Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Cc Girl! Trojans + Blue Screen Error


  • This topic is locked This topic is locked
10 replies to this topic

#1 CC Girl

CC Girl

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 30 July 2008 - 01:56 AM

Please Bleeping Computer, I need your help.

I have got some malware on my computer from a couple of days ago and I have been unable to get rid of it.

Here are the Primary Symptoms:

1. The computer speed has slowed dramatically with sometimes several "iexplorer.exe" (Not IEXPLORER.exe) running in task manager even when none are opened. There are also multiple "LSASS.exe" and "SVCHOST.exe" running simultaneously. Not to mention two "rundll32.exe" running as well. Of course, not all of these are causing the problem.

2. I receive several popups and clicking on "Back" in Internet explorer usually doesn't do anything as it shows a gibberish link in the "Back" drop down box.

3. The internet speed is slow and the Networking Tab in Windows Task Manager shows a huge amount of uploading and downloading.

4. Every time I shut down the computer, it follows the regular process and at the very end it gives me the following BLUE SCREEN:

STOP: C000021A {FATAL SYSTEM ERROR}
The windows logout process system process terminated unexpectedly with a status of 0x00000000 (0x00000000 0x00000000)
The system has been shut down

Here are some Tools Used:

1. I have tried several scans with AVG and I have not found much
2. I have consistently scanned with TrojanHunter and the result is attached in this post, below: I have to point out that all of these keep regenerating regardless of the TrojanHunter's removals.
3. I have used the following tools and they have not been 100% successful:
Silent Runners
VirtumundoBeGone
VundoFix
SUPERAntiSpywarePro
Look2Me-Destroyer

4. I have run Hijack This after my failed attempts and the latest log is attached in this post, below:

I really need help to fix this issue especially since I need to do a lot of work on this computer and I cannot Reformat the HDD!

Please Help me!


TROJANHUNTER SCAN RESULT:
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (matches Agent.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (matches Agent.100)
Registry key exists: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (matches Bulknet.113)
Registry key exists: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (matches Bulknet.113)
Port 8012/TCP is open (matches Ptakks.209)
Port 8012/TCP is open (matches Ptakks.215)
Port 8012/TCP is open (matches Ptakks.217)
Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Removed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr\Security
Removed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr\Enum
Removed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr

HIJACK THIS LOG:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:45 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\Sistem Tools\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DNA\btdna.exe
G:\Sistem Tools\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\Sistem Tools\HJT\HijackThis.exe

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {8adac1fa-b498-40e8-9a44-9f40b84f8eda} - {ade8f48b-04f9-44a9-8e04-894baf1cada8} - C:\WINDOWS\system32\hlhdtc.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MacroVirus] C:\Program Files\MacroVirus\MacroVirus.exe -boot
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Virtual PDF Printer] G:\Sistem Tools\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [THGuard] "G:\Sistem Tools\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinUpdater AutoRun] C:\AutoProtect\DrvMonitor.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "G:\Sistem Tools\SUPERAntiSpyware.exe"
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188572862828
O17 - HKLM\System\CCS\Services\Tcpip\..\{F496D05B-E5E1-403E-BDC5-E03FB7A07F33}: NameServer = 85.255.114.55,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21
O20 - Winlogon Notify: !saswinlogon - G:\Sistem Tools\SASWINLO.dll
O20 - Winlogon Notify: lsjceu - C:\WINDOWS\SYSTEM32\lsjceu.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Virtual PDF Printer (service1) - Unknown owner - G:\Sistem Tools\Virtual PDF Printer\VirtualPrinting.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - G:\Sistem Tools\Spy Sweeper\SpySweeper.exe

--
End of file - 6096 bytes

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:43 PM

Posted 01 August 2008 - 04:42 AM

Hello CC Girl and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download FixwareOut from the following site:
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
  • Save it to your desktop and run it.
    Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts.
    If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so.
    Your system may take longer than usual to load; this is normal.
    Once the desktop loads, a logfile will open. I need that one later.
    This log will be present in the C:\fixwareout folder with the name report.txt

    3. Please download Malwarebytes' Anti-Malware from Here or Here

    Doubleclick mbam-setup.exe to install the application.[list]
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

4. Restart your computer.

5. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 CC Girl

CC Girl
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 03 August 2008 - 03:27 AM

Thank you Thunder for responding!

I got some help in cleaning the computer before your post so, I have attached the latest HJT Log for you to look at. Please tell me if I need to do anything further.

CC Girl


HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:36 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\Sistem Tools\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
G:\Sistem Tools\HJT\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MacroVirus] C:\Program Files\MacroVirus\MacroVirus.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Virtual PDF Printer] G:\Sistem Tools\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [THGuard] "G:\Sistem Tools\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinUpdater AutoRun] C:\AutoProtect\DrvMonitor.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "G:\Sistem Tools\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188572862828
O17 - HKLM\System\CCS\Services\Tcpip\..\{F496D05B-E5E1-403E-BDC5-E03FB7A07F33}: NameServer = 61.1.96.69,192.168.1.10
O20 - Winlogon Notify: !saswinlogon - G:\Sistem Tools\SASWINLO.dll (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - G:\Sistem Tools\Spy Sweeper\SpySweeper.exe

--
End of file - 4436 bytes

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:43 PM

Posted 03 August 2008 - 06:16 AM

Hello CC Girl,

This definitely looks better. :thumbsup:

Your JavaVM is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update7.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windowsi586-p.exe to install the newest version.
Any more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 CC Girl

CC Girl
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 03 August 2008 - 08:19 AM

Thanks Thunder. I will be updating the Java as mentioned.

However, I am having one problem. There is a lot of internet traffic even when there are no internet related programs running. There are about 5 SVCHOST.EXE running and two of them are done by System, two by Network Service and one by the Local Service. I noticed a lot of uploading and started deleting a few processes from the Task Manager and when I deleted a SVCHOST.EXE, the traffic stopped. However, I am not sure which one and clicking on the wrong one will send me into a mandatory shut down. Could you help me with this problem?

CC Girl

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:43 PM

Posted 03 August 2008 - 02:51 PM

Hello CC Girl,

It's perfectly normal to have 5 or even a few more svchost.exe processes running,
as it's a generic host process name for services that are run from dynamic-link libraries (DLLs),
and are needed to keep some of your applications going properly.

I cannot tell wether or not there's something suspicious going on from what you gave me,
but if your still in doubt, I would like to see a ComboFix log, if not for curative reasons,
then at least for diagnostic purposes. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 CC Girl

CC Girl
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 04 August 2008 - 01:28 AM

Thanks Thunder.

I am certain some program is uploading some content via my internet so, I tried to get you the combofix log following the tutorial on the bleeping computer site but after the reboot, a message popped up saying there is no disk in the drive and only allowing me to "cancel", "try again" or "continue" and only cancel worked so, I could'nt get the log.

Any advice?

CC Girl

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:43 PM

Posted 04 August 2008 - 05:06 AM

Hello CC Girl,

Where did yu encounter a problem ?

During installation of the Recovery Console,
or during the ComboFix run, and in that case, how far did you get ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 CC Girl

CC Girl
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 04 August 2008 - 07:42 AM

The installation of the recovery console went well. The scan completed and then it asked to be rebooted. Then on starting up, it opened up saying creating or preparing the log (can't remember which) and then a message popped up saying there is no disk in the drive and only allowing me to "cancel", "try again" or "continue" and only cancel worked so, I could'nt get the log. I tried the program thrice with the same result.

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:43 PM

Posted 04 August 2008 - 09:49 AM

Hello CC Girl,

Looks like you may have some packet writing software program causing problems (Sonic DLA, Nero InCD, NTI FileCD, Roxio DirectCD/Drag-To-Disc, CE Quadrant Just!Burn, Sony abCD, InstantWrite, Backup4all, B's Clip, NeoClip, InstantBurn. This is not an extensive complete list, there are numerous others). If you have ANY Packet Writing Software Programs installed strongly suggest to completely removing them from your computer. Packet Writing software programs are very invasive, cause numerous conflict error problems, and do not work correctly.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O4 - HKLM\..\Run: [MacroVirus] C:\Program Files\MacroVirus\MacroVirus.exe -boot
Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Using Windows Explorer, check if you can't find a ComboFix log, either in the root of your C:-drive (C:\ComboFix.txt),
or in the Qoobox folder.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:43 PM

Posted 02 September 2008 - 09:13 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users