| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90514 | 2008-06-05 16:27:00 | Vista machine just got BOMBARDED! (virus etc.) help kind people:) | craftykillz (13839) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 675961 | 2008-06-05 16:27:00 | :help: Well i am running a partioned section of my PC with Vista, it recently got infected with some cooking virus etc . it really slowed my pc down and made popups appear everywhere as well as hiding the task manager(which i got back) . Now a fake i think Rundll32 . exe process is running in my task manager . There is a ton of problems which weren't there before and just generally my PC is in bad shape! I need some serious help as i can't afford the big bucks of a new machine etc . I can attatch a screenie of my task manager and am willing to follow any instructions . Thanks heaps to anyone . :help: |
craftykillz (13839) | ||
| 675962 | 2008-06-05 16:34:00 | I've only picked up a few weak viruses in my time, though Norton exterminated them so I'm no expect here and can't speak in terms of experience. You have a virus protector? You also might want to use Ad-Aware 2007 since its free. |
JOEJG (10295) | ||
| 675963 | 2008-06-05 19:03:00 | This is a New ZEaland Forum so you will have to wait a while for the experts to wake up There will be someone who will help within an hour or 2 Good luck. In the mean time get this and run it then poat the log back here and someone will tell you what is wrong and what to do. www.trendsecure.com |
kjaada (253) | ||
| 675964 | 2008-06-05 21:39:00 | Yes, post a Hijackthis log here as Kjaada suggests, and in the mean time, download Spyware Doctor Starter Edition from here (www.download.com), update it, and run a full system scan. This will probably catch a good deal of the malware on your PC's | nofam (9009) | ||
| 675965 | 2008-06-05 22:12:00 | it recently got infected with some cooking virus i can't afford the big bucks of a new machine Whats a cooking virus? You don't throw out PCs because they have a software problem! You need: One antivirus - NOD32 for a pay one, Avast for a free one At least 2 antispyware programs: Spybot - get this And one or more of: Superantispyware Spyware Terminator Both have free versions Spyware Doctor Starter Edition - make sure you look for Starter Edition for the free version. And download Hijackthis and post the log here for Speedy to check for you. |
pctek (84) | ||
| 675966 | 2008-06-06 08:52:00 | I not have Norton Antivirus running did a scan etc. hasn't really fixed to much : i downloaded the log hope this helps you guys help me:) "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:32:22 PM, on 6/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Windows\system32\taskeng.exe D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 60.12.193.37 auto.search.msn.com O1 - Hosts: 60.12.193.37 auto.search.msn.es O1 - Hosts: 60.12.193.37 ie.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: QXK Rhythm - {19B407D9-1A45-4654-8D09-D47081DFEE97} - D:\Windows\nldfmtapanw.dll O2 - BHO: (no name) - {30C708CE-E6E1-4F0C-A34B-EC5C64F0C1BF} - D:\Windows\system32\pmnmNfdA.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: gktxaspm - {F8028315-F932-431F-B16A-DB39815818F0} - D:\Windows\gktxaspm.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Windows Sound] svdhost.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O10 - Broken Internet access because of LSP provider 'd:\windows\system32\pnrpnsp.dll' missing O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O20 - AppInit_DLLs: D:\Windows\system32\__c00AEA44.dat O21 - SSODL: gnowmebk - {374892A3-33BE-4060-AF00-4F5CB982C6EB} - D:\Windows\gnowmebk.dll O21 - SSODL: pxgdslro - {9D63C4C9-57DE-43B9-BC95-FC4D1E960D01} - D:\Windows\pxgdslro.dll O21 - SSODL: KernelUnknown - {d7ddd107-6445-4e7d-a447-29a07b5658d0} - D:\Windows\Resources\KernelUnknown.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7248 bytes " |
craftykillz (13839) | ||
| 675967 | 2008-06-06 09:09:00 | Run HJT again tick these then tick fix checked Close browsers Get this after (www.simplysup1.com) Install this update it click on scan. Select all options under utilities Open my computer / highlight c or whatever the OS is on / right mouse / scan with trojan remover O1 - Hosts: 60.12.193.37 auto.search.msn.com O1 - Hosts: 60.12.193.37 auto.search.msn.es O1 - Hosts: 60.12.193.37 ie.search.msn.com O2 - BHO: QXK Rhythm - {19B407D9-1A45-4654-8D09-D47081DFEE97} - D:\Windows\nldfmtapanw.dll O2 - BHO: (no name) - {30C708CE-E6E1-4F0C-A34B-EC5C64F0C1BF} - D:\Windows\system32\pmnmNfdA.dll O3 - Toolbar: gktxaspm - {F8028315-F932-431F-B16A-DB39815818F0} - D:\Windows\gktxaspm.dll This looks like it belongs to a worm or backdoor trojan O4 - HKLM\..\Run: [Windows Sound] svdhost.exe O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe O13 - Gopher Prefix: O20 - AppInit_DLLs: D:\Windows\system32\__c00AEA44.dat O21 - SSODL: gnowmebk - {374892A3-33BE-4060-AF00-4F5CB982C6EB} - D:\Windows\gnowmebk.dll O21 - SSODL: pxgdslro - {9D63C4C9-57DE-43B9-BC95-FC4D1E960D01} - D:\Windows\pxgdslro.dll O21 - SSODL: KernelUnknown - {d7ddd107-6445-4e7d-a447-29a07b5658d0} - D:\Windows\Resources\KernelUnknown.dll Get rid of Symantec's crap and install something better, like Avast or NOD32 |
Speedy Gonzales (78) | ||
| 675968 | 2008-06-06 09:36:00 | How do i get rid of symantecs stuff? Is that just norton anti virus? | craftykillz (13839) | ||
| 675969 | 2008-06-06 09:37:00 | No fam - i downloaded spyware doctor - updated and then scanned it picked up a lot of stuff i clicked remove/repair whatever it was and the computer just had a blue screen and restarted? | craftykillz (13839) | ||
| 675970 | 2008-06-06 09:52:00 | How do i get rid of symantecs stuff? Is that just norton anti virus? Yup. Uninstall it. Get trojan remover this (www.simplysup1.com) the file I posted in my post |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||