July 6, 200620 yr Bleh. This is aggravating me like you wouldn't believe. The other day I get on my computer only to find that McAfee had found and cleaned a couple infected files. What it had found was "w32\Gael worm". I wasn't too concerned at that point, it didn't really cause much chaos at all... anyway, I scanned the whole computer, and turned up nothing. I started playing a few games only to see a pop up saying that McAfee found some more of this "gael worm" junk. Anyway, I powered down, restarted in safe mode, scanned both HD's with McAfee, adaware, and the like. I uninstalled the exe files it had infected (Battlefield 2, which I don't play anyway) and pretty much cleaned out my HD as much as possible... did scandisk, disk cleanup, and defragmented... which would have no affect towards a virus or worm... but I thought it could use it. I havn't gotten any messages that I am still infected over the last day but I am getting slow connections, I am dropping packets left and right. If I connect to a server, I can ping at 50 one second, and 500 the next... and this is the same server that I use to get a constant 20 on. I don't even get how I got infected in the first place, the only thing I did was download ventrilo from the ventrilo website, theres no way I got it that way, but when I woke up 8 hours later it said I had a worm. I can't figure out why I am having connection problems. I am dropping packets left and right. I hate satelite internet, but beleive me it has nothing to do with that. I called the ISP, they said they arn't doing any maintainance. I checked my router and this is really starting to bug me. Oh, and after that worm got in my system, I "repaired" windows with my windows CD... is it possible some of my services got reenabled and are causing me lag? I know I had a good ammount of them disabled, and I am using a wireless card... dunno if that means anything, but after repairing windows it looks like everything was reverted back to "automatic" Arg... I wish blackviper wouldn't have taken down his site. All help is much appreciated. Oh, one last thing, if I repaired windows, is it possible my sound driver got messed up? Or is it just my imagination that things sound different? I really need help on this one, especially with the next season of CAL coming up, I can't be lagging during matchs!!! Logfile of HijackThis v1.99.1 Scan saved at 4:31:36 PM, on 7/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File] c:\program files\mcafee.com\agent\mcagent[Caution: Executable File] c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File] C:\PROGRA~1\mcafee.com\vso\mcvsescn[Caution: Executable File] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File] c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File] C:\WINDOWS\SOUNDMAN[Caution: Executable File] c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File] C:\WINDOWS\system32\nvsvc32[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\taskmgr[Caution: Executable File] D:\Program Files\Winamp\winamp[Caution: Executable File] C:\Program Files\Ventrilo\Ventrilo[Caution: Executable File] C:\Program Files\Steam\Steam[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Documents and Settings\Duenkel\Desktop\HijackThis[Caution: Executable File] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File] O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File] O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File] O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File] O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: Executable File] O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414CXUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: Executable File] (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: Executable File] (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File] O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File] O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File] O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File] ...
July 7, 200620 yr what is this? C:\Program Files\Ventrilo\Ventrilo.e3e (CAUTION - executable file) Anyways, i had party poker at my gramparents house, and for some reason, along with it came quite a few other 'non-friendly' programs. Current Goals80/80 Fletching60/75 Woodcutting97/100 Combat
July 7, 200620 yr Author yea, ventrilo is just a VOip client.. as far as the exe's go, its is just windows stuff, Mcafee stuff, winamp (music program), soundman (my sound driver), steam (a game) and HJT If anyone has any ideas let me know... seriously... I can't find any spyware or anything that would relate to my internet being slow, my ISP says theres no maintainance being done on any of the towers and my internet usually gives me awesome connections. ...
July 7, 200620 yr I don't even get how I got infected in the first place, the only thing I did was download ventrilo from the ventrilo website, theres no way I got it that way, but when I woke up 8 hours later it said I had a worm. W32.Licum (W32/Gael.worm.a [McAfee]) is a file-infecting worm that may spread by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026). In other words, it wasn't anything you downloaded. You just happened to have a vulnerable machine. Which I can't see why, as it was patched back in 2003~. I can't figure out why I am having connection problems. I am dropping packets left and right. I hate satelite internet, but beleive me it has nothing to do with that. I called the ISP, they said they arn't doing any maintainance. I checked my router and this is really starting to bug me. You said you had "repaired" XP, this would cause you to have to obtain all the windows updates again, it might be downloading. Oh, and after that worm got in my system, I "repaired" windows with my windows CD... is it possible some of my services got reenabled and are causing me lag? I know I had a good ammount of them disabled, and I am using a wireless card... dunno if that means anything, but after repairing windows it looks like everything was reverted back to "automatic" Yeah, repairing an XP install puts it back to defaults. That's the whole point in the repair. :wink: Have you tried it hardwired, just for a comparison. I know I can't use wireless to game, as it lags me out alot. Arg... I wish blackviper wouldn't have taken down his site. All help is much appreciated. Oh, one last thing, if I repaired windows, is it possible my sound driver got messed up? Or is it just my imagination that things sound different? I really need help on this one, especially with the next season of CAL coming up, I can't be lagging during matchs!!! If you need a disk to install the sound driver, it should have asked you when it was repairing the install, if XP has native support for your soundcard, then it should be working the way it was before. Try downloading your latest soundcard drivers? Logfile of HijackThis v1.99.1 Scan saved at 4:31:36 PM, on 7/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.e3e (CAUTION - executable file) C:\WINDOWS\system32\winlogon.e3e (CAUTION - executable file) C:\WINDOWS\system32\services.e3e (CAUTION - executable file) C:\WINDOWS\system32\lsass.e3e (CAUTION - executable file) C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file) C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file) C:\WINDOWS\system32\spoolsv.e3e (CAUTION - executable file) C:\WINDOWS\Explorer.e3e (CAUTION - executable file) C:\Program Files\McAfee.com\VSO\mcvsshld.e3e (CAUTION - executable file) c:\program files\mcafee.com\agent\mcagent.e3e (CAUTION - executable file) c:\program files\mcafee.com\agent\mcdetect.e3e (CAUTION - executable file) C:\PROGRA~1\mcafee.com\vso\mcvsescn.e3e (CAUTION - executable file) C:\Program Files\McAfee.com\VSO\oasclnt.e3e (CAUTION - executable file) c:\PROGRA~1\mcafee.com\vso\mcshield.e3e (CAUTION - executable file) C:\WINDOWS\SOUNDMAN.e3e (CAUTION - executable file) c:\PROGRA~1\mcafee.com\agent\mctskshd.e3e (CAUTION - executable file) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.e3e (CAUTION - executable file) C:\WINDOWS\system32\nvsvc32.e3e (CAUTION - executable file) C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file) C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file) C:\WINDOWS\system32\taskmgr.e3e (CAUTION - executable file) D:\Program Files\Winamp\winamp.e3e (CAUTION - executable file) C:\Program Files\Ventrilo\Ventrilo.e3e (CAUTION - executable file) C:\Program Files\Steam\Steam.e3e (CAUTION - executable file) C:\WINDOWS\system32\ctfmon.e3e (CAUTION - executable file) C:\Documents and Settings\Duenkel\Desktop\HijackThis.e3e (CAUTION - executable file) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.e3e (CAUTION - executable file) C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.e3e (CAUTION - executable file)" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.e3e (CAUTION - executable file) O4 - HKLM\..\Run: [nwiz] nwiz.e3e (CAUTION - executable file) /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.e3e (CAUTION - executable file) C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.e3e (CAUTION - executable file)] C:\WINDOWS\system32\ctfmon.e3e (CAUTION - executable file) O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414CXUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.e3e (CAUTION - executable file)/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.e3e (CAUTION - executable file) (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.e3e (CAUTION - executable file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.e3e (CAUTION - executable file) O23 - Service: McAfee WSC Integration (McDetect.e3e (CAUTION - executable file)) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.e3e (CAUTION - executable file) O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.e3e (CAUTION - executable file) O23 - Service: McAfee Task Scheduler (McTskshd.e3e (CAUTION - executable file)) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.e3e (CAUTION - executable file) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.e3e (CAUTION - executable file)) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.e3e (CAUTION - executable file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.e3e (CAUTION - executable file) Remove these two entries: O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm414CXUS O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab Notoriously Trollish.
July 7, 200620 yr Author Yea I got rid of those and a few others, but I am more concerned about the internet laggyness problems then that. Unfortunetly this is a family computer and my dads into that poker junk... Anyway, I am still pointing my nose in the direction of the windows services being set to automatic again... I found someone who managed to copy blackviper's site before he took it down... I dunno, I am going to guess that it has something to do with QOS Packeting, so I will try messing around with that later today and get back to you guys on how it went. ...
July 7, 200620 yr Author AHAHAHA!!! Omg, I am so psyched... After playing around with the services, everything is back to normal and my internet is like whoa boom! Lol, I am so incredibly glad... wow. I don't know which service it was, but one of the like 30 I turned off was making my internet slower, not by much, but when you play competitivly a few MS makes a huge difference. Okay well thanks for help guys. Maybe I will start hanging out at T&C again if I have time :P Peace out guys. ...
Create an account or sign in to comment