| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91679 | 2008-07-15 07:45:00 | No virus scanner how do i get it | dunno (1572) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 689047 | 2008-07-15 13:43:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:06 PM, on 7/15/2008 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINNT\System32\svchost.exe C:\WINNT\Fonts\wmsncs.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\explorer.exe C:\WINNT\System32\sistray.EXE C:\WINNT\System32\RunDll32.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINNT\System32\csrs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Clear.net F2 - REG:system.ini: Shell=explorer.exe "C:\WINNT\Fonts\wmsncs.exe" O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\System32\csrs.exe O4 - HKLM\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe O4 - HKLM\..\Run: [Spool Driver Service] C:\WINNT\System32\spool\drivers\wmsncs.exe O4 - HKLM\..\Run: [Wins Service] C:\WINNT\System32\wins\wmsncs.exe O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" /bootupreg O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Spool Driver Service] C:\WINNT\System32\spool\drivers\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Wins Service] C:\WINNT\System32\wins\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: wmsncs.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{714E928F-D969-4DEF-87A2-C0CDC898B7A7}: NameServer = 203.97.33.1 203.97.37.1 O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe -- End of file - 4130 bytes Might pay to have someone else re-check before you start deleting things - but the red entries are bad, and it's likely the orange are too (although I'm not sure about this) Should update your IE as well, version 5 is way out of date. I believe you have a variant of the AGOBOT/GAOBOT worm |
Agent_24 (57) | ||
| 689048 | 2008-07-15 21:04:00 | Can someone please check Agent 24 recommendations to see if you agree i do not want to do anything till it is re checked. Thanks eveyone::thanks |
dunno (1572) | ||
| 689049 | 2008-07-15 21:59:00 | KILL: C:\WINNT\Fonts\wmsncs.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\RunDll32.exe C:\WINNT\System32\csrs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft Office\Office\OSA.EXE F2 - REG:system.ini: Shell=explorer.exe "C:\WINNT\Fonts\wmsncs.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\System32\csrs.exe O4 - HKLM\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe O4 - HKLM\..\Run: [Spool Driver Service] C:\WINNT\System32\spool\drivers\wmsncs.exe O4 - HKLM\..\Run: [Wins Service] C:\WINNT\System32\wins\wmsncs.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Spool Driver Service] C:\WINNT\System32\spool\drivers\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Wins Service] C:\WINNT\System32\wins\wmsncs.exe (User 'Default user') O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: wmsncs.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{714E928F-D969-4DEF-87A2-C0CDC898B7A7}: NameServer = 203.97.33.1 203.97.37.1 And then run Spybot WITHOUT TeaTimer, Superantispyware and Spyware Terminator. All 3. |
pctek (84) | ||
| 689050 | 2008-07-15 22:02:00 | Disable system restore tick these then tick fix checked Close browsers C:\WINNT\Fonts\wmsncs.exe C:\WINNT\System32\csrs.exe F2 - REG:system.ini: Shell=explorer.exe "C:\WINNT\Fonts\wmsncs.exe" O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\System32\csrs.exe O4 - HKLM\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe O4 - HKLM\..\Run: [Spool Driver Service] C:\WINNT\System32\spool\drivers\wmsncs.exe O4 - HKLM\..\Run: [Wins Service] C:\WINNT\System32\wins\wmsncs.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [Wmsncs Service] C:\WINNT\Fonts\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Spool Driver Service] C:\WINNT\System32\spool\drivers\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Wins Service] C:\WINNT\System32\wins\wmsncs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: wmsncs.exe Reboot Get trojan remover in my sig, install it update it click on scan. Select all options under utilitites |
Speedy Gonzales (78) | ||
| 689051 | 2008-07-15 22:19:00 | sorry but what does disable system restore mean, or where should i go to do that reply to Speedy post | dunno (1572) | ||
| 689052 | 2008-07-15 22:21:00 | Right mouse on my computer on the desktop if its there Go to properties / system restore tab. Turn it off |
Speedy Gonzales (78) | ||
| 689053 | 2008-07-15 23:35:00 | Hi When she goes to properties from my computer, These are the things that come up General, Network ID, Hardware, User Profiles and Advanced, they is no system restore tab. HELP |
dunno (1572) | ||
| 689054 | 2008-07-15 23:50:00 | Well you cant disable it if its not there. Just tick the entries in the log and get trojan remover after | Speedy Gonzales (78) | ||
| 689055 | 2008-07-15 23:56:00 | To get system restore tab back: 1. Click Start, Run and type regedit.exe and press Enter 2. Navigate to this key: HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore 3. Delete these values on the right hand side pane : DisableConfig DisableSR 4. Exit. |
Blam (54) | ||
| 689056 | 2008-07-16 00:01:00 | Hi, Last night when i could not get hijack this i decided to d/l trojan remover all went well until it hit the desk top and i went to open and an error message came up saying that i had to download again and something in the program was missing, do you think after i have fixed the hijack this entries that this may come up ok, as takes about 2hours with last night no results. do you think this virus is stopping me trying to fix it?? |
dunno (1572) | ||
| 1 2 3 4 5 | |||||