Posted by Cycovision
Yeah, you should have no major problems just formatting the partition. Just make sure that the active boot.ini file isn't stored on the vista partition first. It shouldn't be, but vista is still in beta and we all know what M$ are like
Posted by solidsingh
hey i have a set of speaker which i need some extension cables for but i dunno which ones.
i have creative p580 5.1 speakers and need 2 extension cables bout 3m long.
anyone know where i can buy em from?
Posted by p900 lover
@Cycovision, bit of a random question but i was thinking the other day if somthing went wrong with my PC what part would be most expensive to replace?
Thanks
dAn
Posted by Gigs
um Cyco...
If wanting to get rid of the OS boot selection menu why not simply do it from the system properties, select the default OS, set it for 0 seconds, you won't see it at all.
(If i recall right there's a check box for even showing the menu no? Not on my home machine so no form of reference atm.. specially now i have the vista loader to contend with 
)
Never turning the PC off helps too
Posted by Cycovision
@Gigs because I like to do things properly
Seriously though, that's a good tip although i've found it sometimes just gets stuck on the boot menu indefinately if you set the timeout to zero.
_________________
'He who laughs last, laughs longest. Or didn't get the joke...'
[ This Message was edited by: Cycovision on 2006-02-20 08:48 ]
Posted by max99
Help !
lol
basically think got some kind of virus or something.
Everytime i open internet explorer after about 30 seconds it closes.
I'm using firefox now to post this as i cant in IE.
I've just realised how much faster firefox is but my rents still prefer IE .
Are there any free software i can use to get rid of this
Thanks
Posted by Cycovision
You haven't got yahoo toolbar installed have you? That can cause IE to close itself. Uninstall it from add / remove programs if you have.
Posted by max99
nope dnt have yahoo thingy.
Posted by Cycovision
Ok, run a virus scan, use AVG Free if you haven't got any antivirus at the moment, then try ieFix:
http://windowsxp.mvps.org/IEFIX.htm
You might need your XP / ME / 98 disk, it'll ask you for it if it does.
Unistall any toolbars at all that you might have, including google toolbar.
Then run the usual antispyware stuff, adaware, spybot search and destroy etc.
Posted by max99
ok i will do that
right it first happened when i was in the thread that axxxr posted about custom made viruses
now i just went into that again in firefox and exactly the same thing happened
bit odd
Posted by Cycovision
Ummm, very odd! I shan't bother looking at that thread then
Posted by max99
well seems to have stopped but
when i do ctrl alt delete
this is running in the applications bit like where msn, IE is or w/e i got open
rundll32
now has Proyecto1 instead :S
or summit like that
is that bad?
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-26 21:36 ]
Posted by Cycovision
proyecto1 is aded by the GRUEL worm, so you definately don't want it! Do a virus scan and if the AV software doesn't pick it out, we can use hijack this and good old fashioned file renaming to get rid of it instead.
Posted by axxxr
My PC has started to beep every 5 seconds....don't know what the problem is can anyone help? ....seems to be coming from the H/D.
Posted by mince-inside
@Axxxr
Sounds like it could be temperature alarm - take the side of and make sure the fans are spinning (hope you've not got long hair). Or do you have a UPS? it may have lost it's feed
Mr M
Posted by axxxr
Ok i'll check it out thanks for that!
Posted by max99
cant seem 2 download avg as soon as i google it , IE closes down lol
ill run hijack this now
Posted by max99
Logfile of HijackThis v1.99.1
Scan saved at 17:01:01, on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\SYSTEM32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\WINDOWS\\System32\\WScript.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe
C:\\Program Files\\Palm\\HOTSYNC.EXE
C:\\Program Files\\blueyonder IST\\bin\\mpbtn.exe
C:\\WINDOWS\\system32\\regsrv.exe
C:\\WINDOWS\\System32\\devldr32.exe
C:\\WINDOWS\\System32\\wuauclt.exe
C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE
C:\\Documents and Settings\\Max Bramwell\\My Documents\\hijackthis\\HijackThis.exe
C:\\WINDOWS\\system32\\cmd.exe
C:\\WINDOWS\\system32\\ntvdm.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer,SearchURL =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyServer = 203.115.10.36:80
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
F0 - system.ini: Shell=Explorer.exe C:\\WINDOWS\\system32\\winmgd.win
F1 - win.ini: run=C:\\WINDOWS\\system32\\mouse_configurator.win
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\System32\\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\ActiveX\\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\System32\\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O4 - HKLM\\..\\Run: [Omnipage] C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [Kernel32] C:\\WINDOWS\\system32\\Kernel32.win
O4 - HKLM\\..\\Run: [Israfel] C:\\WINDOWS\\system32\\Israfel.vbs
O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\\Program Files\\Palm\\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\\Program Files\\blueyonder IST\\bin\\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE
O7 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, DisableRegedit=1
O7 - HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\\program files\\google\\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\\program files\\google\\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: ActiveCheckout - about:
O8 - Extra context menu item: Backward Links - res://c:\\program files\\google\\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\\program files\\google\\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\\program files\\google\\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\\program files\\google\\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_02\\bin\\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_02\\bin\\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\Program Files\\PartyPoker\\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\Program Files\\PartyPoker\\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\MSMSGS.EXE
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.[....]rear_window.html?noreloadredir
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[....]sengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\\PROGRA~1\\MSNMES~1\\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\\Program Files\\Common Files\\Adobe Systems Shared\\Service\\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\\WINDOWS\\System32\\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\\Program Files\\Common Files\\Macromedia Shared\\Service\\Macromedia Licensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe
Posted by max99
ne1 help
my pc keeps doin dodgey things like outlook keeps opening n i cant shut a message down,
Posted by Cycovision
These two need to go, viruses!
F0 - system.ini: Shell=Explorer.exe C:\\\\WINDOWS\\\\system32\\\\winmgd.win
F1 - win.ini: run=C:\\\\WINDOWS\\\\system32\\\\mouse_configurator.win
And this:
O4 - HKLM\\\\..\\\\Run: [Israfel] C:\\\\WINDOWS\\\\system32\\\\Israfel.vbs
Write down the file names and locations on a bit of paper, eg. c:\\windows\\system32\\winmgd.win, and reboot in safe mode.
Navigate to each file and delete it. Reboot in normal mode and run hijack this again to make sure they've gone.
They might be hidden files, so make sure you've got 'show hidden files and folders' and 'show system files' checked in 'folder options' under the 'tools' menu.
Posted by max99
| Quote: |
|
i've done the 1st bit you asked but i don't get the bit above. which file names and locations ? all of the ones listed ?
edit: and Thanks
really do appreciate it
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-27 18:21 ]
Posted by Cycovision
Yes, the two .win and one .vbs files
Posted by max99
done
but files werent there in safe mode to delete, so im guessin they hav gone ?
Posted by Cycovision
Well, have another hijack this and see of those three entries have gone
Sometimes viruses generate temporary files or files that change name periodically.
Posted by max99
Logfile of HijackThis v1.99.1
Scan saved at 20:05:51, on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\SYSTEM32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\WINDOWS\\System32\\WScript.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe
C:\\Program Files\\Palm\\HOTSYNC.EXE
C:\\Program Files\\blueyonder IST\\bin\\mpbtn.exe
C:\\WINDOWS\\System32\\devldr32.exe
C:\\WINDOWS\\system32\\regsrv.exe
C:\\WINDOWS\\System32\\wuauclt.exe
C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE
C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE
C:\\Documents and Settings\\Max Bramwell\\My Documents\\hijackthis\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer,SearchURL =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyServer = 203.115.10.36:80
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
F0 - system.ini: Shell=Explorer.exe C:\\WINDOWS\\system32\\winmgd.win
F1 - win.ini: run=C:\\WINDOWS\\system32\\mouse_configurator.win
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\System32\\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\ActiveX\\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\System32\\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O4 - HKLM\\..\\Run: [Omnipage] C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [Kernel32] C:\\WINDOWS\\system32\\Kernel32.win
O4 - HKLM\\..\\Run: [Israfel] C:\\WINDOWS\\system32\\Israfel.vbs
O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\\Program Files\\Palm\\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\\Program Files\\blueyonder IST\\bin\\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE
O7 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, DisableRegedit=1
O7 - HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\\program files\\google\\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\\program files\\google\\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: ActiveCheckout - about:
O8 - Extra context menu item: Backward Links - res://c:\\program files\\google\\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\\program files\\google\\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\\program files\\google\\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\\program files\\google\\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_02\\bin\\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_02\\bin\\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\Program Files\\PartyPoker\\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\Program Files\\PartyPoker\\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\MSMSGS.EXE
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.[....]rear_window.html?noreloadredir
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[....]sengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\\PROGRA~1\\MSNMES~1\\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\\Program Files\\Common Files\\Adobe Systems Shared\\Service\\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\\WINDOWS\\System32\\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\\Program Files\\Common Files\\Macromedia Shared\\Service\\Macromedia Licensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe
Posted by max99
looks like they are still there
Posted by Cycovision
You're right mate, this is a really nasty worm that generates regularly changing filenames to hide it's identity.
The manual removal instructions are here:
http://securityresponse.syman[....]er/venc/data/vbs.gaggle.d.html
It's quite long winded but if you can get your browser open long enough to print it out, you might be in with a chance.
By far the easiest way would be to get a copy of AVG on a CD (download it on a different computer and burn it to CD), install it, update the definations and run a scan in safe mode.
After that, you'd need to put the XP install disk in, click start, run and type sfc /scannow. This is because the worm deletes or damages certain system files and they'll need to be replaced.
The other alternative would be to operate! Get the hard drive out of the infected PC, wire it in as a slave or use a USB to IDE converter to connect it to a healthy PC with antivirus software installed and scan it that way. You'd still need to do the sfc /scanow and the registry fixes on the symantec site once you've put the hard drive back in the PC
Posted by max99
right downloading avg now
so i run it in safe mode ?
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 16:45 ]
Posted by haynesycop
Here you go it is the premium version hope this is the right one:
http://www.grisoft.cz/softw/70/filedir/inst/avg71f_375a716.exe
Posted by Cycovision
Yeah, run it safe mode because AV programs have a better chance of deleting viruses if the viruses aren't running at the time. Doesn't always work because many viruses still get loaded and run even in safe mode, but it generally gives you the best chance.
Posted by max99
its been scanning for 32 mins
and found...
2790 infected files and counting
3029 now
4500+ now , and going for 1 hour 13mins, and i reckon its about 1/3 way through :s , gonna take ages
6500 now 2hours gone
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 17:38 ]
[ This Message was edited by: max99 on 2006-02-28 18:10 ]
[ This Message was edited by: max99 on 2006-02-28 18:57 ]
Posted by dude_se
as i said on msn. if you can go on trend micro and do a scan
dude_se
Posted by max99
cyco , when i get to end do i heal or delete files ? or w/e it says at end of avg scan
Posted by Cycovision
Heal first, delete any that it can't heal
Posted by max99
cheers
, will do that when its finished
just general Q whats diff between heal n delete
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 20:45 ]
Posted by Cycovision
Heal is used when the virus has attached itself to another, legitimate file. AVG tries to delete just the nasty bit tagged onto the end and repair the original file so that it still works properly.
Delete just gets rid of the whole file!
Posted by max99
arr k, wicked,
ur a star #:D
quick update: 10100 infected files now
also right i got 40gb h/d i know small, 37.6 or summit is used, i deleted 20 odd gb of music from itunes n from recycle bin yet the free space has no changed and still says 37.6. bit odd hey
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 21:14 ]
[ This Message was edited by: max99 on 2006-02-28 21:14 ]
Posted by dude_se
reboot
dude_se
Posted by Cycovision
When you say you deleted them from Itunes, did you delete them from one of it's various playlists or did you delete the actual files themselves?
I'd guess that the files are still there somewhere! Try doing a windows search for *.mp3 (EDIT: and other music file extensions) and see what comes up!
_________________
'He who laughs last, laughs longest. Or didn't get the joke...'
[ This Message was edited by: Cycovision on 2006-02-28 22:16 ]
Posted by max99
thanks
well i left the scan on last nite and was still goin this morninig so i stopped it, cuz it was goin soooo slow
i duno wat 2 do
. lol just keeps reappearin everywhere
Posted by haynesycop
Buy a mac!
Posted by max99
think im going to reformat my whole pc lol hiope that gets rid of it
Posted by govigov
Are you sure that you are not mistaking the total number of files to the infected ones. Because man, thats a lot infected files!
Posted by max99
nah, total files is like loads and loads more
anyone know a easy way to see where all my hardrive is being used up. 37gb used but i hav no idea where its being used
Posted by dude_se
backup and format. you will never have a totally clean system after all that crap
dude_se
Posted by Cycovision
I agree, I think a reinstall would be for the best here
Posted by govigov
Let me just agree with others here. Format. But i dont think back up is a good idea.
Posted by max99
yea gona reformat tonight.
My mums gettin a pc from work which is all good part from no hard drive. Is it easy to fit a hard drive. guessin not . and if not would one of those like 200gb external usb ones do ?
hehe thanks every1
Posted by govigov
Its pretty easy to fit an internal hard disc. Just plug them in and install windows. Provided you know how to get up from a boot sloppy, then install from cd for the usb external ones to work, i think there should be an internal one.
Posted by max99
i think i know how got virus. Basically attachment on a email called " Invitation" and it infects hard drive and at moment there is no known cure for it