Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NeW Member


  • Please log in to reply
1 reply to this topic

#1 kjp1950

kjp1950

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 June 2005 - 02:00 PM

Hello and advaced thanks to all who contribute to this site and forum!

My joining happen by ironic coincedence.

This is a long story but I am sure other identify with the anger and frustration I may express here.

First of all, I have been out of country for over 22 years and recently retired. During this time my internet "life" existed behind a companny firewall and therefore exposure to viruses where minimal.
Being a fan of FPS games, I recently purchased HALF LIFE-2 ($55) which as many of you may know, requires onlineregistration of the ( insert explitive here) of the "Steam" engine otherwise the game is unplayable! Has my gaming box has not a NIC I had to go and purchase a cheap modem ($25) at COMPUSA just so that I could accomplish this task. Well no sooner than I had connected, did I receive these "Messenger Service" "notification" describing ALL sorts of problems my system would encounter unless I visited BLAH..BLAH.com or .net. Although I consistently refused these they kept coming. Needles to say, thereafter I have purchased McAfee ($40), Panda'S Titanium antiviurs product three year license@$109, Ghostsurfer. I had McAfee installed, but after reviewing the MERITS ofthe "truePrevent" engine of Pandas' software, I uninstalled McAFFE, concurrently with the installation of Panda's product. This must have been the BIGGEST mistake I made. Not was I left unprotected, BUT the (Enter Explitive here) virus or trojan or whatever I was inflicted with, prevented me from installing said software. HENCE this how I found your site. Lots of insightful information,but as of yet, still enough to DEFEAT this intrusion. During my numerous attempts to diagnose, scan, delete etc, I have managed to re-install Mcaffe and Panda along with MS Antispyware Beta. PROBLEM!!! This insideous (moreexplitive here) will NOT allow the antivirus nor the firewall 'module' to load!!!! Anti-spam and others are OK. I have gone as far a purchasing a retail copy of XP pro 2 ($320) , installed it ONLY to discover that it had resolved NOTHING!!!

CURSES to VALVE !!!!!!!!!!

Countless hours attempting to USe "autoruns", as suggested, does not reveal any obviuos start up programs so that they could be deleted in REGEDIT!

BTW- this started on June 2 and this virus cause RPC errors message to appear and shuts the machine down any time it senses installation or insertion of possible antivirus apps. EVEN IN SAFE MODE!!! I will attempt to run HIJACKTHIS, as suggested on many other posts and post results later meanwhile.. I guess I have rambled on long enough any further help would be appreciated short of REFORMATTING, unless absolutely necessary.
Thanks kjp1950

Mod Edit - Moved to appropriate forum - Leurgy

Edited by Leurgy, 06 June 2005 - 04:15 PM.


BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 06 June 2005 - 09:28 PM

Hi kjp1950. Welcome to BC.

Go ahead and post a HijackThis log. You've either got a root kit based infection or your fighting an infection that's not there, or at least were initialy. I'm inclined to think the latter from what you describe. A HijackThis log will tell us more about what's going on and you can post it here if you like.

I can't help you with HALF LIFE, Steam, installing a modem and all that gaming stuff, but there are two things I noticed that you need to address if I'm reading your description right.

1.

I receive these "Messenger Service" "notification" describing ALL sorts of problems my system would encounter unless I visited BLAH..BLAH.com or .net.

That sounds like Messenger Spam, which is not technically an infection and is easily fixed. All you have to do is disable the messenger service.
http://www.microsoft.com/windowsxp/using/s...e/stopspam.mspx

Or to get a bit more insight into what Messenger Spam is all about and a small free program to fix it, see Steve Gibson's Shoot The Messenger.
You may have gotten hacked because of this service running and now be infected, but I don't think so, because you say you can't find anything in the registry.

2.

I have purchased McAfee ($40), Panda'S Titanium antiviurs product three year license@$109, Ghostsurfer. I had McAfee installed, but after reviewing the MERITS ofthe "truePrevent" engine of Pandas' software, I uninstalled McAFFE, concurrently with the installation of Panda's product.

I'm not real clear here, but if you had both McAfee and Panda installed at the same time that was a big mistake. Only run one resident antivirus at a time (quality over quantity) and double check by running some free online scans. You may have damaged something while running two AV's at the same time.

So my suggestions are:

1. Disable Messenger Service according to the instructions linked to above.

2. Uninstall one of the AV's.

3. Post a HijackThis log.

4. Answer me these questions.

A. Do you have the Sp2 firewall enabled?

B. What OS were you running before installing XP Pro?

There are some other questions, but they should be answered by the HJT log.

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users