Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
112 Posts
Discussion Starter · #1 ·
Hi,

I have a very old computer, I only use dial-up so I'm not connected to the internet for long periods of time, and I have very little stuff running on my system. I don't do a lot of weird/random web surfing. I have:

Windows 98SE
IE 5.5 (Service Pack 2) -- but I do not use it.
Firefox 1.0.4 -- which I do use. Here's the version specifics: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
I presently do not have SpyBot installed (I did, but not right now, as I thought there might have been something wrong with it).
I only have NAV Scanner Version 4.0 which originally came with my computer. (It says Norton Anti-virus Scanner for Windows 95 (4.10). I know this is old, but I do have it updated with the latest virus definitions.)

Today, I have run a scan with the NAV Scanner and nothing was found.

I have also run a scan with Ad-Aware SE (latest version) and nothing was found.

(Last week, I got rid of an Alexa thing and a WurldMedia thing with SpyBot 1.4, then another Alexa thing with Ad-Aware that SpyBot didn't find -- and the computer seemed to be clean after that.)

Yesterday, I stupidly went to a bad site called www.139mm.com (this has to do with why I uninstalled SpyBot and I was testing something someone posted). I was using Firefox. What happened was this:

I right-clicked on the link in someone else's post and chose to open it in a new tab. It showed the name www.139mm.com in the tab at the top, then it changed to something like "???.139mm.com" (or something like that), then it sounded like my hard drive starting running a lot for some reason, so I quickly shut the window before I visually saw anything load in the browser window.

Another person on the board tested it for me with Firefox and said that Firefox wouldn't even connect to the site. So I'm not sure why this happened to me when I had tried it. Why would my Firefox not block the site? (I thoght maybe it was going to and perhaps I closed the window before that happened, but the other board member said he did not get the ???.139.com listing in the tab at the top -- it didn't even connect to anything for him/her. I don't know what that wasn't the case for me. That has me concerned. :(
Is it possible that something bad got on my computer from there now?

There was some concern by the same friendly board member that my HijackThis log was so short:

Logfile of HijackThis v1.99.1
Scan saved at 2:10:36 PM, on 06/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MY DOCUMENTS\HIJACKTHIS NEW\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

A couple factors (my inexperienced guesses) that may cause my short log are:

1. I have "turned off" a number of things using msconfig -- processes for printer, video card, sound card, etc. that don't need to be running and just slow-down start-up (I have researched these on-line).

2. I have also recenlty changed my IE settings for all zones (general, allowed sites, restricted sites, and even network sites (though I don't have a network) to higher than HIGH setting, meaning I chose the High setting then went in to custom and marked anything still not marked "disable" as such). This could be why the "flash object" and the "windows update" object don't show up anymore in the HijackThis log (?)... I did this just to be safe, since I don't use IE at all.

3. The only time I can remember my NAV scanner showing up in the log is before I turned off the "reminder" that was in my start-up list (turned off with msconfig), as it was only a reminder to update virus definitions, nothing else. Since my NAV is a "scanner only" version, I'm guessing that's why it doesn't show up in the HijackThis log. I have to run it myself for it to do anything.

So if a friendly expert here could let me know if I have anything to worry about, it would be greatly appreciated! Thanks very much! :)

-- bloomcounty
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top