Virus? Spyware? Clumsy user? Not sure - Please Help!

Forums: Computers
Email this Topic • Print this Page

I've somehow managed to do something bad to Windows XP on my laptop.

Symptoms:

Most progs that run in an Windows Explorer-style window won't work. The window appears for a fraction of a second then disappears, leaving no trace it was ever there. Task Manager shows that the application has died as well. This affects Internet Explorer, My Computer, Search and even Trashcan etc. which makes diagnosis and treatment too hard for me (I have minimal MSDOS knowledge as well). We have a mini 4-machine network in the house, and the router is not recognising the machine's name, only that it is there, and it's not responding to a Ping command any more.

Other progs like Real Player, WinDVD, and the few games I have (Unreal Tournament, Serious Sam) run okay, and will even run in a window on the desktop (as well as full-screen mode). Windows Help also works okay.

Solution?

I've ran virus scans using the latest versions of both McAfee and Norton, and they found 6 viruses and spywares, and got rid of the infected files, but this hasn't fixed it. I've also done a System Restore back to before the problem started, but that hasn't worked either.

Any help anyone can give is very much appreciated. If you need any more system info to diagnose and treat properly then I'll post it in as soon as I can. If it can't get sorted I'll have to format the hard-drive and start from scratch, which is bad because I have files on there that I can't get off - no network links, CD burner not working, no floppy drive even.

Many thanks in advance.

Confession:

Yes, I was looking at nudey ladies just before it broke. Embarrassed

I know it's wrong in an IT sense because it's all riddled with nasties, but I thought McAfee, Norton and 2 firewalls would protect me. Embarrassed

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,035 • Replies: 14

No top replies

I can't help you, but my wife could, given that she sometimes has the dubious task of cleaning her ex-boss's laptop from porn-related nastiness. However, she would have to kill you first, and at that point, the laptop would no longer be of any use to you. You were looking at the free sites too, I'll bet....bad Duke. Wink

I hope someone can help out.

0 Replies

Single men have needs, Cav! Thanks for the support anyway!

0 Replies

Perhaps if I hadn't mentioned where I probably picked it up, someone might have helped. Bumping it onto New Posts might bring it to more people's attention.

Look, I know it was stupid checking out the free porn, but surely most people do stupid things sometimes? I did take precautions! I did practice safe cyber-sex! Please help!

0 Replies

Oh stop it Duke...you're a big boy and can do what you want...including mess up your laptop

0 Replies

Ironically, I suspect you got a backdoor trojan, which is totally useless to you tecnichally, but seeing as no experts have shown up, it's worth the pun value, and the bump.

0 Replies

was counting on you Cav

0 Replies

Take a look HERE, Grand Duke, just to get an idea what all may be involved.

I recommend you download, install, update, and configure Spybot S&D as a first step. Be sure to read, understand, and follow the documentation for update and configuration procedures. Then disconnect from the 'net, close all browsers and other apps, run Spybot, and let it fix whatever it finds. It may ask to run again on next boot to complete repairs; if so, reboot and let it run. In any event, run it at least one more time, untill it comes up "Clean". Be sure to set it to "Immunize", and configure its "TeaTimer" feature for maximum protection (the documentation - help file and tutorial - explain this, but if you still have questions, ask here). Then reconnect to the 'net and see what happens. That may have cleared things up by itself, but if not, we can take it from there.

0 Replies

Thanks Cav & Panzade for your morale-boosting comments :wink: Laughing

and thanks to Timber for some proper help! Smile

One thing, Timber, have you any idea if the Spybot program will execute it's install from a CD? Internet Explorer and Windows Explorer are both shagged, and the only way I could get it onto the machine is by downloading it on another and burning it to CD, then using Run. I'll give it a go over the weekend. Thanks again.

0 Replies

Timber - I've started the process. I got Spybot onto the PC, and it found 46 items the first time, and 5 the second time. These are now all fixed. However, running it for the 3rd, 4th and 5th times (with reboots between) always show "DSO Exploit" listed, with 5 sub-items. I get Spybot to fix it, reboot, and it's still there. Any ideas? And the problem of windows closing themselves still happens.

Prior to running Spybot, I used the XP disk to repair & reinstall Windows, and that has made no difference.

0 Replies

Hijack-This has saved me!

I installed it and ran a scan, deleted about 10 things that looked wrong, rebooted, and all seems to be well. I'm going cautious for a while even so. I'll post the full log in case anything is lurking:

0 Replies

Just a quick note without a lotta relevant back-support; don't worry too much about the DSO Exploit thing as long as your Windows and your IE are fully up-to-date. That's more of a Spybot bug than anything meriting concern. If your OS and browser are fully up to date, just instruct Spybot to ignore DSO Exploit. More detail available on request, of course, but right now I'd rather play here than work here.

0 Replies

I thank you sincerely for taking the time to assist, Timberlandko. I was trying to save the hijack-this log, and McAfee told me it was infected with a trojan and then it deleted it? Is this likely? Or is McAfee confused? Or am I confused? I'll save & post it anyway, and ignore McAfee.

0 Replies

While its possible for just about any file to become infected, Hijack This would not be high on the list of candidates. I'd lay odds it is safe to "save" your HJT log, regardless what McAfee might say. I will note I've never come across that particular symptom, though I've seen fals positives not only from McAfee but also from just about any other scanning/blocking software.

0 Replies

Bizarrely, there was no problem when I tried it again...

Logfile of HijackThis v1.98.2
Scan saved at 03:52:20, on 03/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {9EAC0102-5E61-2312-BC2D-414456544F4E} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.250/tonn.chm::/wintbl32.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn278.exe

0 Replies

Virus? Spyware? Clumsy user? Not sure - Please Help!

Related Topics

Quick Links

My Account

able2know