Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 26th, 2004, 12:36 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
Unhappy I Need Answers :)

i decided to ditch kazaa and use limewire since my friend recommended it. I am tryint ot install it but i cant cause there comes a notive stating:
an error has occured while downloadin a file :

http://installengine.com/cert20/isengine/isscript.msi

I try to retry but it still wouldnt work
Reply With Quote
  #2  
Old May 26th, 2004, 12:54 AM
lufbra lufbra is offline
CTH Subscriber
 
Join Date: Sep 2000
O/S: Windows 10 Home
Posts: 12,532
A lot of people need answers here, that's the nature of this forum, but for the most part, if anyone does have questions to ask, they tend to use a little more respect/politeness towards all the great helpers here, it doesn't cost a thing to maybe say "Please Help", or words to that effect. Saying "I Need Answers" isn't exactly the most subtle way of starting a post!!
Reply With Quote
  #3  
Old May 26th, 2004, 12:58 AM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
Did you remove kazaa completely? Run an HJT log, so we can take a look.

Hijack This
http://tomcoyote.com/hjt/


Click the above link, and a dialog box will open, choose ‘open’. It will down load click on SAVE. Save it the hard drive, make a new folder for it called 'hijack this'. Then after it's saved, double click on it to open it. Then click ‘scan’ and it will scan. Do not fix anything. Click ‘save log’ and save it to your 'hijack this' folder as a .txt file. Then open that file and copy and paste all the information into your thread. Someone will review it and let you know what needs to be fixed. Don't fix anything yet and post the log back into this same thread and if my directions seem a bit...obscure read the directions on the right side of the screen when you get to that link
Reply With Quote
  #4  
Old May 26th, 2004, 01:15 AM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 22
Posts: 11,532
Know what ya mean Dave...I tend to ignore such requests..
Reply With Quote
  #5  
Old May 26th, 2004, 01:34 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
Logfile of HijackThis v1.97.7
Scan saved at 8:32:44 PM, on 25/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kdyobr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [bxdhjzvgagt] C:\WINDOWS\System32\kdyobr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25e3177ed30cf50...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...905.7433912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O19 - User stylesheet: C:\WINDOWS\color.css

here it is... and lufbra i didnt mean it like that ... but watever if it offended you srri... it was more like a desperate cry for help
Reply With Quote
  #6  
Old May 26th, 2004, 01:37 AM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
Thank you, I don't have time to look now, but someone else may look, otherwise, I can do it when I return.
Reply With Quote
  #7  
Old May 26th, 2004, 01:40 AM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
Guys....there's a smiley at the end of his 'I need answers'. I am like that too, I spew out words before I think and people take that as rude...when it's just me being over zealous or honestly....unthinking. I'm not making excuses, I'm just speaking from experience.

And that's an awfully sad face at the beginning of 'I need answers'
Reply With Quote
  #8  
Old May 26th, 2004, 01:44 AM
lufbra lufbra is offline
CTH Subscriber
 
Join Date: Sep 2000
O/S: Windows 10 Home
Posts: 12,532
So, he couldn't type "I Need Answers, Please "?
Reply With Quote
  #9  
Old May 26th, 2004, 03:08 AM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
I dunno



Ohhh... look at the very bottom of the log............
Reply With Quote
  #10  
Old May 26th, 2004, 03:30 AM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
TMAC:
Re-run Hijack this and put check marks next to the below entries then click 'fix checked'
02 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [bxdhjzvgagt] C:\WINDOWS\System32\kdyobr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25e3177ed30cf5...ip/RdxIE601.cab
O19 - User stylesheet: C:\WINDOWS\color.css

OK, i've edited this so many times, i'm surprised that something doesn't pop out of the computer to slap me. IN safe mode, delete these files. Safe mode: as soon as you reboot, start tapping F8 repeatedly, a window will load asking you how you want to start, choose safe mode. Search for these files and delete them.
C:\WINDOWS\System32\kdyobr.exe
C:\WINDOWS\color.css
SOUNDMAN.EXE (all caps, nost soundman.exe)
Then run the below scan to find whatever I may have missed
Trendmicro:
http://housecall.trendmicro.com/ choose ‘scan now it’s free’ then have it fix whatever it finds.

Another thing is, after we get your system clean, you will need to dump the restore files, so don't let me forget to tell you about that.

Last edited by Melodi; May 26th, 2004 at 05:00 AM.
Reply With Quote
  #11  
Old May 26th, 2004, 10:15 PM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
haha thnkxs melodi for helpin and being understanding.
Reply With Quote
  #12  
Old May 26th, 2004, 11:44 PM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
No problem, I am often misunderstood
Did you get those items taken care of?
Reply With Quote
  #13  
Old May 26th, 2004, 11:48 PM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
umm k i think i followed everythign ya told me to do (btw the things ya told me to look for in the safemode thingy didnt work well i didnt find the programs) in addition everytime i fix the things in HJT, the nxt day my website still gets hijacked. also the url you gave me i try scanning wit it but my computer says there is something wrong with it and it closes all internet programs. . . lol why are comps SO complicated . . . lol

Last edited by tmac_no1; May 26th, 2004 at 11:49 PM. Reason: wrote something wrong
Reply With Quote
  #14  
Old May 26th, 2004, 11:55 PM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
Hmmmm, well in the Spanish language every object is given a 'sex' and turns out that the computer is a female...That may explain something...Sorry girls...but I admit I'm often complicated. TMAC I'm going to have a friend of mine look at your posts and see what he says and I will be back to you. Did you turn off system restore? Did you go to windowsupdate and do all the critical updates? Is your XP firewall turned on. To do this go to the control panel and double click network connections, then right click on your connection then choose properties. In the advanced tab is a check box for the firewall.
Reply With Quote
  #15  
Old May 27th, 2004, 12:02 AM
Mobo's Avatar
Mobo Mobo is offline
Seargent Spyware
 
Join Date: Sep 2003
Posts: 1,434
Perhaps posting a fresh log will provide a better understanding. Would you do so please and I as well understand that we all have bad days...Just ask my wife.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
No answers? Grabster Windows 7 2 April 19th, 2013 03:13 AM
Top 5 Smartest Answers itschahat Jokes Forum 2 June 5th, 2007 01:32 PM
Coflicting answers... Mambonuts Hardware 8 October 22nd, 2006 12:20 AM
In need of answers? bAdWaYz Open Discussion 3 July 22nd, 2005 02:19 PM


All times are GMT +1. The time now is 01:24 AM.