Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Browser Malfunctioning


  • This topic is locked This topic is locked
7 replies to this topic

#1 IEcandyman69

IEcandyman69

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 February 2007 - 11:55 PM

Hi I recently programed my computer again because it had virus problems. Then once again my computer started to mess up. The interent broser will not open no more it will say that there is no connection and sometimes it opens up about:balnk on the url. I dont know what to do I have a Hijackthis log. Thanks for reading and I appreciate the help... Logfile of HijackThis v1.99.1 Scan saved at 8:36:08 PM, on 2/21/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\System32\adirss.exe C:\WINDOWS\System32\lnwin.exe C:\WINDOWS\System32\taskdir.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wpabaln.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AdwareAlert\Scheduler.exe C:\Program Files\AdwareAlert\AdwareAlert.exe C:\Documents and Settings\marlon\Desktop\HijackThis.exe R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL O2 - BHO: ASGP32.ASGP - {FA5B9933-1AE8-4A8D-9822-B20A6CA2B5EC} - C:\WINDOWS\System32\asgp32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{13E00056-1A0D-46A3-9291-BAB40793E850}: NameServer = 216.98.52.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{B61A27CA-E37A-43F0-8BBD-CB1171ACCD5F}: NameServer = 216.98.52.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{13E00056-1A0D-46A3-9291-BAB40793E850}: NameServer = 216.98.52.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{13E00056-1A0D-46A3-9291-BAB40793E850}: NameServer = 216.98.52.5 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Advertisements

Register to Remove


#2 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 22 February 2007 - 02:26 AM

Hi IEcandyman69and welcome to Tom Coyote forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
dan

#3 IEcandyman69

IEcandyman69

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 01 March 2007 - 03:27 AM

I havent recieved a reply yet... Help...anyone...

#4 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 01 March 2007 - 05:31 AM

My apology, had a few problems of being notified of posts. back with you now. dan ;)

#5 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 01 March 2007 - 05:35 AM

Hi IEcandyman69

It appears you have a backdoor trojan on your computer, which could allow any number of Infections into your system, If that is the case your computer is and always will be at risk. I cannot guarantee that we can clean everything and reset all changes that has been done to the computer.
Root kits can be extremely hard to detect, and just as hard to clean out.
You have to think that from this point forward, you can't completely trust your computer. The root kit could be hiding a backdoor trojan.
It could be that it is possible for someone to secretly steal your financial an other sensitive information and do ANYTHING they want with the computer.
The only way to be SURE that the infections and the changes they have done are removed is to reformat and reinstall.
If that is acceptable to you, not only would it be safer, but it would probably be less time consuming to do a reformat than to clean up the computer.
Please read this article that was published by Robin at Castle Cops and you will understand better why this warning and what to do.
Here

Further to the article you are strongly advised to do the following immediately:

1. Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Also do whatever else that seems appropriate.


Before you decide to reformat you should check that you have all the necessary information and software.

If you decide to continue with a cleanup you should not use this computer for financial or other sensitive transaction.

Let me know what you want to do.

sorry It couldn't be better news

Regards dan

#6 IEcandyman69

IEcandyman69

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 01 March 2007 - 11:12 PM

WOw...I will take all this to consideration even though I dont think I used my Bankaccount on the internet. I think I'm just going to reprogram windows xp on it but if I do will it take out this trojan? By the way thanks for the help you guys are the best...

#7 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 02 March 2007 - 12:15 PM

Hi IEcandyman69

I think I'm just going to reprogram windows xp on it but if I do will it take out this trojan?

Yes, by that I take it you mean reformat! which would be the best course of action.

This Tutorial may give you assistance Here

Read this article by TonyKlein
So how did I get infected in the first place?

All the best dan

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 24 March 2007 - 07:24 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users