Please Help Me ! ! ! Im New ! ! !

Discussion in 'privacy problems' started by cleverboy123, Aug 12, 2005.

Thread Status:
Not open for further replies.
  1. cleverboy123

    cleverboy123 Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    13
    Location:
    London
    Hi People I have been looking around these forums and It seems a though this the one of the largest forums aroound. Anyway I have Quite a Big Problem with spyware at the moment and need your Help to fix it ! ! ! :D :D

    I have been getting a huge ammount of port and network attacks and my Sygate firewall keeps telling me that My network is being accessed from another remote computer and Is being attacked many times with port Attacks. I have saved the logs and have the IP addresses of these attackers and was going o report them but much to my despair they may be using a Proxy Server. :oops: :oops:

    Also I think It has disabled me from going to security realted sites like norton antivirus and McAfee etc.

    Also I have been lately been experiencing slow reboots, Freezes and many Microsoft error messages. My Antivirus seems to be telling me that I have bloodhound.exploit.6 on my computer and many other unknown viruses. o_O

    Please Help Me Through This Problem :cool:

    Greatest Thanks :)
     
    Last edited: Aug 12, 2005
  2. WinAntiVirus_Guy

    WinAntiVirus_Guy Lurker

    Joined:
    Jun 14, 2005
    Posts:
    5
    Hi

    Looking through your post I make some conclusions and want to propose you next steps:

    1. Patch from that exploit which you catch:

    http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

    It is official Microsoft patch.

    2. You have Firewall and Antivirus on your comp, I see they didnt help U... Its a pity. I reccomend you to use newest version of Antivirus to prevent such situations. Or if you already have it - update your bases...

    Most important notice to you - install good firewall on your computer. It will help you to prevent such situations with smb on your computer.

    Now you need to make full scan of your computer and remove all malwares you have.

    If there some more questions - ask.
     
  3. cleverboy123

    cleverboy123 Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    13
    Location:
    London
    Hi there m8 thanks for the quick reply ! :D

    I have downloaded the patch already but i am currently unable to access the microsoft website as it keeps redirecting me to a funny lookin search engine !

    I have Anti-Vir
    AVG
    Norton Antivirus
    Trend Micro Antivirus

    I have updated each one to the latest update but the problem is that it cant disinfect it it has no rpoblem with finding it. It also deletes he files but somehow they come back !

    The File affected is called TWUNK_16 and has the bratle.b virus . It also has a load of other suspicious files and unknown viruses. Some of the infected files appear to be Trojans.

    http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.l.html

    Another thing about this is that it prevents me from accesing security related sites. (eg.microsoft-anivirus)

    My firewall is currently Sygate and is working fine but i still seem to be gettin attacked from remote computers on ports.

    I have done another scan but no luck the same result.

    Hope you can help me

    thanks :D
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi cleverboy123 welcome to Wilders.

    You will need to download and run “Hijack This” found here and post your log at one of the HijackThis Specialist Forums, the two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Once your system is clean I would suggest that you take a look here: Why did I get infected in the first place? Also, for further information on security and how to make your system that much stronger, see here, as well there are discussions here and even more here.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  5. cleverboy123

    cleverboy123 Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    13
    Location:
    London
    there seems to be no problem with my log though ! :D

    any other suggestions ??

    Thanks for your help anyway ! ;)
     
  6. cleverboy123

    cleverboy123 Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    13
    Location:
    London
    Also any1 know what bloodhound.exploit.6 is it keeps tellin me norton.

    please help me thx
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    http://www.pchell.com/virus/bloodhound.shtml
     
  8. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    download a trial of ewido and webroot's spyweeper and remove anthing found. also since you have trendmicro go to thier homepage and do a search on system cleaner it's easy to create and run - should fix probs.
     
  9. cleverboy12

    cleverboy12 Guest

    Hi Thanks I have done as requested but it keeps coming back after a rebboot !

    Any other suggestions ? plz
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
  11. cleverboy12

    cleverboy12 Guest

    already tried that it says file unable to delete error message !

    Dou think that there is any possibility left ! plz say yes !
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
  13. cleverboy12

    cleverboy12 Guest

    already tried those m8 they keep comin back after a reboot !

    Reformatting should i come to !
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
  15. cleverboy12

    cleverboy12 Guest

    actually i need real time help cos reformattin will loose my settings all these years. Something can come from nothing dont you think ronjor. I appreciate all your help ! thx
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    All that can be recommended is you post a hijack log as suggested in post four.
     
  17. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    try downloading avast home free and it's downloadable detection database. boot into safe mode and turn off system restore. then install avast - should prompt for scan on next boot - select yes. if not caught during reboot go back into safe mode install the updated database signatures you downloaded and schedule another scan on boot. worth a try before reformattin.
     
  18. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    It appears that some spyware has infected your Hosts file (among other things). The infection of the Hosts file is the reason you are getting redirected from certain sites to other sites. You will need to edit the Hosts file with wordpad. It's found in c:\windows\system32\drivers\etc

    If you don't know what a hosts file is, when you open it, delete everything except 'localhost 127.0.01'

    Also, have you tried running programs like CWShredder ? (as what you describe is similar to CWS spyware behaviour...but other spyware could do the same). It's one of the harder pieces of spyware to remove. Some newer versions are coming with coding to hide them from scanners (CWShredder may not remove the lastest versions of CWS, as it is no longer being updated - last I heard)

    Another thing that may be worth trying is Kaspersky Antivirus who have a free online scanner at www.kaspersky.com

    You may also want to try
    Ewido antitrojan (free) at www.ewido.com
    Microsoft Antispyware (free) http://www.microsoft.com/athome/security/spyware/software/default.mspx

    Hope they help.
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What specialist forum have you posted your log at?

    Cheers :D
     
    Last edited: Aug 12, 2005
  20. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    CWS is still being updadated. It is now owned by Trend Micro but still free. Latest version 2.15.
     
    Last edited: Aug 12, 2005
  21. cleverboy123

    cleverboy123 Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    13
    Location:
    London
    Hi there People,

    I have as you said removed all entries but 127.0.0.1 from my hosts file and it seems to stop the redirecting. I cannot downlaod those CW files because i cant for some reason comlete it fully it stops somewhere in the middle.

    Blackspear i have posted my log in that Spywareinfo forum but i am waiting for a rely however i have also posted my log in nerdhelp and majorgeeks and they seems to come up with the solution that there are 2 entries i could remove and these are it :

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


    O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

    Can anyone here back this up plz ?
     
  22. cleverboy12

    cleverboy12 Guest

    Oh this is weird i restart my computer and my homepage has changed o about;blank and keeps advertisin and windows is tellin me that i need to downlaod a spyware remover then it seems to be a rogue one as it is sayin that its free but askin for card details !!!
     
  23. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Re the one with Navload.ini, see this link http://castlecops.com/s5609-NavLoad_ini.html - it's safe to delete.

    I would imagine that any BHO registry entry with no file reference is safe to delete, and the techies at spywareinfo should know, so I'd personally delete them.

    I did a quick google search and came accross the following sites -
    About Blank is a CWS variant, and there appear to be a number of variations of about blank (I don't know these sites, just ones I came across, but at least they give a starting point for understanding About Blank)http://www.siena.edu/antivirus/Spyware/aboutblank.asp
    http://www.pchell.com/support/aboutblank.shtml
    http://www.answers.com/topic/coolwebsearch
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Please do NOT delete anything, wait until you receive a reply and then follow their instructions precisely.

    Cheers :D
     
  25. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
Loading...
Thread Status:
Not open for further replies.