Solved

internet browser cannot download ( possible virus )

Posted on 2004-04-26
8
1,602 Views
Last Modified: 2011-09-20
hey experts,
my problem is that i cannot download any thing from the internet browser and can surf internet normally only cannot download any thing (can download files from p2p programs). a program sysupd.exe was running in my task manager, whenever i kill this process it automatically starts again and i was not able to delete as it was running. somehow i managed to delete it from safemode still the problem is there. i scan my system from nortron and mcafee; no virues found. and getting a lot of port scan every hour (may be back door) tried to get what ever info required from net what was not usefull. i am jammed cannot download any file from the internet browser.
your advice w'll be highly appreciated
0
Comment
Question by:mohsin_ali
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 32

Accepted Solution

by:
Luc Franken earned 200 total points
Comment Utility
Hi mohsin_ali,

That's what you get from using p2p programs, a lot of junk comes with them...

I suggest you to start with this: (use all three of them)
Ad-aware :                          http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder :              http://209.133.47.200/~merijn/files/CWShredder.exe
(make sure to update before running)

If you're still having problems, use this tool and post the logfile:
Hijackthis :                           http://209.133.47.200/~merijn/files/HijackThis.exe


Greetings,

LucF
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 200 total points
Comment Utility
Hi mohsin_ali,

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine
check to see if that exe file is still running. delete it

restart the machine and check if it automatically comes back again.



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
Comment Utility
Just remove all the p2p programs and run the spyware removal tools listed by Lucf

check if the system would function fine now
0
 
LVL 6

Assisted Solution

by:acmp
acmp earned 100 total points
Comment Utility
The sysupd file is a diler program. Pest Patrole has info at http://www.pestpatrol.com/pestinfo/t/tscash.asp. This includes infor on removal. Worth a read.

As you have removed the exe file other spyware checkers _may_ not find it or remove it properly.

good luck

acmp<><
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:mohsin_ali
Comment Utility
guys i had removed this dialer before, and even checked with acmp suggested website. i dont have this dialer anymore but still i cannot download frm internet explorer and due to this problem i cannot download any tool.
let me tell you wht i feel, it is that when i try to download some program put me connection into some kind of loop cause when it tries to make connection before giving in which folder to safe file to, the net is used 100% for around 5 sec than i get an error for connection failed. so this is not from the server i am requesting it is from my side which might be redirecting my download to a nonexisting IP address (may be thts y the net connention goes to max). i am screwed up bad.......
i am also posting up log file tht lucf wanted


anyways thnks

Logfile of HijackThis v1.96.4
Scan saved at 12:04:04 AM, on 4/29/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KaZaA Lite\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7

0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
Just a guess... try this tool to replace your winsock and TCP/IP stack:
http://members.shaw.ca/techcd/WinsockXPFix.exe
0
 

Author Comment

by:mohsin_ali
Comment Utility
guys nothing worked for me, anyways i formatted the pc and everything is fine
so im splitting the points
:)
0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
Too bad to hear that... hope you have better luck next time.

LucF
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now