| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63106 | 2005-10-29 21:56:00 | Virus...I think...Help plz | csinclair83 (200) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 400302 | 2005-10-29 21:56:00 | I think i have a virus on my computer... it changes my dial up number from XNET to 0048710905854.... Went online to find a serial for a legit game, lost the cd case, it had it on back of that...and yeah. I've updated and run Nortons 2002, it says virus found, and fixed....but its still there as the dial up number changes..and spybot isnt finding anything even with latest updates. Can anyone help :) Cheers |
csinclair83 (200) | ||
| 400303 | 2005-10-29 22:03:00 | Sounds like u have a dialler on your system. Get hijackthis from here www.spywareinfo.com www.merijn.org Unzip this file FIRST. Into its own folder, and post the log here. |
Speedy Gonzales (78) | ||
| 400304 | 2005-10-29 22:12:00 | i unzipped to desktop, if its prefered to be somewhere else please tell me i'll redo it.. heres the log Logfile of HijackThis v1.99.1 Scan saved at 11:09:23 AM, on 10/30/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\GENIUS~1\mouseElf.exe D:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe D:\Program Files\MessengerPlus! 3\MsgPlus.exe D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\WINDOWS\system32\usbn.exe D:\Program Files\GetRight\getright.exe D:\Program Files\Genius Wireless TwinTouch Optical Value\EMouse.exe D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE D:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\System32\wuauclt.exe D:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\update\update. exe D:\WINDOWS\System32\wuauclt.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\Chris Sinclair\Desktop\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [mouseElf] D:\PROGRA~1\GENIUS~1\mouseElf.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [DataLayer] D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [usbn] D:\WINDOWS\system32\usbn.exe -go -c196 -w O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3909FE0E-017E-46EE-BE46-66F2C1A4F810}: NameServer = 58.28.4.2 58.28.6.2 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - D:\WINDOWS\System32\vbsys2.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
csinclair83 (200) | ||
| 400305 | 2005-10-29 22:34:00 | Boot into safe mode, and tick these entries (run hijackthis again). Tick fixed checked. Then reboot. D:\WINDOWS\system32\usbn.exe O4 - HKLM\..\Run: [usbn] D:\WINDOWS\system32\usbn.exe -go -c196 -w This is the dialler O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - D:\WINDOWS\System32\vbsys2.dll This belongs to a trojan. I would also update to SP1 or SP2 as well. And check for other XP updates. And also update Java. |
Speedy Gonzales (78) | ||
| 400306 | 2005-10-29 22:43:00 | Oops, should have also said, turn system restore off first, then turn it back on later. | Speedy Gonzales (78) | ||
| 400307 | 2005-10-30 00:18:00 | Hey I think it has worked, I used hijack this to remove them all, but it didnt show up the D/windows line, so i went there myself and deleted it... I didnt see your comment about system restore till now...i'll just make a restore point for now, after dialer was removed...would that be ok? Thanks so much for helping as well :) |
csinclair83 (200) | ||
| 400308 | 2005-10-30 00:44:00 | No worries :) Umm once you think the dialler has been removed, post another log, and we'll see if those entries have disappeared. | Speedy Gonzales (78) | ||
| 400309 | 2005-10-30 06:05:00 | Hi, Just wondering if your Norton's is getting a bit old now & it's not being supported anymore. I had 2002 & had trouble with the live updates. Am using another programme now. Pauline. |
Pauline (641) | ||
| 400310 | 2005-10-31 09:16:00 | Nortons has no problems updating liveupdate, but will look into it more after reading ur post..thanks and heres a updated hijack log.... Logfile of HijackThis v1.99.1 Scan saved at 10:05:26 PM, on 10/31/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe D:\Program Files\MessengerPlus! 3\MsgPlus.exe D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\GetRight\getright.exe D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE D:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE D:\WINDOWS\System32\wuauclt.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\System32\wuauclt.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\Chris Sinclair\Desktop\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [mouseElf] D:\PROGRA~1\GENIUS~1\mouseElf.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [DataLayer] D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{3909FE0E-017E-46EE-BE46-66F2C1A4F810}: NameServer = 58.28.4.2 58.28.6.2 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - D:\WINDOWS\System32\vbsys2.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
csinclair83 (200) | ||
| 400311 | 2005-10-31 17:38:00 | Yup, I use NIS 2003 . It still updates, even tho it isnt supported . Tick these, close broswers, and tick fixed checked . Then reboot O4 - HKLM\ . . \Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1 . 4 . 2_08\bin\jusched . exe Not nasty, but not needed in startup . O4 - Global Startup: Microsoft Office . lnk = D:\Program Files\Microsoft Office\Office10\OSA . EXE This isnt needed if u dont use the office shortcut bar . O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - D:\WINDOWS\System32\vbsys2 . dll I would also update Java . Its up to 1 . 5 . 005 now . Also get ccleaner, if u havent got it . http://www . ccleaner . com and run it then click on run cleaner . Then post another log . |
Speedy Gonzales (78) | ||
| 1 2 | |||||