| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 73165 | 2006-10-09 08:19:00 | something maybe virus | nzace (6057) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 490368 | 2006-10-09 08:19:00 | yo , got this thing called "project1" anyone got any info about it .cheers | nzace (6057) | ||
| 490369 | 2006-10-09 08:22:00 | No. You'll have to give us more info. Like whats telling u this, (what program). |
Speedy Gonzales (78) | ||
| 490370 | 2006-10-09 08:30:00 | Yo, zone alarms keep popping up with it and control/alt/delete. brings it up as a running program.cheers | nzace (6057) | ||
| 490371 | 2006-10-09 08:34:00 | Hmm, it looks like it is some kind of virus or malware. Get Hijackthis (www.merijn.org) Unzip it run it and click on scan and save a log. Post the log here. |
Speedy Gonzales (78) | ||
| 490372 | 2006-10-09 09:37:00 | Logfile of HijackThis v1.99.1 Scan saved at 10:22:51 p.m., on 9/10/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\dfndrff_e25.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\lsyss.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ACETER~1\LOCALS~1\Temp\Rar$EX02.375\Hi jackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_e25.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{4C161D41-4422-4B0A-8680-0DC26729682A}: NameServer = 203.97.37.1 O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\nmdsbcli.dll (file missing) O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\sfbiop.dll (file missing) O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
nzace (6057) | ||
| 490373 | 2006-10-10 04:04:00 | I would run HJT again close browsers, tick these entries and tick fix checked. C:\dfndrff_e25.exe this may have something to do with your prob. Kill its process in task manager and delete it as well. C:\WINDOWS\system32\lsyss.exe Do the same with this file O4 - HKLM\..\Run: [defender] C:\\dfndrff_e25.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\nmdsbcli.dll (file missing) O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\sfbiop.dll (file missing) O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe I would also install SP1 or SP2, you're asking for trouble. |
Speedy Gonzales (78) | ||
| 490374 | 2006-10-10 04:31:00 | I would also install SP1 or SP2, you're asking for trouble. Make it SP2 as MS is no longer supporting SP1. |
stu161204 (123) | ||
| 490375 | 2006-10-10 04:35:00 | Make it SP2 as MS is no longer supporting SP1. Good point! Get rid of the nasties first, or you'll have MORE probs. |
Speedy Gonzales (78) | ||
| 490376 | 2006-10-10 05:03:00 | Good point! :) |
stu161204 (123) | ||
| 1 | |||||