Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/ TCP port 80 problems


  • Please log in to reply
3 replies to this topic

#1 Tmacdaddy

Tmacdaddy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 24 November 2009 - 06:43 PM

I recently was infected with the Antivirus system pro thing, I was able to get to avg.com and used their free trial edition of their internet security software and It seems to have gotten rid of it. Only problem now is that certain things like using Utorrent to download large files and logging into Windows Live messenger are not possible, and windows live comes up with a "key ports" error and everything I've read has been pointing to some sort of issue with my TCP port 80. This is NOT a firewall problem, as I have completely disabled all firewalls and uninstalled AVG thinking it was blocking it as its firewall has no way to manage exceptions. I feel like either there's still some malware on my computer even though AVG said it got rid of it, or somehow AVG didn't get completely uninstalled. I have absolutely no idea what to do and have tried reseting my TCP/IP manually and have had no success, and I've tried countless troubleshooting tips. Also, when I try to open Malwarebytes, it instantly gets closed after about 2 seconds.

BC AdBot (Login to Remove)

 


#2 Tmacdaddy

Tmacdaddy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 24 November 2009 - 09:23 PM

Anybody..? =(

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:42 PM

Posted 26 November 2009 - 08:26 PM

Please run this application and then run mbam:

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer or you will have to run it again

=================================

:trumpet:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr

=======================

:flowers:
Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:thumbsup: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 arrrgh

arrrgh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 03 December 2009 - 08:36 PM

I am also having this problem with antivirus. port 80 is blocked and causing problem with internet access. I ran RKill without a problem. I then ran ROOTREPEAL. Here are the outputs. Please help. I am screwed if I don't fix this soon.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/03 19:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAC57000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A38000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA6AF000 Size: 49152 File Visible: No Signed: -
Status: -

Name: szkg.sys
Image Path: szkg.sys
Address: 0xF74FC000 Size: 54656 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\arcgissom\local settings\temp\srvstatcache.tmp115
Status: Allocation size mismatch (API: 131072, Raw: 0)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_577.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_581.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\program files\java\jdk1.5.0_19\jre\lib\zi\pacific\port_moresby
Status: Allocation size mismatch (API: 32, Raw: 0)

Path: C:\Documents and Settings\nwatson\Local Settings\Apps\2.0\T7KDN0NN.9AO\HCCC8GE6.E8P\manifests\ReportBuilder.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\nwatson\Local Settings\Apps\2.0\T7KDN0NN.9AO\HCCC8GE6.E8P\manifests\ReportBuilder.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\nwatson\Local Settings\Apps\2.0\T7KDN0NN.9AO\HCCC8GE6.E8P\manifests\ReportBuilder.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\nwatson\Local Settings\Apps\2.0\T7KDN0NN.9AO\HCCC8GE6.E8P\manifests\ReportBuilder.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8624de80

==EOF==




Volume in drive C has no label.
Volume Serial Number is 2BFA-725B

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 8,305,532,928 bytes free




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users