1
Tech Clinic / Please Help with HiJack This
« on: September 10, 2005, 05:27:13 PM »
Sorry, was not logged in, the last post is from me
Lee
Lee
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / Please Help with HiJack This
« on: September 06, 2005, 06:38:14 AM »
The drive is in the same IDE chain. XP is on the master.
I replaced the original master drive some time ago and continued to use the same backup. When I loaded XP onto the new drive, it named itself F. I new it is usually on the C drive, but since the computer was functioning fine, I figured why mess with it. Again, the set up has been fine like this for a few months.
I tried to get the file location for the trojan, but I only got a partial as I am doing it from memory, it was on the F drive, in a sub folder of documents and settings. I did a Virus scan, and nothing came up. MaAfee gave me a pop-up to say it was there. I did some research and from what I can tell, the trojan is not an issue with an XP update that I installed, although, I would still like to get rid of it
Any suggestions on how to find it?
I replaced the original master drive some time ago and continued to use the same backup. When I loaded XP onto the new drive, it named itself F. I new it is usually on the C drive, but since the computer was functioning fine, I figured why mess with it. Again, the set up has been fine like this for a few months.
I tried to get the file location for the trojan, but I only got a partial as I am doing it from memory, it was on the F drive, in a sub folder of documents and settings. I did a Virus scan, and nothing came up. MaAfee gave me a pop-up to say it was there. I did some research and from what I can tell, the trojan is not an issue with an XP update that I installed, although, I would still like to get rid of it
Any suggestions on how to find it?
3
Tech Clinic / Please Help with HiJack This
« on: September 05, 2005, 09:13:39 PM »
Macafee windows popped up that
JS/Exploit-HelpXsite Trojan has been detected
I cannot quarintine or delete
JS/Exploit-HelpXsite Trojan has been detected
I cannot quarintine or delete
4
Tech Clinic / Please Help with HiJack This
« on: September 05, 2005, 08:55:21 PM »
I looked in Ewido, nothing in gurantee list. Shoud I start it in safe mode and check it then. The Ewido log that I have says nothing was found. Again, these were done in seperate pieces.
I am not sure of the BIOS reading of the other drive, how do I check? The computer recognizes a drive - it is in the my computer options . When I double click on it, it asks me if I want to format.
I am not sure of the BIOS reading of the other drive, how do I check? The computer recognizes a drive - it is in the my computer options . When I double click on it, it asks me if I want to format.
5
Tech Clinic / Please Help with HiJack This
« on: September 05, 2005, 07:26:32 PM »
Thanks in advance for the help. Here is the log file. The C drive which is the backup, is not being recognized as a drive, which happened after I ran scans in safe mode. The F Drive is my local drive. In case you need to know, I have Windows Media Center on the computer
Again, thanks.
Logfile of HijackThis v1.99.1
Scan saved at 8:19:14 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
f:\program files\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\WINDOWS\ehome\RMSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\ehome\ehtray.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\McAfee.com\VSO\mcvsshld.exe
F:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
F:\WINDOWS\BCMSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\McAfee.com\VSO\oasclnt.exe
F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Admin\Desktop\hijackthis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] f:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] F:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [diagent] "F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = F:\WINDOWS\eHome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122236642640
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Again, thanks.
Logfile of HijackThis v1.99.1
Scan saved at 8:19:14 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\WINDOWS\eHome\ehRecvr.exe
F:\WINDOWS\eHome\ehSched.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
f:\program files\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\WINDOWS\ehome\RMSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\ehome\ehtray.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\McAfee.com\VSO\mcvsshld.exe
F:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
F:\WINDOWS\BCMSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\McAfee.com\VSO\oasclnt.exe
F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Admin\Desktop\hijackthis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] f:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] F:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [diagent] "F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = F:\WINDOWS\eHome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122236642640
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
6
Tech Clinic / Please Help with HiJack This
« on: September 03, 2005, 07:15:27 AM »
HELP!!
I was hving some problems on my computer. Internet explorer would just crash and the computer was a little slow. I did some scans and did not find anything. So, I followed the instructions from
http://www.thetechguide.com/forum/index.php?showtopic=19928
and my computer took a turn for the worse.
I am not a computer expert, so I will describe what I can. I ran the sequence as lay out in the above post, and it during the scan, ewido crashed, so I had to restart it. I then did the drives seperately, I have a local drive and backup drive. This seemed to work until I restarted, as the computer was very very slow. Beyond jus tbeing slow, my desktop look had changed. Most important, there were no longer two hard drives being read. It was only one. The back, which was my C drive was now the local drive as well. It appears that some how, something combined the drives.
Any help would be greatly appreciated
I was hving some problems on my computer. Internet explorer would just crash and the computer was a little slow. I did some scans and did not find anything. So, I followed the instructions from
http://www.thetechguide.com/forum/index.php?showtopic=19928
and my computer took a turn for the worse.
I am not a computer expert, so I will describe what I can. I ran the sequence as lay out in the above post, and it during the scan, ewido crashed, so I had to restart it. I then did the drives seperately, I have a local drive and backup drive. This seemed to work until I restarted, as the computer was very very slow. Beyond jus tbeing slow, my desktop look had changed. Most important, there were no longer two hard drives being read. It was only one. The back, which was my C drive was now the local drive as well. It appears that some how, something combined the drives.
Any help would be greatly appreciated
Pages: [1]