Sommat's fucked, but nee idea what

Lateralus · Post by **Lateralus** » October 21st, 2005, 13:40

Right, in attempting to find a no-cd thingy for something I found on the floor recently I seem to have picked up some kind of infection. First time this has happened to me, and I ain't impressed.

Every few mins my browser pops up with a new ad screen for iPods (whatever they are), women, PSPs etc etc. This is happening regardless of if Firefox is open or not, and keeps happening when trying to play games and its mighty annoying. I've scanned my system with ZoneAlarm Pro's anti-virus thing, a-squared, Ad-Aware SE-Personal Edition, Microsoft's Anit-spyware, Spybot Search and Destroy and AVG 7.1, all to no avail. The only thing I have spotted is that winlogon.exe is suddenly being a memory whore, although I've never seen/noticed it in the processes list of the task manager before. svchost.exe and vsmon.exe are also eating up a fair bit of memory, but they're always there.

Please help. Getting stuck in to my final year at Uni and just starting my dissertation, I really don't want to have to reformat now!

mrbobbins · Post by **mrbobbins** » October 21st, 2005, 13:44

Does it happen even when you're not connected to the internet?

Stoat · Post by **Stoat** » October 21st, 2005, 13:47

also: have you checked MSConfig for nefarious startup items? (Run> msconfig)

edit: try googling the name of the file you downloaded too- and don't forget Google Groups.

Post by **Dog Pants** » October 21st, 2005, 13:47

Google those suspicious progams in your processes list. It'll tell you if they should or shouldn't be there and what they do. I had a problem with worms a while back and this worked for me - I found them, booted in safe mode, deleted the fuckers and erased any reference to them from the registry. Might not be the best method, and I'm half expecting someone to tell me that this is bad, but it sure worked for me.

Post by **FatherJack** » October 21st, 2005, 13:57

Did you install eDonkey 2000? That's got some horrible pop-up advert thing called "Safe" or something, as well as the new.net thing that knacked Vowles' box the other day.

That or some other floor-searching utility. If they're not picked up as Spyware, they're probably ad-supported progs which legitimately remove all components when uninstalled.

mrbobbins · Post by **mrbobbins** » October 21st, 2005, 14:15

I've had to clean out some variants of Cool Web Search pop up crap from various PC's in the past, try searching for cool web shredder and running that in safe mode then do all the other virus apps in safe mode then run a reg cleaner, do it a billion times then scrub your hard drive with bleach, that should do the trick

Lateralus · Post by **Lateralus** » October 22nd, 2005, 14:05

Hmm, well after trying everything I could think of, I've decided to reformat anyway. Needs a spring clean!

Once its all shiny and new again, what do people recommend for a firewall and anti-virus thing then? Free, or freely available on the floor would be best!

spoodie · Post by **spoodie** » October 22nd, 2005, 14:21

AVG used to do a freeware version of their anti-virus software but dont know if they still do. I'd recommend that you actually buy one if you want proper protection. I use Trend's PC-cillin which is pretty good, firewall included.

Lee · Post by **Lee** » October 22nd, 2005, 14:28

spoodie wrote:AVG used to do a freeware version of their anti-virus software but dont know if they still do.

They still do, go here: http://free-av.com/ and click downloads and get the personal edition. I've been using it for a couple of years without any problems and it doesnt bog down your system as much as things like norton.

Edit: Didnt realise AVG was another antivirus, oh well, my reccomendation still applies.

Stoat · Post by **Stoat** » October 22nd, 2005, 14:30

There's a sticky post about that in this very forum.

http://www.5punk.co.uk/phpbb/viewtopic.php?t=884

Personally I'd recommend Avast! Antivirus and Sygate Personal Firewall, with regular anti-virus/spyware check-ups at TrendMicro's online doobry.

Post by **FatherJack** » October 22nd, 2005, 18:34

AVG and Anti-Vir (both mentioned above) are the only two I haven't had performance issues with. F-Prot slowed me the most, and Avast needed the animated icons turning off, but was still noticable.

Anti-Vir occasionally won't connect to the update site for days at a time, whereas AVG has only refused me a few times and worked later at quiet times.

Post by **Roman Totale** » October 23rd, 2005, 1:36

Have you tried visciously beating your PC with a fucking massive hammer?

You never know, it might work.

Post by **deject** » October 23rd, 2005, 9:06

Roman_Totale wrote:Have you tried visciously beating your PC with a fucking massive hammer?

You never know, it might work.

CIIJASIIE?

Seriously though, download HijackThis! and post the results here.

Lateralus · Post by **Lateralus** » October 23rd, 2005, 10:54

I've visciously sworn at it, and I must admit slapping the monitor a few times too. However I've already reformated now, but thanks anyway deject. All is good again, and Telewank even seem to have upgraded my connection to 4 meg! Woo!

High speed pr0n is here, now to find jam.....

pixie pie · Post by **pixie pie** » October 23rd, 2005, 19:50

Lateralus wrote:Telewank even seem to have upgraded my connection to 4 meg! Woo!

And I was happy with getting free upgrade to 2meg this week! Woo go us.

Yes! Loooots of pr0n

Lateralus · Post by **Lateralus** » October 30th, 2005, 12:49

Shitfuckbollocksbastardbitch.

My computer has now taken to restarting itself at random times. Most of the time it comes up with the "System has recovered from a serious error" message when it loads up again, but not always. There doesn't seem to be any consistancy in terms of it crashing when a particular program is running, so I'm stumped.

Following deject's suggestion for my previous problem, here are the results of HijackThis as run immediately after startup, but I'm not really sure what they mean or what to do with them.

Code: Select all

Logfile of HijackThis v1.99.1
Scan saved at 12:43:18, on 30/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.premier-residential.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [T-Mobile RoamingClient] C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe -d
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: ObjectDock Plus (2).lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Fucking hate computers.

caveman900 · Post by **caveman900** » October 30th, 2005, 22:23

my advice: format, reinstall windows, make sure u get antivirus, antispyware, firewall and firefox on there BEFORE you go on the internet.

some see it as overkill but it keep the pc relatively clean and fast, and in the long run it saves time when stuff does go wrong because i dont bother trying to find a fix for it, i just start over.
after shutting down the pc i can be back online with a fresh install of windows in about 50 mins.

Anhamgrimmar · Post by **Anhamgrimmar** » October 30th, 2005, 22:29

use http://www.hijackthis.de/

its a log analyser for hijack this. save the log as well.

then find a tech support forum, and post the results on there. obviously this is if there are no 5punky uber-gurus.

4...

5. mohammed

Post by **TezzRexx** » October 30th, 2005, 23:49

Anhamgrimmar wrote:use http://www.hijackthis.de/

its a log analyser for hijack this. save the log as well.

then find a tech support forum, and post the results on there. obviously this is if there are no 5punky uber-gurus.

4...

5. mohammed

less mohammed, more profit.

Post by **FatherJack** » October 31st, 2005, 0:16

caveman900 wrote:my advice: format, reinstall windows, make sure u get antivirus, antispyware, firewall and firefox on there BEFORE you go on the internet.

some see it as overkill but it keep the pc relatively clean and fast, and in the long run it saves time when stuff does go wrong because i dont bother trying to find a fix for it, i just start over.
after shutting down the pc i can be back online with a fresh install of windows in about 50 mins.

I that's your preferred tactic, get Norton Ghost or some other imaging software. Back clean in 2 minutes.