Help with regedit, taskmanager and msconfig

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Operating Systems > Windows 95/98/ME

Help with regedit, taskmanager and msconfig, regedit, taskmanager, msconfig

Options

dgarramone View Member Profile	Jul 11 2004, 10:39 AM Post #1
Member Group: Members Posts: 18 Joined: 11-July 04 Member No.: 1,337	Would appreciate any help I can get. My daughter's computer, Dell Inspirion 7500 will not run regedit, task manager or msconfig. Regedit appears briefly and then disappears, task manager might place the cpu usage icon in the tray but it disappears as I bring my mouse cursor near it. Msconfig does not work. Ran several Antivirus programs, Norton AV 2003 on the computer in regular and safe mode. Ran Online antivirus scans by Norton, Panda active scan, and trendmicro. Also ran panda and housecall in safe mode from internet. Never found any virus using any program. Use Norton Systemworks with auto live update. Ran removal tools from Norton for Klez and Yaha. Downloaded these on different computer, saved to floppy and ran on laptop. Ran Sypot and Adaware as well. Several times. Deleted any issues found. Everything I read on internet says the computer exhibits characteristics of a virus. Even found a reference to Win32.Cydog.c@mm/W32.HLLW.kickin.A@mm on web. Went through regestry as per Norton instructions but did not find any of the keys it was looking for. Computer did run W98SE and I upgraded the compter to XP Pro. Did not do a clean update. Ran Hijackthis and the following log was provided. Any help on this problem will be GREATLY appreciate. I can run the regedit, task manager and msconfig programs in Safe Mode. Also downloaded emergency utils from Kellys Korner and they run in normal mode. Here's the log: Logfile of HijackThis v1.98.0 Scan saved at 11:17:23 AM, on 07/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Personal Firewall\IAMAPP.EXE C:\WINDOWS\System32\NETSTATT.EXE C:\WINDOWS\System32\wfxsnt40.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\atievxx.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Ontrack\PowerDesk\Pdexplo.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elon.edu/e-net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server* O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\RunOnce: [Yahoo Messenger] NETSTATT.EXE O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim95\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: Dell Home - {9F3F7620-975F-11D3-A6C4-F06F55C10072} - http://www.dell.com/ (file missing) (HKCU) O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: eCrew Delta Technology V1302 - http://ecrew.delta-air.com/classes/cst/eCrew1302.cab O16 - DPF: eCrew Delta Technology V1381 - http://ecrew.delta-air.com/classes/cst/eCrew1381.cab O16 - DPF: eCrew Delta Technology V1410 - http://ecrew.delta-air.com/classes/cst/eCrew1410.cab O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab O16 - DPF: Win32 Classes - O16 - DPF: Yahoo! Euchre - http://yog18.yahoo.com/yog/y/ek0_x.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security3.norton.com/SSC/SharedCont...c/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Grinler View Member Profile	Jul 11 2004, 05:14 PM Post #2
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	Dont worry we will clean this up. I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button O4 - HKLM\..\Run: [Yahoo Messenger] NETSTATT.EXE O4 - HKCU\..\RunOnce: [Yahoo Messenger] NETSTATT.EXE O9 - Extra button: Dell Home - {9F3F7620-975F-11D3-A6C4-F06F55C10072} - http://www.dell.com/ (file missing) (HKCU) Reboot your computer into Safe Mode and delete the following files: Then delete these files or directories (Do not be concerned if they do not exist) C:\WINDOWS\System32\NETSTATT.EXE Disable System Restore. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above Reboot your computer to go back to normal mode and go to both of these sites and run the online virus scan's found here: http://housecall.trendmicro.com/ http://www.pandasoftware.com/activescan/ When it is done, post a new log -------------------- Lawrence

dgarramone View Member Profile	Jul 11 2004, 08:17 PM Post #3
Member Group: Members Posts: 18 Joined: 11-July 04 Member No.: 1,337	OK, did those things and here is the log after completing everything: Logfile of HijackThis v1.98.0 Scan saved at 9:13:57 PM, on 07/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Personal Firewall\IAMAPP.EXE C:\WINDOWS\System32\wfxsnt40.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\System32\atievxx.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\Messenger\msmsgs.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elon.edu/e-net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server* O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim95\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: eCrew Delta Technology V1302 - http://ecrew.delta-air.com/classes/cst/eCrew1302.cab O16 - DPF: eCrew Delta Technology V1381 - http://ecrew.delta-air.com/classes/cst/eCrew1381.cab O16 - DPF: eCrew Delta Technology V1410 - http://ecrew.delta-air.com/classes/cst/eCrew1410.cab O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab O16 - DPF: Win32 Classes - O16 - DPF: Yahoo! Euchre - http://yog18.yahoo.com/yog/y/ek0_x.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security3.norton.com/SSC/SharedCont...c/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

dgarramone View Member Profile	Jul 11 2004, 08:27 PM Post #4
Member Group: Members Posts: 18 Joined: 11-July 04 Member No.: 1,337	BTW, wanted to post the log before I tried taskmanager and msconfig. THEY BOTH WORK, YIPPEE!! I had renamed regedit.exe to regedit.com per the advice of one internet posting and got that working. I will remove the .com file to see if that works. SWEET!!! Everything is working. Neither virsus scan indicated any viruses found! Did take several attempts to remove the two 04 lines with NETSTATT.EXE in them. Evidently that was the problem. Any idea what that program is or how my daughter got it? REALLY appreciate your quick response on a weekend. Hopefully you won't find anything else. I was running up against a deadline as I'm leaving town on business early AM and then I move my daughter to Charlotte this weekend. It will be nice to know that she is going with a clean computer. Looking forward to hearing from you if there is anything else I need to do. Thanks again!!!

Grinler View Member Profile	Jul 11 2004, 09:35 PM Post #5
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	I am not exactly sure which virus/malware the netstatt.exe file is from unfortunately without seeing the file. It could have been through email or insecure security settings on internet explorer. Follow the steps below to help keep the computer clean in the future: Now that you are clean, please follow this simple step and use the following programs: Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates. I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer) Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections. Using SpywareBlaster to protect your web browser Using Spybot - Search & Destroy to remove Spyware from Your Computer Glad i was able to help. -------------------- Lawrence

Papakid View Member Profile	Jul 11 2004, 10:32 PM Post #6
Guru at being a Newbie Group: HJT Team Posts: 5,718 Joined: 8-April 04 Member No.: 96	Hi dgarramone, There are some reports of this being spread thru instant messaging, mostly AIM. It appears to be a backdoor trojan, but as Grinler said, there isn't much good information out there yet. There is some evidence that NETSTATT.EXE is related to the Spyboter family of backdoors that exploit security flaws and/or weak passwords. Sensitive information also may have been compromised so you should consider changing such things as passwords that may no longer be secret. Your firewall should have caught any outgoing packets. Check your logs. If you think it may have been compromised, have it tested at Shields Up You might want to read this thread: http://www.security-forums.com/forum/viewtopic.php?t=16330 QUOTE Hi my daughter visited a friends AIM away message and clicked on a link with a url that of course looked innocent enough. It's hard to protect against an innocent looking link, so be sure to download all critical updates for Windoze as Grinler has said and consider installing a dedicated anti-trojan. a² Free Trojan Scanner has a free version and also looks for spyware and dialers, etc. Two of the better apps solely for trojan protection are TrojanHunter and TDS-3. They aren't free, although you can trial them for 30 days, but their database is probably more extensive since a squared is still relatively new. -------------------- If I have helped you, please consider a donation in memory of my cousin Matthew, lost to leukemia August 29, 2008 at the age of 25. Matt's sister, Marla, and his wife, Erin (who he had newly wed), are raising money to fight such blood diseases. Marla's Site Erin's Site

dgarramone View Member Profile	Jul 12 2004, 04:00 AM Post #7
Member Group: Members Posts: 18 Joined: 11-July 04 Member No.: 1,337	Thanks again. The computer is set up form auto updates from MS. I'm using Spybot and Adaware along with Norton AV and a Hardware firewall Linksys Router. You would think you'd be pretty well protected. It's my daughter's computer and like most young adults, they live on AIM so I will tell her to be more careful. I will investigate the other recommendations. Thanks again. Getting ready to head out of town, will visit again in a few days.

« Next Oldest · Windows 95/98/ME · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 12:35 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides