM

You didn't see my post above? I looked at your log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 05 June 2004 - 01:09 PM

Sorry cnm! I didn't notice there was 2 pages! I'm afraid that's what happens when you go the the drive in and stay up way later than you should once you come in hehe. Thank you though for what you said. It was hard to figure out since I don't know much about computers. And like I said in my above post, the only thing I seem to be having problems with his my aol....and I'm not sure if that has anything to do with the hijacking.

#20 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 June 2004 - 01:27 PM

Though my aol is acting up, being kind of slow and not responding sometimes. And on some pages a lot of the pictures don't show up, it's just like a square with a little red x in it...

Those two things go together. The graphics just aren't getting loaded.

I don't know anything about AOL - if they have a support forum, you might ask them there what you can do about slow flakey connection. Almost certainly the problem is with the AOL server.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#21 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 05 June 2004 - 01:34 PM

Yeah, I figured it was cos a- I have dial up, which sucks to begin with haha. And b- they just changed our local numbers and that's when I really started noticing the problem. So I figure it's just something to do with that. Or could it have anything to do with the security settings on my IE...cos I followed what it said in an article about how to prevent a hijack from happening again. And all of this was at the same time. But I'll have to check out an aol forum I suppose someone there must have an idea. Thanks for the help though

#22 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 June 2004 - 01:41 PM

If you are on dialup, the most likely cause is a noisy telephone line. This will be slow because many packets have to be resent (and some likely won't make it at all).

Usually there are standards that telco's have to meet - wouldn't hurt to give your phone company a call.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#23 Kerr_82

Kerr_82

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 05 June 2004 - 01:48 PM

Ok thanks, I'll have to do that and see what they say. Oh and I forgot to mention (I swear sometimes I don't know where my brain is) sometimes while I'm on websites now and I click to the next page or on a link, the page comes up in html... like the actual code and whatnot. Would that have to do with the phoneline too??

#24 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 June 2004 - 01:51 PM

It could - if the html header got garbled in transmission.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button