Trojans, Worms, Troubles, OHMY!!!

Hello!
I have problems and hope someone can help me with it!
I have been having trouble with my computer; the TIME on the taskbar has been getting stuck and the screen has been flickering. I thought that possibly I had a virus or something so I loaded a program called ANTIDOTE which found that a Trojan was found on an email scan. It also says that I have two other problems with files. They are both infected with.... 1.worm.magistr.a , both being on the email scan.
The scan shows that they are these files:

C:windowssp.dll Infected:Trojan.WinReg.StartPage
C:\Windows\ApplicationData\Mozzila\Us....
Results: Infected: 1.Worm.Magistr.a
C:\Windows\Profiles\Teresa\ApplicationData\Mozzila\US.....
Results: Infected: 1.Worm.Magistr.a

After finding that I had a Trojan I load TDS and it found no Trojans or worms (if it does find them) , but it did find that several .dll and .exe files are missing.
Gavin form TDS has been trying to help me a bit and told me to try here to see if I can get some help. He also had me run a program called CLAV. It found nothing.
I also ran the HOUSECALL virus scan and found nothing.
I then ran THE CLEANER and it found nothing.

I decided backed-up files to disk and was going to reformat the entire computer, but it freezes up on the last OK before starting. So now there isn't a way to reformat or recovery my computer. I have a HP Pavillion 6636. When still in warranty the HP tech support wanted me to reformat at one time and the same thing happened. They sent new CDs and it worked, but it will not work once more.
I just want to get rid of the Trojan and worms and correct whatever damage it has done.
I'm suspecting that it is ruining my files since the TDS program says there are ones missing.
Also my computer will not find the file MSCONFIG. Is there a way to fix it
I fear that trying to fix things I have done damage myself, being an amateaur and all!!!!
PLEASE HELP ME!!

Thanks so very much to all who can help.
Teresa P.

 

Hi Teachypeachy,
TDS telling you're missing system files?
Do you mean in the CRC check at startup?
It could be the files are located elsewhere on your system.
which Windows version are you using?
Wait with the reformat on a HP till knowledgeable people say you can.
If the other files were just emails, i would just delete them, buth your path is not posted completely to see what they are.

Before we can go further advising you, i really want to know your windows version, to have no wrongs or forgotten parts.
(XP or ME with the system restore f.e.)

 

Hi Teresa,

First of all, before it gets bearied under the wheels of progress , Welcome to Wilders!

At first glance, things are not as bad as they appear to be (so far ) so take a deep breath and ...

1. Keep in mind that the missing file issue you saw in TDS is not actually any missing file at all. As noted in other threads, the CRC test within TDS relies on a config file that has example entries. Normally, the user would go in there and edit those entries so it reflects the actual locations on the system. So it's telling you that files are "missing" means just that the config file has not yet been properly configured. IMO, you should disable those CRC tests within TDS for the time being until we get things sorted out with your other issues.

2. With Regard to the viruses in your email setup as well as the apparent trojan, can you look in your antivirus program (the one you used to initially find the virii) and go through the log to see if the viruses were deleted (or cleaned). This is definitely what we want to see, especially as this would account for the otherwise clean bill of health by the other scanners you mentioned.

3. <- will depend on the responses to the above two

Regards,

Dan

 

Hi,
I am running Windows 98 second edition.

Here are the complete files:

C:\Windows\ApplicationData\Mozzila\User50\default\zvsxvii6.slt\Mail\mail.hartcom-1.net\Sent/

C:\Windows\Profiles\Teresa\ApplicationData\Mozzila\User50\default\zvsxvii6.slt\Mail\mail.hartcom-1.net\Sent/

These both had a date of 2001. I'm thinking this may have indicated when I had set up my email.

On the message that I had repied to they has a screen showing the TDS3 screen after beginning scan. That is the same screen that I had. I just did the scan and it showed no trojans or anything just missing files like what was on the other persons post. I don't know what the CS...something is that yoo're speaking of. Sorry

Thank you for responding and looking forward to the much needed help!!!

Teresa

 

Ah, I see what you are doing.

Let's go to the TDS program window

Click "Configuration" and under "Startup Scanning" uncheck "CRC32 System Files Test" and then press the "Save" button

While we are here we will doublecheck your Scan settings

Click "Scan Control" and on the "Scan Options" tab

under "Deep-Search inside files" everything should be selected

unders "Advanced Scan Options" all should be selected except for "Show All NTFS ADS Streams"

...and on the "Generic Detection" tab

both options should be checkmarked and move the slider all the way to the right

...go back to the "Scan Options" tab and press "Save Configuration"

I would recommend you do a full scan now that these settings are in place.

Also, were you able to find out from your AntiVirus logs about whether it cleaned or deleted the viruses and trojan it found?

Thx

 

Before that scan don't forget to grab the last update at http://tds.diamondcs.com.au/radius.td3
If you have already 26149 references (see in the TDS console) no need to get a new one as you'll be uptodate.
Looking forward to your results and how Dan is helping you through.

 

TeachyPeachy,

If you are unsure how to check the AV logs to see if the file was deleted or repaired there is another option.

You should download a dedicated Magistr repair tool from here
( many thanks to Joosky for the links! )

http://securityresponse.symantec.com/avcenter/Fixmagi.com

This should be run while your computer is in Safe mode. Instructions for the removal tool as well as instructions to get into safe mode are available here

http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.removal.tool.html

Please let us know if you have any questions or are being overwhelmed

 

Hello Again!!

Okay.....let's see.....

Dan, I ran the magistr scan you suggested and it found nothing.

I went to go and start up the TDS program and follow your instructions I now recieve an ERROR and it tells me that the file 'OLEAUT32.DLL' is out dated and requires a newer version.
What now I'm scared that in my haste I have ruined something. What or can I do to get that fixed?
_________________________
This is what the ANTIDOTE (program that found the problems) site says about that program:

Program Highlights -- Very Simple Virus Checker
Freeware
We provide this program as "freeware". Anyone is welcome to use it without any registrations.


Support Platforms
The program can operate under Windows 95, 98, Me, NT 4.0, Windows 2000, XP


Accurate Virus Check
The program equips with the same anti-virus mechanism we use in the standard products and it will detect viruses, trojans, worms, backdoors and other malwares.

Note: This program offers only the virus detection.


Very Simple
This super simple program does not require the system installation. You download the program and execute it. What you do is to specify the program where to scan.

Note : This program does not alter your system configuration and it runs in your temporary directory. Therefore, this program behaves as the one-time virus scanner: it is not the resident application
_____________________________

I tried to find a file for ANTIDOTE and there isn't one so I was unable to find a log.

So... Dan and my great helpers,
Does this mean that I do not have the worms and Trojan or just don't have the worms?

I do not know what to do if I'm missing files, like the one to run the TDS-3 and the MISCONFIG, and whether or not I can reinstall my Internet Explorer or not? The IE won't work by the way...I had told Gavin about it, but not here on the forum. Maybe I am getting ahead of myself with these problems.

Just tell me what to do next and I'll try to be PATIENT...


Blessings, Teresa

 

Okay, given that nothing else is finding anything the original alert may just be a false alarm.

Can you please download HijackThis from

http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip?

Once you unzip the single exe file run it and press the 'Scan' button. Once it is done that button will change to "save log" press that (do *NOT* try to fix anything yet); it will prompt for some filename (just name it anything) and then that log will open up in Notepad. When it does I want you to copy that log and paste it here (if you are unsure how to do this, put the mouse cursor in the notepad window, press Ctrl+A and then Ctrl+C and then start a reply here and put the cursor in the message box and press Ctrl+V)

Also, do you remember what you did that might account for the dll file being different?

Thx

 

All the other times you ran TDS without a problem, so how can that oleaut32.dll all of a sudden have changed?
I can't imagine the magistr cleansing tool would have caused that, but it could be possible if that was the only thing you ran at all.
OK, to get a new one, look here:
http://tds.diamondcs.com.au/index.php?page=files
It's the required system files page.
Above that list is a blue link to get first the vbruntimes6 sp5 from the MS site. It includes that file.
Did i ever read before you get anything from the ms/windows site or updates from there HP wants you to first grab a special patch from HP to avoid some dramatic errors? Did you ever get that patch?

You might like to print some of the instructions if they are written on a site like here in the forum and it requires rebooting or closing windows.

First of all do what Dan says and run that hijackthis file.
To run it, close every other program and window except that hijack thing.
After your posting and possible cleaning we can start rebuilding with checking files versions and all that.
So i keep shut now as Dan is a good specialist and knows what he's doing.

 

Hi Teresa and welcome to Wilders

Here is the HP link to download new drivers and the latest BIOS
Have you installed the latest BIOS on your HP yet?

http://h20015.www2.hp.com/en/softwareCategory.jhtml;jsessionid=RQBX422ECZ1TXQEXGR5UOSQ?reg=&cc=us&pagetype=software&prodId=hppavilion19286&lc=en&docparent=30700497&sw_lang=en

con




Added URL tags

 

Ok....here's an update on my progress.
I have run the system files from the TDS site and finally got the .dll file for TDS to run.
I brought the TDS screen up and made any changes needed to the configuration.
Under DEEP-SEARCH I had to check Client Edit Servers. Under the GENERIC tab I needed to check the SCAN NTFS ADS Hidden Stream, but it told me that it was not supported on my machine. I had already gotten the RADIUS update when I installed TDS the first time, but I don't know how to make it work. JOOSKE said that I needed to just drop it into the TDS directory, but I am at a loss as to how to do that. I can't find the directory. I don't see it in the TDS file. So where The Radius file is already in the TDS file. It is a file that has to be 'opened with.....' it has the explorer icon. Is that the way it should look?
As soon as I can get that running and do the full system scan with TDS I will copy the log and paste in a reply, here...
Dan, as far as the TDS dll file not working and when this started. I'm thinking it may have happened when I had ran a program called System Detective. I ran a stystem registry clean up and also a junk and old file clean up and may have missed seeing the file in there. Little do I know!

Does that sound like a possibility
Anyway, as soon as I hear from someone about how to get that Radius thing working and do the scan I'll let you know the progress.

Thanks so much! Teresa

 

Hey,

Regarding the radius file what you have to do is;

1. Close TDS if you have it open

2. Move the radius file that you downloaded into the TDS directory (which, by default) is installed in

c:\Program Files\TDS

3. Restart TDS

and you are updated

Don't worry about the dll thing now, since you were able to fix that (for which you got a karma cookie )

Let us know the results of the scan (or if you have trouble with the above instructions)

Thanks

 

Dan,
The radius icon is already in the TDS folder with all of the other files that belong to TDS, but when I tried earlier to run the scan it told me that I needed the radius update still. That's why I thought I hadn't put it in the directory correctly. Are you meaning... directory=TDS folder?
Here is the log from today when I tried to scan:

16:41:25 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
16:41:26 [Init] Started 03-07-03 16:41:26 Eastern Standard Time (UTC: 5), Internet Time @903.77
16:41:26 [Init] Loading TDS-3 Systems ...
16:41:26 [Init] Token successfully adjusted.
16:41:26 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
16:41:26 [Init] • Plugins : OK. Loaded 13
16:41:26 [Init] • Exec Protection : Not Installed
16:41:26 [Init] WARNING: Your Radius.TD3 database needs to be updated!
16:41:26 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
16:41:26 [Init] Licensed users can use the Update facility from the TDS menu
16:41:27 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
16:41:45 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
16:41:45 [Init] • Systems Initialised [25490 references - 8347 primaries/6891 traces/10252 variants/other]
16:41:45 [Init] Radius Systems loaded. <Databases updated 12-06-2003>
16:41:45 [Init] TDS-3 Ready. <Teresa@0.0.0.0, 206.156.224.111, 127.0.0.1 - USA>
16:41:46 [Tip Of The Day] Did you know? - DiamondCS are the only anti-trojan company that updates DAILY.
16:41:46 [Init] NOTICE A change has been detected in the autostart registry. Press Ctrl+A to view the autostart registry
16:41:46 [TDS] Good afternoon Teresa.
16:41:56 [Mutex Memory Scan] Started...
16:41:58 [Mutex Memory Scan] Finished (no trojan mutexes found).
16:41:58 [Trace Scan] Started...
16:42:48 [Trace Scan] Finished.
16:42:48 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
16:42:49 [Setup] Configuration saved.
16:48:01 [Memory Scan] Memory scan started, please wait a moment ...
16:48:09 [Memory Scan] Memory scan complete.
16:48:09 [Mutex Memory Scan] Started...
16:48:11 [Mutex Memory Scan] Finished (no trojan mutexes found).
16:48:11 [Trace Scan] Started...
16:49:00 [Trace Scan] Finished.
16:53:05 [Service\Driver Scan] Scanning for services and drivers ...
16:53:06 [Service\Driver Scan] Scanned 18 services and drivers.
16:53:06 [File Scan] Scanning in C:\ ...
16:53:06 [CRC32] Started - verifying 29 files ...
16:53:08 [CRC32] File doesn't exist: C:\WINDOWS\System\cmd.exe
16:53:10 [CRC32] File doesn't exist: C:\WINDOWS\System\netstat.exe
16:53:11 [CRC32] File doesn't exist: C:\WINDOWS\System\drwatson.exe
16:53:11 [CRC32] File doesn't exist: C:\WINDOWS\System\drwtsn32.exe
16:53:12 [CRC32] File doesn't exist: C:\WINDOWS\System\rundll32.exe
16:53:13 [CRC32] File doesn't exist: C:\WINDOWS\System\taskman.exe
16:53:14 [CRC32] File doesn't exist: C:\WINDOWS\System\taskmgr.exe
16:53:15 [CRC32] File doesn't exist: C:\WINDOWS\System\winlogon.exe
16:53:16 [CRC32] File doesn't exist: C:\WINDOWS\System\regedt32.exe
16:53:18 [CRC32] File doesn't exist: C:\WINDOWS\System\netmsg.dll
16:53:19 [CRC32] File doesn't exist: C:\WINDOWS\System\winsock.dll
16:53:21 [CRC32] Test finished.
17:33:01 [File Scan] Scanned 20751 files: 0 alarms in 2394.859 seconds (Avg 9.66 files/sec)
17:33:03 [File Scan] Scanning in A:\ ...
17:33:05 [File Scan] Scanned 0 files: 0 alarms in 2.078125 seconds (Avg 1. files/sec)
17:33:05 [File Scan] Scanning in C:\ ...
18:20:46 [File Scan] Scanned 20751 files: 0 alarms in 2860.793 seconds (Avg 8.25 files/sec)
18:20:48 [File Scan] Scanning in D:\ ...
18:20:48 [File Scan] Scanned 0 files: 0 alarms in 0.0625 seconds (Avg 1. files/sec)
18:20:48 [File Scan] Scanning in C:\WINDOWS\ ...
18:47:22 [File Scan] Scanned 12707 files: 0 alarms in 1593.836 seconds (Avg 8.97 files/sec)
18:47:23 [File Scan] Scanning in C:\ ...
19:18:41 [File Scan] Scanned 20751 files: 0 alarms in 1877.133 seconds (Avg 12.05 files/sec)
19:18:43 [Scan] Finished.
20:10:52 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
20:10:52 [Init] Started 03-07-03 20:10:52 Eastern Standard Time (UTC: 5), Internet Time @1049.21
20:10:52 [Init] Loading TDS-3 Systems ...
20:10:52 [Init] Token successfully adjusted.
20:10:52 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
20:10:52 [Init] • Plugins : OK. Loaded 13
20:10:53 [Init] • Exec Protection : Not Installed
20:10:53 [Init] WARNING: Your Radius.TD3 database needs to be updated!
20:10:53 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
20:10:53 [Init] Licensed users can use the Update facility from the TDS menu
20:10:53 [Init] Unloading ...

By the way, Thanks for the COOKIE!!

 

Yes, you need to overwrite the existing (out-of-date) radius with the one you downloaded. Also, I noticed that you still have CRC test enabled in your configuration, my previous instruction show you how to disable that (or did you do it already and this log was from before you changed the config?)

 

That radius really needs to be overwritten with the newest one.
What you call TDS-folder we name TDS directory.
The radius.td3 has no IE icon, that is the page where you got it.
Just press http://tds.diamondcs.com.au/radius.td3 and download the file offered there, put that in the TDS DIRECTORY. Just put it there every day monday till friday a new one. As you have an evaluation version of TDS you will keep getting that update reminder till you register the software. You've 30 days for evaluation so either register or at least hurry using it as good as possible.


Did you get to the hijackthis in the meantime and can you post the log of that as Dan asked?
In the meantime don't use any cleansers or fixers till you get an accord from Dan.
He is trying to help you step by step so please walk with him and do exactly as asked, no sidesteps to avoid mistakes and confusion.

The NTFS streams are for the NT/w2000/XP systems, not for yours so don't let that confuse you.

 

Hi Dan,

Was the forum having troubles yesterday (Friday)?
I was not able to get on. It kept timing out.

Here is the hijackthis log:

Logfile of HijackThis v1.95.0
Scan saved at 10:19:16 AM, on 7/5/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\NSCHECK.EXE
C:\WINDOWS\SYSTEM\NSCHECK.EXE
C:\WINDOWS\SYSTEM\NSCHECK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TDS3\XDYNAMIC\TDS.UNPK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.lycos.com/srch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.gk.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://musicbox.music-charts.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.jethomepage.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL=http://proxycfg.marketscore.com/gencfg.asp?id1=8oRFxfKNNh7&id2=U2a0MADfs3a&lp=1&nsv=5.2.4.5
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [OSSProxy] C:\WINDOWS\SYSTEM\ossproxy.exe
O4 - HKCU\..\Run: [NSCheck] C:\WINDOWS\SYSTEM\nscheck.exe /check
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Broken Internet access because of LSP provider 'csloa.dll' missing
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab

 

Hey Dan,

By the way,

I was reading over all the previous posts to make sure I had done all that was asked. I noticed that I hadn't yet done the HP BIOS patch that Jooske and the Controller had spoken about. Should I do that yet or wait?
Also just so you know that when I got my .dll file working for TDS, I also got the misconfig to work. Only reason I wanted it to work was so that I could get some things on the taskbar to quit running at start up.
My daughter tried to download Yahoo messanger yesterday(without asking first, mind you!!! ) and she said that a .dll file was not there for it though. I haven't checked out what she said happened yet. Just wanted to mention it here so you would know that there are still some trouble with files and so I would remember to tell you about it.
Anyhow, I'll wait for the next instructions....
Teresa

 

Hi Teresa P,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://musicbox.music-charts.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL=http://proxycfg.marketscore.com/gencfg.asp?id1=8oRFxfKNNh7&id2=U2a0MADfs3a&lp=1&nsv=5.2.4.5
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b
O4 - HKCU\..\Run: [OSSProxy] C:\WINDOWS\SYSTEM\ossproxy.exe
O4 - HKCU\..\Run: [NSCheck] C:\WINDOWS\SYSTEM\nscheck.exe /check
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

Reboot after doing so, preferably into safe mode and delete:
C:\WINDOWS\System\WINSTART001.EXE
C:\WINDOWS\SYSTEM\ossproxy.exe
C:\WINDOWS\SYSTEM\nscheck.exe

Download Adaware 6 or Spybot S&D to clean out the rest.
Make sure to update before you scan your computer with either one. Keep in mind AdAware has to be closed and restarted after updating.

Regards,

Pieter

 

Please do first of all what Pieter advised, you might like to print out his instructions.

Mind i was not talking about a BIOS patch but something i'm searching for on the HP support pages but didn't find yet. I found a whole HP Pavillion support newsgroup at yahoogroups, not sure if this is the official HP support too. Anyway, wait with that HP windows update patch (maybe Controler is right and it could be something for the BIOS, i don't know till a description and proper d/l is found for that)
First of all clean out and fix as Pieter (he certainly is a hijackthis/startup specialist here and on internet as a whole!) described.
After reboot and cleaning with adaware and spybotS&D you might like to post the new status and a new hijackthis log.
Looking forward to that.

About your question re the forum: yes, there was yesterday a maintenance which took longer then expected but we're all back!
Waiting for your next results!

 

Hi,
I did the hijack thing and fixed the items that you wanted fixed and deleted the 3 items that you wanted deleted. That was wonderful to do because those three items had been drying me crazy anyway! I couldn't get them to stop starting at start-up and didn't know what they were for and if it was o.k. to get rid of them. It was my pleasure to delete them once and for all!!!
I just downloaded Adaware 6 and don't know exactly what you mean by updating. Do you mean the Adaware itself or my computer or what? On the Adaware site there are 3 updates...are those the updates that you are talking about?
When I scan.. will I do a complete scan? Haven't looked at the program. Just asking before hand just in case, so that I know for sure what I am doing??

 

Hi teachypeachy,

Glad you enjoyed that.

After you install AdAware 6, click the globe at the upper right side and the update wizard for AdAware will start.
After the update you need to close AdAWare down and restart it in order for the update to be used.
Then do a scan with the Default settings. Since we did all the hard work, all AdAware needs to do is clean up inactive files and registry entries.

Regards,

Pieter

 

OKAY!
I did the scan for the Adaware.
My MISSION completed!!! And happy at that. There were a bunch of files that I knew were from things we had downloaded and were spyware and they finally got KICKED OUT!! YEAH!!!
Well, what's next, I feel like I'm on a roll, and a good one at that!!!
Teresa

 

Hey

Well, let's take a step back.

1. Since your initial post have you encountered any of the strange appearance of the desktop you first mentioned (which was probably due to the magistr virus)?

2. If I remember right, you indicated you were having problems with Internet Explorer, are those problems gone now?

Is there anything else I am missing?

 

Hi!

Let's see...

My IE is working properly now, but now the Netscape will not load up a page it says; 'the connection was refused when attemping to connect to'....
Yesterday when I did the last scan, I did notice that there were some items it there that were for Netscape, I thought. They were supposedly suspitious items for spying I think. After the scan the Netscape wouldn't work. Would I fix it by just putting the CD for installing it back in and reloading?
Also I thought that the screen hadn't flickered in several days, but it still is. How do I know what this problem is.
One question I am wondering about is this...I had downloaded some cleaning programs before. Should I delete all of them. I of course have the TDS, Adaware, Fixmagi, and the CLRAV things that you all had me use, but I had also gotten The Cleaner, System Mechanic, Antidote, and a PKZIP reader to open zip files. Should I keep them or get rid of them?
I would also like to know how and when I should use the programs that I do need.
How can I move the programs from my desktop to...say the system tools file or somewhere else?
Can I run the Antidote program again (that was the one that told me that I had the worms and Trojan to begin with) to make sure that they are all clean?
Thanks!
Teresa