Re: so called virus threat

From: Fomboisse (Fomboisse_at_discussions.microsoft.com)
Date: 11/27/05

• Next message: Malke: "Re: so called virus threat"
• Previous message: Stefan Kanthak: "Re: New install of winxp home....."
• In reply to: Malke: "Re: so called virus threat"
• Next in thread: Malke: "Re: so called virus threat"
• Reply: Malke: "Re: so called virus threat"
• Reply: Frank Saunders, MS-MVP OE: "Re: so called virus threat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 27 Nov 2005 04:42:03 -0800

Logfile of HijackThis v1.99.1
Scan saved at 11:46:26, on 27/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvctrl.exe
D:\WINDOWS\System32\mssearchnet.exe
D:\WINDOWS\System32\Linksts.exe
D:\WINDOWS\System32\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Documents and Settings\gannet\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.tcproperties.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.tcproperties.com/
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} -
D:\WINDOWS\System32\hp3B92.tmp *
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
D:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec
Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://D:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O23 - Service: Ati HotKey Poller - Unknown owner -
D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - D:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - D:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Tried hijack this line 02 seems to be he problem can't get rid of it even
with a restart comes up with different .tmp file each time i restart

"Malke" wrote:

> Fomboisse wrote:
>
> > I have a warning that appears in my task bar bottom right hand corner
> > that tell sme i have a virus at the moment it is called
> > iworm_attack_v122.02a but it does change to another when i click the
> > browser (ie6) opens apage which the address begins with res//: d then
> > it is redirected to www.updateyoursystem.com and this site tells me i
> > am infected with W32.Sinnaka.A@mm the page has the logo for the
> > microsft security center it also comes up when I open the browser and
> > not my home page even though in the registry the default is my
> > homepage. I am running on xp sp1
>
> You have malware on your computer. Go through the following removal
> steps systematically:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Malke
> --
> MS-MVP Windows User/Shell
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic"
>

---

• Next message: Malke: "Re: so called virus threat"
• Previous message: Stefan Kanthak: "Re: New install of winxp home....."
• In reply to: Malke: "Re: so called virus threat"
• Next in thread: Malke: "Re: so called virus threat"
• Reply: Malke: "Re: so called virus threat"
• Reply: Frank Saunders, MS-MVP OE: "Re: so called virus threat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Still cannot stop Windows "Notebook" from vanishing ... HELP!! ... I have to agree with Malke. ... >> I run Windows XP home; ... See below for HijackThis links. ... > the most recent System Restore point from the More ... (microsoft.public.windowsxp.security_admin) Re: Help with slow PC...exe files seem to be taking over ... Thank you Malke, your insite seems detailed and extensive, I will try all you ... Tried turning off restore then deleting, ... See below for HijackThis links. ... Do not install driver updates from Windows Update. ... (microsoft.public.windowsxp.general) Re: RUNDLL Error ... Malke Wrote: ... I have performed a system restore to date ... See below for HijackThis links. ... Do not install driver updates from Windows Update. ... (microsoft.public.windowsxp.general) .dll ... Logfile of HijackThis v1.97.7 ... Internet Explorer v6.00 SP1 ... >Try moveonboot again/or try deleting in safe mode. ... (microsoft.public.security) Re: Importing Data from Entourage 2004 into Entourage 2008 ... Install from CD, Restart, Update to SP1, Restart. ... This way if your database fails shortly after importing, ... any lost mail. ... (microsoft.public.mac.office.entourage)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)