Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Messenger crash - Possible Infection/ Moved


  • This topic is locked This topic is locked
3 replies to this topic

#1 RFF

RFF

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 28 February 2009 - 09:56 AM

This might be an infection or just a system problem. If the latter, accept my apologies.

Recently Yahoo Messenger is throwing an unhandled exception to me just after connecting and listing my contacts. Yahoo IM seems functional, with exception of the error message on top. Accepting or debugging the error kills Yahoo IM. If the exception is open in my debugger (I have MS Visual Studio installed) the assembler code and stack are shown. The screenshots attached show the error message (regular unhandled exception msg box) and the contents of the stack, which is what called my interest. Code on top of stack is WS2_32.dll which apparently is the Windows Sockets API, a fairly critical system.

Any ideas will be appreciated. I am an IT professional and, altough not a systems expert, I can follow instructions.

Finally, I am absolutely not sure but I posted what seems to be a malware problem today [http://www.bleepingcomputer.com/forums/topic207182.html], they might be related. Certainly I started detecting both issues around the same time.

Thank you very much.

Attached Files


Edited by RFF, 28 February 2009 - 10:06 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:03 AM

Posted 01 March 2009 - 02:54 AM

As no logs have been posted and to eliminate the possibility that this is a system problem, I am moving this topic from the HiJack This forum to the Windows XP forum.

If the probability is high that this is malware related, we will need to close this topic to avoid confusion and possible advice conflicts with your other topic.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 RFF

RFF
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 01 March 2009 - 05:12 AM

After a good amount of work yesterday, I got this fixed. The issue was related to WS2_32.dll being infected by malicious code (I think I can give you a copy if you want it). Regular antivirus (McAfee, Kaspersky) did not seem to resolve the problem. After reading many topics in these forums I took the risk to run Combobox, which definitely pointed out the infection to this file. I simply obtained a clean copy from another one of my computers, restarted in safe mode, renamed the old copy in w/system (and deleted the rest) and placed the clean copy in there. Checks after next start are hopeful: Yahoo IM keeps open and alive, and my problems in Google are gone. I also had detected the same error in a radio website with sound plugins that I usually listen to, and that got fixed too.

Please, close the topic, and thank you for your interest. Keep up the good work. This forum is an invaluable source of information. Cheers!

Edited by RFF, 01 March 2009 - 05:13 AM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:03 AM

Posted 01 March 2009 - 05:13 PM

After reading many topics in these forums I took the risk to run Combobox, which definitely pointed out the infection to this file.


Please note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

In addition, I moved this topic here for the sole purpose of determining if this was indeed a system problem and not an infection. Please note that because you have a log posted here: http://www.bleepingcomputer.com/forums/t/207182/google-results-infection/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. That is why I said that this topic may need to be closed.

Please note that even when the computer no longer exhibits symptoms of infection, that the infection may still be there and can rear up its ugly head even worse later.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users