Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sdbot Worm, Msdirectx, Poebot, Tag Teaming My Computer..


  • This topic is locked This topic is locked
3 replies to this topic

#1 Chuckles_dyete

Chuckles_dyete

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 12 November 2005 - 06:03 AM

Hey, whats up?? I'm new to this sight and new to computers (5 mths)... and i'm glad I found this sight because I enountered a problem I cannot fix on my own, I need some expert advice....

when I reformatted my computer and I ended up getting sdbot out of the blew,probably from not having any of the needed microsoft critical udates and patches.... So, then I downloaded the needed patches and got the updates... But recently after going through your 'before you post' instructions you said not to install sp2 until you could be sure there were no more threats, so i didn't install it yet.......

I'm still getting threats showing whenever I do the scans, or, they come back the next day or someting...And, even the threats I find I delete, but I they come back on my system somehow, or duplicate themselves... It might be the system restore thing, but system restore confuses me....

I have some questions too:

1.Is it okay to have more than one antivirus program on your computer???.. Do any of them rival with eachother???.... I want to have Nortan antivirus paid edition as well as Trend micro and Ewido, would this be okay???....

2. If I don't have my firewall configured correctly is it possible that it might allow Spyware
or viruses to infect my computer??? ( I currently have the following, Internet Explorer, Mozilla Firefox,
Zone Alarm).....

3. I've had bad experiences with Winupdate in the past, is it possible to find out on my own
which updates are needed, so I can just get them myself and manually install them?????......

I'm running Windows XP Professional.....

Symptoms:
-Computer slows
-Compoter freezes
-Somtimes random shutting off with
no warning
-Sounds like something is constantly downloading even though I may
not be doing anything( This only happens in normal mode, though)..

Freeware and software I have:
-Spyware gaurd
-Spyware blaster
-Bit Defender
-Hijack This
-Zone Alarm(Firewall)
-Stinger
-Ewido
-Adaware SE

It doesn't seem like Hijack this is able to pick up on everything, but i'll
post the log here anyway and hopefully you can help me...

Logfile of HijackThis v1.99.1
Scan saved at 2:42:13 AM, on 11/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131594059046
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

BC AdBot (Login to Remove)

 


#2 RavenMind

RavenMind

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 17 November 2005 - 12:58 AM

Hi and welcome to Bleeping Computer!

We are sorry it has taken so long for someone to reply. As you can see itís pretty busy here. I am currently reviewing your log, and will be back to address your problem A.S.A.P. Please note that this is under the supervision of a fully certified Analyst.

Please subscribe to this thread by going to the top & clicking on Options > Track this topic, so that you are notified when a reply has been made.

Please be patient with me during this time.

Thank you,

RavenMind

#3 RavenMind

RavenMind

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 17 November 2005 - 11:49 PM

Hello again. Thank you for being patient while I reviewed your log. Letís address your questions first.

1.Is it okay to have more than one antivirus program on your computer???.. Do any of them rival with eachother???.... I want to have Nortan antivirus paid edition as well as Trend micro and Ewido, would this be okay???....

I would strongly recommend against having multiple AVís on your system. Doing so will usually cause conflicts & instability. You may run Ewido Security Suite concurrently with an AV, such as Trend Micro, because Ewido isnít an antivirus, per se, but a Trojan & spyware scanner.


2. If I don't have my firewall configured correctly is it possible that it might allow Spyware
or viruses to infect my computer??? ( I currently have the following, Internet Explorer, Mozilla Firefox,
Zone Alarm).....

Yes, itís possible. Start here to learn how to configure your firewall.


3. I've had bad experiences with Winupdate in the past, is it possible to find out on my own
which updates are needed, so I can just get them myself and manually install them?????......

There are several ways to configure automatic updates, including downloading & prompting to install, notification of available updates without downloading/installing, or simply turning automatic updates off. To adjust these settings, go to Start > Settings > Control Panel > Automatic Updates. If you completely disable automatic updates, please remember to check for them manually on a regular basis in order to stay protected.


Your HJT log is clean, however, it appears to have been taken while in Safe Mode. A log taken in Safe Mode will often not show us all the malware lurking in your system. So, Iíll need you to reboot into Normal mode & save a new logfile. Post that here when ready.

Also, using Internet Explorer, please perform on online scan with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  • Click Scan your PC & a 'pop up' window will appear. (Ensure that your pop up blocker doesn't block it.)
  • Click Scan Now
  • Enter your e-mail address & click Scan Now
    It will begin downloading Pandaís 8 MB ActiveX control. (Be sure your Internet Explorer settings will accept the ActiveX)
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Please post that log in your next reply.


So in your next reply, Iíll need the following:
  • A fresh HJT log, run in Normal Mode
  • The Panda scan log


#4 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 15 December 2005 - 08:16 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users