Denial of MSN service, virus? ,I DON'T KNOW...

Discussion in 'SpywareBlaster & Other Forum' started by IronCurtain, Jan 24, 2004.

Thread Status:
Not open for further replies.
  1. IronCurtain

    IronCurtain Guest

    Now I've downloaded your product, and it too will not update...
    Here is what I have written and was responded to in the pcpitstop forum... It's driving
    me nutz, I've been working on fixing this for the last 28 hours... I have gone to
    the registry and can't find these things anymore but I still can't update NORTON,
    the firewall can't be turned on (it's all been turned off), I have to turn on auto
    protect manually... The reboot time is almost 4 minutes... And my MSN won't work
    because when I try to log on I get the error message that I am not connected to the
    internet... HELP!!! o_O :'( Iron

    **************************************************************
    I have run every scan in the book... I tried to update the AVG I just downloaded and it says I'm not connected to the internet... MSN does the same thing... My norton has been turned off... Can't figure out what the problem is... I've been working on this since this morning... I just have no clue... I turned off system restore, so I can't get back my MSN. I know this sounds pathetic, but I need help...
    SpyBotSearchandDestroy found this in my start-up and i have no clue how to get rid of it:
    Current value: MSConfig
    Current filename: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    Database status: Typically not required
    Value: MSConfig
    Filename: MSCONFIG32.EXE

    Description
    Unidentified adware, spyware or virus. Not to be confused with the valid entry above which has the command \"msconfig.exe\"

    Source: Paul Collins Startup list

    AND YES, there's an AND, something is blocking me from Window's update...
    I always keep that updated...

    Iron

    This post has been edited by IronCurtain on Jan 23 2004, 08:47 PM

    stormy13 Posted: Jan 23 2004, 08:58 PM Report a rules violation « Quote »



    Still Learning



    Group: Anti-Spyware Brigade
    Posts: 1129
    Member No.: 3229
    Location: Toronto, Ontario



    You have a virus/worm that is causing your problems. See here,

    http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SPYBOT.B

    for info on how to remove it.

    --------------------
    Adaware Spybot S & D

    How to post a test.

    IronCurtain Posted: Jan 23 2004, 10:47 PM Report a rules violation « DELETE » « Edit » « Quote »



    Member



    Group: Members
    Posts: 19
    Member No.: 13256
    Location:



    I have run the Trend Micro Sysclean application... On 26 files, there was an error and access was denied... It found no other viruses... Argh... Iron

    This post has been edited by IronCurtain on Jan 23 2004, 10:48 PM

    ggarj Posted: Jan 23 2004, 10:57 PM Report a rules violation « Quote »



    Advanced Member



    Group: Anti-Spyware Brigade
    Posts: 622
    Member No.: 7042
    Location: East Coast, USA



    IronCurtain .. try running a virus scan here

    http://housecall.antivirus.com/housecall/s.../start_corp.asp

    IronCurtain Posted: Jan 23 2004, 11:00 PM Report a rules violation « DELETE » « Edit » « Quote »



    Member



    Group: Members
    Posts: 19
    Member No.: 13256
    Location:



    I'll try running it without updating, it won't let me update... Says I have no connection to the internet...lol... Iron...

    IronCurtain Posted: Jan 24 2004, 08:42 AM Report a rules violation « DELETE » « Edit » « Quote »



    Member



    Group: Members
    Posts: 19
    Member No.: 13256
    Location:



    None of these things seemed to have helped... Any other suggestionso_O Iron

    This post has been edited by IronCurtain on Jan 24 2004, 08:42 AM

    stormy13 Posted: Jan 24 2004, 08:47 AM Report a rules violation « Quote »



    Still Learning



    Group: Anti-Spyware Brigade
    Posts: 1129
    Member No.: 3229
    Location: Toronto, Ontario



    Did you try following the instructions in the link I provided,

    http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SPYBOT.B

    It has instructions on how to manually remove the trojan.

    --------------------
    Adaware Spybot S & D

    How to post a test.

    dickster Posted: Jan 24 2004, 08:48 AM Report a rules violation « Quote »



    Just A Member



    Group: Anti-Spyware Brigade
    Posts: 2933
    Member No.: 50
    Location: Texas



    Lot of things you can try mentioned in this thread.

    http://www.computing.net/security/wwwboard...forum/5857.html

    --------------------
    2.0 P4, 512 DDR 2100, 100+40gb 7200 hdd, W2K


    How To Post PC Pitstop Test Results

    IronCurtain Posted: Jan 24 2004, 09:25 AM Report a rules violation « DELETE » « Edit » « Quote »



    Member



    Group: Members
    Posts: 19
    Member No.: 13256
    Location:



    Thank you Stormy, I did that last night... I went into the registry but don't see where it has been changed...

    Thank you Dickster... I found an entry about: http://www.dougknox.com
    Do you know where or what to do from that siteo_O

    Iron

    dickster Posted: Jan 24 2004, 09:36 AM Report a rules violation « Quote »



    Just A Member



    Group: Anti-Spyware Brigade
    Posts: 2933
    Member No.: 50
    Location: Texas



    Here's what is says about that site.

     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi IronCurtain :)

    Welcome to Wilders.

    Since u have already run Spybt S&D go to step 2 of the instructions at this link,

    http://www.wilderssecurity.com/showthread.php?t=15913

    then post a hijackThis log.





    snowbound
     
  3. IronCurtain

    IronCurtain Guest

    Here's the log, thanxz for the help!!!
    *******************************************
    Logfile of HijackThis v1.97.7
    Scan saved at 2:01:03 PM, on 1/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Crystal Johnson\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
    C:\WINDOWS\System32\svchost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.16.201/sb/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.backroads.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.16.201/sb/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (disabled by BHODemon)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (disabled by BHODemon)
    O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (disabled by BHODemon)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.05.04&http://www.lookingyourbest.com/inamodel/index.html
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.7589236111
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -

    http://www.pcpitstop.com/antivirus/PitPav.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
    O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi IronCurtain,

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.16.201/sb/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.40.16.201/sb/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

    R3 - Default URLSearchHook is missing

    Then download and run CWShredder

    Then reboot, try again and let us know.

    Oh, and you can release the BHO's that are disabled by BHODemon. They are all of the friendly kind. ;)

    Regards,

    Pieter
     
  5. IronCurtain

    IronCurtain Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    12
    Didn't work...

    Here are two examples of what the problems are:

    1)MSN:
    We were unable to sign you into NET. Messenger Service, possibly because of a problem with your internet connection. Please try again later. 0x81000370

    2)WINDOWS UPDATE:
    Windows Update has encountered an error and cannot display the requested page.

    Select from any of the following pages for information about Windows Update services, or send us your feedback.

    Windows Update Home Page
    About Windows Update
    Support Information



    You can also get online support if you are having problems with Windows Update.


    Send error number to Microsoft (0x800C0005)
    ************************************************************


    Also, is there some way to re-establish the internet connection to these productso_O

    Thanxz Iron
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    If i can interrupt here ;)

    I found this link,

    http://www.askmarvin.ca/forums/index.php?showtopic=664

    that could be useful for your MSN problem.




    snowbound
     
  7. IronCurtain

    IronCurtain Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    12
    No, that's not it, but thanxz... Iron... o_O
     
Thread Status:
Not open for further replies.