Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 51 Posts

·
Registered
Joined
·
34 Posts
Discussion Starter · #1 ·
I have a Dell Latitude D400 running Windows XP Professional service pack 2. Recently, I reformatted my laptop due to some problems it was having. A while after that, I noticed that some sites would not load. I would not get an error message, such as "page not found". It would just keep loading, but the screen would stay blank. Only a few sites will actually load. Youtube, Surfthechannel, this forum, the homepage of another forum I'm on, wikipedia, photobucket. Searches on Google won't come up, yahoo doesn't come up, logging into photobucket won't send me to my photo albums. Facebook doesn't come up, nor does myspace. The actual forums, not the home page, won't come up. CtrlAltDel-Online won't come up. Various sites simply will not load. What's confusing me is that I never get an error message in Firefox, IE, or Opera(I downloaded Opera because I thought it had something to do with Firefox). I've scanned my computer with Kaspersky Lab multiple times, and I have removed everything that had come up on those scans. If I don't fix this, I won't be able to check my email on my laptop, do searches on google and yahoo(which I need to do for a mental health project. Researching theories proposed by Carl Jung, and explain wether or not they were accepted by the medical/scientific community).
 

·
Super Moderator
Joined
·
79,317 Posts
heyya stan, welcome to tsg....I also live in houston, so I know what you are talking about.

fyi, I edited the title of your post, please remember this is a family site. :)

did kaspersky find a lot with those scans?

thanks,

v
 

·
Retired Administrator
Joined
·
103,703 Posts
I noticed a similar issue in your intro thread ;) and posted there.

As to this computer, if you reformatted, how in the heck are you getting infected so fast? :confused:
 

·
Retired Administrator
Joined
·
103,703 Posts
I'm assuming that you are running a legal operating system, and once you get it installed, the first thing you are doing is installing an Anti Virus program? And THEN getting all Windows updates?
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #7 ·
I have Kaspersky Lab installed, but for some reason Windows Update is turned off. I'd go to the Security Center, but it says it can't turn on automatic updates, only the control panel can. I would go to the Automatic Updates tab, and set it to Automatic, click apply, then ok. But Windows Update is still turned off.
 

·
Retired Administrator
Joined
·
103,703 Posts
When you reformat, you can go to windows update straight away via the start button, and get those installed first.

If reformatting again is an option, that would be the quickest and most efficinet solution.
 

·
Retired Administrator
Joined
·
103,703 Posts
I'm not on an XP computer right now, but, I recall it being at the top of the start menu, unless you removed it.

You can also get to it via start, programs, windows update.
 

·
Retired Administrator
Joined
·
103,703 Posts
It couldn't hurt ;) You could also post a Hijack This log. See the instructions on how to do this in the very first thread in the malware removal forum. BUT, post the results back here.
 

·
Super Moderator
Joined
·
79,317 Posts
I'd post a hijackthis log, as AcaCandy suggested.

CLICK HERE to download the HijackThis Installer:
1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #18 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:02 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\WLTRAY.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [e040d4ba] rundll32.exe "C:\WINNT\system32\pvcidrqv.dll",b
O4 - HKLM\..\Run: [BMe373e726] Rundll32.exe "C:\WINNT\system32\obtlvfdo.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll mcygwt.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

--
End of file - 5699 bytes
 

·
Retired Administrator
Joined
·
103,703 Posts
BitTorrent, huh? :eek: Well, that pretty much explains how you get infected.

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

And you are indeed infected.

Is formatting and starting over an option? Self inflicted injuries usually get no sympathy from the hard working folks who clean up these messes ;)
 

·
Super Moderator
Joined
·
79,317 Posts
did you edit that at all? you are missing a lot of entries, especially in the R0-1 and O16's.....
 
1 - 20 of 51 Posts
Status
Not open for further replies.
Top