Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Problems And Security ?


  • Please log in to reply
2 replies to this topic

#1 Daman

Daman

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 03 February 2005 - 10:33 PM

I am worried about my computer being accessed from the internet and will ask some questions to determine if I have a problem. These are symptoms that I notice. I have 111 instances of desktop.ini, it is located in one hundred and eleven different files. I have IE 6 but my folders say IE 5. I have internet activity constantly, downloading and uploading. I thought that I was only supposed to have a maintenance download and upload on a cyclicle basis to maintain my page, like refreshing. I have download activity of 3kb per sec and uploads every 2 min. 2 times 50 sec distant. I have windows media player exe with a version for russian use 9.0.0.3250. websites say this is for wmp 6.4. google search. I was going to spin my windows disk but deleted the registry entry pertaining to my cdrom by accident. I deleted the entry in hkcu-installed components. If I reformat will it run from bios with generic driver? I have win tasks pro and and security task manager both of which do not show internet activity only running process, tried to correlate running processes activity to internet activity but have to be in the right place at the right time, and if the process is somehow hidden wouldn't these be unable to show them. I found a file that I created on a russian website, google search, a roxio image file entitled zonalpropest.rd, when I do a search now it is no longer found.

    Advertisements

Register to Remove


#2 Daman

Daman

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 14 February 2005 - 11:19 PM

Tonight I found a 180searchassistant with bitdefender, an online scanner. It was installed with rosoft sound recorder. I searched the modified/create date and deleted suspect files. In the process I noticed a .sbe file, it's an exclude list for spybot s&d. I checked the exclude list in spybot and there were items as exclude, 5 items to be exact. The rosoft prog probably added the excludes on install. I don't know what registry keys were affected though. The offender was 180searchassistant 5.11 the file it operated from was rmturad.exe.tfc, a double extention. After deselecting the exclude items I ran spybot and it found the bugger. Sonsab_t_hes. What is desktop.ini and why do I have 111 instances of it? Why did I have a russian windows media player 6.4 as an installed component in my registry? I had searched using *.exe and looked for files that looked like they did not belong, googled them to find out what they were tied to and if it came back unknown I took note for possible deletion. In the process the anomalys downloads/uploads have stopped, well at least the upload portion. I deleted the registry entry in installed components for the wmp 6.4 and the wmiwmpsv.exe and other exe's, inadvertently deleting the component for the cd rom. I was able to reinstall it by uninstalling the driver, reinstall driver and deleting the upper filters and lower filters in the registry and rebooting. Apparently to stop a problem after a program install and when you notice something awry, is by using a baseline or footprint of your registry and windows/system32 areas. From what I read, propper footprinting includes a footprint from your virgin computer, a footprint before program install, and a footprint after a program install. This allows you to see where the changes are taking place so you can undo if you determine you have a problem, because add/remove progs does not get rid of everything. :blink:

#3 wng_z3r0

wng_z3r0

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 986 posts
  • Interests:Cornet, video games

Posted 17 February 2005 - 10:16 PM

Hi and welcome to the forums. It looks like you do have some problems on your computer. Look at my signature below :weee: and download hijack this. Please extract it to its OWN folder. A good place to put it would be to make a folder called HJT here: C:\program files

IMPORTANT: MCAFFEE INCORECTLY IDENTIFIES THIS PROGRAM AS A VIRUS UNLESS YOU HAVE THE ABSOLUTE LATEST DATS (4429 OR UP)

Post a log here and we will see what shows up

Thanks wng
There are 10 kinds of people in this world, those who understand binary #'s & those who dont
Just my 10 cents

Posted Image
Proud member of Alliance of Security Analysis Professionals since 2005

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users