Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I really need help...


  • Please log in to reply
1 reply to this topic

#1 ooanimalcatoo

ooanimalcatoo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 04 August 2005 - 08:38 AM

I've reformated my computer recently and I reinstalled windows; however I keep getting a pop ups from the Messenger Service telling me I have cirtical system errors and it tells me to go to different websites such as fixmyreg.com or fixreg32.com or www.saferefix.com that leads me to a website that tells me it needs to scan my computer and then tells me to buy some software from their website. Please help me because I keep reformating my computer but this pop-up keeps creeping up... i don't know what to do.

Logfile of HijackThis v1.99.1
Scan saved at 10:05:40 AM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BlueLight Internet\exec.exe
C:\Program Files\BlueLight Internet\exec.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:\Program Files\BlueLight Internet\Toolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [BlueLight_uoltray] C:\Program Files\BlueLight Internet\exec.exe regrun
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{437BC1DA-B0E3-48A9-8715-203881690D77}: NameServer = 64.136.28.173 64.136.20.183
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Thanks,
Shaina

Edited by ooanimalcatoo, 04 August 2005 - 09:08 AM.


BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:44 AM

Posted 04 August 2005 - 01:49 PM

Hello ooanimalcatoo and welcome to the BC malware forum. Someone on your ISP's network is spamming your connection through the Messenger Service. Turn the service off by doing the followin:

Click Start>Run, type services.msc into the Open editbox and click the Ok button. Locate Messenger in the list of services and double-click on it. Click the Stop button and then click the dropdown for Startup Type. Choose Disabled from the list of selections. Now click the Apply button and then the Ok button. close the Services window.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users