|
#1
01-05-2006, 05:42 AM
|
|||
|
|||
Need help fixing virus
Hello,
2 days ago i bumped into a site that contains an exploit  xp-firewall or antivir did nothing, norton started to give "automatic rule confirmation" to explorer, or something like that, about 10 pop-ups very rapidly i turned off my pc but it was too late my pc started to run slower and had constant up&downstream which i could not turn off with xp-firewall or norton so i formatted and reinstalled but nothing has changed antivir now recognises the exploit when u open the webpage: Contains signature of the exploits EXP/MS05-013 located in Temp Internet files\content.ie5\vklse64k\search[1].htm -------- Location Website > !!! > http://crackspider.net/search.shtml?q=hotmetal can someone tell me how to get rid of this nasty thing ? cheerz omi 
|
|
#2
01-05-2006, 05:42 AM
|
|||
|
|||
|
Re: Need help fixing virus
From: "omi" <omi@discussions.microsoft.com>
| Hello, | | 2 days ago i bumped into a site that contains an exploit | xp-firewall or antivir did nothing, norton started to give "automatic rule | confirmation" to explorer, or something like that, about 10 pop-ups very | rapidly | i turned off my pc but it was too late | my pc started to run slower and had constant up&downstream which i could not | turn off with xp-firewall or norton | so i formatted and reinstalled but nothing has changed | | antivir now recognises the exploit when u open the webpage: | Contains signature of the exploits EXP/MS05-013 | located in | Temp Internet files\content.ie5\vklse64k\search[1].htm | -------- Location Website > !!! > | http://crackspider.net/search.shtml?q=hotmetal | | can someone tell me how to get rid of this nasty thing ? | cheerz | omi There are anti virus News Groups specifically for this type of discussion. microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#3
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Need help fixing virus
thnx for the tool and help
i've been trying multiple things the last days to get rid of the bugs, without result i've tried a format of my hd and installed basic winxp and some msi without updates installed MultiAV, updated and ran a scan (results below) i'm still leaking up&downstream now i've done a full update of all systems including norton. strange thing is that norton has an automatic rule for "MS Generic Host Process for Win32 Server" > C:\Windows\System32\svchost.exe i get a popup from norton every now and than confirming this When i performed a clean install of windows on a formatted drive this same svchost.exe is in my start-up menu at this time it is leaking Mb's up-&downstream also i have AntiVir witch is the one who discovered the exploit at the webpage, too late but AVGNT.exe is also leaking Mb's there's a virus somewhere hidden on my pc, i've rebooted with win-xp cd and deleted an 8Mb sized partition witch has been created automatically i presume. formatted C: and installed windows dang... svchost.exe is acting weird allready pff if formatting doesn't help i'm lost need help badly cheerz -------------------------------------------------------------------- Sophos Anti-Virus Version 4.01.0 [Win32/Intel] Virus data version 4.01, January 2006 Includes detection for 116927 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 15:40:35, System date 04 January 2006 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet IDE directory is: c:\AV-CLS\Sophos Using IDE file agent-gg.ide Using IDE file agent-tm.ide Using IDE file agobotuj.ide Using IDE file attech-b.ide Using IDE file bagdl-an.ide Using IDE file bagdl-ao.ide Using IDE file bagdl-ap.ide Using IDE file bagle-ar.ide Using IDE file bagle-as.ide Using IDE file bagle-ax.ide Using IDE file bagle-ex.ide Using IDE file bagled-v.ide Using IDE file bagledar.ide Using IDE file bagledas.ide Using IDE file bagledba.ide Using IDE file bancb-jn.ide Using IDE file bancb-jx.ide Using IDE file bancb-kb.ide Using IDE file bancb-lb.ide Using IDE file bancb-lf.ide Using IDE file bancb-lz.ide Using IDE file bancb-mq.ide Using IDE file bancb-mv.ide Using IDE file banco-fv.ide Using IDE file bankdl-z.ide Using IDE file banke-ik.ide Using IDE file banlo-bs.ide Using IDE file banlo-cl.ide Using IDE file banloadh.ide Using IDE file bckdr-e.ide Using IDE file bckdrawr.ide Using IDE file bloat-a.ide Using IDE file bobax-n.ide Using IDE file borobt-x.ide Using IDE file brepbo-b.ide Using IDE file bronto-j.ide Using IDE file bronto-l.ide Using IDE file bronto-m.ide Using IDE file chode-q.ide Using IDE file crutle-a.ide Using IDE file danmec-a.ide Using IDE file danmec-e.ide Using IDE file danmec-f.ide Using IDE file danmec-g.ide Using IDE file dash-d.ide Using IDE file dasher-c.ide Using IDE file dldr-acm.ide Using IDE file dloa-abj.ide Using IDE file dloa-abq.ide Using IDE file dolebo-a.ide Using IDE file downl-la.ide Using IDE file downl-lw.ide Using IDE file downl-nr.ide Using IDE file dumad-et.ide Using IDE file dwnldrqb.ide Using IDE file erkez-g.ide Using IDE file fasong-b.ide Using IDE file feebs-a.ide Using IDE file feute-bc.ide Using IDE file feutel-b.ide Using IDE file funot-a.ide Using IDE file gina-n.ide Using IDE file grayb-au.ide Using IDE file hazif-c.ide Using IDE file horst-c.ide Using IDE file icyfox-b.ide Using IDE file ircbo-au.ide Using IDE file jupdropa.ide Using IDE file keylo-bl.ide Using IDE file loosky-e.ide Using IDE file loosky-k.ide Using IDE file loosky-m.ide Using IDE file mainzz-f.ide Using IDE file mipbot-a.ide Using IDE file mytob-fz.ide Using IDE file mytob-gc.ide Using IDE file mytob-gf.ide Using IDE file mytob-gk.ide Using IDE file nailpola.ide Using IDE file nosun-a.ide Using IDE file nuclearo.ide Using IDE file pccli-ij.ide Using IDE file perda-i.ide Using IDE file poebot-t.ide Using IDE file proto-ag.ide Using IDE file raker-b.ide Using IDE file rbot-afv.ide Using IDE file rbot-alo.ide Using IDE file rbot-aoh.ide Using IDE file rbot-azu.ide Using IDE file rbot-baf.ide Using IDE file rbot-bal.ide Using IDE file rbot-bam.ide Using IDE file rbot-ban.ide Using IDE file rbot-bba.ide Using IDE file rbot-bbb.ide Using IDE file rbot-bcc.ide Using IDE file rbot-bcq.ide Using IDE file rbot-bfl.ide Using IDE file rbot-bfr.ide Using IDE file rbot-bgh.ide Using IDE file rbot-bhq.ide Using IDE file rbot-bht.ide Using IDE file rbot-bhz.ide Using IDE file rbot-lt.ide Using IDE file ritdoo-f.ide Using IDE file rknu-a.ide Using IDE file sdbo-agc.ide Using IDE file sdbo-agd.ide Using IDE file sdbo-agg.ide Using IDE file sdbo-agz.ide Using IDE file sdbo-akz.ide Using IDE file sdbo-dic.ide Using IDE file sdbot-tq.ide Using IDE file sdbt-agt.ide Using IDE file smal-cam.ide Using IDE file smallfq.ide Using IDE file smwg-a.ide Using IDE file sober-z.ide Using IDE file spyaks-b.ide Using IDE file spybo-et.ide Using IDE file spybotel.ide Using IDE file stinx-h.ide Using IDE file stinx-m.ide Using IDE file sunk-a.ide Using IDE file surila-i.ide Using IDE file surila-j.ide Using IDE file tileb-by.ide Using IDE file tileb-cb.ide Using IDE file tileb-cc.ide Using IDE file tileb-gs.ide Using IDE file torpig-u.ide Using IDE file traxg-g.ide Using IDE file vbbot-i.ide Using IDE file vixup-u.ide Using IDE file zapch-ad.ide Using IDE file zapch-af.ide Using IDE file zlob-o.ide Full Scanning Could not open c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Could not open c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Could not open c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Could not check c:\System Volume Information\_restore{01460F71-D3F1-4684-B727-CBC37948DA33}\RP67\snapshot\ComDb.Dat (corrupt) Could not check c:\System Volume Information\_restore{01460F71-D3F1-4684-B727-CBC37948DA33}\RP68\snapshot\ComDb.Dat (corrupt) Could not check c:\System Volume Information\_restore{01460F71-D3F1-4684-B727-CBC37948DA33}\RP69\snapshot\ComDb.Dat (corrupt) Could not check c:\System Volume Information\_restore{01460F71-D3F1-4684-B727-CBC37948DA33}\RP70\snapshot\ComDb.Dat (corrupt) Could not check c:\System Volume Information\_restore{01460F71-D3F1-4684-B727-CBC37948DA33}\RP71\snapshot\ComDb.Dat (corrupt) Could not check c:\WINDOWS\Help\sysdm.chm\/$FIftiMain (corrupt) Could not check c:\WINDOWS\Registration\R000000000003.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000006.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000007.clb (corrupt) Could not open c:\WINDOWS\system32\config\system.LOG Could not check c:\WINDOWS\system32\emptyregdb.dat (corrupt) Could not open d:\ 3 master boot records swept. 24605 files swept in 57 minutes and 33 seconds. 16 errors were encountered. No viruses were discovered. Ending Sophos Anti-Virus. --------------------------------------------------------------------- 01/04/2006 17:37:51 Options: "C:" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\*.* C:\Program Files\BearShare\Installer\saveinstwm.exe ... Found potentially unwanted program Adware-SaveNow. The file or process has been deleted. C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll\00017 b68.EXE ... Found potentially unwanted program Downloader-AGT. The file or process has been deleted. The archive has been deleted. C:\Program Files\VVSN\VVSN.exe ... Found potentially unwanted program Adware-SaveNow. The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 58875 Clean: ................. 58806 Possibly Infected: ..... 0 Cleaned: ............... 0 Deleted: ............... 3 Non-critical Error(s): 1 Master Boot Record(s): ......... 3 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 00:32.20 -------------------------------------------------------------- "David H. Lipman" wrote: > From: "omi" <omi@discussions.microsoft.com> > > | Hello, > | > | 2 days ago i bumped into a site that contains an exploit > | xp-firewall or antivir did nothing, norton started to give "automatic rule > | confirmation" to explorer, or something like that, about 10 pop-ups very > | rapidly > | i turned off my pc but it was too late > | my pc started to run slower and had constant up&downstream which i could not > | turn off with xp-firewall or norton > | so i formatted and reinstalled but nothing has changed > | > | antivir now recognises the exploit when u open the webpage: > | Contains signature of the exploits EXP/MS05-013 > | located in > | Temp Internet files\content.ie5\vklse64k\search[1].htm > | -------- Location Website > !!! > > | http://crackspider.net/search.shtml?q=hotmetal > | > | can someone tell me how to get rid of this nasty thing ? > | cheerz > | omi > > There are anti virus News Groups specifically for this type of discussion. > > microsoft.public.security.virus > alt.comp.virus > alt.comp.anti-virus > > > Download MULTI_AV.EXE from the URL -- > http://www.ik-cs.com/programs/virtools/Multi_AV.exe > > To use this utility, perform the following... > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } > Choose; Unzip > Choose; Close > > Execute; C:\AV-CLS\StartMenu.BAT > { or Double-click on 'Start Menu' in C:\AV-CLS } > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your > FireWall to allow it to download the needed AV vendor related files. > > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} > This will bring up the initial menu of choices and should be executed in Normal Mode. > This way all the components can be downloaded from each AV vendor's web site. > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. > > You can choose to go to each menu item and just download the needed files or you can > download the files and perform a scan in Normal Mode. Once you have downloaded the files > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key > during boot] and re-run the menu again and choose which scanner you want to run in Safe > Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. > > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help > file. http://www.ik-cs.com/multi-av.htm > > > * * * Please report back your results * * * > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > >
|
|
#4
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Need help fixing virus
From: "omi" <omi@discussions.microsoft.com>
| thnx for the tool and help | | i've been trying multiple things the last days to get rid of the bugs, | without result | i've tried a format of my hd and installed basic winxp and some msi without | updates | installed MultiAV, updated and ran a scan (results below) | i'm still leaking up&downstream Remove the WeatherBug software. It has introduced adware/sopyware into the computer. Please download, install and update the following software... * Ad-aware SE v1.06 http://www.lavasoft.de/ http://www.lavasoftusa.com/ * SpyBot Search and Destroy v1.4 http://security.kolla.de/ After the software is updated, I suggest scanning the system in Safe Mode. I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. * BHODemon http://www.majorgeeks.com/downloadge...4332b4b8b8442d -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#5
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Need help fixing virus
hello david,
last time i tried lavasoft ad-aware it was freeware, seems like it succes has changed it into payware so this one i can't try i tried the spybot S&D still leaking Mb's i also dl'ded some more so at this time i'm using: AntiVir BHODemon clean mcafee KASFX Multi AV Norton internet security 2005 spybotsd Sysclean FE I think i better try and install everything all over again But as my system gets infected during installation i think i need something which i can use for booting i'm not mutch of an expert but i think i need a tool which i can execute after primary installation of windows and mainboard msi without updates or connection to the internet or maybe better, something i can use for scanning, fixing, deleting files after the disk is formatted What's best to use for this kind of thing ? I've installed windows about 5 times the last 3 days (----- Original Message ----- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net> Newsgroups: microsoft.public.windowsxp.security_admin Sent: Wednesday, January 04, 2006 7:23 PM Subject: Re: Need help fixing virus > From: "omi" <omi@discussions.microsoft.com> > > | thnx for the tool and help > | > | i've been trying multiple things the last days to get rid of the bugs, > | without result > | i've tried a format of my hd and installed basic winxp and some msi > without > | updates > | installed MultiAV, updated and ran a scan (results below) > | i'm still leaking up&downstream > > Remove the WeatherBug software. It has introduced adware/sopyware into > the computer. > > > Please download, install and update the following software... > > * Ad-aware SE v1.06 > http://www.lavasoft.de/ > http://www.lavasoftusa.com/ > > * SpyBot Search and Destroy v1.4 > http://security.kolla.de/ > > After the software is updated, I suggest scanning the system in Safe Mode. > > I also suggest downloading, installing and updating BHODemon for any > Browser Helper Objects > that may be on the PC. > > * BHODemon > > http://www.majorgeeks.com/downloadge...4332b4b8b8442d > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > "David H. Lipman" wrote: > From: "omi" <omi@discussions.microsoft.com> > > | thnx for the tool and help > | > | i've been trying multiple things the last days to get rid of the bugs, > | without result > | i've tried a format of my hd and installed basic winxp and some msi without > | updates > | installed MultiAV, updated and ran a scan (results below) > | i'm still leaking up&downstream > > Remove the WeatherBug software. It has introduced adware/sopyware into the computer. > > > Please download, install and update the following software... > > * Ad-aware SE v1.06 > http://www.lavasoft.de/ > http://www.lavasoftusa.com/ > > * SpyBot Search and Destroy v1.4 > http://security.kolla.de/ > > After the software is updated, I suggest scanning the system in Safe Mode. > > I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects > that may be on the PC. > > * BHODemon > > http://www.majorgeeks.com/downloadge...4332b4b8b8442d > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > >
|
|
#6
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Need help fixing virus
From: "omi" <omi@discussions.microsoft.com>
| hello david, | | last time i tried lavasoft ad-aware it was freeware, | seems like it succes has changed it into payware | so this one i can't try | | i tried the spybot S&D | still leaking Mb's | | i also dl'ded some more | so at this time i'm using: | AntiVir | BHODemon | clean mcafee | KASFX | Multi AV | Norton internet security 2005 | spybotsd | Sysclean FE | SyscleanFE -- Written by me and is incorporated in the Multi AV Scanning Tool. clean mcafee -- McAfee Clean Tool and written by me and is incorporated in the Multi AV Scanning Tool. KASFX -- Written by Art Kopp, uses a GUI based scanner but uses the same Kaspersky signatures as the Kaspersky module in the Multi AV Scanning Tool. Ad-aware SE v1.06 is FREE ! http://www.download.com/Ad-Aware-SE-....html?tag=list -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#7
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Need help fixing virus
i had those programs from the website at your sign
so i dl'ded a free copy of adaware but now i can't update the thing it says "The downloaded definitions could not be read, please update again" sigh "David H. Lipman" wrote: > From: "omi" <omi@discussions.microsoft.com> > > | hello david, > | > | last time i tried lavasoft ad-aware it was freeware, > | seems like it succes has changed it into payware > | so this one i can't try > | > | i tried the spybot S&D > | still leaking Mb's > | > | i also dl'ded some more > | so at this time i'm using: > | AntiVir > | BHODemon > | clean mcafee > | KASFX > | Multi AV > | Norton internet security 2005 > | spybotsd > | Sysclean FE > | > > > SyscleanFE -- Written by me and is incorporated in the Multi AV Scanning Tool. > clean mcafee -- McAfee Clean Tool and written by me and is incorporated in the Multi AV > Scanning Tool. > KASFX -- Written by Art Kopp, uses a GUI based scanner but uses the same Kaspersky > signatures as the Kaspersky module in the Multi AV Scanning Tool. > > Ad-aware SE v1.06 is FREE ! > > http://www.download.com/Ad-Aware-SE-....html?tag=list > > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > >
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| VIRUS | richterart@hotmail.com | Windows Update | 1 | 01-05-2006 05:20 PM |
| Re: Virus protection out of date? | Roxanne | Windows Update | 0 | 01-05-2006 05:15 PM |
| Exclude Microsoft Office Program/documents from virus scanning? | Babaroga | Windows XP Perform Maintain | 1 | 01-05-2006 06:00 AM |
| How to exclude Microsoft Office Program/documents from virus scani | Babaroga | Windows XP New Users | 1 | 01-05-2006 03:56 AM |
| Withera.exe keeps asking to coonect to the web? | Big Dave | Windows XP Help and Support | 6 | 01-05-2006 02:44 AM |
Linear Mode
