?
Solved

Hijackthis what to remove?

Posted on 2004-11-08
18
Medium Priority
?
459 Views
Last Modified: 2013-12-04
I'm not sure what to remove from logfile. Can anyone advise.

Logfile of HijackThis v1.98.2
Scan saved at 12:13:35 AM, on 11/9/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\oracle9i\BIN\ONRSD.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINNT\TimeSynchronize.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\window.exe
C:\SIERRA\CardStudio\PLNRnote.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\mysql\bin\winmysqladmin.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Program Files\GNU\WinCvs 1.3\wincvs.exe
C:\mysql\bin\mysqld.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\WS_FTP\WS_FTP95.exe
C:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\dhsvr.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee\McAfee Privacy Service\GuardDog.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Documents and Settings\plinnane\Desktop\NPRTON_VIRUS_TOOLS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seekwell.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8000/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.seekwell.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.seekwell.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.seekwell.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 sublimedirectory.com
O1 - Hosts: 66.197.93.224 www.sublimedirectory.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 teeniefiles.com
O1 - Hosts: 66.197.93.224 www.teeniefiles.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 al4a.com
O1 - Hosts: 66.197.93.224 www.al4a.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O1 - Hosts: 66.197.93.224 easypic.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\plinnane\LOCALS~1\Temp\syscca.dat
O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\plinnane\LOCALS~1\Temp\tenrba.dat
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\plinnane\LOCALS~1\Temp\syscca.dat
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\plinnane\LOCALS~1\Temp\cmoc.dat
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINNT\dealhlpr.dll
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\plinnane\LOCALS~1\Temp\rbateni.dat
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINNT\dealhlpr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SimplyDefault] C:\PROGRA~1\Simply\CBWExec.exe /Run C:\PROGRA~1\Simply\CBWAttn.exe -run
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [TimeSyncApp] C:\WINNT\TimeSynchronize.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [javaps] C:\WINNT\Config\javaps.exe
O4 - HKLM\..\Run: [mssys] C:\WINNT\system\mssys.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [window.exe] C:\WINNT\System32\window.exe
O4 - Startup: BadBlue.lnk = C:\Program Files\BadBlue\PE\badblue.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu      &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms      &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Save Forms      &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms      &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms      &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes12031.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes12031.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar      &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.soccernet.com
O15 - Trusted Zone: http://www.soccernet.com
O16 - DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} (TeeChart Pro Activex control) - http://www.steema.com/files/activex/public/teechart.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {0A2276C8-6AC1-11D3-BF1D-00105ACE49EC} (Autoload Modem Pool Monitor and Launcher Control) - http://staging.dmotorworks.com/activex/common/MP_MonitorLaunch.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://C:\Program Files\Windows Media Player\mp3codec543.exe
O16 - DPF: {1C92EE3A-51FE-11D2-B506-00104BC858E1} (Digital Motorworks Date/Time Picker Control) - http://inca.dmotorworks.com/activex/common/DMDateTimePicker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13a4b45f80e87e28aa18/netzip/RdxIE601.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://activex.microsoft.com/activex/controls/iexplorer/x86/iemenu.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://217.73.66.1/del/loader.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
O16 - DPF: {CEEBC0A9-E9A8-11D2-B50D-00104BC858E1} (Digital Motorworks Intranet Administrator(TM) Entity Tree Control) - http://inca.dmotorworks.com/activex/IA/IAEntityTree.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab

0
Comment
Question by:dplinnane
  • 5
  • 5
  • 4
  • +2
18 Comments
 
LVL 17

Assisted Solution

by:Lobo042399
Lobo042399 earned 900 total points
ID: 12530587
Hi dplinnane,

First, do not post a HJT log as a Question. That's a no-no. There is an online HJT Log analyzer that can give you a report on what is good, bad and maybe-maybe. Copy and Paste your Log into the appropriate box at this URL:

http://www.hijackthis.de/index.php?langselect=english%20

After obtaining the report, you can go and check in your HJT those entries that you think should be removed. The online log analyzer is not perfect, so check every entry that it tags as nasty to make sure it is not somethig you have installed and do not want removed. If in doubt, do not check it.

After you've cleaned your system using the online analyzer, if there are any issues remaining in your nachine we'll be more than happy to help you.

Good Vibes!

Lobo
0
 
LVL 21

Expert Comment

by:jvuz
ID: 12530791
Lobo said it all. The URL is very interesting.
0
 
LVL 21

Expert Comment

by:jvuz
ID: 12532002
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 9

Expert Comment

by:woodendude
ID: 12532253
Stay out of the porn sites and your machine will remain much cleaner....   :-)
0
 

Author Comment

by:dplinnane
ID: 12533140
Thanks, for the advice, I ran adware, spybot and hijackthis.  Removed all files that looked suspicious. However when I restart my computer it reboots as soon as I enter my user name and password in login win 2k. When I disconnect from the internet I do not have this problem. I also have an exe called ****-site.com it has being there forever and I cannot get rid of it. Any ideas on whats going on. Access denied the source file may be in use.
0
 
LVL 21

Assisted Solution

by:jvuz
jvuz earned 300 total points
ID: 12533169
Also do a check with stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12533881
>> Access denied the source file may be in use

Try to take ownership of this file and then delete it,
Take Ownership of Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q268019

And get msconfig for Win2000 from here >> http://www.perfectdrivers.com/howto/msconfig.html
and run it and Disable all those extra and unwanted application in Startup section except Antivirus and firewall entries,
Then run all those removal tools in safemode and delete all those junk files manually also if they are present on ur system... restart and now check if same problem ??
0
 
LVL 17

Assisted Solution

by:Lobo042399
Lobo042399 earned 900 total points
ID: 12535974
>> However when I restart my computer it reboots as soon as I enter my user name and password in login win 2k. When I disconnect from the internet I do not have this problem.

A new breed of trojans. Seen them and they are nasty. And they fly right under HJT's radar. Look in your System32 folder for a subfolder named KernelW32.
0
 

Author Comment

by:dplinnane
ID: 12536209
Don't seem to have a subfolder in SYSTEM32,   was able to get rid of f-site above by chnaging ownership and deleting. Still having restart problems. Ironically enough my problems started after I installed mcafee security center.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12536252
>> However when I restart my computer it reboots as soon as I enter my user name and password in login win 2k. When I disconnect from the internet I do not have this problem.

How are u connecting to internet,,, means via cable\adsl modem or dialup connection ??
0
 

Author Comment

by:dplinnane
ID: 12536303
USB port, dsl, wireless
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12536390
then what does this mean, that u cannot login with ur username after a restart UNLESS u disconnect from internet ??
i mean when u will restart, the USB modem will get disconnected, and thus there will be no internet connection..... sorry but this confused me :-?
0
 

Author Comment

by:dplinnane
ID: 12536550
If I remove my usb nic card I can logon onto my computer. As soon as I plug in my nic card my computer restarts.

 I have noticed that if I disable privacy setting with mcafee and then plug in my nic card I can connect to the internet, seems a bit bizarre.
0
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 300 total points
ID: 12536588
ok what u shud try at this moment, is to uninstall Mcafee and then check what are the problems left after removing it !!
Coz may be its just the Mcafee which has problems with ur system :-?
0
 

Author Comment

by:dplinnane
ID: 12536622
I'll give it a try later and see what happens.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12536629
hmmmm listening.....
0
 
LVL 17

Accepted Solution

by:
Lobo042399 earned 900 total points
ID: 12537328
Knowing that the machine is infected I would not remove the antivirus and go online just to see what happens. I would install an alternate AV just for the test, although I'm pretty sure the problem is not MacAfee but a trojan. I've seen that behaviour before and it's really nasty. One thing you can do is install AVG and do a scan. Write down everything it finds and go looking for the folders it points at. Chances are if you tell it to clean the files it finds it'll tell you it can't delete them. So you'll need to write down those locations and go hunting manually.

Good Vibes!

Lobo
0
 
LVL 21

Expert Comment

by:jvuz
ID: 12612198
Thanx,

Jvuz
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question