Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected email opened


  • Please log in to reply
5 replies to this topic

#1 igonuts2

igonuts2

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:07:54 PM

Posted 05 October 2005 - 07:02 PM

Presario I386
32.5mb HD
192mb RAM
XP SP2
Spybot S&D 1.3
Ad-Aware SE Personel
Spyware Blaster
NIS 2005
Microsoft Anti Spyware
Spyware Guard
CCleaner

my wife opened an email she souldn't have. upon opening, NIS blocked a trojan. she went to the link provided in the email anyway. thats what she told me. i ran all my security programs. all but adaware came up clean.

adaware found and removed;

SPYWARE.WEBDIR

obj[0]=Regkey : appid\pxwma.dll
obj[1]=Regkey : clsid\{58f07dd3-924d-4141-bc74-299f523a95f1}
obj[2]=RegValue : clsid\{58f07dd3-924d-4141-bc74-299f523a95f1} "AppID"
obj[3]=Regkey : interface\{b1317c08-617a-435d-a24f-a930f4540696}
obj[4]=Regkey : interface.interfaceobj
obj[5]=Regkey : interface.interfaceobj.1
obj[6]=Regkey : typelib\{fac55b9f-8f6a-4a41-ae16-36845d4679b2}
obj[7]=File : C:\WINDOWS\pxwma.dll
------------------------------------------------------------------------

i rebooted and ran all scans again. adaware found and removed;

SPYWARE.WEBDIR

obj[0]=File : C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP94\A0010794.dll
-----------------------------------------------------------------------

i decided to reboot in safe mode and run all scans. nothing found. then rebooted in normal mode and ran scans again. all came up clean. that was last night and i thought my pc was clean.

but this morning a text file appeared on my desk top. i don't know what to make of it, nor do i know where it came from. not even sure if it has anything to do with the bad email.

this is it;
-----------------
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c9010f3, pid=3068, tid=128
#
# Java VM: Java HotSpot™ Client VM (1.5.0_04-b05 mixed mode, sharing)
# Problematic frame:
# C [ntdll.dll+0x10f3]
#

--------------- T H R E A D ---------------

Current thread (0x064309d0): JavaThread "AWT-EventQueue-5" [_thread_in_native, id=128]

siginfo: ExceptionCode=0xc0000005, writing address 0x0d261f5c

Registers:
EAX=0x00000000, EBX=0x2b354d30, ECX=0x0e92f864, EDX=0x0d261f54
ESP=0x0e92f874, EBP=0x0e92f8ac, ESI=0x0d261f40, EDI=0x0d261f54
EIP=0x7c9010f3, EFLAGS=0x00010246

Top of Stack: (sp=0x0e92f874)
0x0e92f874: 6d0d7af2 0d261f54 064309d0 06430a8c
0x0e92f884: 6d0c7eb3 064309d0 2ab01f18 2b354d30
0x0e92f894: 212eac20 00000000 0e92f888 0e92fde4
0x0e92f8a4: 6d0f33a0 00000000 0e92f8e0 03c6899c
0x0e92f8b4: 06430a8c 0e92f8f0 00000001 212eac20
0x0e92f8c4: 0e92f8bc 00000000 0e92f8f0 2b355c90
0x0e92f8d4: 00000000 2b354d30 0e92f8f0 0e92f910
0x0e92f8e4: 03c62923 00000000 03c66449 212eac20

Instructions: (pc=0x7c9010f3)
0x7c9010e3: 24 00 00 00 00 90 90 90 90 90 8b 54 24 04 33 c0
0x7c9010f3: ff 4a 08 75 26 89 42 0c f0 ff 4a 04 7d 03 c2 04


Stack: [0x0e830000,0x0e930000), sp=0x0e92f874, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [ntdll.dll+0x10f3]
j sun.awt.windows.WComponentPeer._dispose()V+0
j sun.awt.windows.WComponentPeer.disposeImpl()V+23
j sun.awt.windows.WObjectPeer.dispose()V+42
j java.awt.Component.removeNotify()V+211
j java.awt.Container.removeNotify()V+67
j java.awt.Container.removeNotify()V+38
j java.awt.Container.removeAll()V+82
j sun.plugin.viewer.frame.IExplorerEmbeddedFrame.windowClosing(Ljava/awt/event/WindowEvent;)V+18
j java.awt.Window.processWindowEvent(Ljava/awt/event/WindowEvent;)V+68
j java.awt.Window.processEvent(Ljava/awt/AWTEvent;)V+69
J java.awt.Component.dispatchEventImpl(Ljava/awt/AWTEvent;)V
j java.awt.Container.dispatchEventImpl(Ljava/awt/AWTEvent;)V+42
j java.awt.Window.dispatchEventImpl(Ljava/awt/AWTEvent;)V+19
J java.awt.EventQueue.dispatchEvent(Ljava/awt/AWTEvent;)V
J java.awt.EventDispatchThread.pumpOneEventForHierarchy(ILjava/awt/Component;)Z
v ~RuntimeStub::alignment_frame_return Runtime1 stub
j java.awt.EventDispatchThread.pumpEventsForHierarchy(ILjava/awt/Conditional;Ljava/awt/Component;)V+26
j java.awt.EventDispatchThread.pumpEvents(ILjava/awt/Conditional;)V+4
j java.awt.EventDispatchThread.pumpEvents(Ljava/awt/Conditional;)V+3
j java.awt.EventDispatchThread.run()V+9
v ~StubRoutines::call_stub
V [jvm.dll+0x82696]
V [jvm.dll+0xd6fd9]
V [jvm.dll+0x82567]
V [jvm.dll+0x822c4]
V [jvm.dll+0x9d216]
V [jvm.dll+0x101489]
V [jvm.dll+0x101457]
C [msvcrt.dll+0x2a3b0]
C [kernel32.dll+0xb50b]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WComponentPeer._dispose()V+0
j sun.awt.windows.WComponentPeer.disposeImpl()V+23
j sun.awt.windows.WObjectPeer.dispose()V+42
j java.awt.Component.removeNotify()V+211
j java.awt.Container.removeNotify()V+67
j java.awt.Container.removeNotify()V+38
j java.awt.Container.removeAll()V+82
j sun.plugin.viewer.frame.IExplorerEmbeddedFrame.windowClosing(Ljava/awt/event/WindowEvent;)V+18
j java.awt.Window.processWindowEvent(Ljava/awt/event/WindowEvent;)V+68
j java.awt.Window.processEvent(Ljava/awt/AWTEvent;)V+69
J java.awt.Component.dispatchEventImpl(Ljava/awt/AWTEvent;)V
j java.awt.Container.dispatchEventImpl(Ljava/awt/AWTEvent;)V+42
j java.awt.Window.dispatchEventImpl(Ljava/awt/AWTEvent;)V+19
J java.awt.EventQueue.dispatchEvent(Ljava/awt/AWTEvent;)V
J java.awt.EventDispatchThread.pumpOneEventForHierarchy(ILjava/awt/Component;)Z
v ~RuntimeStub::alignment_frame_return Runtime1 stub
j java.awt.EventDispatchThread.pumpEventsForHierarchy(ILjava/awt/Conditional;Ljava/awt/Component;)V+26
j java.awt.EventDispatchThread.pumpEvents(ILjava/awt/Conditional;)V+4
j java.awt.EventDispatchThread.pumpEvents(Ljava/awt/Conditional;)V+3
j java.awt.EventDispatchThread.run()V+9
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0274cd18 JavaThread "Thread-206" [_thread_blocked, id=432]
0x0ecbbd50 JavaThread "Thread-40" [_thread_blocked, id=3704]
0x0d59b3e8 JavaThread "Direct Clip" daemon [_thread_blocked, id=2936]
0x0ecab588 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3452]
=>0x064309d0 JavaThread "AWT-EventQueue-5" [_thread_in_native, id=128]
0x0d263770 JavaThread "thread applet-gamehouse.SuperApplet.class" [_thread_blocked, id=2732]
0x0646a540 JavaThread "TimerQueue" daemon [_thread_blocked, id=2368]
0x02762440 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=1760]
0x02761cd0 JavaThread "ConsoleWriterThread" daemon [_thread_blocked, id=2084]
0x06404200 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=2360]
0x063df408 JavaThread "AWT-Shutdown" [_thread_blocked, id=2304]
0x063e5830 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3936]
0x063df880 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2292]
0x063de370 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3892]
0x0271fab8 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2700]
0x0271e6e8 JavaThread "CompilerThread0" daemon [_thread_blocked, id=108]
0x02698a20 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1356]
0x026a0d80 JavaThread "Finalizer" daemon [_thread_blocked, id=1248]
0x026a0aa0 JavaThread "Reference Handler" daemon [_thread_blocked, id=1724]
0x026a2a08 JavaThread "main" [_thread_in_native, id=2740]

Other Threads:
0x0003ce90 VMThread [id=292]
0x0003dcc8 WatcherThread [id=2552]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 1344K, used 312K [0x20a80000, 0x20bf0000, 0x211e0000)
eden space 1216K, 25% used [0x20a80000, 0x20ace320, 0x20bb0000)
from space 128K, 0% used [0x20bd0000, 0x20bd0000, 0x20bf0000)
to space 128K, 0% used [0x20bb0000, 0x20bb0000, 0x20bd0000)
tenured generation total 16660K, used 5312K [0x211e0000, 0x22225000, 0x26a80000)
the space 16660K, 31% used [0x211e0000, 0x21710290, 0x21710400, 0x22225000)
compacting perm gen total 8192K, used 1961K [0x26a80000, 0x27280000, 0x2aa80000)
the space 8192K, 23% used [0x26a80000, 0x26c6a408, 0x26c6a600, 0x27280000)
ro space 8192K, 62% used [0x2aa80000, 0x2af893f0, 0x2af89400, 0x2b280000)
rw space 12288K, 46% used [0x2b280000, 0x2b80fe20, 0x2b810000, 0x2be80000)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b0000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f4000 C:\WINDOWS\system32\kernel32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77d40000 - 0x77dd0000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f56000 C:\WINDOWS\system32\GDI32.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778cc000 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 - 0x77b14000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771ac000 C:\WINDOWS\system32\OLEAUT32.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x5b860000 - 0x5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
0x771b0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x773d0000 - 0x774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7c9c0000 - 0x7d1d4000 C:\WINDOWS\system32\SHELL32.dll
0x5d090000 - 0x5d127000 C:\WINDOWS\system32\comctl32.dll
0x67330000 - 0x6735f000 C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
0x7c340000 - 0x7c396000 C:\WINDOWS\system32\MSVCR71.dll
0x74720000 - 0x7476b000 C:\WINDOWS\system32\MSCTF.dll
0x75f80000 - 0x7607d000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\UxTheme.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x77260000 - 0x772fe000 C:\WINDOWS\system32\urlmon.dll
0x77a20000 - 0x77a74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661d000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x00ea0000 - 0x01165000 C:\WINDOWS\system32\xpsp2res.dll
0x71d40000 - 0x71d5c000 C:\WINDOWS\system32\actxprxy.dll
0x01470000 - 0x01736000 C:\WINDOWS\system32\msi.dll
0x75e90000 - 0x75f40000 C:\WINDOWS\system32\SXS.DLL
0x01740000 - 0x017c8000 C:\WINDOWS\system32\shdoclc.dll
0x5ff20000 - 0x5ff46000 C:\WINDOWS\system32\MSRATING.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\WSOCK32.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x5ff50000 - 0x5ff61000 C:\WINDOWS\system32\msratelc.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\mlang.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x605d0000 - 0x605d9000 C:\WINDOWS\system32\mslbui.dll
0x77c70000 - 0x77c93000 C:\WINDOWS\system32\msv1_0.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x769c0000 - 0x76a73000 C:\WINDOWS\system32\USERENV.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x7d4a0000 - 0x7d786000 C:\WINDOWS\system32\mshtml.dll
0x746c0000 - 0x746e7000 C:\WINDOWS\system32\msls31.dll
0x746f0000 - 0x7471a000 C:\WINDOWS\system32\msimtf.dll
0x5c2c0000 - 0x5c300000 C:\WINDOWS\ime\sptip.dll
0x74c80000 - 0x74cac000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760e5000 C:\WINDOWS\system32\MSVCP60.dll
0x02430000 - 0x02441000 C:\WINDOWS\IME\SPGRMR.DLL
0x10000000 - 0x1005b000 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
0x325c0000 - 0x325d2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x02650000 - 0x02664000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
0x7c3a0000 - 0x7c41b000 C:\WINDOWS\system32\MSVCP71.dll
0x02670000 - 0x02683000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
0x6af30000 - 0x6af6d000 C:\Program Files\Common Files\Symantec Shared\ccL30.dll
0x6b180000 - 0x6b192000 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll
0x75c50000 - 0x75cbe000 c:\windows\system32\jscript.dll
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x6d590000 - 0x6d5a1000 C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6d400000 - 0x6d417000 C:\Program Files\Java\jre1.5.0_04\bin\jpiexp32.dll
0x6d450000 - 0x6d468000 C:\Program Files\Java\jre1.5.0_04\bin\jpishare.dll
0x6d640000 - 0x6d7c9000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\client\jvm.dll
0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d610000 - 0x6d61c000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\verify.dll
0x6d300000 - 0x6d31d000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.dll
0x6d630000 - 0x6d63f000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\zip.dll
0x6d000000 - 0x6d167000 C:\Program Files\Java\jre1.5.0_04\bin\awt.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.dll
0x73760000 - 0x737a9000 C:\WINDOWS\system32\ddraw.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll
0x73940000 - 0x73a10000 C:\WINDOWS\system32\D3DIM700.DLL
0x6d240000 - 0x6d27d000 C:\Program Files\Java\jre1.5.0_04\bin\fontmanager.dll
0x6d1f0000 - 0x6d203000 C:\Program Files\Java\jre1.5.0_04\bin\deploy.dll
0x6d5d0000 - 0x6d5ed000 C:\Program Files\Java\jre1.5.0_04\bin\RegUtils.dll
0x6d3e0000 - 0x6d3f4000 C:\Program Files\Java\jre1.5.0_04\bin\jpicom32.dll
0x6d4c0000 - 0x6d4d3000 C:\Program Files\Java\jre1.5.0_04\bin\net.dll
0x6d4e0000 - 0x6d4e9000 C:\Program Files\Java\jre1.5.0_04\bin\nio.dll
0x6d1c0000 - 0x6d1e3000 C:\Program Files\Java\jre1.5.0_04\bin\dcpr.dll
0x01a80000 - 0x01a9f000 C:\WINDOWS\Downloaded Program Files\popcaploader.dll
0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 - 0x71c03000 C:\WINDOWS\system32\SAMLIB.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\dsound.dll
0x73ee0000 - 0x73ee4000 C:\WINDOWS\system32\KsUser.dll
0x6d470000 - 0x6d495000 C:\Program Files\Java\jre1.5.0_04\bin\jsound.dll
0x6d4a0000 - 0x6d4a7000 C:\Program Files\Java\jre1.5.0_04\bin\jsoundds.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_04 -Djavaplugin.nodotversion=150_04 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_04 -Djavaplugin.nodotversion=150_04 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>

Environment Variables:
PATH=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\STOPzilla!;.
USERNAME=Compaq_Owner
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 2

CPU:total 1 family 6, cmov, cx8, fxsr, mmx, sse

Memory: 4k page, physical 196076k(53832k free), swap 477792k(162772k free)

vm_info: Java HotSpot™ Client VM (1.5.0_04-b05) for windows-x86, built on Jun 3 2005 02:10:41 by "java_re" with MS VC++ 6.0
------------------------------------------

at present i'm having trouble accessing CD ROM. and on DSL, spybot took almost twenty minutes to update. other than that, every thing seems ok.

i thought that i cleaned the pc using what i learned here at BC. that text that just appeared on desk top prompted me to come here.

any advice would be appreciated,

ty igo

Edited by igonuts2, 05 October 2005 - 07:08 PM.

Why work when you can play!

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 06 October 2005 - 02:40 AM

Try reinstalling java this may correct your errors. It can be downloaded here: http://www.java.com/en/download/manual.jsp

You might be best submitting a hijackthis log here as the errors may be left over bits of the virus.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido

I'd also run Spybot and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:07:54 PM

Posted 06 October 2005 - 06:49 PM

hi stidyup,

i did online scan w/trend micro (used it before and have thier software allready installed).

it found this;
-------------------------------
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 1 spyware(s) on your computer. Only 0 out of 0 spywares are displayed.
Spyware Name Spyware Type
SPYW_FPTLBAR.100 Spyware
-------------------------------

and this is trend micros sollution.

since i have NIS premium, i'm going to do thier online scan and see if they find the same thing. that way i can get removal/fix programs for free.

i'm a noob and am not comfortable w/registry files. dont know what i'm doing.

i've run adaware and spybot in safe mode, but not through comand prompt.
would i boot up in safe mode and goto start>all programs>accessories>click comand prompt?

if so what shows up is c:\documents and settings\compaq_owner>

do i delete "\documents and settings\compaq_owner>" so it just says c:\ and then paste (below)? or paste it after compaq_owner>?
cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

once pasted in comand prompt do i just x out of it, press enter, or does it just do what ever on its own? i've never used comand prompt.

going to do the Symantec online scan, remove/reinstall java, and wait for your reply,

ty igo

Edited by igonuts2, 06 October 2005 - 06:50 PM.

Why work when you can play!

#4 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:07:54 PM

Posted 06 October 2005 - 10:23 PM

i did the scans through safe mode/comand prompt. all clean.
NIS online scan was clean as well.
Why work when you can play!

#5 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:07:54 PM

Posted 07 October 2005 - 08:14 PM

i did panda's on line scan and it came up with;
----------------------------
Incident Status Location

Adware:adware/superspider No disinfected C:\PROGRAM FILES\q330994.exe
Adware:adware/msxmidi No disinfected C:\WINDOWS\msxmidi.exe
Adware:adware/startpage.id No disinfected C:\WINDOWS\nem216.dll
Adware:adware/admess No disinfected Windows Registry
-----------------------------

i dont know whats a false positive or not. i have been infected with these in the past.
i did seach through windows explorer on the first three enrties and all three had 0kb. so those must be orfaned files already dealt with, Y/N ? i don't know how to verify the reg entry.

i have doubts that i'm this infected.
Why work when you can play!

#6 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:07:54 PM

Posted 08 October 2005 - 04:09 PM

i deleted all the empty folders that were false positives. accept the reg entry. i don't know how to do that.

want to verify that tool bar but dont know how. i can only find two tool bars, both NIS.

i removed java and dl'd a freash one. so far no error reports on desk top.

Edited by igonuts2, 08 October 2005 - 04:11 PM.

Why work when you can play!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users