computer infected(not this 1 )
#1
02 Dec 2005 @ 10:15
john1690
Send private message to this user
Member
hi i was on my own pc last night and i went to dload from the site astalvista.box , after a second my search and destroy programm came up with the message computer infected or sumething like that .in a box it says reboot so i did ,the comp rebooted ta as far as windows is starting up ,and didnt go any further,plz help
#2
02 Dec 2005 @ 13:02
u need to post Hjt log so we can see what's wrong with pc.
http://forums.afterdawn.com/thread_view.cfm/263784
Do this instruction from step 3!
We will fix then you're comp.
http://forums.afterdawn.com/thread_view.cfm/263784
Do this instruction from step 3!
We will fix then you're comp.
>>>>> Oppaat <<<<<
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpu...ackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffail...sts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messenge...enasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpu...ackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffail...sts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messenge...enasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
#4
03 Dec 2005 @ 0:11
-kemisti-
AfterDawn Addict
Yep, you can first try to scan with your av in safe mode as ddp said, but please post HjT-log after that.
#5
03 Dec 2005 @ 8:17
i cant even start on safe mode as wen im booting up it gets to as far as windows is starting up ,but it just stays there doing nothing ,yet i can move my mouse about . ive tried all modes on startup,any ideas guys, and tnx for the replys
#6
03 Dec 2005 @ 10:57
ddp
Moderator
what windows are you using & what format is the hd in as in ntfs or fat32??
#9
04 Dec 2005 @ 10:40
thank u for ure help i got back on it eventualy started in safe mode ,it was an infection in java vm,although i still cant get rid id of the infections as i dont have java in control panel,to delete the cache, igot this infection name and repair ere
#10
04 Dec 2005 @ 10:50
Logfile of HijackThis v1.99.1
Scan saved at 20:47:50, on 04/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://radio-slut.org/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
hope this is correct
Scan saved at 20:47:50, on 04/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://radio-slut.org/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
hope this is correct
#12
04 Dec 2005 @ 18:22
Probably log is ok, strange that it looks clean :)
1.Do u have firewall?
There's just no firewall in running processes.
2. Download ewido
-> http://www.ewido.net/en/download/
Update, do complete system scan, remove all files that ewido find and post report here to analyse.
3. Update your windows. Get SP 2
-> http://windowsupdate.microsoft.com/
4. U are using IE. I advise u to change into FireFox -> http://www.mozilla.com/firefox/ or
Opera -> http://www.opera.com/
1.Do u have firewall?
There's just no firewall in running processes.
2. Download ewido
-> http://www.ewido.net/en/download/
Update, do complete system scan, remove all files that ewido find and post report here to analyse.
3. Update your windows. Get SP 2
-> http://windowsupdate.microsoft.com/
4. U are using IE. I advise u to change into FireFox -> http://www.mozilla.com/firefox/ or
Opera -> http://www.opera.com/
>>>>> Oppaat <<<<<
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpu...ackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffail...sts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messenge...enasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpu...ackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffail...sts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messenge...enasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
#13
17 Dec 2005 @ 1:07
Not sure if anyone is seeing this thread but axell's advice saved me a bunch. I bought some new RAM and after installing it (coincidental), I could not get to login screen in xp pro SP2. I am a field engineer in IT and pride myself (does it go before fall?) on troubleshooting ability: I changed the power supply because I read that it's deterioration can slow things down; I blamed my new SATA drive (no viable reason) and because my Norton Antivirus Corp edition is always on, I did not in the least, suspect any viruses. In my favor, I have a copy of power quest desktop which can restore a drive to any state metal to metal and when I needed to reboot my PC, I had to use a 30 day old copy of my hard drive image. Long story short: I found this thread using google and downloaded the ewido prog and it found some ibm virus name that was f***g up my system.
thanks dude, is the least I can say
thanks dude, is the least I can say
#14
19 Dec 2005 @ 18:23
You're welcome & glad to hear you're story :)
>>>>> Oppaat <<<<<
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpu...ackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffail...sts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messenge...enasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpu...ackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffail...sts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messenge...enasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
Share this
