NOD32 it seems impossible!

Discussion in 'NOD32 version 2 Forum' started by Jones, Sep 3, 2004.

Thread Status:
Not open for further replies.
  1. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Hello,
    I have not much experience about antivirus.
    I have just istalled NOD32. I have made the update and I have run it.
    There aren't virus in my PC.
    But I had some problems with PC.
    Therefore I have gon online and I run PC-Cillin scan.
    It caught these:
    TROJ INSERVICE.H
    TROJ SMALL.GL
    WORM SWEN.A

    Then I used Norton scan online and it caught these:

    C:\Software\Uns12.exe è infettato con Hacktool
    C:\Documents and Settings\Jones\Impostazioni locali\Temporary Internet
    Files\Content.IE5\YHEBEBKH\it[1].htm è infettato con
    Bloodhound.Exploit.6
    C:\Documents and Settings\Jones\Impostazioni locali\Temporary Internet
    Files\Content.IE5\MM1Z3UUM\it[1].htm è infettato con
    Bloodhound.Exploit.6
    C:\Documents and Settings\Jones\Impostazioni
    locali\Temp\HOTMAIL_HACKER.0XE è infettato con Hacktool

    Have these antivirus captured important things?
    It happened to me. Why?
    Thanks

    bye Jones
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Jones,

    I saw your post on the antivirus newsgroups.

    Can you send those viruses to sample@nod32.com?

    Are you running the trial version of NOD or have you purchased the program?
     
  3. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    I run the trial version of NOD.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I assume most of those files will be damaged as, for instance, NOD32 began detecting Swen.A a long time ago. However, please submit those files to samples@nod32.com (though even sample@nod32.com works, it's better to use the former unless you are told otherwise).
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Just to be sure EVERYTHING is gone and your system is TOTALLY clean, can you do the following after installing the latest Nod32 from www.nod32.com:


    Step 1. Install Zone Alarm (free) – Firewall with visual outgoing alerts to see what is trying to access the internet.
    http://www.zonelabs.com


    Step 2. Download Stinger available here: do NOT run this YET.
    http://vil.nai.com/vil/stinger/


    Step 3. MAKE SURE NOD32 IS FULLY UP TO DATE with the latest virus signatures.


    Step 4. Turn OFF System Restore, this process depends on your operating system:


    Windows XP Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on the "System Restore"
    4. Place a tick in "Turn off System Restore on all Drives"
    5. Click OK
    6. Close and restart your system.


    OR


    Windows ME Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on "Performance"
    4. Click "File system"
    5. Click "Troubleshooting"
    6. Check "Disable system restore"
    7. Click on OK
    8. Close and restart your system.


    Step 5. Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content.


    Step 6. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up.


    Step 7. Start a scan with Nod32 while in SAFE MODE by doing the following: Start> All Programs> Eset> Nod32.


    CHECK THE FOLLOWING BEFORE YOU START YOUR SCAN:

    “Actions” TAB
    Make sure Quarantine is ticked, both for “If a virus is found” and “Uncleanable viruses”.

    “Setup” TAB
    Objects to diagnose – place a tick in all boxes.
    Diagnostic methods – place a tick in all boxes.
    Heuristic sensitivity – place a tick in “Deep”.
    Extensions – place a tick in “Scan all files”.

    “Scanning targets” TAB
    Double click on ALL of your Hard Drives so there is a RED tick shown
    Click “Clean”


    Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is found. If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


    If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

    1. Place a tick in the Quarantine check-box
    2. Select Delete
    3. Send the quarantined file to Eset: samples@nod32.com this file can be found here: C> Program files> Eset> Infected


    Step 8. Run a scan with “Stinger” the program you downloaded above.


    Step 9. Reboot your system into normal mode.


    Step 10. Run a further online scan found here: http://housecall.trendmicro.com/


    Step 11. Install update and run Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
    http://beam.to/spybotsd


    Step 12. Install update and run Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
    http://www.lavasoftusa.com


    Step 13. Install and run CWShredder available here:
    https://www.wilderssecurity.com/showthread.php?t=14086


    Step 14. Make sure your Windows is FULLY up-to-date by doing the following: While on the Internet, Click on Internet Explorer (the Blue “e”), Click on Tools (on the bar at the top of your screen in Internet Explorer), Click on Windows Update. This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “Scan for Updates”. Install ALL “Critical Updates” and “Service Packs”.

    WEEKLY – check this is “Up to Date”.



    REPEAT ALL THE ABOVE STEPS, this time EVERYTHING should come up clean…



    Now that your system is clean you may want to take a look here for further discussion on security and how to make your system that much stronger:

    https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

    and here for more:

    https://www.wilderssecurity.com/showthread.php?t=43117


    Hope this helps…

    Let us know how you go…

    Cheers :D
     
    Last edited: Sep 6, 2004
  6. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Dear friend, thanks very much for your advice but I have just noticed some virus in my PC.
    I think they are "sween" and others. Now I have deleted them but I think now I have problems. In fact I cannot install any firewall. If I install Sygate or Zone Alarm I have many problems.
    What do you advice me, please?
    I need an urgent reply,
    thanks
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What operating system are you using?
     
  8. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    I use WinXP.
    Can I have hope or have I to format?
    I have deleted these:

    TROJ INSERVICE.H
    TROJ SMALL.GL
    WORM SWEN.A
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There is always hope :D

    Can you please turn on the Windows XP Firewall and then follow my advice above.

    Let us know how you go...

    Cheers :D
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Have you tried carrying out an in-depth analysis? (Control Center - Resident modules and filters - NOD32 - In-depth analysis)? Also, you could download HijackThis (can be found easily on the web) and post the log created to support@nod32.com
     
  11. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Hello,
    I have made everything you told me but I have a little problem with NOD32 in “In-depth analysis”
    it find theese:
    C:\hiruvim.0hm »CHM »/htm2chm_explorer - Exploit/CodeBase trojan
    C:\hiruvim.0hm »CHM »/d_hiruvim.exe - Win32/Dialer.BY trojan
    C:\WINDOWS\FSQEFABAP.0XE - Win32/TrojanClicker.VB.CA trojan

    In fact it doesn't succeed to delete them because when it finish to scan I see enabled "Delete" button. Perhaps it is my inexperience and I hope to have made the right steeps.
    I will send you another email and I will tell you better.
    thanks
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please boot into "SAFE MODE" by pressing/tapping F8 as your system first begins to start up.

    When in SAFE MODE, please click on:

    Start
    All Programs
    Eset
    Nod32 Control Centre

    Click on Nod32 (below IMON)
    Click on "IN DEPTH ANALYSIS"

    Let us know how you go...

    Cheers :D
     

    Attached Files:

  13. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Sure I do it.

    When NOD32 finish its work I see:
    number of viruses found: 2
    number of active viruses: 1
    When I click on "Clean" NOD32 shows another page.
    Here I see "Leave" button enable only.
    Why?

    Another thing please:
    In Control Panel/Dsplay device events/System
    I see many errors only.

    ID event: 10002
    Origin: DCOM

    If I click on "Error" I see:
    Access denied to the server DCOM.
    The server is:
    00020906-0000-0000-C000-000000000046

    I hope I will resolve my problems because now my PC works fine.
     
  14. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    They are my events:

    Tipo Data Ora Origine Categoria Evento Utente Computer
    Errore 04/09/2004 10.55.04 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.54.37 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.54.01 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.53.57 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.53.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.53.39 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.53.30 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.52.50 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.52.30 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.52.29 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.52.06 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.51.57 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.51.49 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.51.48 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.51.45 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.50.36 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.50.08 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.50.00 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.49.15 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.49.07 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.48.58 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.48.25 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.48.19 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.48.18 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.48.11 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.48.08 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.47.51 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.47.45 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.47.38 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.47.25 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.46.48 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.46.17 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.45.49 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.45.48 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.44.49 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.44.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.44.35 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.44.30 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.44.29 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.44.20 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.43.24 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.43.03 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.42.56 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.42.41 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.42.24 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.41.30 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.41.24 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.41.21 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.41.21 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.41.17 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.40.46 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.40.32 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.40.11 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.39.01 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.38.57 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.38.36 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.38.18 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.35 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.28 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.23 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.15 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.04 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.00 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.37.00 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.36.36 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.36.36 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.36.17 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.35.56 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.34.50 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.34.37 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.34.34 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.34.17 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.34.16 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.33.55 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.33.38 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.33.17 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.33.17 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.33.04 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.32.51 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.32.01 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.31.20 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.31.13 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.31.09 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.31.09 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.31.00 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.30.52 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.30.37 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.30.33 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.30.20 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.29.50 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.29.48 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.29.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.28.40 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.28.21 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.27.31 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.25.48 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.24.52 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.24.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.24.39 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.23.37 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.23.25 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.23.16 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.23.14 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.22.54 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.22.12 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.22.12 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.22.04 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.22.03 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.21.56 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.21.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.21.34 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.21.13 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Informazioni 04/09/2004 10.21.01 Service Control Manager Nessuno 7036 N/D EXPLORIN-IM7NI4
    Informazioni 04/09/2004 10.21.00 srservice Nessuno 116 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.20.16 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.19.51 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.19.48 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.59 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.58 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.57 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.45 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.41 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.38 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.19 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.18.19 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.17.55 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.17.34 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.17.20 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.17.20 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.17.07 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.17.07 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.16.53 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.16.26 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.15.12 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.15.00 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.14.59 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.14.53 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.14.51 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.14.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.14.25 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.12.54 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.12.33 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.12.16 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.12.11 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.11.30 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.10.46 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.10.34 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.10.26 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.10.25 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.09.39 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.09.32 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.09.27 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.09.05 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.08.08 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.07.42 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.07.10 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.07.06 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.06.24 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.06.24 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.05.46 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
    Errore 04/09/2004 10.05.07 DCOM Nessuno 10002 N/D EXPLORIN-IM7NI4
     
  15. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Jones,

    You can download the most recent version of HijackThis (ver 1.98.2) from here:

    https://www.wilderssecurity.com/showthread.php?t=12516

    Then create a permanent folder for it on your C: (call the folder whatever you'd like) then put Hijackthis.exe into the new folder (do not put it in a Temp folder or desktop).

    Next, open Hijackthis and run it by clicking on the Scan button. When the scan has finished, the "Scan" button will then change to a Save Log button. Press the "Save Log" button and save it to a location you can easily find it. Do not fix anything in HijackThis yourself as most of what it will list is harmless and even essential.

    Once you have the HijackThis scan log saved, then send it by email to the address Marcos posted above and they will have a look at it.

    Regards,

    snap
     
  16. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Can you verify my hijackthis, please?

    hello,
    When NOD32 finish its work I see:
    number of viruses found: 2
    number of active viruses: 1
    When I click on "Clean" NOD32 shows another page.
    Here I see "Leave" button enable only.
    Why?

    Another thing please:
    In Control Panel/Dsplay device events/System
    I see many errors only.

    ID event: 10002
    Origin: DCOM

    If I click on "Error" I see:
    Access denied to the server DCOM.
    The server is:
    00020906-0000-0000-C000-000000000046

    I had one swen virus and some trojans, now I think I have deleted them.
    I hope I will resolve my problems because now my PC works fine.
    Could you verify my hijackthis, please?
    thanks very much, Jones
     
  17. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Re: Can you verify my hijackthis, please?

    I'm sorry I have forgotten to tell you "In-Depth-Analisis" Nod32 found those virus.
     
  18. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    Re: Can you verify my hijackthis, please?

    This is my hijackthis:

    Logfile of HijackThis v1.98.2
    Scan saved at 13.01.38, on 04/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\GSICON.EXE
    C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
    C:\WINDOWS\System32\dslagent.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\Programmi\MemoRex\MemoRex.exe
    C:\Programmi\Internet\Eudora\Eudora.exe
    C:\Programmi\HijackThis\HijackThis1982.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Programmi/Internet%20Explorer/AP1.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://pagefirst.netfirms.com/newod
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fwalerts.zonelabs.com/fwaler...d1vt9xqxrfp93a80,1,,&CL=en&LICFLAG=1&OEM=1043 (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2A2E29F2-546F-42EB-8746-667D179E6960} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: (no name) - {6181B5DB-C6B1-4CD7-A891-1E8BABC3CE16} - (no file)
    O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: (no name) - {E6D7F60E-C554-4462-8A2A-9D3C8A1978D3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: (no name) - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - (no file)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {53AEE57C-FEF2-404C-8791-BEAFAC6FDB6A} -
    O16 - DPF: {5BF50AC6-9851-4937-8372-254A8D3AE864} -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/aplicacion.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1014041.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1932490C-922E-436F-A528-DF980969AFAC}: NameServer = 80.17.212.208 151.99.125.1
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
  20. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Jones,

    I have merged your posts from the General Forum (Posts 16 to 19) into your thread here in the NOD forum. Please stay with this thread until the problem is resolved.

    ronjor has posted the email address that you are to send a copy of your HijackThis log to. Let me know when you've sent ESET the log, then I will remove the one you posted here. :)

    Regards,

    snap
     
  21. Big D1

    Big D1 Registered Member

    Joined:
    Aug 20, 2004
    Posts:
    68
    You can copy and paste your HijackThis log to the analyser just to see what it says. I would not make any changes though until an experienced person looked at your log file.

    http://hijackthis.de/index.php?langselect=english

    After you click the analyze button, scroll down to see the results.
     
  22. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
    >ronjor has posted the email address that you are to send a copy of your >HijackThis log to. Let me know when you've sent ESET the log, then I will >remove the one you posted here.


    Dear Snap, I don't understand what you mean with "ESET the log".
    I think I need to analyze hijackthis log.
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Eset is the company that makes NOD32. Copy the log you posted here and send it to support@nod32.com. They will analyze your log for you.
     
  24. Jones

    Jones Registered Member

    Joined:
    Sep 2, 2004
    Posts:
    42
  25. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    After you paste the entire log into the window, press Analyze. It's a little subtle, and depending on your screen size, it may appear as though nothing has occurred. However, if you page down, you will see the results of the automated analysis and their suggested actions. Be extremely careful in following any of this advice. Look at the items flagged. Are they expected entries based on the software you have installed on your machine? In some cases, even though the entry is flagged, it may be perfectly fine.

    Blue
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.