• Welcome to Valhalla Legends Archive.
 

Er problem

Started by Mitosis, July 06, 2004, 09:12 PM

Previous topic - Next topic

Mitosis

Eh guys, I dont know which thing is causing this. Storm.Id  helped me delete Blss.exe but the problem keeps going on and on. I have used spybot SnD and I still have this.

http://clite.zodiaclegends.com/

those 3 pictures are screen shots of the performences.

Pretty much what happens is every 10ish mins my browser opens up to an angelfire page "pwnage clan and hacks" if anyone knows how to get rid of this thanks!

Hitmen


cefx-

Start -> Run -> msconfig - "OK"

Services Tab:
- Check the checkbox Hide all Microsoft services.
- Click disable all.
Startup Tab:
- click disable all. (Yes.  Disable ALL.)

Click apply, close, and restart.
Restart twice.  Resetting services takes two restarts.

Then get on the web, run a scan at:
http://housecall.trendmicro.com or
http://www.pandasoftware.com | and
http://www.pestscan.com

If stuff turns up in PestScan, get Ad-Aware, HijackThis, and CW-Shredder.

Those will fix you right up.
cefx
Technodev.org (future project) / UnixPartisan.org
Future dictator

Hazard

Scan with this and post the logs.

"Courage is being scared to death - but saddling up anyway." --John Wayne

muert0

#4
update spybot and reboot your computer. tap f8 until you get an option to boot into safemode. Run spybot in safe mode. Reboot and run trendmicros housecall like they said.
By the way what browser are you using?
To lazy for slackware.

cefx-

Safe Mode isn't always the best.
If someone has dial-up. ;p
cefx
Technodev.org (future project) / UnixPartisan.org
Future dictator

muert0

QuoteSafe Mode isn't always the best.
If someone has dial-up. ;p
Could you explain?
To lazy for slackware.

cefx-

Yes.

Safe Mode and/or Safe Mode with networking does not allow for individuals with PPP or PPPoE connections.
The support for such things is not there in those modes.
Ergo, Dial-Up and Broadband users such as SBC Global, will not be able to use the internet.

Generally speaking, you want to have access to the internet when performing troubleshooting from a technical support point of view.  Countless reboots aren't an option. ;)

Quick solution: format/reinstall
cefx
Technodev.org (future project) / UnixPartisan.org
Future dictator

muert0

Read my post again I said update your spybot and reboot. You don't have to reformat if it's just a virus or spyware.
To lazy for slackware.

cefx-

You've never seen serious cases with virus and spyware. :p

Trust me.
Call Microsoft.

We'll tell you the same thing. :)
cefx
Technodev.org (future project) / UnixPartisan.org
Future dictator

effect

Thats why he said "Quick Solution" go READ his post again dumbass

Quote from: Mangix on March 22, 2005, 03:03 AM
i am an expert Stealthbot VBScript. Recognize Bitch.

Mitosis

#11
Meh I am downloading everything from Pandasoftware. Pest scan wont work. well now it has become very disturbing. Gay porn shit is fucking popping up and I want to smash my moniter.

I am using Mozzila FireFox.

Hazard


"Courage is being scared to death - but saddling up anyway." --John Wayne

cefx-

Boot into Safe mode with networking and perform the instructions I outlined, as well as Hazard's.
cefx
Technodev.org (future project) / UnixPartisan.org
Future dictator

Mitosis

Logfile of HijackThis v1.97.7
Scan saved at 5:20:57 PM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\taskmngrs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\System32\hserver.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cLite\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clite.net/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] taskmngrs.exe
O4 - HKLM\..\Run: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\Run: [MSR] msr.exe
O4 - HKLM\..\Run: [msn] msnmsgr.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [blss] C:\Program Files\blss\blss.exe
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] taskmngrs.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\RunServices: [MSR] msr.exe
O4 - HKLM\..\RunServices: [msn] msnmsgr.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] taskmngrs.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\Run: [msn] msnmsgr.exe
O4 - HKCU\..\Run: [Microsoft Update] wuammgr32.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://c:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1087218294453
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.7664351852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82BC38FE-48F2-4A5F-A797-15EE36E9F4C2}: NameServer = 209.226.175.223 198.235.216.111

Now what do I do?