Solved

internet browser cannot download ( possible virus )

Posted on 2004-04-26
8
1,660 Views
Last Modified: 2011-09-20
hey experts,
my problem is that i cannot download any thing from the internet browser and can surf internet normally only cannot download any thing (can download files from p2p programs). a program sysupd.exe was running in my task manager, whenever i kill this process it automatically starts again and i was not able to delete as it was running. somehow i managed to delete it from safemode still the problem is there. i scan my system from nortron and mcafee; no virues found. and getting a lot of port scan every hour (may be back door) tried to get what ever info required from net what was not usefull. i am jammed cannot download any file from the internet browser.
your advice w'll be highly appreciated
0
Comment
Question by:mohsin_ali
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 32

Accepted Solution

by:
LucF earned 200 total points
ID: 10922929
Hi mohsin_ali,

That's what you get from using p2p programs, a lot of junk comes with them...

I suggest you to start with this: (use all three of them)
Ad-aware :                          http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder :              http://209.133.47.200/~merijn/files/CWShredder.exe
(make sure to update before running)

If you're still having problems, use this tool and post the logfile:
Hijackthis :                           http://209.133.47.200/~merijn/files/HijackThis.exe


Greetings,

LucF
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 200 total points
ID: 10923003
Hi mohsin_ali,

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine
check to see if that exe file is still running. delete it

restart the machine and check if it automatically comes back again.



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10923006
Just remove all the p2p programs and run the spyware removal tools listed by Lucf

check if the system would function fine now
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Assisted Solution

by:acmp
acmp earned 100 total points
ID: 10925859
The sysupd file is a diler program. Pest Patrole has info at http://www.pestpatrol.com/pestinfo/t/tscash.asp. This includes infor on removal. Worth a read.

As you have removed the exe file other spyware checkers _may_ not find it or remove it properly.

good luck

acmp<><
0
 

Author Comment

by:mohsin_ali
ID: 10943109
guys i had removed this dialer before, and even checked with acmp suggested website. i dont have this dialer anymore but still i cannot download frm internet explorer and due to this problem i cannot download any tool.
let me tell you wht i feel, it is that when i try to download some program put me connection into some kind of loop cause when it tries to make connection before giving in which folder to safe file to, the net is used 100% for around 5 sec than i get an error for connection failed. so this is not from the server i am requesting it is from my side which might be redirecting my download to a nonexisting IP address (may be thts y the net connention goes to max). i am screwed up bad.......
i am also posting up log file tht lucf wanted


anyways thnks

Logfile of HijackThis v1.96.4
Scan saved at 12:04:04 AM, on 4/29/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KaZaA Lite\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{68B619C6-3E20-47E8-A1A6-A6A730495D5E}: NameServer = 194.170.1.6 194.170.1.7

0
 
LVL 32

Expert Comment

by:LucF
ID: 10943429
Just a guess... try this tool to replace your winsock and TCP/IP stack:
http://members.shaw.ca/techcd/WinsockXPFix.exe
0
 

Author Comment

by:mohsin_ali
ID: 11053109
guys nothing worked for me, anyways i formatted the pc and everything is fine
so im splitting the points
:)
0
 
LVL 32

Expert Comment

by:LucF
ID: 11053132
Too bad to hear that... hope you have better luck next time.

LucF
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question