big problems

Discussion in 'Home Networking' started by Jim W, Mar 10, 2005.

  1. Jim W

    Jim W Guest

    Your help really needed here PLEASE, I know I am in the wrong newsgroup, but
    it is the only one I can access

    When I went on to the computer last night after my 13year old daughter had
    been on, I tried to run avg, it popped up for a second then disappeared, I
    tried several times, but it would not open, I went to system restore, that
    would not open either, I tried "help" that would not open, I tried Crl Alt
    Delete, that was the same.

    When I try to access a help site on the net, house call or even windows
    update, it will not open the site, it will not let me onto any help site at
    all, I tried to type help as the subject matter to this post, it shut win
    express down,

    Can anyone help with this problem please, it would be much appreciated.

    Jim W, Mar 10, 2005
    1. Advertisements

  2. Jim W

    Liam Guest

    Sounds like a problem my girlfriend got after accepting a .pif file through
    MSN? The only website that would load was google, and internet explorer
    would just close attempting to open any other site, or attepting to download
    any file (as i suggested she run AVG). Does your daughter use MSN to chat to
    her friends or anything?

    She didnt have much important data so burned the my documents folder to CD
    and then recovery from the recover disk was the easiest option (took about
    8mins) and back to a fresh system

    Liam, Mar 10, 2005
    1. Advertisements

  3. Jim W

    Paul D.Smith Guest

    When you have recovered your machine, I'd recommend both anti-virus and
    something like Ad-Aware to police cookies and other such nasties.

    And do you have a good firewall? Personally I like ZoneAlarm. What what I
    need, the freeware version is good enough.

    Search the web for otehr useful information on locking down computers.

    Sadly, you're not alone. If you can get Ad-Aware to load, you may be able
    to recover. My father's PC had a similar problem but removing the 400+
    nasties that had snuck on there cure him.

    Paul DS
    Paul D.Smith, Mar 10, 2005
  4. Jim W

    Guest Guest

    Giving your daugher a non-admin account (if you haven't already) would
    also be a good idea.
    Guest, Mar 10, 2005
  5. Jim W

    mikeFNB Guest

    opps...seems like little missy downloaded something with a virus or got
    infected via a chatroom or messenger service?
    you give us no clues to what you are using but i'll guess it's xp.

    firstly, try booting the pc in safemode (keep hitting F8 key after the pc
    beeps from boot)
    then try running avg from there.

    if not, get up on the web and goto

    and run the online scanner there.

    once you have got rid of the virus.
    download and run something like spybot search & destory or adware6.

    then download spywareblaster and install, enable all protectiion then this
    should stop future problems.

    lastly, take daughter, and chop fingers off! there problem
    seriously easily done.

    it might also be worth your while to disable the XP firewall & run something
    like zonealarm free
    as XP does not protect against outgoing stuff, only incomers!.

    mikeFNB, Mar 10, 2005
  6. Jim W

    Jim W Guest


    Thank you for that

    Booted in safe mode, managed to run spybot which came up with two 2
    "intruders" ran AVG but it came up with nothing,
    in safe mode, still could not get system restore up and running but got a
    message saying it had been switched off by group domain,

    The computer won't let me go to the panda site through your link

    I have windows updates in my system tray ready to be installed, but when I
    click on them the box pops up then disappears.

    Any more ideas would be appreciated,

    Thanks for your time, thanks to all who replied, I appreciate you taking the


    Jim W, Mar 11, 2005
  7. Jim W

    mikeFNB Guest

    mikeFNB, Mar 11, 2005
  8. Jim W

    Paul D.Smith Guest

    Good point. Alternatively, ask around and get an old PC for your daughter,
    an ADSL modem/router and set up a small network.

    My children have an old AMD 500MHz machine which one of my work colleagues
    was discarding, having bought a shiney new PC. With lots of memory (cheap
    off eBay) it happily runs XP Home (I turned off all those "useful" features
    like smooth scrolling and fade-in menus). It's as secure as I can make it,
    and if they trash it, I would just reload from scratch.

    OK, so they can't play "Cyber-shoot-everything-that-moves 2006" on it, but
    for web surfing and most educational games it works fine, and I no longer
    worry about my own machine.

    Paul DS.
    Paul D.Smith, Mar 11, 2005
  9. Jim W

    Jim W Guest


    I could not access any of the sites you highlighted, when I click on the
    link, nothing.

    Starting to despair now, at least I have my fingers, unlike my darling
    little daughter.

    any more ideas?

    Thanks for your time

    Jim W, Mar 11, 2005
  10. Jim W

    NBT Guest

    Do you have someone who can download them for you?
    Also add this to your list ,it's a 30 day trial version
    you will need to disable AVG before you can run it but it will pick up a
    few Trojans that AVG doesn't.
    As mentioned run these in safe mode and make sure you are disconnected
    from the Internet when you run them.
    Which version of XP are you running and what SP, 1 or 2.
    Check to see if any of your security settings have been altered in IE
    especially relating to Active X and can you still adjust them or have
    they been greyed out.

    NBT, Mar 11, 2005
  11. Jim W

    Jim W Guest

    Ok Mike

    Went to another computer downloaded smatkiller, cwshredder and hackthis to

    Results, smartkiller, "coolWWWSearch.Smartkiller(V1/V2) has not been found
    on your system

    cwshredder, CWS.SmartSearch removed, CWS.TheRealSearch, removed

    Log from hackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 11:32:42, on 11/03/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Documents and Settings\Jim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Freeserve
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} -
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
    Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [DsmSer] C:\WINDOWS\System32\sysup.exe
    O4 - HKLM\..\Run: [rollbk] C:\WINDOWS\msmpatch.exe
    O4 - HKLM\..\Run: [AvSer] C:\WINDOWS\System32\svosm.exe
    O4 - HKLM\..\RunServices: [DsmSer] C:\WINDOWS\System32\sysup.exe
    O4 - HKLM\..\RunServices: [rollbk] C:\WINDOWS\msmpatch.exe
    O4 - HKLM\..\RunServices: [AvSer] C:\WINDOWS\System32\svosm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk =
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    O8 - Extra context menu item: Search with Freeserve -
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    O9 - Extra 'Tools' menuitem: Show &Related Links -
    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    O9 - Extra button: Medion-UK - {E2FE0687-6D9A-4136-8B83-591878BF4C0E} - (file missing) (HKCU)
    O12 - Plugin for .mid: C:\Program Files\Internet
    O12 - Plugin for .spop: C:\Program Files\Internet
    O16 - DPF: Yahoo! Bingo -
    O16 - DPF: Yahoo! Dominoes -
    O16 - DPF: Yahoo! MahJong Solitaire -
    O16 - DPF: Yahoo! Tic-Tac-Toe -
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) -
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    O17 -
    NameServer =
    O17 -
    NameServer =
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    O23 - Service: C-DillaSrv - C-Dilla Ltd -
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
    CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

    Thanks Mike

    Jim W, Mar 11, 2005
  12. Jim W

    Jim W Guest

    Thank you NBT,

    Windows Home edition, your link sent me to an MSN page which said the page
    was unavailable, SP 1, I know the Windows firewall is still checked but
    other than that, I wouldn't know, sorry to say I am not up to speed when it
    comes to security, have relied on AVG and windows firewall, which have done
    the job up until NOW


    Jim W, Mar 11, 2005
  13. Jim W

    NBT Guest

    You have something which has hijacked your "Hosts" file and is
    redirecting all traffic to the MSN site.

    Backup the Hosts file. standard Hosts file location


    First locate the Hosts file, it is a file named "Hosts" with no
    extension. Right-click on it, and select Copy. Now right-click in the
    clear space to the right of the Hosts file and select paste. At the
    bottom of the file list there should now be a file named "Copy of Hosts"

    Open your "Hosts" file using notepad and delete all entries except

    127.0.01 local host

    save file

    Try accessing some of the security websites previously mentioned.
    Download the KAV trial s/ware I mentioned and run it.

    If this works go to
    download this hosts file and replace the one on your machine.

    NBT, Mar 11, 2005
  14. Jim W

    NBT Guest

    Should read local host
    NBT, Mar 11, 2005
  15. Jim W

    NBT Guest

    It appears you have W32.Serflog.B worm spread via MSN Messenger
    Up to date virus scanners should pick this up and remove it .Microsoft
    also issued a tool on 8th March to remove a lot of this family(KB890830).

    NBT, Mar 11, 2005
  16. Jim W

    NBT Guest

    NBT, Mar 11, 2005
  17. Jim W

    Jim W Guest

    Thanks NBT

    How come AVG did not pick it up, I keep that up to date, should I look at
    something else?

    Will I be able to copy (KB890830). from another computer and install it on
    mine and would that sort out the problems, will it give me system restore
    back? think I relied on that too much.



    Jim W, Mar 11, 2005
  18. Jim W

    NBT Guest

    No AV program is perfect and it is always handy to know where others are
    available in case of problems.
    You still need to edit your hosts file or you will keep being redirected
    as removing the worm will not remove the redirection instruction.
    Follow the instructions in my other post and then download the KAV trial
    program,on first run upgrade AV definitions and then scan for problems.

    and would that sort out the problems

    No as explained earlier.

    , will it give me system restore
    I don't know
    NBT, Mar 11, 2005
  19. Jim W

    NBT Guest

    As a quickie you can try running HJT again and put a check against each
    of these

    O1 - Hosts:
    Then press "fix checked" run HJT again and see if these entries have
    disappeared.If they have go previously said(KAV)

    If not you will have to use other method.

    NBT, Mar 11, 2005
  20. Jim W

    Jim W Guest

    contents of host, no 127.0.01
    # Start of entries inserted by Spybot - Search & Destroy
    # End of entries inserted by Spybot - Search & Destroy
    Jim W, Mar 11, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.