Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected Causing No Internet...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected Causing No Internet...

Unread postby souther32 » July 28th, 2006, 6:02 pm

My internet quit working for some random reason yesterday, Thursday. Everything else regarding the internet is working fine. Xbox 360 on Live, Wirless Laptop through my router (what im on) Aim, Outlook Express.But Whenever I try to go to a webpage an error always occurs. Page cannot be displayed... I downloaded many different programs to try and fix it, such as Spybot, Ad-Aware, AntiVir Personal, Microsoft Defender, Kill2Me, cwshredder, Genuine Check, and Hijackthis.
I was at majorgeeks.com for help, and they told me to download that stuff and run in under safe mode and I did. Found 3 objects with Microsoft Defender...

WinSofware.Winfixer
Catefory: Potentially Unwanted Software

Description:
This program has potentially unwanted behavior

Advice:
Remove this software immediately

Resources
File: C:\Documents and Settings\mom\Application Data\Netscape\NXB\Profiles\vrlkba04.default\Cache\ 6307B5C8d01

File: C:\Documents and Settings\mom\Application Data\Netscape\NXB\Profiles\5ua3ftpa.default\Cache. Trash\Trash\Cache\6307B5C8d01

File: C:\Documents and Settings\mom\Application Data\Netscape\NXB\Profiles\5ua3ftpa.default\Cache. Trash\Trash\Cache\851A1E9Bd01

PowerReg Scheduler

Resources
File: C:\Program Files\ Microsoft AntiSpyware\Quarantine\2A4C705D-5DCE-47AD-9ECF-FCE52C\4B441E8B-0626-4D15-Ac76-6660B2

File: C:\Program Files\ Microsoft AntiSpyware\Quarantine\9A1C314B-9F05-4F6F-B8B5-CFF590\B1C407D3-ABED-444E-A977-79B547

NewDotNet
file:
C:\Program Files\Microsoft AntiSpyware\Quarantine\7BBD6271-6586-4651-A37B-346761\AF6CB5B5-52AD-4B4F-BC7C-BF16B9

I just typed all that...
Also I have try getting webpages using IE, Firefox, and Opra

And here is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 1:17:27 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\Analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6af208b1-33fd-492b-8c67-e8b471f39754} - (no file)
O2 - BHO: (no name) - {89ad7923-34f5-4b2f-8630-685a0b4ca66b} - (no file)
O2 - BHO: (no name) - {A2020B37-C382-B277-FC21-C8C9DEB56E95} - blank (file missing)
O2 - BHO: (no name) - {BA816159-3BC2-4D07-4BF4-7FBBCEF292ED} - blank (file missing)
O2 - BHO: (no name) - {C1ADD487-6A33-24E2-D9D8-7AA393078836} - blank (file missing)
O2 - BHO: (no name) - {caf1e97a-3a63-43f8-b7fa-9cf27c66b3d2} - (no file)
O2 - BHO: (no name) - {E07E4136-AED5-37AA-E491-F27424479DA5} - blank (file missing)
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: ChatSpace Full Java Client 4.0.0.325 - http://www.interactionsoftware.com/...va/cfs40325.cab
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://my.uga.edu/nps/portal/gadge...t/LocalExec.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: mad.dll
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: tvmexehzonvl (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » July 28th, 2006, 7:55 pm

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby souther32 » July 28th, 2006, 10:27 pm

I am leaning towards reinstalling the OS because I need to anyways, what do you think? Also, I do not have the Reinstall OS Software CD, Is there anyway I could perhaps download it and burn to a CD? I can download it on this laptop, sent it to my computer threw AIM and burn to a CD from it. How does that sound LOL.
Also is there any down sides to reinstalling the OS? Such as memory loss, thigs like that?
I know all my memory will be erased which is ok but on the OS Cd, does it aleast come with Internet Explorer so I can download what I need such as printer software and Prefered Firewalls?
Also what about the Sound Driver? Or will I need to download that from the Dell website?
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby souther32 » July 28th, 2006, 10:39 pm

I was looking for some CD's and I ran across the Dell Drivers And Utilities (Device Drivers, Diagnostics and Utilities, Frequently Ask Questions, Online Documentations) Also I ran across Applications (Antivirus Program, Support Software, Multimedia Software, and Internet Software.)
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby agrarianmonk » July 28th, 2006, 10:44 pm

If you do not have an OS cd, then it is likely your computer came with some sort of restore CD that will return you computer to the original state you bought it in.

Unfortunately, there is no where you can download an OS installation CD. That would be illegal.

Also is there any down sides to reinstalling the OS? Such as memory loss, thigs like that?


It would erase all of the data on your harddrive, so you would need to back up your important data before reformatting.

I know all my memory will be erased which is ok but on the OS Cd, does it aleast come with Internet Explorer


yes, the windows installation will automatically install internet explorer.

Also what about the Sound Driver?


These drivers, and the other drivers for your computer, should come with the cd that has:

"Dell Drivers And Utilities (Device Drivers, Diagnostics and Utilities, Frequently Ask Questions, Online Documentations)"


let me know if you have any other questions.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby souther32 » July 28th, 2006, 11:20 pm

Thank you very much. I am ready to re-install the OS with a reinstall Scratch up disk which I hope will work. I have cleaned it 100 times lol Also, would you please post a link or please tell me how to re-install the OS since im only 14 years old. I believe you place the Cd in the Drive and you press F2 I believe or F12... Also is there any items I need to back up? All my files don't need to be such as Word docs, Songs, Etc...
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby agrarianmonk » July 28th, 2006, 11:25 pm

only your personal data files need to be backed up; programs can be reinstalled with the installation software.

Instructions provided here will help you with your reinstall. The site has pictures and walks you through the process step-by-step.

let me know if you have any other questions.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby souther32 » July 29th, 2006, 12:00 am

I am currently Re-Installing the OS Software. The steps you give me are great but 1 thing is unclear...

I have more than 1 partition, I have 3 of them, will I need to re-format all of them? Also there is no option for deleting them. I will post more information as soon as C: Partition2 [NTFS] finishes formating
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby agrarianmonk » July 29th, 2006, 12:01 am

For an entirely clean reinstall, I would format all 3 of them.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby souther32 » July 29th, 2006, 12:47 am

I really appreciate your time and effort in helping me! Everything went very smooth!!!
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby agrarianmonk » July 29th, 2006, 12:49 am

To help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!


(Please respond to this thread one more time so we can mark this thread as resolved.)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby souther32 » July 29th, 2006, 10:10 am

Only one problem, The color quality on my desktop screen is at 16-bit, I tried to increase it to it's original quality at High 256. I beleive I will need a driver for this. When I went to dell.com and looked at their drivers, I downloaded the one for my computer and screen. My screen is a E772C Dell.

http://support.dell.com/support/downloa ... leid=46366

That is the link I downloaded from and I installed the driver but nothing really happened. It told me to go to Start>Control Panel>Display> Settings> Advanced, Moniter Tab> Properties. But I cannot click on properties because the moniter type is at defailt Moniter.
Please help me again find a driver in-order to fix this or not a driver but somthing I need.
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby agrarianmonk » July 29th, 2006, 12:45 pm

Hi souther32,

If your monitor is the E772C Dell, then the link you've provided me is the correct driver.

One thought I had was to ask if you were signed in as the administrator of the computer. If you are not, then you may not have the ability to update the drivers of your monitor.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby souther32 » July 30th, 2006, 9:24 pm

Yes, I am the Admin. I also made an account to limited just to make sure I am the Admin. Do you think I should contact Dell and tell them whats going on so they can help me?
souther32
Active Member
 
Posts: 9
Joined: July 28th, 2006, 5:57 pm

Unread postby agrarianmonk » July 30th, 2006, 9:32 pm

perhaps its a video card driver that you need and not the monitor?
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware