Golemgod Posted May 24, 2005 Share Posted May 24, 2005 welp i had a computer virus on my mothers computer and i fixed it and dail up my local interenet and played rune scape. Now i disconnect from the net and about 5 seconds later a little thingy pops up saying iiiiix.iiixxxxx.com is attemping to connect. Do you wish to connect? and im like.... i just logged off... no i dont want to connect. Now im thinking that this was part of the virus/trojan but i doubled check everything and found no sign of it. I would give hijack log but im not to sure how but if u need it ill research it and see what i can do. Opps almost forgot, the virus was named Dll : with random words after that. so ya if u think u know whats up thats cool if not i no i have Fdisk somewere..... Link to comment Share on other sites More sharing options...
Golemgod Posted May 24, 2005 Author Share Posted May 24, 2005 forgot forgot my bad. Its a pentium 3 winXP and i downloaded the patches and and.... thats truelly all i know about it i guess i should look under its hood Link to comment Share on other sites More sharing options...
blade995 Posted May 24, 2005 Share Posted May 24, 2005 scan with ad-aware http://www.lavasoft.com scan with with spybot search and destroy (google for link) then scan with you anti-virus software. (use housecall online if you dont have one) http://www.trendmicro.com Then post a hijackthis log. To download go to http://www.merijn.org. To post a log scan with the program, a window will pop-up, copy the WHOLE log and post it on here. Make sure your definitions are updated Link to comment Share on other sites More sharing options...
Golemgod Posted May 24, 2005 Author Share Posted May 24, 2005 ok ill do it as soon as i get home going to take a bit to download though (28.8k wohoo) Link to comment Share on other sites More sharing options...
blade995 Posted May 24, 2005 Share Posted May 24, 2005 shouldn't take to long, there around 4mb each to download. Hijackthis is around 500kb i think Link to comment Share on other sites More sharing options...
zonda Posted May 24, 2005 Share Posted May 24, 2005 shouldn't take to long, there around 4mb each to download. Hijackthis is around 500kb i think 4 megs would take like 1 hour 20 minutes. ... Link to comment Share on other sites More sharing options...
blade995 Posted May 24, 2005 Share Posted May 24, 2005 my old dial-up i thought it took around 1min for mb to download. Thats only 8.5mb max so around 8 and half mins i would say. Corse it would take take twice as long since i was on 56k. Guess i must be mistaken :? Link to comment Share on other sites More sharing options...
devilheart14 Posted May 25, 2005 Share Posted May 25, 2005 shouldn't take to long, there around 4mb each to download. Hijackthis is around 500kb i think 4 megs would take like 1 hour 20 minutes. rofl im so sorry couldn't control myself i use to have dial up is it that bad :? :D :D :D Aussie Aussie Aussie, :D Link to comment Share on other sites More sharing options...
Golemgod Posted May 25, 2005 Author Share Posted May 25, 2005 welp i started downloading hi jack its going to take 2 hours so ya hehe Link to comment Share on other sites More sharing options...
Golemgod Posted May 25, 2005 Author Share Posted May 25, 2005 i lied sorry ok i think i am supposed to post this tell me fi im wrong Logfile of HijackThis v1.99.1 Scan saved at 9:07:15 AM, on 5/25/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01[Caution: ExecutableFile] C:\WINDOWS\System32\winamxe[Caution: ExecutableFile] C:\WINDOWS\System32\wuamgrd[Caution: ExecutableFile] C:\WINDOWS\System32\scvchost[Caution: ExecutableFile] C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray[Caution: ExecutableFile] C:\Program Files\Yahoo!\Messenger\ymsgr_tray[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Documents and Settings\Debbie Lakies\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09[Caution: ExecutableFile] O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01[Caution: ExecutableFile] O4 - HKLM\..\Run: [Microsoft Update] winamxe[Caution: ExecutableFile] O4 - HKLM\..\Run: [Windows Automatic Update] wuamgrd[Caution: ExecutableFile] O4 - HKLM\..\Run: [Nortons AV SYSTEM] scvchost[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [Microsoft Update] winamxe[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [Windows Automatic Update] wuamgrd[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [Nortons AV SYSTEM] scvchost[Caution: ExecutableFile] O4 - HKCU\..\Run: [Microsoft Update] winamxe[Caution: ExecutableFile] O4 - HKCU\..\Run: [Windows Automatic Update] wuamgrd[Caution: ExecutableFile] O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] -quiet O4 - HKCU\..\Run: [Nortons AV SYSTEM] scvchost[Caution: ExecutableFile] O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1[Caution: ExecutableFile] O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray[Caution: ExecutableFile] O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: ExecutableFile] O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D395C3E1-3603-4187-8BC7-FDB301E9ACCF}: NameServer = 129.121.254.1 129.121.254.2 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] Yep yep good luck and thanks ahead just for looking at it Link to comment Share on other sites More sharing options...
DeadWithTheWind Posted May 25, 2005 Share Posted May 25, 2005 Somthing new out that i like is Microsoft Anti-Spyware... i mean sure its microsoft, but so is windows, so they should know their own OS.... it has realtime protection and such, i like it better than all the other ones, and before this i was using ad-aware, but trust me you'll like it. Link to comment Share on other sites More sharing options...
Phil Posted May 25, 2005 Share Posted May 25, 2005 I don't have time to go through the whole log, but a few things I wanted to point out... -You need to move the Hijackthis[Caution: ExecutableFile] to a proper location such as c:\program files\hjt as so that backups will be made. -You need to update Windows to SP2. That's is very important. -I don't see a firewall running (sorry if I have missed it, just scanned over the log) Get Zonealarm for a good free one. Link to comment Share on other sites More sharing options...
Golemgod Posted May 25, 2005 Author Share Posted May 25, 2005 well i remember when i was on dail up back in the day that firewalls seriously slowed the internet down. just a though. Ya ill move the log sorry about that Link to comment Share on other sites More sharing options...
blade995 Posted May 25, 2005 Share Posted May 25, 2005 if your on dial-up i would leave your computer downloading all the updates over night. I had dial-up the first week when i got my new computer. Took some time to download all the updates. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now