AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Notices

Reply
 
Thread Tools
Old 2007-05-01, 00:00   Link #21
toru310
Senior Member
 
Join Date: Apr 2006
Location: Philippines
I surfed the net download.com and got to know some programs that looks cool problem is I don't know what program to trust can you help me out?
-Windows Defender(not sure if this is a anti virus)
-Spyware Terminator(is this an anti virus not sure)
-And once again cCleaner looks nice
-Spybot search and destroy looks good to.
Is it ok to have all of this installed? oh yeah all of those programs are freeware

Is spybot detected as a virus for some anti virus programs?

I know this questions are all stupid and I'm sorry for that.

Last edited by toru310; 2007-05-01 at 00:14.
toru310 is offline   Reply With Quote
Old 2007-05-01, 00:49   Link #22
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
The questions aren't stupid. Believe me, you're interested in making sure that your computer stays under your own control - your inquiries are the right kind of inquiries to make.

Windows Defender is Microsoft's answer to increasing security concerns. I've heard mixed reviews over it, but overall it seems to be a decent solution. Feel free to get it (make sure it's a Microsoft product, and not some third party trying to mimic the name)

Spyware Terminator I've never heard of, but the site looks OK and it has a number of favorable reviews on download.com...

cCleaner I've already gone over, just make sure that you know it's not a security program.

Spybot is good, and has my personal recommendation. It should not be detected as a virus by antivirus programs as far as I'm aware.

I'll also mention again that Ad-Aware is free and has a good track record - before Spybot came along, all we had was Ad-Aware. Occasionally one program might miss something that the other could detect, or it might not be able to remove something that another would be able to, so thats why it's good to have two. But, just as with virus scanners, if there's an option for real-time protect, make sure that only one is running at a time.
__________________
Ledgem is offline   Reply With Quote
Old 2007-05-01, 01:36   Link #23
Phantom-Takaya
INTJ
*IT Support
 
 
Join Date: Feb 2007
Location: Alaska
Age: 31
Send a message via AIM to Phantom-Takaya Send a message via MSN to Phantom-Takaya Send a message via Yahoo to Phantom-Takaya
SpySweeper's not so bad either. As I've said in another thread, it's best to install and use the utilities in safe mode. To clarify: Not safe mode with networking. Just safe mode. This way, it will keep the problem isolated and maybe even incapacitated while you scan for it and delete it.

Speaking of which, I'll need to do something similar. I have a feeling something's gotten to my MSN since every time I try to log on, the computer restarts a minute later. Fortunately, it's only MSN that's currently affected.
__________________
"Even in a crowd, I was always alone." - Ernest Hemmingway
"God asks no man whether he will accept life. That is not the choice. You must take it. The only choice is how." - Henry Ward Beecher
Friend: "Evidence that you guys are made of epic win." Me: "That wasn't my goal. My goal is chaos, fear and...eggs."
Phantom-Takaya is offline   Reply With Quote
Old 2007-05-01, 02:15   Link #24
toru310
Senior Member
 
Join Date: Apr 2006
Location: Philippines
Then I'll stick with Ad aware and Spybot since their both freeware.
toru310 is offline   Reply With Quote
Old 2007-05-01, 02:55   Link #25
AndyTran
Over Drive!
 
 
Join Date: Mar 2006
Age: 23
1. Go run Adaware and Spybot to get rid of some stray malware
2. Download CleanUp! Here and run it. It'll clear all your temporary internet files.
3. Go to Trendmicro and take a scan Here copy your results and save it somewhere (if notepad doesn't work, just email yourself)
4. Download Hijackthis Here. Scan and save a log file.

Post the Trend Micro results and the Hijackthis scan (since .log is notepad, you probably can't open it. Just the whole file somehwere) here and see what we can do. Though I'd have to say... since your friend can run Linux, pull out an external or an HD enclosure, backup some data and reformat the computer. That's the best way IMO.
__________________

三途の水先案内人
  小野塚 小町(おのづか こまち)
AndyTran is offline   Reply With Quote
Old 2007-05-01, 04:11   Link #26
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 33
I've an unrelated question. I was looking on the grisoft site, is there no free AVG Anti Virus anymore? (I use the full version for server systems... because there are few anti virus applications that fully support Windows 2003 and are quite affordable too)

It looks like there are only trial versions offered.
Jinto is offline   Reply With Quote
Old 2007-05-01, 07:40   Link #27
toru310
Senior Member
 
Join Date: Apr 2006
Location: Philippines
Quote:
Originally Posted by Jinto Lin View Post
I've an unrelated question. I was looking on the grisoft site, is there no free AVG Anti Virus anymore? (I use the full version for server systems... because there are few anti virus applications that fully support Windows 2003 and are quite affordable too)

It looks like there are only trial versions offered.
I'm not sure are you finding a free version of AVG anti virus? If so I think theres one in download.com?
toru310 is offline   Reply With Quote
Old 2007-05-01, 16:13   Link #28
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 33
Well I was searching a link for you, but could not find a free version (only trial versions, but I don't know what the trial version can do, maybe they have no time limit).
Jinto is offline   Reply With Quote
Old 2007-05-02, 00:40   Link #29
toru310
Senior Member
 
Join Date: Apr 2006
Location: Philippines
Thanks and may bad hehe
toru310 is offline   Reply With Quote
Old 2007-05-02, 01:19   Link #30
Phantom-Takaya
INTJ
*IT Support
 
 
Join Date: Feb 2007
Location: Alaska
Age: 31
Send a message via AIM to Phantom-Takaya Send a message via MSN to Phantom-Takaya Send a message via Yahoo to Phantom-Takaya
Alright. Since this thread is already up and I'm the type to want to solve problems myself first, I'll step out of my box and ask for help in here. And since this thread is directly associated to what my computer seems to be suffering, this would be a good place to ask for it.

It seems my computer is suffering from a virus of sorts, but it could be something else. At first, my computer started to show signs of decrease in performance. The CPU in the task bar would indicate that it was processing much more so than normal, thus slowing the computer down. I attempted to stop some of the process, but only come up with a small increase in performance. This led me to believe that either the CPU, RAM or maybe even motherboard was starting to fail. Then MSN (the messenger) started to do something rather strange. Whenever I attempt to log in to it, it would log me in for a minute, then the computer would suddenly restart on it's own. Strangely enough, it was only this program's activation that would cause the computer to restart. I thought it was only hardware failure and that I can tolerate not using MSN until I get the replacement pieces. But after a few days, the computer had suddenly done something strange. mIRC was no longer able to connect, claiming that there was no internet connection available. Internet Explorer also would not allow me to click or type on anything other than the menues, although they would pop-up severely slowly. This was when I started getting the idea that it may be a virus. So, I restarted into safe mode with networking (which is what I'm on now) and it seems all the problems went away. So, I ran my utilities from SpySweeper to SmitFraud Fix to SpyBot to AdAware SE and Norton Anti-Virus. With the utilities, I found a keylogger and immediately deleted it. There were also some registries that were altered as well as some questionable dlls and other files that were removed. After a few hours of that, I restarted the computer to Normal mode, but it seems the virus persisted and reacted to the attempt. Now, mIRC is able to connect, but every other program claims that there is no internet connection detected. So, I'm back on safe mode with networking, scanning and attempting to fix any problems that I may come across, though I'm not 100% sure the next time I restart to Normal Mode, the computer will be restored. So, any suggestions?
__________________
"Even in a crowd, I was always alone." - Ernest Hemmingway
"God asks no man whether he will accept life. That is not the choice. You must take it. The only choice is how." - Henry Ward Beecher
Friend: "Evidence that you guys are made of epic win." Me: "That wasn't my goal. My goal is chaos, fear and...eggs."
Phantom-Takaya is offline   Reply With Quote
Old 2007-05-02, 05:42   Link #31
toru310
Senior Member
 
Join Date: Apr 2006
Location: Philippines
Have you checked your firewall? maybe it's missing? or corrupt? That happened to me before when you can't access the internet and then I realized that my firewall is missing..so I had to reformat. Ermm have you tried a combination of AVG anti virus and Hijackthis? Scan with avg and when it detected a virus copy the location and execute Hijackthis to remove it.

I'm no pro but I'm getting there..based on experience..hehe
toru310 is offline   Reply With Quote
Old 2007-05-02, 06:12   Link #32
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 33
I think it is nice that you want to help people... well, don't get me wrong... ^^' ... the advice you offer here is only artly correct.

Quote:
Originally Posted by Migufuchi Fusutsu View Post
Have you checked your firewall? maybe it's missing? or corrupt?
If his Firewall is corrupt, then that can be a reason for not being able to access the internet. If it is missing, than this no reason. If it is wrongly configured, it is again a possible reason. But judging from the experience level Phantom-Takaya shows in his posting, I think he checked this already.

Quote:
Originally Posted by Migufuchi Fusutsu View Post
That happened to me before when you can't access the internet and then I realized that my firewall is missing..so I had to reformat.
I guess you firewall wasn't missing, just broken.

Quote:
Originally Posted by Migufuchi Fusutsu View Post
Ermm have you tried a combination of AVG anti virus and Hijackthis? Scan with avg and when it detected a virus copy the location and execute Hijackthis to remove it.
Usually AVG removes all virii it finds. What Hijackthis does, is to remove registry entries that are suspicious or no longer needed. (it can remove files too, but AVG should be the better tool for that task... yet Hijackthis is a good tool for getting a quick overview of important parts of the registry - and possibly cleaning them)

Quote:
Originally Posted by Migufuchi Fusutsu View Post
I'm no pro but I'm getting there..based on experience..hehe
I'ld rather prefer not to experience all the bad stuff I am offering help for. Once you can prevent all that bad stuff you are a experienced user ^^

@Phantom-Takaya,

can you run Hijackthis and provide the log for further investigation? Also a good thing imo is checking for root kits.

e.g. using http://www.microsoft.com/technet/sys...tRevealer.mspx
Jinto is offline   Reply With Quote
Old 2007-05-02, 10:22   Link #33
Phantom-Takaya
INTJ
*IT Support
 
 
Join Date: Feb 2007
Location: Alaska
Age: 31
Send a message via AIM to Phantom-Takaya Send a message via MSN to Phantom-Takaya Send a message via Yahoo to Phantom-Takaya
Actually, that's also another thing I forgot to point out that the virus reacted to. Right when I started it back to normal mode, Windows quickly informed me that Norton Firewall and Anti-Virus are disabled. I never disable those two. Unfortunately, my attempts to enable them were overriden by the virus. I know one easy way to fix this is to reinstall the OS, but that's a last resort.

I'm going to restart the computer to normal mode to run HijackThis. Maybe I've missed a process or two.
__________________
"Even in a crowd, I was always alone." - Ernest Hemmingway
"God asks no man whether he will accept life. That is not the choice. You must take it. The only choice is how." - Henry Ward Beecher
Friend: "Evidence that you guys are made of epic win." Me: "That wasn't my goal. My goal is chaos, fear and...eggs."
Phantom-Takaya is offline   Reply With Quote
Old 2007-05-02, 10:35   Link #34
Phantom-Takaya
INTJ
*IT Support
 
 
Join Date: Feb 2007
Location: Alaska
Age: 31
Send a message via AIM to Phantom-Takaya Send a message via MSN to Phantom-Takaya Send a message via Yahoo to Phantom-Takaya
Alright. This is the first scan in normal mode:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:27:19 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Installers\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: John's Background Switcher.lnk = C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O15 - Trusted Zone: http://www.torrentmatrix.com
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6282 bytes



I selected everything had HijackThis "fix" for the sake of it and scanned again. Here's the new results:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:29:54 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Installers\HiJackThis_v2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 3531 bytes
__________________
"Even in a crowd, I was always alone." - Ernest Hemmingway
"God asks no man whether he will accept life. That is not the choice. You must take it. The only choice is how." - Henry Ward Beecher
Friend: "Evidence that you guys are made of epic win." Me: "That wasn't my goal. My goal is chaos, fear and...eggs."
Phantom-Takaya is offline   Reply With Quote
Old 2007-05-02, 12:14   Link #35
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 33
I found nothing really suspicious there... however...

I'ld disable cisvc.exe (indexing service for faster local search - but very performance demanding). This can be shut off in the windows search dialog (enable/disable file indexing)

The IDriverT thingy you can set to manual start up (afaik it need not start up automatically)

And now I need to know if these programs were installed by yourself (and are running with your consent...):

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe


Now, the root kit analysis (it provides yet another log to examine)
Jinto is offline   Reply With Quote
Old 2007-05-02, 14:22   Link #36
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Anyone know what this was in the initial scan?

O15 - Trusted Zone: http://www.torrentmatrix.com

I visited torrentmatrix.com and got a MySQL error page for too many connections. I notice it wasn't in the second scan after you ran HijackThis. If you don't recall putting this site into your "trusted" sites, I'd be very suspicious of an entry like that.
__________________
SeijiSensei is offline   Reply With Quote
Old 2007-05-02, 15:18   Link #37
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 33
Strange, when I visited the site before (and now) everything was alright there. Anyway its not there anymore... and the other stuff seems okay too (if there is not a camouflaged service...)
However the root kit test log would really interest me.
Jinto is offline   Reply With Quote
Old 2007-05-02, 18:28   Link #38
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
I'm with Jinto Lin on the rootkit information. Somewhat related, does anyone have any recommendations on a Linux LiveCD for bailing out Windows? I found one called Helix, yet it seemingly couldn't mount NTFS partitions (I may have been using it wrong). I wanted to use it to scan for viruses completely outside of Windows with ClamWin (other tools would be nice too, but virus/spyware sweeping is the main thing).

After you've cleared the viruses and what not, I'd recommend repairing your Windows install (boot off the CD, skip recovery console, and when you're prompted for where to install, select your Windows partition and hit "r" (repair) - doesn't touch your registry or anything, but sets the critical system files back to normal). If you're having networking issues, there are a number of possible reasons, but one may be that the thing messed with some of the core networking files.
__________________
Ledgem is offline   Reply With Quote
Old 2007-05-02, 18:42   Link #39
winry039
love is dreaminess
 
 
Join Date: Apr 2007
Location: Why would i ever tell you!
Age: 20
Send a message via AIM to winry039
i feel so sorry for you but there nothing i can do
__________________
My whole life revovles around my family, my friends, and anime.
winry039 is offline   Reply With Quote
Old 2007-05-02, 19:12   Link #40
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by Ledgem View Post
does anyone have any recommendations on a Linux LiveCD for bailing out Windows?
My usual preference is Knoppix. Versions since 5.01 apparently include the ntfs-3g drivers for full read/write support. The current release version is 5.1.1, though apparently 5.2.0 is being readied.

For North American readers, there are copies available on one of my favorite download sites at the University of Wisconsin.
__________________
SeijiSensei is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 19:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.