Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

internet browser cannot download ( possible virus )

Posted on 2004-04-26
8
Medium Priority
?
1,671 Views
Last Modified: 2011-09-20
hey experts,
my problem is that i cannot download any thing from the internet browser and can surf internet normally only cannot download any thing (can download files from p2p programs). a program sysupd.exe was running in my task manager, whenever i kill this process it automatically starts again and i was not able to delete as it was running. somehow i managed to delete it from safemode still the problem is there. i scan my system from nortron and mcafee; no virues found. and getting a lot of port scan every hour (may be back door) tried to get what ever info required from net what was not usefull. i am jammed cannot download any file from the internet browser.
your advice w'll be highly appreciated
0
Comment
Question by:mohsin_ali
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 32

Accepted Solution

by:
LucF earned 400 total points
ID: 10922929
Hi mohsin_ali,

That's what you get from using p2p programs, a lot of junk comes with them...

I suggest you to start with this: (use all three of them)
Ad-aware :                          http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder :              http://209.133.47.200/~merijn/files/CWShredder.exe
(make sure to update before running)

If you're still having problems, use this tool and post the logfile:
Hijackthis :                           http://209.133.47.200/~merijn/files/HijackThis.exe


Greetings,

LucF
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 400 total points
ID: 10923003
Hi mohsin_ali,

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine
check to see if that exe file is still running. delete it

restart the machine and check if it automatically comes back again.



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10923006
Just remove all the p2p programs and run the spyware removal tools listed by Lucf

check if the system would function fine now
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 6

Assisted Solution

by:acmp
acmp earned 200 total points
ID: 10925859
The sysupd file is a diler program. Pest Patrole has info at http://www.pestpatrol.com/pestinfo/t/tscash.asp. This includes infor on removal. Worth a read.

As you have removed the exe file other spyware checkers _may_ not find it or remove it properly.

good luck

acmp<><
0
 

Author Comment

by:mohsin_ali
ID: 10943109
guys i had removed this dialer before, and even checked with acmp suggested website. i dont have this dialer anymore but still i cannot download frm internet explorer and due to this problem i cannot download any tool.
let me tell you wht i feel, it is that when i try to download some program put me connection into some kind of loop cause when it tries to make connection before giving in which folder to safe file to, the net is used 100% for around 5 sec than i get an error for connection failed. so this is not from the server i am requesting it is from my side which might be redirecting my download to a nonexisting IP address (may be thts y the net connention goes to max). i am screwed up bad.......
i am also posting up log file tht lucf wanted


anyways thnks

Logfile of HijackThis v1.96.4
Scan saved at 12:04:04 AM, on 4/29/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KaZaA Lite\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7

0
 
LVL 32

Expert Comment

by:LucF
ID: 10943429
Just a guess... try this tool to replace your winsock and TCP/IP stack:
http://members.shaw.ca/techcd/WinsockXPFix.exe
0
 

Author Comment

by:mohsin_ali
ID: 11053109
guys nothing worked for me, anyways i formatted the pc and everything is fine
so im splitting the points
:)
0
 
LVL 32

Expert Comment

by:LucF
ID: 11053132
Too bad to hear that... hope you have better luck next time.

LucF
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question