106 replies to this topic

[Tomk]

Ron.M, It was me. Your computer was scared of having to deal with me again. Let's compromise. Post just the part of your Kaspersky log here that names the files and infections that it found. Not a complete log.

[Doug]

Holy Bologna, Ron. Just when I think I've heard them all.... <-- is this guy animated?

[Ron.M]

Mr. TomK;....

It was me. Your computer was scared of having to deal with me again.

WOW !!!...Stronger than God , huh.....

Let's compromise. Post just the part of your Kaspersky log here that names the files and infections that it found. Not a complete log.

Here they are:

File name / Threat / Threats count
C:\Documents and Settings\Ron.M\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{60B71BEA-9772-4445-BEE7-744AC19A8F28} Infected: Trojan.Win32.Qhost.mcf 1
C:\Documents and Settings\Ron.M\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{64B05E9B-9AA8-45B9-B737-9AACB66448D7} Infected: Trojan.Win32.Qhost.mcf 1
C:\Documents and Settings\Ron.M\My Documents\dolphin.exe Infected: Worm.Win32.AutoRun.azsz 1


I changed my real name to Ron.M in the above files...
The file with "dolphin" I recognize as my screen saver file...& lookie there , it has a "worm"....
Whatever you want me to do , I'll gladly do....


THANK you for what you are doing....


This just in !!!!

Doug;...

<-- is this guy animated?

YES sir , YES sir , YES sir!!!!


Later...Ron.M.... .....

[Tomk]

Ron.M, Even though there is a chance those are false positives, I'd feel better if you posted a couple logs in the malware forum for a quick check.

[Ron.M]

TomK....

1st;... When I came here & also went to the other websites today , the animations QUIT !!!
So were are back to square one , sorta...

Even though there is a chance those are false positives, I'd feel better if you posted a couple logs in the malware forum for a quick check.

I thought that Kaspersky was the best of the best ....
The 'dolphin" file is an animated screensaver....
From my laymans point of view , that would be my prime suspect...
What logs do you want me to post & what if any other info do you want me to put in my initial post...


THANKS....


Later....Ron.M... ....

[Tomk]

Ron.M, There are multiple dolphin.exe programs out there. One is a video game emulator. Another is obviously a screensaver. I'm not sure how mane others there are. Post the typical beginning logs + the complete kaspersky log if you still have it (RootRepeal and DDS).

[Ron.M]

TomK;...


What are typical begining logs ??? HJT & ????

What are these ???
==>..""(RootRepeal and DDS).

Later...Ron.M... ...

Edited by Ron.M, 10 November 2009 - 01:01 PM.

[Tomk]

Ron.M,

Sorry Ron. If you go to the instructions for posting in the malware forum (the link Doug provided yesterday http://forums.whatth...s_t106388.html) it requests that your initial post to the malware forum be RootRepeal and DDS logs. I'd also like to see the full Kaspersky log.

Go ahead and edit your name in the logs as appropriate.

[Ron.M]

Doug & appleoddity;.....

1st;.....I've been cleared by Mr. TomK....Excellent , excellent tech.....

As you probably read previously in this thread , the problem returned...
After we discovered a worm , my hopes soared.....
I deleted the infected file & dam , I still have the problem....

Please bear with me for a day or two as I'm trying to rectify
the problem with PCpitstop....

When that is resolved , I'll get a scan & post it here for you guys....

Have a GREAT evening...


Later...Ron.M..... .....

[Ron.M]

Doug;.....

1st , Thanks for the help with the PCpitstop problem....
It worked....I have a question about that & will PM you in a bit....
Here is the info you asked for ages ago....

http://www.pcpitstop...WWP8WRMFFBSWJHP

I'll be waiting for your answer.....

THANKS....


Later..Ron.M.... ...... ....

[Doug]

ron.m Did you receive my PM. The information should help resolve your login for the PCPitstop Full Tests (OverDrive) Let me know if you have additional difficulties. Doug

[Doug]

Disregard the above post. Sorry. Seems we were both typing at the same time. (me slower than you. )

[appleoddity]

Ron, your PCPitStop test makes it pretty clear what a few potential problems are. Programs that could potentially be causing your problem are:

BitTorrent DNA
Speedbit Video Accelerator
Privacy Guardian

However, a part from all those possibilities, your running processes shows this:
NetZero accelerator -- NetZero, Inc. -- C:\Documents and Settings\Ron.M\Deskt ... \X1Exec.exe

Which I mentioned right from the get go but you said you did not have installed. There is about a 0% chance that this program IS NOT the problem. Remember, I told you that the only way to download faster over dial-up is to reduce the quality of whatever it is you are downloading or to highly compress it. This netzero accelerator does exactly that.

You may be interested in reading here: http://www.cccti.edu.../NetZeroAcc.htm

[Ron.M]

appleoddity:...

The first thing that comes to mind is that you have one of those "web accelerators," installed as part of your dial-up package.

I do NOT have any form of "web accelerators".....I do NOT have high-speed dial-up....I have the cheapest form of NetZero available....& , it was working fine since day one....(Well over a year )

OK , let me clarify something to you...
Even tho I have been online for over a year , I've barely scratched the surface of the term "Computer sav vy".....
When you first asked me that , I had NO idea of the fact that it's part of the NetZero package...
NetZero's "3G High Speed" service is an extra feature that you have to activate & pay an extra monthly fee to use it....
Since I did NOT subscribe to the service, it is NOT there....
So how does it cause a problem ???

You may be interested in reading here: http://www.cccti.edu.../NetZeroAcc.htm

This feature has been on forever & to the best of my knowledge NEVER a problem....
I turned that off & NO help....
Do I need to reboot for an honest response ???
Or just go offline & back online to test it ???


Thanks for altering my real name...

BitTorrent DNA
Speedbit Video Accelerator
Privacy Guard

These have been on my unit for a long, long time....
I can give up BitTorrent DNA , but I want to keep the other 2 programs....
What is puzzleing to me is , how does something that you have loaded on your computer for ages & works perfectly , suddenly be a problem.????.....


I have to go now...be back later...


Later....Ron.M.... ......

[appleoddity]

Sorry about the misunderstanding on the web accelerator. You do have one installed and it is active though based on your PCPitStop test. I really don't have any doubts in my mind that it is your netzero software or ISP that is causing this problem. It may not be as cut and dry for you and I understand that, but there really is no other explanation for the problem you are describing. NetZero, or the software on your computer, is somehow modifying the data stream and causing issues. Those other products I listed are only potentials. I listed them because they directly "interfere" with your network connection, or mess with browser functionality (privacy guard). I still think it is the NetZero software. Just because it has never caused you a problem, and just because turning that option off does not fix your problem, it does not mean that it isn't the problem. Any number of things may have been directly or indirectly changed that now causes the problem to be apparent. Judging from previous experience, you will probably get little to no support from NetZero for this problem and they will point the finger at everything else BUT themselves, and probably just simply not even get what your talking about. Unforunately, I'm not a user of the software and can't directly mess with settings to see what might be wrong. But, it also has a setting (on the right-click menu) about image quality as seen in the picture on that site I linked to earlier. And, it has a "settings" option also. Investigating, and testing, those may reveal something. Even then, we are only assuming that the software is doing this because of a setting, and not because it is just simply broken. So, it may be something as drastic as re installing the netzero software, or my preference would be to try to go to add/remove programs and see if you can uninstall the NetZero Accelerator application without uninstalling the entire program. By doing this you can be mostly sure it is not the NetZero Accelerator. Check for yourself in Add/Remove programs, try to start an uninstall of NetZero, and see if there is a modify option or some way to only uninstall the Accelerator. Lastly, because your browser caches those "animated" gifs you may not see any animation on them until those cached entries expire. After disabling the NetZero accelerator you may need to close your browser windows and delete all your temporary internet files.