Re: Bloodhound virus
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 08/31/05
- Next message: boaz: "Re: How do I know if this is a virus or an issue with my hardware?"
- Previous message: Mike Fisher: "Re: Bloodhound virus"
- In reply to: Mike Fisher: "Re: Bloodhound virus"
- Next in thread: David H. Lipman: "Re: Bloodhound virus"
- Reply: David H. Lipman: "Re: Bloodhound virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Aug 2005 21:12:20 -0400
From: "Mike Fisher" <MikeFisher@discussions.microsoft.com>
| sorry for the delayed response.
|
| i'll put the sophos, trendsysclean and hijackthis.exe scan reports in three
| back back to back posts starting with hijackthis.exe
|
| Logfile of HijackThis v1.99.1
< HJT Log snipped >
Mike this is NOT the best place to post a HJT log. There are web forums where there are
experts who can decipher them. We are not HJT experts.
The following are suggested siyes for posting HJT logs...
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5
{ borrowed from the alt.privacy.spyware News Group FAQ, they too discourage posting HJT
logs }
That being said, the following is suspicious...
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\SYSTEM\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
I suggest running MSCONFIG.EXE and disable these items from StartUp.
You have WinME and I believe WinME has MSCONFIG.EXE. If it doesn't...
http://www.gwynfryn.co.uk/downloads/msconfig.zip
Then reboot the PC and perform any AV and/or anti malware scans.
As for any Multi AV scan logs (McAfee, Sophos or Trend Micro Sysclean). I have no problem
examining them. Y
ou can either ZIP the log files and attach the ZIP file to your reply or email the ZIP file
with the logs to me.
Just remove ~nospam~ to send email...
DLipman~nospam~@Verizon.Net
David_H_Lipman~nospam~@Yahoo.Com
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Next message: boaz: "Re: How do I know if this is a virus or an issue with my hardware?"
- Previous message: Mike Fisher: "Re: Bloodhound virus"
- In reply to: Mike Fisher: "Re: Bloodhound virus"
- Next in thread: David H. Lipman: "Re: Bloodhound virus"
- Reply: David H. Lipman: "Re: Bloodhound virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
