Best T1 DEAL Networking Questions Fastest Internet

Posts Tagged ‘virus’

The computers at my school are all infected, so I want to use my laptop. Problem is there are no wireless signals so I have to use the Ethernet connection that the infected computers use. Can this give me the same viruses?

The computers at my school are all infected, so I want to use my laptop. Problem is there are no wireless signals so I have to use the Ethernet connection that the infected computers use. Can this give me the same viruses?

The computers at my school are all infected, so I want to use my laptop. Problem is there are no wireless signals so I have to use the Ethernet connection that the infected computers use. Can this give me the same viruses?

Brothers computer got hacked, he basically lost his yahoo/gmail/facebook accounts. His running a malware scan so that should be cleared up. However, whatever malware or virus that got his computer, can it infect other computers that are connected to the same router my brothers laptop uses? I mean ya, a malware program can come from anywhere, but can it spread through a router like that?

Bank, telecommunication company and etc.
Just imagine if you can’t withdraw your money,make a call, surf to the internet and etc for 2 weeks. In Malaysia there is only 2 person that can install a supercomputer, and to make matter worst we are short of people that can really master the concept of networking and security, programming, and database .
To meerkat to pro master hacker multi layer firewall is just a piece of cake they know how to trick the firewall even a 14 years old boy can hack into Yahoo, eBay and many other major website. And not all of the hacker are caught

Hi guys,
I have recently got this virus that was undetected until I opened internet explorer for the first time in a while and Avast Antivirus blocked out links.
Then I went to
C:/ Program Files/Internet Explorer and put those files into a .RAR file.
And uploaded it onto Virustotal.
Antivirus Version Last Update Result
AhnLab-V3 2010.10.02.00 2010.10.01 -
AntiVir 7.10.12.111 2010.10.01 -
Antiy-AVL 2.0.3.7 2010.10.02 -
Authentium 5.2.0.5 2010.10.01 -
Avast 4.8.1351.0 2010.10.01 -
Avast5 5.0.594.0 2010.10.01 -
AVG 9.0.0.851 2010.10.01 -
BitDefender 7.2 2010.10.02 -
CAT-QuickHeal 11.00 2010.10.01 -
ClamAV 0.96.2.0-git 2010.10.02 -
Comodo 6260 2010.10.01 -
DrWeb 5.0.2.03300 2010.10.02 -
Emsisoft 5.0.0.50 2010.10.02 -
eSafe 7.0.17.0 2010.09.30 Win32.Viking.bb
eTrust-Vet 36.1.7888 2010.10.01 -
F-Prot 4.6.2.117 2010.10.01 -
F-Secure 9.0.15370.0 2010.10.02 -
Fortinet 4.1.143.0 2010.09.30 -
GData 21 2010.10.02 -
Ikarus T3.1.1.90.0 2010.10.02 -
Jiangmin 13.0.900 2010.10.01 -
K7AntiVirus 9.63.2657 2010.10.01 -
Kaspersky 7.0.0.125 2010.10.02 -
McAfee 5.400.0.1158 2010.10.02 -
McAfee-GW-Edition 2010.1C 2010.10.01 -
Microsoft 1.6201 2010.10.02 -
NOD32 5496 2010.10.01 -
Norman 6.06.07 2010.10.01 -
nProtect 2010-10-01.02 2010.10.01 -
Panda 10.0.2.7 2010.10.01 -
PCTools 7.0.3.5 2010.10.02 -
Prevx 3.0 2010.10.02 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.02 -
Sunbelt 6962 2010.10.02 -
SUPERAntiSpyware 4.40.0.1006 2010.10.02 -
Symantec 20101.2.0.161 2010.10.02 -
TheHacker 6.7.0.1.045 2010.10.02 -
TrendMicro 9.120.0.1004 2010.10.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.02 -
VBA32 3.12.14.1 2010.10.01 -
ViRobot 2010.8.31.4017 2010.10.02 -
VirusBuster 12.66.10.0 2010.10.01 -
I can’t remove it with Malwarebytes and Avast.
Help

Our internet is really screwed up right now. Today, I got the same exact adware virus that I have been getting for the past couple months. It’s the type that tries to pass off as a fake antivirus scanner, but it is actually infecting your computer (it’s called MalPak or something like that).
 We have Webroot, and whenever this virus shows up out of the blue, these are the steps I take that have ALWAYS worked:

1.) Run a full scan the computer
2.) quarantine and delete the virus 
3.) restart the computer
4.) turn on Windows firewall (because the virus always turns it off somehow)
5.) On internet explorer, go to Tools -> Internet Options -> Connections -> uncheck the box that says “use a proxy server”

I take those steps, and everything always works just fine again.

But today, the virus came back, and this time in the middle of the scan, the computer shut itself down.
I then decided to restart the computer in Safe Mode, so I could get rid of the virus. It took much longer to scan than usual, but it quarantined the virus.

But after that, I couldn’t get the Windows firewall OR the internet to work again! Whenever I try to enable the firewall, it tells me “Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) Service?”

I then click Yes, but this is what happens:

“Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) Service.”

At this point I decided to try scanning with Malwarebytes, and it apparently picked up the last traces of that virus. I restarted the computer again.

Then, I tried to connect to the firewall again by going to the Control Panel, but it just gives me the same message.

As for the Internet (and as you can see, my WiFi is still working just fine), I tried diagnosing the connection problems, and this is the message I got:

“Windows has detected a problem with the Winsock provider catalog on this computer. This catalog allows programs to communicate with this computer across the network. Would you like Windows to reset the catalog to the default configuration?”

And afterwards, I selected ‘Yes’, and restarted the computer. But neither the firewall nor the internet are connecting at all.

Another thing I noticed: It can’t detect my IP address at all. When I go to Control Panel -> Network Connections -> More Information -> Details, this is what it shows me:

Physical address: 00-13-20-18-1B-83
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway field is blank
DNS server: 192.168.1.254
WINS Server field is blank

It won’t let me repair the connection either. It tells me:
“windows could not finish repairing the problem because the following action cannot be completed:
Renewing your IP address”

I’ve even tried unplugging our router, waiting a few seconds, then plugging it back in to see if it can acquire the IP address. But nothing.

Any ideas as to what’s going on?? And how can we fix it?
Uhh… allow me to reiterate.
I. Can’t. Get. Online. With. My. Computer.

Eh, it won’t matter anyway. I just got confirmation yesterday by calling a bunch of tech people that my computer is officially f*cked up. I’ve backed up everything and I’m ready to use the installation CD to reformat my hard drive. But, now I have a new problem. I can’t even boot up from the CD, because a blue screen comes up telling me to restart the computer in safe mode, but the CD won’t even run in safe mode!

yesterday, i got a nasty “antivirus soft” virus. luckily, i managed to permanently remove it using windows defender and Malwarebytes anti malware. Unfortunately, my computer will no longer access the internet, it always shows up as an unidentified network. Wired and wireless, the have they same result

I have tried multiple solutions online such as lan options, winsock fix, and different command prompt entries, but none seemed to fix it. Network diagnostics says it cant resolve it either. is there a way i can fix this easily?

I have vista x64

Trojan.DNSChanger VIRUS…. I picked up this fu@k!n bug sveral weeks ago and it has been the bane of my existance ever since. I have gone as far as to wipe my entire hard drive and reinstall everything. I have tried several different types of malware “seekers and destroyers”, everything from TDSS Killer to GMER to Malwarebytes… so far the only thing that has at all is Malwarebytes.

When I scan with Malwarebytes it finds the Trojan virus hiding in my registries… it gives me the option to delete them but everytime it says that they have been deleted… behold! They are not. I scan again and they are still there. Here is what the log file says upon “deletion”..

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/9/2011 10:47:20 AM
mbam-log-2011-01-09 (10-47-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 171579
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.166.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.161.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1EF18F7E-C13E-4C07-B98D-2CD9F0EADA14}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.166.105) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1EF18F7E-C13E-4C07-B98D-2CD9F0EADA14}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.161.105) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As you can clearly see it says that they are gone.

My question is, what the heck can I do to get rid of them? Can I manually delete the infected registry items or is there another program that will nuke them?

If you are not familiar with this virus, let me tell you.. it sucks. It redirects you to BS pages, will not let you update anti-virus or anti-spy, cannot update windows, cannot do any research on how to get rid of it since any attempt to visit a sight pertaining to spyware, rootkits, or viruses and how to get rid of them is futile and is blocked or redirected…

Please help before I throw my pc out the window and buy a mac!

Watch me write (eh? CLICK) a virus in VB6. Aparently some virus scanners flag any application written in VB6 that includes the winsock control. I do not own or claim to own and part of the audio of this video. The song in the video is: Pillar – Frontline

i got this code from scribd.com which if is typed in Npad and saved as.reg,will increase my DSL speed.wonder if it is a hack or virus or what?if anyone used this code or knows what it is,please answer me.becuase i need to be sure that my laptop will be safe,the code is:
{HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters}
“GlobalMaxTcpWindowSize”=dword:0000ffff

I recently did a scan of one of my drives because I suspected something had infected my computer. Afterward, avast! did find 4 infected files. When ever a Virus alert popped up I moved the virus to the Virus Chest like the alert recommended. I now have 4 virus files under the “Infected Files”. But I also have 6 files under the “System File” tab/window, when I click the “System Files” button. What are those files? I’ve read I shouldn’t do anything with them because they are important for the computer to run safely and for avast! to run as well. These are the file in the “System Files” window:

kernel32.dll
kernel32.dll
kernel32.dll
winsock.dll
wsock32.dll
wsock32.dll

What are these files? Are they dangerous?

Also, I emailed the infected files from the “Infected Files” tab/window of the Virus Chest to ALWIL Software because I read somewhere that if I send an email with the infected files attached, they will analyze the files for you and tell you whether to keep them in your Virus Chest or delete them permanently. What is ALWIL and will I get a response from them? The link to email them was on the Virus Chest itself, so I assume I will get a reply.

Thank you

If you’re not a techie – PLEASE don’t bother – - – this ones’ a dousy (please don’t tell me to go see a screwup nosebleed at bestbuy or the likes!)

- Maxtor HD FULL LLF (maxtor disk checked for virii)
- Fresh Win2k disk (cracked it outta the cellophane)
- SP4 installed from CD (checked for virii)
- IE6 SP1 installed from CD (checked for virii)
- Internet set up (PPPoE)
- Connect directly to windowsupdate and update to latest
- Sysworks installed (factory disk) and latest virius updates done online
- GOT A VIRUS on first check (W32.Spybot.Worm) – - -checked and removed… HOW??? I don’t know.
- Connect computer to domain.
- When at logon screen, admin shares (IPC$, ADMIN$, C$, D$) work fine. As soon as I logon to ANY profile (roaming profiles on NT4 server), after about 20 seconds ALL the admin shares disappear.

I have a feeling it’s a residual of the spybot worm but how did it get there in the first place?

You’ll have my eternal gratitude if you figure it out! Thanks!
I think I asked for non-techs to abstain … that first answer showed ignorance if nothing else! Sysworks is SYMANTEC Systemworks as in SYMANTEC NORTON ANTIVIRUS plus extras. Puhleeze!!!!!!
I even tried stopping and starting the SERVER service in the services.msc console – it lasts less than a minute before all the shares disappear again!

I need some serious computer help. I had a nasty virus/worm/something infect my computer because I forgot to update my anti-virus program. I updated my software and now the virus/worm/whatever is gone. It was the virus that keeps telling you that you have a virus and to download software from a site that it redirects you to, plus it will never let you on to the internet site you want to. Instead, it constantly redirects you. (I don’t know if it’s important what kind of virus/worm it was but I figured it couldn’t hurt to tell you.)

So the virus was gone and everything was peachy-keen, or so I thought. When I tried to go online using IE this message pops up: IE cannot display the web pagee. Most Likely causes- you are not connected to the internet, etc… I tried to refresh just in case it was a glitch but that did not help. I thought maybe it was my firewall, but turns out my firewall was not even turned on so that was out too. I checked my internet connections and it said I was connected. Since it was connected, I wanted to see if I could use my laptop. Lo and behold my laptop works fine. That is how I am typing this right now.

My laptop is working on a wireless network. I thought perhaps I need to reset my cable internet, router and computer connections. So one by one I shut them down and powered them back up. Still no progress. I decided to use Winsockfix XP and burned it onto a disc from my laptop and inserted it into my desktop. After it said it fixed the problem I restarted the computer to find that nothing changed. I clicked on Run in my computer and typed “netsh winsock reset” this still did nothing. I did some other simpler things but still no change.

I am about to throw my computer out the window because I can’t take it anymore. Please someone help me with this problem
As stated above, there is no problem with the internet connection, so there would be no reason to call my service provider. There are also no add-ons that need to be deleted.
Links to download something do not help me. Please read the entire entry. I can not get to ANY web page on my desktop, so telling me to go to a website on my broken desktop does not help at all. I appreciate the effort, but please read my question in it’s entirety.

ITS THE COMMAND SERVICE VIRUS AND MAYBE SOMETHING ELSE IDK BUT ITS MAKING MY COMPUTER NOT RESPOND OR DO NOTHING.. BUT HERES MY HIJACKTHIS LOG…

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:17 PM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\Explorer.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.jzip.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 – REG:system.ini: Shell=Explorer.exe logon.exe
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: MessengerUpdate – {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} – C:\Documents and Settings\Josh\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 – HKCU\..\Run: [IgfxSys] rundll32.exe “C:\Documents and Settings\Josh\Application Data\Messenger\Drivers\IgfxSys.dll”,StartProtector
O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

I SAW ON A SITE THAT A GUY SAW THE PROBLEM AND TOLD THE GUY THE THINGS HE NEEDS TO DELETE BY USING A SOFTWARE OR WHAT NOT.. IDK I JUST NEED HELP IF SOME1 CAN PLEASE HELP ME…

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKCU\..\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background
O4 – HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 – HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\Run: [zzjzfjik.exe] C:\WINDOWS\zzjzfjik.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (User ‘Default user’)
O8 – Extra context menu item: Add to Windows &Live Favorites – http://favorites.live.com/quickadd.aspx
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 – Extra button: (no name) – {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} – (no file)
O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) – http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 – AppInit_DLLs: karna.dat
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: FCI – Unknown owner – C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 – Service: ICF – Unknown owner – C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Symantec IS Password Validation (ISPwdSvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 – Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SmartLinkService (SLService) – – C:\WINDOWS\SYSTEM32\slserv.exe
O23 – Service: Symantec Core LC – Unknown owner – C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 – Service: Symantec AppCore Service (SymAppCore) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

I have an averatec 3700 laptop with windows XP, which I bought it used and it didn’t come with a reinstall/boot disk. Yesterday I was using paltalk messenger on the laptop and there was a chat room that I have been in before. Every other time there was always lots of people in the room but this time it said 0 people were in. Obviously I was curious, so I went in the chat room, and immediately afterward a command prompt quickly opened and closed on my desktop, as did a help and support window. After this I got warnings about viruses and that someone was breaking into my accounts, and the internet stopped working. I don’t know if me going in the chat room could have been what caused the virus (could it?) I ran my antivirus program, but it said I needed to “upgrade” in order to remove the bad files from the pc and I couldn’t upgrade because no internet!! Now EVERYTHING including ALL of the network connections, even the files needed to hear/play SOUNDS is gone off the pc and I can’t choose help and support or search, I can’t open any troubleshooters, and when I choose system restore it says: system restore cannot protect your computer!! I tried to reinstall the winsock files or whatever it is about that, but that wouldn’t work either. PLEASE, is there ANY way I can fix what’s wrong and make things be back on there??? That is ALL I want!!! If this can help anyone I have the IP address and port number of who I think did this. The IP address is: 157.87.17.167 and the port number is: 28038 <—so if you can do anything or find out anything based on that, PLEASE let me know!!! Or just tell me how to make things be back on the pc!! I don’t have a boot disk, and even if I did it still might not make things be back on there.
Note I am currently on a public pc and the infected one is the only personal one I have, so I will probably only be able to see your answers while I have time on this pc.

I got sent this file called images.zip, my friend said “You look awfully funny in this picture, no joke” and I unzipped and, silly me, ran it!

So now, every 10 minutes or so, I send out another “Look at this picture” or “Who is this on the right?” to all my online contacts, and those unwitted enough to open it gets the virus too.

The log from HijackThis is:

Logfile of HijackThis v1.99.1
Scan saved at 4:48:56 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Thomson SpeedTouch\PPPoE\fts.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

Continue later
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\winlog32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=3502
O2 – BHO: btorbit.com – {000123B4-9B42-4900-B3F7-F4B073EFC214} – C:\Program Files\Orbitdownloader\orbitcth.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Neopets – {CD292324-974F-4224-D074-CACA427AA030} – C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 – Toolbar: Neopets – {CD292324-974F-4224
O4 – HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 – HKLM\..\Run: [%FP%PPPoE fts.exe] “C:\Program Files\Thomson SpeedTouch\PPPoE\fts.exe”
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 – HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
I’M BORED OF THIS JUST GET THE FULL LOG FROM HERE:

http://www.geocities.com/drelnis/hijackthis.log

I RAN ALL OF MY ANTIVIRUS PROGRAMS, NO RESULTS!

I posted a question last night (below). I got a reply:

Try this nifty little tool its made just for that kind of problem.

http://windowsxp.mvps.org/winsock.htm

and it seems to have created a whole new problem — a message which says “…Windows did not successfully start…” with options for normal start of three different safe modes. None of them work. What can I do to correct this. Is there a way I can reverse the installation that was suggested to me?
Somebody HELP ME PLEASE!!!!

Previous Question:

Help – Internet connection damaged by virus or something?
Three days ago I got a bunch of virus warnings popping up on my computer. I installed Avira and took care of it, but now my internet connection doesn’t work. My Network Connections says I’m connected, but I get the,

“Internet Explorer cannot display webpage” message.

Then the first bullet point says,

“it appears you are connected to the internet, but you may want to try to reconnect to the Internet.”

This happens both with wireless and ethernet connection.

I attribute it to the virus or whatever it was, because everything worked fine until then (but I may be wrong).

I tried uninstalling Internet Explorer and downloading a newer version, but it’s still not working and I’m not sure what to do.

Can someone out there please offer a solution? Thanks.

I’ve run into an annoying virus that prompts me to enter in two words before my computer shuts down. A window box appears, along with a time clock (2min before shutdown).
I’ve run a HiJack this log, and need help in determing which files to remove. Any help would be greatly appreciated!
Thanks in advance.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\websrv\websrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Captcha5] rundll “C:\Program Files\captcha5.dll”,captcha
O4 – HKLM\..\Run: [sysftray2] c:\windows\bolivar28.exe
O4 – HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 – HKCU\..\Run: [ShutterflyStudio] “C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe” /trayonly
O4 – HKUS\S-1-5-18\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgstng.exe” /background (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgstng.exe” /background (User ‘Default user’)
O4 – .DEFAULT User Startup: AutoPlay.exe (User ‘Default user’)
O8 – Extra context menu item: &AOL Toolbar search – res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 – Extra context menu item: MasterCook: Select Image – C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: MasterCook Web Import Bar – {E6EF5071-7647-4E85-9785-87B6CF5CB561} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) – http://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 – DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) – http://coupons.smartsource.com/download/cscmv5X.cab
O23 – Service: AOL Connectivity Service (AOL ACS) – AOL LLC – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 – Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) – America Online, Inc – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 – Service: Apple Mobile Device – Apple, Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Computer Browser (Browser) – Unknown owner – C:\Program Files\websrv\websrv.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Driver