Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 49 Posts

·
Registered
Joined
·
125 Posts
Discussion Starter · #1 ·
I HAVE WIN 2000. WHILE I WAS USING THE COMP TODAY MY MOUSE FROZE. I RESTARTED AN WHILE IT WAS LOADING THE SETTINGS A WINDOW POPED UP WITH A WARNING. I CANT REALLY REMEMBER EXACTLY BUT IT SAID SUMTHING LIKE THIS: AUTHORITY/ SYSTEM , AN THERE A COUNT DOWN FROM A MINUTE.
I TOLD THIS TO THE TECH PPL AN THEY SAID IT WAS THE BLAST VIRUS AN I NEEDED AN PATCH.

SO I JUSTLEFT THE COMPUTER TRYING TO BOOT INTIO SAFE MODE AN IT WAS A SUCCESS BUT IT TOOK LIKE AN HR FOR THE DISK SCAN CUZ WHEN MY MOUSE FROZE I HAD TO UNPLUG :mad: SO IT HAD TO DO THE DISK SCAN.

SO WHILE I WAS IN SAFE MODE I BOOTED AGAIN IN NORMAL MODE AN IT WORKED. AN THEN I DID AN AVG SCAN, S&D AN ADAWARE SCAN.

AN I WENT HEREhttp://www.microsoft.com/downloads/ThankYou.aspx?familyId=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displayLang=en

THE TECH PPL TOLD ME TO GOTO MICROSOFT.COM AN PUT IN BLASTER FOR THE SEARCH AN ONLY THIS CAME UP AN I DID IT. IT DID THE SCAN AN DETECTED NOTHING.

THEN A2 MALWARE SCANNER CAME UP TWICE NOT IN A ROW ABOUT 10MIN IN BETWEEEN FIRST TIME I PRESSED TERMINATE THEN IT CAME UP AGAIN AN
I CLICKED DELETE.

SO AFTER ALL THE SCANS AN EVERYTHING I RESTARED AN THE WARNING CAME UP AGAIN SO I REPEATED THE THE WAIT ON THE DISK SCAN AN ONCE I GOT ON I CAME HERE.

ALSO I THINK THAT A2 IS DETECTING IT BUT MY TRIAL RAN OUT.

SO IF ANY1 CAN HELP ME I WOULD REALLY APRECIATE IT.

also sorry about the caps i wasnt paying attention
 

·
Registered
Joined
·
125 Posts
Discussion Starter · #3 ·
now im not sure if it is blaster worm cuz i went to see the manual way to take it out an in the processes i was supposed to end the msblast process but it aint there.
 

·
Registered
Joined
·
125 Posts
Discussion Starter · #5 ·
ok ty

Logfile of HijackThis v1.98.2
Scan saved at 8:51:29 PM, on 06/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis1977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
 

·
Registered
Joined
·
1,544 Posts
hlepme84 said:
I HAVE WIN 2000. WHILE I WAS USING THE COMP TODAY MY MOUSE FROZE. I RESTARTED AN WHILE IT WAS LOADING THE SETTINGS A WINDOW POPED UP WITH A WARNING. I CANT REALLY REMEMBER EXACTLY BUT IT SAID SUMTHING LIKE THIS: AUTHORITY/ SYSTEM , AN THERE A COUNT DOWN FROM A MINUTE.
I TOLD THIS TO THE TECH PPL AN THEY SAID IT WAS THE BLAST VIRUS AN I NEEDED AN PATCH.

SO I JUSTLEFT THE COMPUTER TRYING TO BOOT INTIO SAFE MODE AN IT WAS A SUCCESS BUT IT TOOK LIKE AN HR FOR THE DISK SCAN CUZ WHEN MY MOUSE FROZE I HAD TO UNPLUG :mad: SO IT HAD TO DO THE DISK SCAN.

SO WHILE I WAS IN SAFE MODE I BOOTED AGAIN IN NORMAL MODE AN IT WORKED. AN THEN I DID AN AVG SCAN, S&D AN ADAWARE SCAN.

AN I WENT HEREhttp://www.microsoft.com/downloads/ThankYou.aspx?familyId=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displayLang=en

THE TECH PPL TOLD ME TO GOTO MICROSOFT.COM AN PUT IN BLASTER FOR THE SEARCH AN ONLY THIS CAME UP AN I DID IT. IT DID THE SCAN AN DETECTED NOTHING.

THEN A2 MALWARE SCANNER CAME UP TWICE NOT IN A ROW ABOUT 10MIN IN BETWEEEN FIRST TIME I PRESSED TERMINATE THEN IT CAME UP AGAIN AN
I CLICKED DELETE.

SO AFTER ALL THE SCANS AN EVERYTHING I RESTARED AN THE WARNING CAME UP AGAIN SO I REPEATED THE THE WAIT ON THE DISK SCAN AN ONCE I GOT ON I CAME HERE.

ALSO I THINK THAT A2 IS DETECTING IT BUT MY TRIAL RAN OUT.

SO IF ANY1 CAN HELP ME I WOULD REALLY APRECIATE IT.

also sorry about the caps i wasnt paying attention
You don't have to yell! :eek:
 

·
Registered
Joined
·
5 Posts
is it a status code 1073741819? because mine is similer. it says system shutdown and has a countdown. and no it is not MSblast virus... ive reformatted my pc for other issues and windows and its just coming up counting down. so no its no worm or virus.its something else
 

·
Registered
Joined
·
125 Posts
Discussion Starter · #10 ·
it does have a status code but i think its much shorter. i thoink 128 not sure i would try an restart to see if it comes ups again but it would take to long to get back on if it does
 

·
Registered
Joined
·
2,187 Posts
Hi,
go to my link below and get the latest version of Hijack This- 1.99.1.
Run Hijack This from your Program Files folder- in case you need to use its backup feature.

Actually ask a site Moderator to move this thread to the Security forum after doing the updated hijack this scan .... apparently some instant fixing needed from what I see in this first scan. :up:
 

·
Registered
Joined
·
125 Posts
Discussion Starter · #13 ·
ok ty

of HijackThis v1.99.1
Scan saved at 6:20:14 PM, on 06/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
 

·
Registered
Joined
·
2,187 Posts
Prompt attention on this one- I can't analyze this log to give you ALL the proper fixes but make sure you get someone who can, and will tell you how to get rid of ares.exe especially that you have in your system... So please wait for proper instructions and/or consider what I said about asking a Moderator to move this thread to this site's Security forum.
While you wait, here's the scoop on ares.exe http://www.auditmypc.com/process/ares.asp
 

·
Registered
Joined
·
45,855 Posts
I don't see anything running malicious, but your file sharing program may be subject to exploit.

You should get a firewall first of all and make sure you are updated at Windows updates with the latest security patches for your system.

You can find free scanners and firewalls in this Security Posting:

http://forums.techguy.org/showthread.php?s=&postid=663486
 

·
Registered
Joined
·
2,187 Posts
Rollin' Rog said:
I don't see anything running malicious,
.....sorry about the red alert, one hjt auto-analyzer mentioned that ares.exe line as a nasty [ O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h ] Anyways, I suppose this is why as much as I'd like to analyze logs I advise waiting for the experts :rolleyes:
 
1 - 20 of 49 Posts
Status
Not open for further replies.
Top