Microemission
2007-09-07, 02:46
Hi
I'm having a problem :|
Well.. its like this
if i dont use firewall (agniotum outpost i am using at the moment) my winxpsp2 get filled with viruses.
it gets in c:\ root c:\windows c:\windows\system32 and c:\system32\config
wel.. i am sick of this virus and dont understand very well how it works
yes i have used ad-aware spybotSD avast use outpost agnitum firewall windows defender adwatch and hijackthis
My hosts file is fine.
Anyway what i find is that there isnt any program running that is a trojan now. Sometimes when windows is started adwatch saw that some virus called c:\windows\system32\lanmanwrk.exe was going to windows system run(in registry) and of course i blocked. Avast detected the virus or trojan(its in the avast log) and removed it.
Anyway some more stupid executabled with stupid names like qqmmbjjhj.exe or whatever was its name also tried to execute from c:\windows\system32 (or even executed but then agnitum blocked internet access) then avast detected the file and deleted it. Anyway i still cannot disable agnitum firewall (and i have a router with firewall running) since i know i will get infected again with more crap. And the other 3 windows xp sp2 i have in the house are running flawlessly with no trojan or virus or any crap i can find for that matter all with the same internet connection and without any firewall software in those pcs.(only avast av). And im not saying that i plan to remove agnitum firewall soon from this pc. But its not normal i have to use firewall in order to prevent from beeing infected.
So the cause of my problem i think it is that the winlogon.exe and services.exe(and maybe svchost.exe is infected but i didnt block access to it to the net, and so far i didnt find any problems, so i dont think is has any problem). Okay they are in the c:\windows\system32 folder and yes they are vital part of windows system so i cannot kill them.
So what i think is that some .dll(and i dont know which ones because its a long list of dll files beeing used by these two programs at least) is running in these both executables that is a virus. And i say this because that in outpost , with the programs services.exe and winlogon.exe with blocked internet access (yes they are in the c:\windows\system32 folder) they are trying to connect to some weirdo websites( u can find it on the outpostblocked.txt file. I believe these sites are where the virus file come from but not sure.)
Or maybe some service (in services.msc is fucking winlogon.exe and services.exe). I have got all the info u may need if u please want to help me because i cant get rid of this SH1T.
Infos.rar file is the achive where u can see all the infos i have. HJT handle.exe(tool from sysinternals located in REMOVED avast outpost and mspaint logs. Please help me. Its everything there.
SAFE TO DOWNLOAD THIS ONE:
REMOVED
i think HJT log is fine
check the logs for services.exe and winlogon.exe for yourself. (my pc is your pc heheehhe :) )
I used also tasklist (in cmd) tasklist /svc and tasklist /m for the logs.
So..
Is it some kind of a rootkit, dll files or some service(from services.msc) ?
If it is a dll file which one/ones is/are they?
---------------------------------------------------
these are some of the virus stupid avast cant detect(and not even norton 2006).
CAREFUL DO NOT DOWNLOAD THIS ONE CAUSE THEY HAVE VIRUS!
REMOVED
most of these were on c:\ root , retadpu virus was on c:\windows(cause stupid agnitum was not working one time), and other virus detected by avast were on c:\windows\system32 folder(check avast logs for the infections he detected) and some also on temp folders.
oh and btw once when i restarted (and i have framework.net 2.0 installed) programs that use this framewrok (like CCC from ati) cannot work gining 0xc000007c or 0xc000007b (not sure now) and i reinstalled it without success. Dunno if its the virus work or something else(dunno if you can help me with this but no problem if you cant). :)
Thank your for your patience and help. :)
I deeply appreciate it very much.
Microemission
(finally i finished writing this in my lifetime..... puff stupid viruses) :)
I'm having a problem :|
Well.. its like this
if i dont use firewall (agniotum outpost i am using at the moment) my winxpsp2 get filled with viruses.
it gets in c:\ root c:\windows c:\windows\system32 and c:\system32\config
wel.. i am sick of this virus and dont understand very well how it works
yes i have used ad-aware spybotSD avast use outpost agnitum firewall windows defender adwatch and hijackthis
My hosts file is fine.
Anyway what i find is that there isnt any program running that is a trojan now. Sometimes when windows is started adwatch saw that some virus called c:\windows\system32\lanmanwrk.exe was going to windows system run(in registry) and of course i blocked. Avast detected the virus or trojan(its in the avast log) and removed it.
Anyway some more stupid executabled with stupid names like qqmmbjjhj.exe or whatever was its name also tried to execute from c:\windows\system32 (or even executed but then agnitum blocked internet access) then avast detected the file and deleted it. Anyway i still cannot disable agnitum firewall (and i have a router with firewall running) since i know i will get infected again with more crap. And the other 3 windows xp sp2 i have in the house are running flawlessly with no trojan or virus or any crap i can find for that matter all with the same internet connection and without any firewall software in those pcs.(only avast av). And im not saying that i plan to remove agnitum firewall soon from this pc. But its not normal i have to use firewall in order to prevent from beeing infected.
So the cause of my problem i think it is that the winlogon.exe and services.exe(and maybe svchost.exe is infected but i didnt block access to it to the net, and so far i didnt find any problems, so i dont think is has any problem). Okay they are in the c:\windows\system32 folder and yes they are vital part of windows system so i cannot kill them.
So what i think is that some .dll(and i dont know which ones because its a long list of dll files beeing used by these two programs at least) is running in these both executables that is a virus. And i say this because that in outpost , with the programs services.exe and winlogon.exe with blocked internet access (yes they are in the c:\windows\system32 folder) they are trying to connect to some weirdo websites( u can find it on the outpostblocked.txt file. I believe these sites are where the virus file come from but not sure.)
Or maybe some service (in services.msc is fucking winlogon.exe and services.exe). I have got all the info u may need if u please want to help me because i cant get rid of this SH1T.
Infos.rar file is the achive where u can see all the infos i have. HJT handle.exe(tool from sysinternals located in REMOVED avast outpost and mspaint logs. Please help me. Its everything there.
SAFE TO DOWNLOAD THIS ONE:
REMOVED
i think HJT log is fine
check the logs for services.exe and winlogon.exe for yourself. (my pc is your pc heheehhe :) )
I used also tasklist (in cmd) tasklist /svc and tasklist /m for the logs.
So..
Is it some kind of a rootkit, dll files or some service(from services.msc) ?
If it is a dll file which one/ones is/are they?
---------------------------------------------------
these are some of the virus stupid avast cant detect(and not even norton 2006).
CAREFUL DO NOT DOWNLOAD THIS ONE CAUSE THEY HAVE VIRUS!
REMOVED
most of these were on c:\ root , retadpu virus was on c:\windows(cause stupid agnitum was not working one time), and other virus detected by avast were on c:\windows\system32 folder(check avast logs for the infections he detected) and some also on temp folders.
oh and btw once when i restarted (and i have framework.net 2.0 installed) programs that use this framewrok (like CCC from ati) cannot work gining 0xc000007c or 0xc000007b (not sure now) and i reinstalled it without success. Dunno if its the virus work or something else(dunno if you can help me with this but no problem if you cant). :)
Thank your for your patience and help. :)
I deeply appreciate it very much.
Microemission
(finally i finished writing this in my lifetime..... puff stupid viruses) :)