Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 20 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
ok, my problem is i cant download anything off the internet. well, websites, and pictures, but links to download stuff, and flash movies dont work. I think its a virus. does anyone know of a virus that does this?? i checked the internet options, and downloading is enabled. this just started like a day ago. Also, today I had to get rid of another virus called supernova. would this virus have effected my internet explorer at all??

oh yeah, also, when i was finding the supernova file in the WINDOWS directory, i came across a suspicious txt file called "da hot fix"...is this a legit file? ALSO for the last week or so i keep losing my internet connection. I have to then unplug my modem, and then go to network connections, and "Repair" the connection. Im thinking this has to do with the virus, too. just trying to give you as many symptoms as i can, to help pinpoint.

one more thing, ive run norton anti-virus, which hasnt found anything,(i cant run online virus programs, due to the fact that i cant download), BUT it did find a virus called hasta on my computer about two weeks ago. would THIS have done something to my internet????
haha, this is probably a tad confusing, but oh well, thanks for the help.
 

·
Registered
Joined
·
45,855 Posts
Can you tell us exactly what happens when you try to download something? For example the StartupList.zip file from the site below?

http://www.lurkhere.com/~nicefiles/

If you right click on it and select "save target as", does it download.

When downloads fail, do you get a blank page with a single icon on it?

If you can't get StartupList.exe, try this: click Start>Run and enter msinfo32 and click on Software Environment and Startup Programs. Then click Edit>Select All>Edit>Copy and paste the copied text to a reply. Do the same for "Running Tasks"

You could try restoring a registry dated prior to the problem (depending on what Windows version you have), but this might undo any registry repairs with respect to the SuperNova worm.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
what it says when i try and download a file is:
"explorer was unable to open this site. The requested site is either unavailable or cannot be found. please try again later."
the thing is, i know the things im downloading are working. I tried downloading what you told me, but it gave me the above message.

startup programs:

Adobe Gamma Loader c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe All Users Common Startup
Advanced Tools Check c:\progra~1\norton~1\advtools\advchk.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\program files\aim95\aim.exe -cnetwait.odl HPPAV\HP Authorized Custom HKU\S-1-5-21-796845957-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp "c:\program files\common files\symantec shared\ccapp.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccRegVfy "c:\program files\common files\symantec shared\ccregvfy.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini HPPAV\HP Authorized Custom Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
MoneyAgent "c:\program files\microsoft money\system\money express.exe" NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" NT AUTHORITY\LOCAL SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" NT AUTHORITY\NETWORK SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msnmsgr "c:\program files\msn messenger\msnmsgr.exe" /background HPPAV\HP Authorized Custom HKU\S-1-5-21-796845957-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

running tasks:

ccapp.exe c:\program files\common files\symantec shared\ccapp.exe 1220 8 204800 1413120 1/3/2003 5:36 PM 1.03.15 53.69 KB (54,976 bytes) 1/2/2003 9:35 PM
ccevtmgr.exe c:\program files\common files\symantec shared\ccevtmgr.exe 908 8 204800 1413120 1/3/2003 5:36 PM 1.03.4 309.70 KB (317,128 bytes) 1/2/2003 9:35 PM
csrss.exe Not Available 332 13 Not Available Not Available 1/3/2003 5:36 PM Not Available Not Available Not Available
explorer.exe c:\windows\explorer.exe 896 8 204800 1413120 1/3/2003 5:36 PM 6.00.2600.0000 (xpclient.010817-1148) 977.50 KB (1,000,960 bytes) 8/23/2001 12:00 PM
helpctr.exe c:\windows\pchealth\helpctr\binaries\helpctr.exe 2292 8 204800 1413120 1/4/2003 1:08 AM 5.1.2600.0 (xpclient.010817-1148) 676.00 KB (692,224 bytes) 11/28/2002 6:25 PM
helpsvc.exe c:\windows\pchealth\helpctr\binaries\helpsvc.exe 3856 8 204800 1413120 1/4/2003 1:08 AM 5.1.2600.0 (xpclient.010817-1148) 678.00 KB (694,272 bytes) 11/28/2002 6:25 PM
iexplore.exe c:\program files\internet explorer\iexplore.exe 2080 8 204800 1413120 1/4/2003 12:41 AM 6.00.2600.0000 (xpclient.010817-1148) 89.00 KB (91,136 bytes) 11/28/2002 6:24 PM
kazaa.exe c:\program files\kazaa lite\kazaa.exe 1624 8 204800 1413120 1/4/2003 12:57 AM 2, 0, 2, 0 2.13 MB (2,232,832 bytes) 11/5/2002 8:30 AM
lsass.exe c:\windows\system32\lsass.exe 412 9 204800 1413120 1/3/2003 5:36 PM 5.1.2600.0 (xpclient.010817-1148) 11.50 KB (11,776 bytes) 8/23/2001 12:00 PM
msmsgs.exe c:\program files\messenger\msmsgs.exe 1500 8 204800 1413120 1/4/2003 1:10 AM 4.6.0078 1.39 MB (1,458,448 bytes) 4/11/2002 7:36 AM
msnmsgr.exe c:\program files\msn messenger\msnmsgr.exe 3836 8 204800 1413120 1/4/2003 12:41 AM 5.0.0540 2.08 MB (2,185,800 bytes) 11/7/2002 10:04 PM
navapsvc.exe c:\program files\norton antivirus\navapsvc.exe 1476 8 204800 1413120 1/3/2003 5:36 PM 9.05.1015 113.61 KB (116,336 bytes) 1/2/2003 9:35 PM
nprotect.exe c:\program files\norton antivirus\advtools\nprotect.exe 1488 8 204800 1413120 1/3/2003 5:36 PM 16.00.0.22 132.00 KB (135,168 bytes) 12/22/2002 3:42 PM
services.exe c:\windows\system32\services.exe 400 9 204800 1413120 1/3/2003 5:36 PM 5.1.2600.0 (xpclient.010817-1148) 99.00 KB (101,376 bytes) 8/23/2001 12:00 PM
smss.exe c:\windows\system32\smss.exe 284 11 204800 1413120 1/3/2003 5:36 PM 5.1.2600.0 (xpclient.010817-1148) 44.50 KB (45,568 bytes) 8/23/2001 12:00 PM
spoolsv.exe c:\windows\system32\spoolsv.exe 1044 8 204800 1413120 1/3/2003 5:36 PM 5.1.2600.0 (XPClient.010817-1148) 50.00 KB (51,200 bytes) 8/23/2001 12:00 PM
svchost.exe c:\windows\system32\svchost.exe 568 8 204800 1413120 1/3/2003 5:36 PM 5.1.2600.0 (xpclient.010817-1148) 12.50 KB (12,800 bytes) 8/23/2001 12:00 PM
svchost.exe c:\windows\system32\svchost.exe 592 8 204800 1413120 1/3/2003 5:36 PM 5.1.2600.0 (xpclient.010817-1148) 12.50 KB (12,800 bytes) 8/23/2001 12:00 PM
svchost.exe Not Available 700 8 Not Available Not Available 1/3/2003 5:36 PM Not Available Not Available Not Available
svchost.exe Not Available 756 8 Not Available Not Available 1/3/2003 5:36 PM Not Available Not Available Not Available
system Not Available 4 8 0 1413120 Not Available Not Available Not Available Not Available
system idle process Not Available 0 0 Not Available Not Available Not Available Not Available Not Available Not Available
winlogon.exe c:\windows\system32\winlogon.exe 356 13 204800 1413120 1/3/2003 5:36 PM 5.1.2600.29 (xpclnt_qfe.010827-1803) 419.00 KB (429,056 bytes) 8/23/2001 12:00 PM
wmiprvse.exe Not Available 4032 8 Not Available Not Available 1/4/2003 1:08 AM Not Available Not Available Not Available
 

·
Registered
Joined
·
45,855 Posts
Well I really don't see anything there to account for the problem. You've done a full system scan with NAV and nothing remains on the system. Since you have XP, have you tried doing a System Restore to a date prior to the problem?

I see kazaa in your Running Tasks, but nowhere in your Startup Programs. How is that getting started, are you running it manually?
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #5 ·
i dont know. i click on the icon...hah. im not sure if thats what you mean. could i have that klez virus?? i heard it slows your connection and sometimes stops it all together, and thats whats happening.
 

·
Registered
Joined
·
45,855 Posts
By click on "that icon", you mean you have it installed and there is an icon on your desktop or quick launch? If a System Restore doesn't work, try uninstalling kazaa.

I don't see any indications of Klez and I would assume NAV would catch it as long as it had been updated in the recent past.

What Antivirus identified "hasta", I can't find anything for it on Symantec's site or elsewhere. Is that the exact name? Check the NAV log file.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
well, thats kind of strange. I uninstalled norton after the problems with the internet connections started(i have a cable modem, i dont know if that changes anything), thinking that it was the problem. Now, its not on the log, and i cant find anything about it. Im almost positive it was called hasta. i remember it specifically, because i was wondering what it meant, and i came across it later at a virus definition site, and saw that it was the spainish word. But now i cant find it anywhere...

oh yeah, also, i uninstalled kazaa after i got rid of the supernova vius, since there were files in kazaa that shouldnt have been there. It didnt help the ability to download problem.

ok, i just found a brief entry about hasta at http://www.avp.ch/avpve/
 

·
Registered
Joined
·
45,855 Posts
Well you are still showing NAV in both your startup programs (ccapp.exe) and running tasks (navapsvc, nprotect). Is there no icon in the System Tray?

Here's something to try although the symptoms don't entirely fit, it's worth a try. Click Start>Run and enter regedit

Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Right Click on the Extension (singular, not plural) folder in the left hand pane and delete it. Reboot and see if it makes a difference.

I'd go for a System Restore after this, if that doesn't resolve the problem.

Yeah, they really don't give much information other than it overwrites .com files. One thing you can do, aside from a System Restore, is to go to Start>Run and enter:

sfc /scannow

must be a space after sfc. It might want your Windows CD, otherwise it should run and automatically restore any altered or corrupted files. Takes about 10 minutes. It will run behind any open windows, so mimimize or close out what you have open to monitor it.

Did you do a System Restore after uninstalling those programs?
 

·
Registered
Joined
·
1 Posts
Go into the Control Panel ... get to Add/Remove Programs and look for IE.
Click on Change/Remove and when prompted hit "repair".
I've seen computers that won't list IE as an uninstallable application in add\remove programs in which case you need to go to start ... run and put this in (with quotes):

"C:\Program Files\Internet Explorer\IE Uninstall\w2kexcp.exe" /u which will roll you back to a previous version of IE.

Additionally, you could try installing Opera or Mozilla and see if you can download with those programs - if you can, that also would point to IE as the culprit. If you were unable to download, that tells you that your computer or ISP may be at fault. Are you running any kind of firewall software? Some that come to mind are Norton Personal Firewall, BlackIce, ZoneAlarm, and even the XP firewall itself. No doubt one of the programs could be set to restrict downloading of executables or perhaps all possibly threatening file types through IE.

You could also "Restore Defaults" in the advanced tab of Internet Options. I doubt this would work, but in the world of Micro$oft, anything is possible.

Good luck. I'm sure Rollin' Dog and I have even more up our sleeves if need be. You have a very intriguing issue.

-Bill_Gates
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #15 ·
woops. sorry, i thought i had written about it in the first post. This started a couple months ago. The internet will start going slowly, and then i have to turn off the modems power, and "repair" the network connection, and then it will be normal for a while. but soon, ,it starts going slow again. I have 2 computers hooked up to a modem thruogh a wireless network, and the computer that is going slow is the one thats not wireless(ie, its plugged into the computer as opposed to using the wireless system.) also, this started way after we got the wireless stuff, so its not a direct result of that...
 

·
Registered
Joined
·
3,452 Posts
Try these two fixes, reboot after doing them and see if it help.
To reset tcp/ip
Link http://support.microsoft.com/default.aspx?scid=kb;en-us;299357
netsh int ip reset resetlog.txt

I had another thought, try flushing the DNS tables by clicking 'Start', then 'Run' then type in 'CMD' without the apostrophes. At the command prompt type in 'ipconfig /flushdns'.
 

·
Registered
Joined
·
2 Posts
Rollin Rog,

I am having a similar problem.
I am running Win 98 and IE 6.02.

When I try to run an exe, it says downloading in the status bar, then goes to a page saying done, with a single blank icon?

I am running Norton 9.05 with Internet Security.
I disabled the Internet Security, and all browser setting are medium-low.

I can dowload everything else, such as zip files and such.


Any ideas?

Thanks,
NB
 
1 - 20 of 20 Posts
Status
Not open for further replies.
Top