Report, edit, etc...Posted by ShadowBrood on 2005-07-24 at 13:02:25
QUOTE(Kingra @ Jul 23 2005, 04:30 PM)
I was using Firefox, idiot. I was checking IE to see if anything changed. It seems Firefox isn't as good as it seems. :\
[right][snapback]268640[/snapback][/right]
[right][snapback]268640[/snapback][/right]
Ok sorry about that then. The only way for you to get a virus through firefox is to willingly download something. If you have firefox set to auto-download, not choose when to download then you may run into the problem of clicking links and things auto install on your computer. That could have been the reason that it started to do stuff when you didn't tell it to.
Also, from your initial post you never said you were using firefox, you just said IE has a TNS toolbar so I assumed you were using IE.
Report, edit, etc...Posted by warhammer40000 on 2005-07-24 at 13:03:13
QUOTE(krazydrunkking @ Jul 24 2005, 11:31 AM)
Oh yeah, try a mac computer. I heard they never get viruses like windows does.
[right][snapback]269149[/snapback][/right]
[right][snapback]269149[/snapback][/right]
Yes, I actually downloaded a virus VIA-email and nothing happened. =)
Report, edit, etc...Posted by ShadowBrood on 2005-07-24 at 13:04:39
That's probably because the virus was written as an EXE, not an MAE or whatever they are. (MAE=Macintosh Application Executable)
Report, edit, etc...Posted by PCFredZ on 2005-07-24 at 16:02:32
QUOTE(krazydrunkking @ Jul 24 2005, 11:31 AM)
Oh yeah, try a mac computer. I heard they never get viruses like windows does.
[right][snapback]269149[/snapback][/right]
[right][snapback]269149[/snapback][/right]
Same reason people don't steal crappy cars!
-PCFredZ
Report, edit, etc...Posted by Aikanaro on 2005-07-24 at 16:10:11
QUOTE(PCFredZ @ Jul 24 2005, 03:02 PM)
Same reason people don't steal crappy cars!
-PCFredZ
[right][snapback]269349[/snapback][/right]
-PCFredZ
[right][snapback]269349[/snapback][/right]
Following that theory, I do not know why windows gets viruses.
Report, edit, etc...Posted by Gigins on 2005-07-24 at 16:48:24
QUOTE(Aikanaro @ Jul 24 2005, 11:10 PM)
Following that theory, I do not know why windows gets viruses.
[right][snapback]269362[/snapback][/right]
[right][snapback]269362[/snapback][/right]
Because viruses are probably made for windows.
Report, edit, etc...Posted by PCFredZ on 2005-07-24 at 16:48:43
QUOTE(Aikanaro @ Jul 24 2005, 04:10 PM)
Following that theory, I do not know why windows gets viruses.
[right][snapback]269362[/snapback][/right]
[right][snapback]269362[/snapback][/right]
Touche.
How about this revision:
More people use Windows, so making viruses for it has a better chance of infecting and spreading than Macs, and so much more people make viruses for Windows.
But then it comes down to why more people use Windows... hehe.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-07-24 at 20:53:50
QUOTE(MrrLL @ Jul 24 2005, 12:57 PM)
These 2 Look suspicious: [So check at own risk..]
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
Ask someone about those 2..^
[right][snapback]269223[/snapback][/right]
i had those when i had spy sheriff... hm i should run hijack this quick and see if i have that on my comp still
Report, edit, etc...Posted by Merrell on 2005-07-25 at 13:15:46
Yeah, post your log, I'll help. Although I'm only like 60% sure they're bad, but nothing TOO bad can happen if you check them.
Report, edit, etc...Posted by Staredit.Net Essence on 2005-07-25 at 13:20:16
QUOTE
Oh btw Gradius that Virus Scan really helped. Thanks. happy.gif
Did you try MS Antispyware. =/
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-07-25 at 15:32:54
heres my log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
G:\qttask.exe
H:\ipod\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
H:\Starcraft\Steam\Steam.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\John Shaughnessy\Desktop\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\ipod\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
G:\qttask.exe
H:\ipod\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
H:\Starcraft\Steam\Steam.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\John Shaughnessy\Desktop\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\ipod\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
Report, edit, etc...Posted by Kingra on 2005-07-25 at 16:49:44
Winstall.exe was created on Saturday, July 23, 2005, 4:03:38 PM.
Seems to be the time and day I got the virus. I can't delete it, though. What should I do? When I try to open it, nothing happens.
Seems to be the time and day I got the virus. I can't delete it, though. What should I do? When I try to open it, nothing happens.
Report, edit, etc...Posted by Voyager7456(MM) on 2005-07-25 at 17:00:47
Restart your computer in Safe Mode and then try and delete it.
Report, edit, etc...Posted by Kingra on 2005-07-25 at 17:05:20
I'm up to it. I guess I'll try now...
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-07-25 at 17:10:57
tap f8 when your comp is restarting to get into safe mode
Report, edit, etc...Posted by Kingra on 2005-07-25 at 17:12:34
Ok, when I tried to get into safe mode my computer froze. 
Now that's just damn crazy...
Now that's just damn crazy...
Report, edit, etc...Posted by CaReBeaR on 2005-07-25 at 17:17:45
If u get a sytem virus follow these steps:
1. Save everything you care about.
2. Re-Save everything u care about
3.Double check u saved everything.
4. Ask for help on a forum equipt with dozens of nerds ready to help u.
5. Prey for good luck.
1. Save everything you care about.
2. Re-Save everything u care about
3.Double check u saved everything.
4. Ask for help on a forum equipt with dozens of nerds ready to help u.
5. Prey for good luck.
Report, edit, etc...Posted by Mini Moose 2707 on 2005-07-25 at 17:42:40
Actually, do the first 3 and format. Though, that's the wuss solution.
http://forums.majorgeeks.com/showthread.php?t=35407
http://forums.majorgeeks.com/showthread.php?t=35407
Report, edit, etc...Posted by Merrell on 2005-07-25 at 18:26:28
n2o-P/Simpsons
Things to check: (remember O4's are startup items)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
^X. ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware^
So I would check it, because it has a X to it in the tut im using (X means bad, Y means important to keep, N means not required, ? means doesn't know)
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
^Will increase startup time to check it(you don't need it to start up with computer)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
^windows messenger, don't need it to start up^
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM95\aim.exe -cnetwait.odl
^you can always double click the shortcut to open aim, check this^
O9 - Extra button: Real.com (HKLM) (unless you like this button in I.E)
O9 - Extra button: AIM (unless you like the AIM button in I.E)
ADDITION:
Oh and Kingra did you see my answer to your log and what to check?
Things to check: (remember O4's are startup items)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
^X. ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware^
So I would check it, because it has a X to it in the tut im using (X means bad, Y means important to keep, N means not required, ? means doesn't know)
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
^Will increase startup time to check it(you don't need it to start up with computer)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
^windows messenger, don't need it to start up^
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM95\aim.exe -cnetwait.odl
^you can always double click the shortcut to open aim, check this^
O9 - Extra button: Real.com (HKLM) (unless you like this button in I.E)
O9 - Extra button: AIM (unless you like the AIM button in I.E)
ADDITION:
Oh and Kingra did you see my answer to your log and what to check?
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-07-25 at 18:51:44
thanks. can i see the tut your using? i didnt delete anying you said because they are not harmful except i deleted the real.com thing and the aim button keeps reloadig itself back... w/e i dont use ie anyways..
oh yeah the reason i want to see the tut is because i want to check this one out O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
also wesmic da pimp u should download hijack this and post your log.. im curious because u say u look at a lot of porn and i want to see if u have a lot viruses...
oh yeah the reason i want to see the tut is because i want to check this one out O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
also wesmic da pimp u should download hijack this and post your log.. im curious because u say u look at a lot of porn and i want to see if u have a lot viruses...
Report, edit, etc...Posted by Kingra on 2005-07-25 at 21:55:59
Wow, guess what? The virus is gone. I don't know how I did it, but it's completely vanished out of thin air. All I did today was two Spybot searches...
Well, my desktop screen is unlocked, and those four annoying "Your computer is infected" toolbar icons are gone.
So should I lock this up or leave it so others can discuss about viruses and post HijackThis logs?
Well, my desktop screen is unlocked, and those four annoying "Your computer is infected" toolbar icons are gone.
So should I lock this up or leave it so others can discuss about viruses and post HijackThis logs?
Report, edit, etc...Posted by ViolentMoose on 2005-07-25 at 22:28:09
QUOTE(Kingra @ Jul 23 2005, 05:54 PM)
Another thing I noticed, I have a new toolbar labeled TNS on IE.
[right][snapback]268606[/snapback][/right]
[right][snapback]268606[/snapback][/right]
lol i used to search porn and i got tons of viruse and spy ware that killed my old comp and the toolbar i had that was dl was samething u got =P
i bought a new comp and got ad aware and ant viruse and spyware dtetection and my comp is better then ever even though its a new 1
Report, edit, etc...Posted by Kingra on 2005-07-26 at 00:49:28
It's not over. The virus downloaded a ton of stuff on my desktop like "Viagra, Blowjobs, Porn, etc."
I deleted it, ran a last Spybot check, and when I restarted the computer it permanently set the color to 16 Bit. I cannot change it, everything looks ugly, and my dad has decided to reinstall Windows. There isn't much I want to save, only my Kingdom Of Sorrows map, a picture or two, and a few sites I need for music and help. Well, I'm going to have to install everything again tomorrow, (it's almost 1:30 AM right now) and I lost all my BS saves. (I don't want to keep them, they're not THAT important.
Goodnight.
I deleted it, ran a last Spybot check, and when I restarted the computer it permanently set the color to 16 Bit. I cannot change it, everything looks ugly, and my dad has decided to reinstall Windows. There isn't much I want to save, only my Kingdom Of Sorrows map, a picture or two, and a few sites I need for music and help. Well, I'm going to have to install everything again tomorrow, (it's almost 1:30 AM right now) and I lost all my BS saves. (I don't want to keep them, they're not THAT important.
Goodnight.
Report, edit, etc...Posted by ShadowBrood on 2005-07-26 at 01:05:07
Did you tell your dad what you were looking for? Also, you could have just re-installed your video drivers.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2005-07-26 at 10:30:13
QUOTE(Kingra @ Jul 26 2005, 12:49 AM)
It's not over. The virus downloaded a ton of stuff on my desktop like "Viagra, Blowjobs, Porn, etc."
I deleted it, ran a last Spybot check, and when I restarted the computer it permanently set the color to 16 Bit. I cannot change it, everything looks ugly, and my dad has decided to reinstall Windows. There isn't much I want to save, only my Kingdom Of Sorrows map, a picture or two, and a few sites I need for music and help. Well, I'm going to have to install everything again tomorrow, (it's almost 1:30 AM right now) and I lost all my BS saves. (I don't want to keep them, they're not THAT important.
Goodnight.
[right][snapback]270566[/snapback][/right]
I deleted it, ran a last Spybot check, and when I restarted the computer it permanently set the color to 16 Bit. I cannot change it, everything looks ugly, and my dad has decided to reinstall Windows. There isn't much I want to save, only my Kingdom Of Sorrows map, a picture or two, and a few sites I need for music and help. Well, I'm going to have to install everything again tomorrow, (it's almost 1:30 AM right now) and I lost all my BS saves. (I don't want to keep them, they're not THAT important.
Goodnight.
[right][snapback]270566[/snapback][/right]
go into youir hard drive and delete everything that was modified the date you got your virus...
also i reinstalled windows but i got cheep harddrives and reinstalled windows liek you did...
]
but before you reinstall windows show your dad the tutorial on the site everyone is posting in here the major geeks.com website...
oh yeah just out of curiosity, does your dad know how you got the virus?