Possible virus

Discussion in 'A+ Certification' started by AG, May 24, 2004.

  1. AG

    AG Guest

    OK guys this one is my Mom's computer so I've got to figure this out.
    Windows XP all updates have been applied. My niece and nephew checked their
    email Thursday afternoon and when mom came home that evening about 9:30 and
    wanted to print some pictures the computer ran real slow. She tried to run
    her MacAffee AV and got an error the program wasn't found then she called
    me.
    I went in Friday night and ran the DOS version of F-Protect but the
    definitions were about a month old, it found nothing. Tried to reinstall
    Mcaffee didn't work. Didn't restart and the executable file is missing.
    Went back in Saturday morning, ran F-Protect with latest def file, nothing.
    Ran Trend Micro's on line AV, nothing. Ran McAffee's on line check nothing
    found.

    Suggestions wanted.

    AG
    AG, May 24, 2004
    #1
    1. Advertising

  2. AG

    AG Guest

    "Will Dormann" <> wrote in message
    news:DIpsc.15629$...
    > AG wrote:
    >
    > > OK guys this one is my Mom's computer so I've got to figure this out.
    > > Windows XP all updates have been applied. My niece and nephew checked

    their
    > > email Thursday afternoon and when mom came home that evening about 9:30

    and
    > > wanted to print some pictures the computer ran real slow. She tried to

    run
    > > her MacAffee AV and got an error the program wasn't found then she

    called
    > > me.
    > > I went in Friday night and ran the DOS version of F-Protect but the
    > > definitions were about a month old, it found nothing. Tried to

    reinstall
    > > Mcaffee didn't work. Didn't restart and the executable file is missing.
    > > Went back in Saturday morning, ran F-Protect with latest def file,

    nothing.
    > > Ran Trend Micro's on line AV, nothing. Ran McAffee's on line check

    nothing
    > > found.

    >
    >
    > Did you check for Spyware? Ad-Aware and Spybot work well.
    > HijackThis is great if you know what you're doing, too.
    >
    >
    > -WD

    I knew I forgot something. I ran Spybot and CWSHREDDER. Spybot found some
    stuff but nothing that looked real bad. CWshredder didn't find anything.
    Also she's running the McAffee firewall and it's working fine.
    AG
    AG, May 24, 2004
    #2
    1. Advertising

  3. AG

    AG Guest

    "SBFan2000" <> wrote in message
    news:...
    > try Panda scans online virus scanner. I have found it to be very helpful

    at
    > times. www.pandasoftware.com


    Thanks, didn't think of that one. I've used it before but it's been a
    while.
    AG


    >
    >
    > "AG" <> wrote in message
    > news:40b22685$0$77924$...
    > > OK guys this one is my Mom's computer so I've got to figure this out.
    > > Windows XP all updates have been applied. My niece and nephew checked

    > their
    > > email Thursday afternoon and when mom came home that evening about 9:30

    > and
    > > wanted to print some pictures the computer ran real slow. She tried to

    > run
    > > her MacAffee AV and got an error the program wasn't found then she

    called
    > > me.
    > > I went in Friday night and ran the DOS version of F-Protect but the
    > > definitions were about a month old, it found nothing. Tried to

    reinstall
    > > Mcaffee didn't work. Didn't restart and the executable file is missing.
    > > Went back in Saturday morning, ran F-Protect with latest def file,

    > nothing.
    > > Ran Trend Micro's on line AV, nothing. Ran McAffee's on line check

    nothing
    > > found.
    > >
    > > Suggestions wanted.
    > >
    > > AG
    > >
    > >

    >
    >
    AG, May 24, 2004
    #3
  4. AG

    AG Guest

    Re: Possible virus Hijack this log

    "Will Dormann" <> wrote in message
    news:DIpsc.15629$...
    > AG wrote:

    I stopped a couple of these processes but didn't get any better results.

    AG


    Logfile of HijackThis v1.97.7
    Scan saved at 7:26:36 PM, on 5/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Microsoft Money\System\Money Express.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant
    Updater\RuLaunch.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\McAfee\MCAFEE~3\CPD.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\PROGRA~1\McAfee\MCAFEE~3\CPD.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\Joe Wright\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.up-link.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://srch-us2.hpwis.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
    FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} -
    C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file
    missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
    Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee
    VirusScan\VSStat.exe" /EMBEDDING
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared
    Components\Guardian\CMGrdian.exe" /SU
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program
    Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe"
    /STARTMONITOR
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG
    CreataCard\AGRemind.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program
    Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) -
    http://www.shopintuit.com/Executables/IE/IDA.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38129.4219560185
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
    AG, May 25, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul T Wang

    Re: Spam / Possible Virus

    Paul T Wang, Jul 15, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    516
    Paul T Wang
    Jul 15, 2003
  2. canetoad

    Re: Spam / Possible Virus

    canetoad, Jul 15, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    443
    canetoad
    Jul 15, 2003
  3. AdNoctum

    Possible Virus?

    AdNoctum, Aug 17, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    389
    AdNoctum
    Aug 17, 2003
  4. Ronald

    Possible Virus

    Ronald, Aug 23, 2003, in forum: Computer Support
    Replies:
    14
    Views:
    702
    Kraftee
    Aug 24, 2003
  5. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    526
    DaveW
    Sep 22, 2003
Loading...

Share This Page