Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

007guard


  • This topic is locked This topic is locked
2 replies to this topic

#1 CWall0868

CWall0868

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 July 2008 - 04:54 PM

Multiple Infections Scanners Wget.exe 007guard Generic Trojans, want to make sure im in the right area before i start posting logs Title of original post. ~ OB

Honestly not sure where to ever begin describing this... I am running and AMD 64 3800+ 2.4ghz and a meg of ram. Last Hijack this log was a few weeks ago when everything started snowballing on me, I can't honestly say anything really jumped out at me.

running xp home (looks like professional) i made a couple reg tweaks trying to get rdesktop going

frostwire
uTorrent - definitely have been suspicious here outpost did block 2 instances of single port scans that im aware of
pgaurdian - wasn't updating like it should have been

just removed an user account with admin rights i know i didn't create
winlogin.exe svchost and a couple other in that category will spike svchost being the worst

adaware home won't show a thing i set it show even the lowest threat and didn't even show a cookie which i know i have on there
supposed to be running symantic corporate but that goes down at random times without me noticing

previously was running za int sec suite - glad im not anymore but i don't think it took everything with it when i uninstalled

my outpost found multiple spyware issues on the initial scan but i have either deleted the logs or it failed to remove them www.007guard constantly attempting to use firefox last night and had random tcp ports in the 2000-2200 range wide open
spywareblaster is installed and updated
spybot scan showed nothing last night

ran av_cls a few times sophos found a few generic trojans and failed to remove them
cwshredder will wind a few bad files on a scan says it fixes them and if i hit it when things don't seem right it sometimes finds more but they never seem to be the same files


i used wwdc for about a week and it screamed at me that my svchost was way to high and last night was the first i actually was able to get everything closed up

hopefully that could get someone started i think its safe to say ive been on google for about a month now and i think torrents are a major part of the problem i dumped all my java updates but i can almost guarantee my firefox is jacked

at this point i have all non-microsoft startup services disabled just as a temp fix iTunes is the only one i switched back on.... a normal startup pretty much disables my AV and anything antip2p i have going on i think i have enough protection at this point i am keeping everything at bay but definitely need to get things off of here


any ideas or help would be lovely and i apologize for how wordy everything is

my original topic was moved sorry here is a deckard scan

thanks

Merged posts. ~ OB

to add to earlier every time i open firefox 007guard is active on port 123 using svchost.exe when i end the single process the infected svchost fires back up and it effects my desktop and taskbar appearance. smitfraud shows a corrupt host file

Merged posts again. ~ OB

Edited by Orange Blossom, 07 July 2008 - 09:16 PM.
Add title back into content. ~ OB


BC AdBot (Login to Remove)

 


#2 CWall0868

CWall0868
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 08 July 2008 - 05:20 PM

sorry i know someone will merge this when they see it. instead could you just remove the entire thread im not a fan of having my logs on here with nobody helping me clean them up

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:15 PM

Posted 31 July 2008 - 06:29 PM

We have over 500 logs backed up.

As you wish this thread will now be closed.

Edited by SifuMike, 31 July 2008 - 06:36 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users