| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60882 | 2005-08-16 10:55:00 | Avast : virus chest | beetle (243) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 381704 | 2005-08-16 10:55:00 | Ok, At MIL's and she happened to have avast on her comp. and have done the register thing on her comp and started a scan and it found a trogan worm virus, said move to chest and it comes up with a error. cannot move to chest. says it cannot move it as its not running. RPC is not running.... says it found. Win32:Trojan-gen. What do i do? beetle |
beetle (243) | ||
| 381705 | 2005-08-16 11:12:00 | Try this. Go to Control Panel > Add/Remove programs > avast! antivirus > Remove Then choose Repair function in the pop up window |
Safari (3993) | ||
| 381706 | 2005-08-16 11:21:00 | Why? wont that mean i ll have to reinstall it, ??? im not sure i understand your logic of this, ive only had avast a few days my self, so its all new to me. It also says it has found Win32.Rbot-ZM. ill have to attack the thing tomorow, its past there bed time so ive come home. Thank you . beetle |
beetle (243) | ||
| 381707 | 2005-08-16 11:25:00 | no no quite incorrect advice there...........just right clik on 'my computer' then clik 'manage' then clik service and applicatoins........then clik services......then scroll down the list of services till you find .........rpc then double clik it then clik......the drop down to make it run automatically ......then clik........start for to start thta service.....then clik apply and ok..........then close all that stuff and avast will be workign again....... | drcspy (146) | ||
| 381708 | 2005-08-17 01:31:00 | Ok will give that a try later thank you. another question, it has Registry crawler on this machine, ?? for a home comp with people who do not know how to set a firewall going, or update their avast prog why on earth would they have this on there machine? They also had a great computer dude look at this regularly and add lots of stuff....not Metla....and they have C: D: and E: so that means they have particians? why? im wondering. when i get this machine, i need to really look hard at a fag for spyware, malware and worms, virus and general crap. is the faq number 16 the only one i need to check? beetle |
beetle (243) | ||
| 381709 | 2005-08-17 01:56:00 | You taken up fags beetle. Also note "there machine" should be "their machine" only a little thing but it is important to get it right. I am also wondering why they have "particians" |
Safari (3993) | ||
| 381710 | 2005-08-17 02:02:00 | If you have no help to give me Safari, do not bother to post in my threads please . I do not need or warrant a brow beating thank you . I thought we were here on pf1 so that we could help people in need, not ridicule people for their bad spelling . beetle |
beetle (243) | ||
| 381711 | 2005-08-17 07:44:00 | Can i have some help on this????? log of pc infected with above . Spybot found 5 entries, ? adaware found 18 . Ccleaner found 1 . 704 . 8 MB of crap to remove . Logfile of HijackThis v1 . 99 . 1 Scan saved at 6:38:20 p . m . , on 17/08/2005 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\SYSTEM32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm . exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATSERVER . EXE C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATSPOOL . EXE C:\WINDOWS\System32\svchost . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\SOUNDMAN . EXE C:\WINDOWS\system32\S3tray2 . exe C:\Program Files\ScanSoft\OmniPageSE\opware32 . exe C:\PROGRA~1\RCrawler\rcrawler . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\system32\ctfmon . exe E:\Program Files\Adobe\Acrobat 6 . 0\Distillr\acrotray . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\MSN Messenger\msnmsgr . exe C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe C:\WINDOWS\system32\spoolsv . exe C:\DOCUME~1\Daphne\LOCALS~1\Temp\Rar$EX14 . 203\Hija ckThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www . stuff . co . nz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\AcroIEFavClient . dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\AcroIEFavClient . dll O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [Miramar Systems, Inc . ] C:\Program Files\Miramar\PC MACLAN for Windows 2000\atmsg . exe O4 - HKLM\ . . \Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck . exe O4 - HKLM\ . . \Run: [S3TRAY2] S3tray2 . exe O4 - HKLM\ . . \Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK . EXE O4 - HKLM\ . . \Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32 . exe O4 - HKLM\ . . \Run: [Registry Crawler] C:\PROGRA~1\RCrawler\rcrawler . exe -TRAYONLY O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe O4 - Startup: PowerReg SchedulerV2 . exe O4 - Global Startup: Acrobat Assistant . lnk = E:\Program Files\Adobe\Acrobat 6 . 0\Distillr\acrotray . exe O4 - Global Startup: Adobe Gamma Loader . lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader . exe O4 - Global Startup: Microsoft Office . lnk = E:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL . EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O12 - Plugin for . tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3 . dll O17 - HKLM\System\CCS\Services\Tcpip\ . . \{72CB92D9-F034-446D-BB50-838D56ED2F82}: NameServer = 202 . 27 . 158 . 40 202 . 27 . 156 . 72 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc . - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg . exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe" /service (file missing) O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc . - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATSERVER . EXE O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc . - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATSPOOL . EXE O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc . exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe Thanxs beetle |
beetle (243) | ||
| 381712 | 2005-08-17 08:47:00 | Firstly, move the HijackThis to its own folder in Program Files, ie create a HJT folder in Program Files and install it there. When you have done that run HJT again and put a tick next to the following entries: O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing) After ticking those click on the Fix button to let HJT fix those issues. I see that NAV has been on that machine previously so you're going to have to clean that off as well... ;) How is the machine behaving now? Still slow as a wet day or is it a bit faster? |
FoxyMX (5) | ||
| 381713 | 2005-08-17 13:08:00 | Well they came and got puter at 6pm,as they urgently needed it for work . . . . . rang at 9pm, to say cant get it to print . can you come fix . . . . . . . . . . . . . . they may have plugged it in wrong? I got there and it had gone funny, desktop pic only . . . . . . . . . . . . . no icons, no start bar . mouse not always there . so after lots of . . . and esc, and various other things we did a push / turn off power restart . did this and then it came up with windows is locked name here . . . . etc only person to use, username and password . lol nobody new it xppro it said . so we turned power off again, and started from boot, ok it goes and all is fine . open one prog, slows, open the second to find if it can see printer freezes . it says network not working? i spent the next 3 hours (or nearly 3) doing same things, and then she said oh i have a omega zip drive? plug in thingy, and saved the prog, twice we had to do this, as there was a typo in it, froze inbetween each go and a reboot fixed . . . . we used, adobe? pagemaker 7 . 0 and pdf - adobe 6 . 0 i think these are wrong . to tired to care . . . . . so then she discarded the file as it was no good colour wise, and she started a new one on the mac . !!! at 11pm so i decided to shut down . . . wouldnt work, so turned off . . . . . . . . . . . . . it was going much better when i had it than at there place and now they want it back for tomorow nights work? so hijack this report to do tomorow so it cant see printer, cant see network, and freezes something terrible . . . i had it going quite well this afternoon . . . . . :badpc: :badpc: beetle :stare: |
beetle (243) | ||
| 1 2 3 | |||||