• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1676
  • Last Modified:

internet browser cannot download ( possible virus )

hey experts,
my problem is that i cannot download any thing from the internet browser and can surf internet normally only cannot download any thing (can download files from p2p programs). a program sysupd.exe was running in my task manager, whenever i kill this process it automatically starts again and i was not able to delete as it was running. somehow i managed to delete it from safemode still the problem is there. i scan my system from nortron and mcafee; no virues found. and getting a lot of port scan every hour (may be back door) tried to get what ever info required from net what was not usefull. i am jammed cannot download any file from the internet browser.
your advice w'll be highly appreciated
0
mohsin_ali
Asked:
mohsin_ali
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
LucFCommented:
Hi mohsin_ali,

That's what you get from using p2p programs, a lot of junk comes with them...

I suggest you to start with this: (use all three of them)
Ad-aware :                          http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder :              http://209.133.47.200/~merijn/files/CWShredder.exe
(make sure to update before running)

If you're still having problems, use this tool and post the logfile:
Hijackthis :                           http://209.133.47.200/~merijn/files/HijackThis.exe


Greetings,

LucF
0
 
sunray_2003Commented:
Hi mohsin_ali,

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine
check to see if that exe file is still running. delete it

restart the machine and check if it automatically comes back again.



Thanks
0
 
sunray_2003Commented:
Just remove all the p2p programs and run the spyware removal tools listed by Lucf

check if the system would function fine now
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
acmpCommented:
The sysupd file is a diler program. Pest Patrole has info at http://www.pestpatrol.com/pestinfo/t/tscash.asp. This includes infor on removal. Worth a read.

As you have removed the exe file other spyware checkers _may_ not find it or remove it properly.

good luck

acmp<><
0
 
mohsin_aliAuthor Commented:
guys i had removed this dialer before, and even checked with acmp suggested website. i dont have this dialer anymore but still i cannot download frm internet explorer and due to this problem i cannot download any tool.
let me tell you wht i feel, it is that when i try to download some program put me connection into some kind of loop cause when it tries to make connection before giving in which folder to safe file to, the net is used 100% for around 5 sec than i get an error for connection failed. so this is not from the server i am requesting it is from my side which might be redirecting my download to a nonexisting IP address (may be thts y the net connention goes to max). i am screwed up bad.......
i am also posting up log file tht lucf wanted


anyways thnks

Logfile of HijackThis v1.96.4
Scan saved at 12:04:04 AM, on 4/29/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KaZaA Lite\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7

0
 
LucFCommented:
Just a guess... try this tool to replace your winsock and TCP/IP stack:
http://members.shaw.ca/techcd/WinsockXPFix.exe
0
 
mohsin_aliAuthor Commented:
guys nothing worked for me, anyways i formatted the pc and everything is fine
so im splitting the points
:)
0
 
LucFCommented:
Too bad to hear that... hope you have better luck next time.

LucF
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now