Search:

Hi,

When I spoke with the HP techs they said that it sounds like it might be a malware problem since they did a hard drive test and it passed both the quick and the extensive tests...I'll check...

hello,

i'm having trouble with my laptop (which i've only had for 3 months). last month i got an error message saying that there was a problem with the video card or something and it rebooted -...

LONNY - THERE'S A LOT MORE IN THIS TEXT FILE, BUT THIS IS THE LAST THAT I'M GOING TO POST HERE SINCE IT COULD PROBABLY TAKE UP 8 OR 9 MORE POSTS...:

MSI (s) (14:34) [03:02:30:359]: Dir (target):...

MSI (s) (14:34) [03:02:30:156]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 11/19/2006 3:02:30 ===
MSI (s) (14:34) [03:02:30:156]: PROPERTY CHANGE: Adding...

hi lonny,

i have no idea what this is, but i was just looking through my c drive and found a folder called "c7bebf6fd69d3fc7be9a7f872d990d54" - in it is a text file called...

hi lonny,

i'm not sure what winap is, so i haven't done that yet...here's the issue as it stands - the same symptoms as were described in the first post:

the computer has restarted by itself...

(cough) i knew that. :oops: here you go:

Logfile of HijackThis v1.99.1
Scan saved at 7:54:46 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00...

hi everyone - AGAIN. (sigh).

ok, so this time i'm having serious problems....it started a couple of days ago and has gotten progressively worse. i used a file sharing program (i know, i...

hi tashi,

i think everything's okay - i haven't gotten any notices...but i'm still a little nervous since i kept getting those notices that someone was trying to access my computer. i guess i'll...

hi,

well, i guess that's comforting...there isn't really anything happening except when i turn off my windows firewall. when i turn that off, i get a barrage of notifications saying that a remote...

sorry!! i'm re-sending that to you now.:oops:

okay great, i deleted those files....also, the cmd.ftp file - there's one that's right next to it that's cmd.exe & it says it's "windows command processor" - should i delete that one also or leave it...

RMAgentOutput.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the...

okay, here are the results of the scan:

File: ExMenu.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious....

okay great....the csrss.exe file is active on my computer all the time, if that matters...

so none of the malware is active then? so i shouldn't worry about the ports that are active?

in my "all winsock2 catalogs" area, there's an entry called:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

i looked on symantec &...

also, in my system folder, i saw that there were some files that say Exontrol Inc. - i found a page on symantec that say it's the TrueActive Monitor keylogger. here's the page:
...

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec...

hi,

i'm going to have to post the log in a few messages since it's so long, but i have a question - we've been checking my c drive, but i have another drive, a d drive - a friend of mine installed...

how do i empty nortons' quarantine? is it possible for quarantined items to still be used by remote systems?

sorry - i'll post the winpfind list here tomorrow... thank you!!

sorry to have posted the whole infected list again, but i didn't know where
the partial one i sent you ended, so i didn't want to miss anything.

like i said before, i have a presario (c:) drive,...

File C:\Program Files\Norton AntiVirus\Quarantine\23180112.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton...

File C:\Program Files\Norton AntiVirus\Quarantine\0920036D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton...

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ScreensaversInstaller". Action Taken: No Action Taken.
Entry...

Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder...

hi,

i just got home from work - i left it running all day while i was gone...anyway, it found a LOT of viruses, worms, trojan downloaders, keyloggers & a couple of browser hijackers, but from what...

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acc". Action Taken: No Action Taken.
Entry...

okay, it's been scanning for over 9 hours (only 1 of my 3 hard drives so far), so this might take all weekend, but here's what the mwantivirus toolkit has found so far:

Object "minibug Adware"...

hi,

i'm sorry for disappearing - i was away this week....i'll take the steps that you suggested tonight...i'll just let it run on the computer while i'm sleeping.

i just got an alert from my...

sorry to keep posting, but i keep finding more information...

i just went into my norton firewall & looked under the "statistics," "view logs" area...i went into the "system" file and found that...

sorry i didn't mention this to begin with, but i have 2 harddrives on my computer (i might have a 3rd, i'm not sure - sorry, i don't know anything about hard drives)...i have Presario (C:), Local...

hi,

i didn't see the graphic interface option when i downloaded the software, so i downloaded that one this time & ran it....it says there are no hidden items found and i think the log is the same...

i don't know if i did something wrong, but i don't see a "rename" option...i opened blacklight and got a dos window...i accepted the user agreement & it started scanning automatically for "hidden...

hi again...a new development....i can search for pictures & music on my computer, but now, all of a sudden, i'm not able to search for files & folders. is there a way for me to just close the ports...

also, i forgot to mention that today i was working on my web site with a tech guy from my hosting company & we found a really weird file stored in my file manager - i've never seen it before & the...

AND HERE'S THE LATEST HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 11:04:59 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2...

hi,

first, let me beging by saying thank you SOOO much for helping me with this...

second, i didn't get a chance to follow your steps until a couple of hours ago since i work on my computer all...

hi illukka,

i'm just about to follow your advice, but i thought i'd stop in first and say that this morning i've been alerted 3 times by my norton personal firewall that someone was trying to...

also, i just ran panda and it found 28 pieces of spyware (but it doesn't clean them!!! grrrrr)....it doesn't say what or where they are and the free version doesn't clean them, so i don't know how...

hello all...i'm new here, so i'll start at the beginning. i've had trouble with browser hijackers before, which my s&d and other software found....this time, though, my computer has been acting...