Jump to content

Anyone heard of 77777?


Recommended Posts

:geezer:

 

A while back my machine got hit by something that took over my Keyboard, and when I came on Line it used to Print out 7s if I accessed the Net?

 

I thought I had got rid of it, but this Month my Phone Bill seems to have doubled? My ISP also supplies my Phone? I have a Call Display on the Phone, it shows calls from 77777, but when redialed nothing there?

 

I can see the Duplication of every Call in my system, waiting for a Bill to be given! It was doubled!

 

I contacted my ISP about it, at first they were scepeptical, because it was on the Landline, until I pointed out it was the Landline, through ADSL, although a different frequency that was accessing the Net!

 

When I tried, after asking specific Permission from the Tech, To copy the Talk on Line. First try was rejected! Next was Copy and Paste into Word, that tried to produce three Copies?

 

Then the Link to the Tech Officer Went Dead, all there but noone Home? I was talking to others so knew It was working!

 

BTW they are trying to work on it! Any Feed Back would Help! It seems like something may be able to Jump Internet onto Landlines if they are used as ADSL?

 

Does anyone know anything?

 

:sparkle::pullhair::pullhair::sparkle:

Link to post
Share on other sites

DD,

 

I sure don't know what is holding you back from posting over to the HJT Forum and getting some expert help,

 

Doug

Link to post
Share on other sites

DD,

 

I sure don't know what is holding you back from posting over to the HJT Forum and getting some expert help,

 

Doug

 

:geezer:

 

I will Doug, thanks, after I try the fixes listed on the site above. It appears to be able to jump between ADSL and the normal landline, so my Provider of both is very interested as well. It could be a new variant of it? That would make it Dangerious!

 

It has sneaked through, but at least SpyBot picked up the Registery Change, I haven't taken much notice thinking it was something the Kids had downloaded for Office!

 

Just to clarify? The normal Phone Numbers (including the 0) are always 10 digits. Examples, (Not usual Numbers just Sample as you can see) Mobile (Cell) Phone 0412345678, Landline, 0712345678.

 

These are the Calls that have attacted my Attention.

 

On 7 Jan at 15.22 from 464466.

 

On 8 Jan at 11.02 from 7774747777

 

On 8 Jan at 11.02 from 777777777

 

On 8 Jan at 11.02 from 777747

 

On 11 Jan at 15.31 from 777777

 

On 21 Jan at 16.01 from 77777

 

I think most people would be concerned? Particularly if their Calls have doubled in the Section awaiting Billing. It is only about $AU26 But I can use that money else where and do not wish to fight with my Provider over it, they know I am a good Customer that rarely complains.

 

I seems to me that 8 Jan was a big day for it?

 

My Online Scan was Negetive, nothing showing up! Only that Notice from SpyBot shows anything wrong?

 

Google is showing it up as from M$?

 

I have done a HJT Test, can I ask a Staff to Transfer this Thread over to HJT so I just have one Link to my Provider? I think we all want to get rid of Nasties and this just may be a way of doing it? Sorry for inconvience to Staff and I hope you all understand my point of trying to keep it all together?

 

BTW my Provider is Iprimus for both Net and Landline and I, even as an untrained can see something there about them? About Proxy settings?

 

Logfile of HijackThis v1.99.1

Scan saved at 4:18:13 PM, on 22/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.iprimus.com.au

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.iprimus.com.au

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.iprimus.com.au

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.iprimus.com.au

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

 

Settings,ProxyServer = proxy.iprimus.com.au:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

 

Settings,ProxyOverride =

 

*.IPrimus.com.au;192.168.1.254;10.*;172.16.*;172.17.*;172.18.*;172.19.*

 

;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.

 

*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

 

file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

 

/STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\OfficeKB\KPDrv4XP.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [bearShare] "G:\Dynzele\BearShare.exe" /pause

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search

 

& Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

 

Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin

 

Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

 

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

 

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

 

Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Yahoo! Services -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

 

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)

 

- file://C:\Program Files\Tumblebugs\Images\stg_drm.ocx

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

 

http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj

 

Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

 

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

 

Test will be added shortly.

 

http://www.pcpitstop.com/techexpress.asp?id=SFJQSWFHQEVSYU1G

 

 

:sparkle::surrender::sparkle:

Edited by Drovers Dog
Link to post
Share on other sites

DD,

 

I will ask an admin or Trusted Adviser to consider moving your post.

 

Will you please re-run HJT and "turn off" Word Wrap in NotePad before you use Copy/Paste to post the new Log.

As you can see in your presently posted HJT Log, having Word Wrap "turned on" results in extra lines and spaces in the Log report. The result makes it very difficult to "see" the items in the log.

 

Ordinarily, a first post to HJT Forum should be a "single post" of HJT Log, with (0) zero additional posted comments or replies. This helps the Trusted Advisors identify that your Log has not been responded to and needs attention.

 

When additional posts appear, it looks like someone else is already assisting you, so an Advisor might pass by your log without paying attention.

 

It might be best to start a New Topic in HJT Forum with a single posting of a fresh HJT Log.

 

Doug

Link to post
Share on other sites

DD,

 

I will ask an admin or Trusted Adviser to consider moving your post.

 

Will you please re-run HJT and "turn off" Word Wrap in NotePad before you use Copy/Paste to post the new Log.

As you can see in your presently posted HJT Log, having Word Wrap "turned on" results in extra lines and spaces in the Log report. The result makes it very difficult to "see" the items in the log.

 

Ordinarily, a first post to HJT Forum should be a "single post" of HJT Log, with (0) zero additional posted comments or replies. This helps the Trusted Advisors identify that your Log has not been responded to and needs attention.

 

When additional posts appear, it looks like someone else is already assisting you, so an Advisor might pass by your log without paying attention.

 

It might be best to start a New Topic in HJT Forum with a single posting of a fresh HJT Log.

 

Doug

 

:geezer:

 

Thanks, Mate,

 

I diddn't realise about the Word Wrap, I was concerned with Bandwidth? I know now!

 

It OK, I can Blend all The Copies together for my Provider if we find something!

 

I Posted a New Thread on HJT with a Title similar to this one.

 

:sparkle::wub::sparkle:

Link to post
Share on other sites

:geezer:

 

It could be that the HJT Staff are a bit concerned that nothing real is there, or just concerned that they may make a Mistake? I understand this! I don't think I have many Problems with my System! I have isolateted the Phone Calls for my ISP and Phone Provider, I just wanted to get my System Checked out as well to help, if I could.

 

What I have done so far is showing up that my System is Clear except for Minor Problems, so the Ball is in the Provider's Court!

 

I am happy to take this to my Provider now and say nothing is indicated wrong on this Machine, if that is OK?

 

:sparkle::wub::sparkle:

Link to post
Share on other sites

looks like something nasty here...

 

http://www.bleepingcomputer.com/forums/topic12491.html

 

be patient for an advisor

 

 

:geezer:

 

Funny enough, Joe, I picked that up too!

 

That is in Iprimus? They are my Provider!

 

Little Sucker seems to be using my Land line? I have ADSL.

 

Little Sucker has seemed to alter my Phone Acount?

 

:sparkle::pullhair::pullhair::sparkle:

Link to post
Share on other sites

Juliet has given excellent instructions for you to follow.

No sense in coming to any conclusions before the facts become apparent.

 

Take is easy, one step and a time.

 

Doug

Link to post
Share on other sites

Juliet has given excellent instructions for you to follow.

No sense in coming to any conclusions before the facts become apparent.

 

Take is easy, one step and a time.

 

Doug

 

:geezer:

 

I know, as a long term Member, the Value of Patience, Mate, I guess I was a bit frustrated at not being to Help out?

 

You are right Juliet has given me Good Advice, I read some other HJT Threads and have worked out that I mucked up the Tests by having Tea Timer running, so at least I can save some of Juliet's valuable time by redoing them. I am running Kaspersky Online Scan and it has so far picked up 3 Viruses and 7 Infected Files. I will Post a Log on there when it is Finished. And for Information Post a Copy here. This is one Nasty little One. After that I will redo the Tests. BTW, my Computer sounds like a Truck Backing up? Continious Beeps but still working? Any Ideas?

 

:sparkle::pullhair::sparkle:

Link to post
Share on other sites

BTW, my Computer sounds like a Truck Backing up? Continious Beeps but still working? Any Ideas?

Hi DD,

 

The "Beep Codes" are actually giving you a message that can be "decoded".

Different manufacturers have different combinations of short - long beeping that mean different things.

You can go to the Website of your computer manufacturer or motherboard manufacturer to to get a printout of their Beep Code meanings.

 

However, almost all motherboard use a rapidly repeating beep, beep, beep...continuous and/or constant beeeeeeeeep. to indicate a problem with "Over Heating"

 

As you know "heat" is the enemy!!!

 

Kaspersky is a relatively intense consumer of resources.

Maybe not as much as an intensely interactive online first-person-shooter game, but still puts a heavy load on CPU, RAM and Motherboard cache and chipsets.

 

Therefore, for you to get a major beeping during the Kaspersky test, and then have it stop when Kaspersky finished, suggests the machine is possibly OverHeating.

 

Is this a laptop/desktop?

Are the fans turning properly?

When the machine is beeping hold your hand near an exhaust port. Is the exhaust air hotter than usual?

 

Open up that case and blow out any Dust Bunnies.

 

Is there any chance that you have modified or changed the CPU Heatsink?

Did you install the Heatsink yourself?

If yes, did you use Thermal Compound?

 

Please keep us posted with your progress.

I see that you are making good headway with the Malware removal over in HJT with Juliet!!!

Link to post
Share on other sites

:geezer:

 

You are probably right about the Heat, Doug, it was a very Hot day yesterday whilst I was doing it, but mucked up the Test after nearly six hours and ended up redoing it overnight when it was cooler, no more Beeping! I had the side off thee Case as is normal, just a Habbit I have, it does get very hot here in the Summer that it is now.

 

BTW for Interest here is a Copy of the Kaspersky Test, it staggered me to find so much hiding on other Drives beside C: Drive and recommend if people do Online Scans, Scan ALL their Computer. I do use AVG Free set up to do all Drives and it is usually very reliable, but it looks like always some will slip through.

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, January 25, 2008 9:28:38 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 24/01/2008

Kaspersky Anti-Virus database records: 531323

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

 

Scan Statistics:

Total number of scanned objects: 215397

Number of viruses found: 21

Number of infected objects: 55

Number of suspicious objects: 0

Duration of the scan process: 06:02:52

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Ray\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012007123120080107\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008010720080114\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008011420080121\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008012220080123\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008012320080124\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\History\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped

C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ray\My Documents\My Received Files\Injec-TOR.rar/Injec-TOR.exe Infected: HackTool.Win32.Injecter.l skipped

C:\Documents and Settings\Ray\My Documents\My Received Files\Injec-TOR.rar RAR: infected - 1 skipped

C:\Documents and Settings\Ray\My Documents\My Received Files\InjecTOR.exe Infected: HackTool.Win32.Injecter.n skipped

C:\Documents and Settings\Ray\ntuser.dat Object is locked skipped

C:\Documents and Settings\Ray\ntuser.dat.LOG Object is locked skipped

C:\Downloads\Bej2Setup_TryGames-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Downloads\ChuzzleSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C1E9C5D0-E2BB-4F4F-A447-309916122CC9}\RP56\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\DOSUTILS\TIGHTVNC\TIGHTVNC_1_2_9_SETUP.EXE/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\DOSUTILS\TIGHTVNC\TIGHTVNC_1_2_9_SETUP.EXE/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\DOSUTILS\TIGHTVNC\TIGHTVNC_1_2_9_SETUP.EXE Inno: infected - 2 skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\SUSE\I586\TIGHTVNC_1_2_9_181_I586.RPM/./usr/share/vnc/classes/VncViewer.class Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.f skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\SUSE\I586\TIGHTVNC_1_2_9_181_I586.RPM/./usr/share/vnc/classes/VncViewer.jar/VncViewer.class Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.f skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\SUSE\I586\TIGHTVNC_1_2_9_181_I586.RPM/./usr/share/vnc/classes/VncViewer.jar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.f skipped

E:\Linux and others\Linux and others\Linux DVD to Burn\Linux Disk 1\SUSE\I586\TIGHTVNC_1_2_9_181_I586.RPM RPM: infected - 3 skipped

E:\Rays Stuff\My Received Files\CEDP-Stealer-Setup.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.180Solutions skipped

E:\Rays Stuff\My Received Files\CEDP-Stealer-Setup.exe/stream/data0005 Infected: Trojan-Spy.Win32.BJCG.d skipped

E:\Rays Stuff\My Received Files\CEDP-Stealer-Setup.exe/stream Infected: Trojan-Spy.Win32.BJCG.d skipped

E:\Rays Stuff\My Received Files\CEDP-Stealer-Setup.exe NSIS: infected - 3 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\Compiling for Burn\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

F:\Compiling for Burn\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

F:\Compiling for Burn\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

F:\Compiling for Burn\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

F:\Compiling for Burn\BSINSTALL.exe WiseSFX: infected - 4 skipped

F:\Compiling for Burn\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped

F:\Compiling for Burn\stuff\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

F:\Compiling for Burn\stuff\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

F:\Compiling for Burn\stuff\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

F:\Compiling for Burn\stuff\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

F:\Compiling for Burn\stuff\BSINSTALL.exe WiseSFX: infected - 4 skipped

F:\Compiling for Burn\stuff\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped

F:\Gee Bits and Pieces\kf141 Key code finder..zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\Gee Bits and Pieces\kf141 Key code finder..zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\Gee Bits and Pieces\kf141 Key code finder..zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\Gee Bits and Pieces\kf141 Key code finder..zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\Gee Bits and Pieces\kf141 Key code finder..zip ZIP: infected - 4 skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\Dynzele\downloaded games\free_kgb_keylogger_420.exe/file56 Infected: not-a-virus:Monitor.Win32.KGBSpy.g skipped

G:\Dynzele\downloaded games\free_kgb_keylogger_420.exe/file58 Infected: not-a-virus:Monitor.Win32.KGBSpy.d skipped

G:\Dynzele\downloaded games\free_kgb_keylogger_420.exe/file68 Infected: not-a-virus:Monitor.Win32.KGBSpy.e skipped

G:\Dynzele\downloaded games\free_kgb_keylogger_420.exe Inno: infected - 3 skipped

G:\Dynzele\downloads\NEW MUSIC\get your hands off my girl.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped

G:\Dynzele\freeripmp3.exe/file25 Infected: not-a-virus:AdTool.Win32.MyWebSearch.br skipped

G:\Dynzele\freeripmp3.exe Inno: infected - 1 skipped

G:\Dynzele\mfcv12.zip/mfcv12.exe/Support\joele29_WinAdCtlInstPack.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped

G:\Dynzele\mfcv12.zip/mfcv12.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped

G:\Dynzele\mfcv12.zip ZIP: infected - 2 skipped

G:\Dynzele\New Folder\New Folder\freeripmp3.exe/file25 Infected: not-a-virus:AdTool.Win32.MyWebSearch.br skipped

G:\Dynzele\New Folder\New Folder\freeripmp3.exe Inno: infected - 1 skipped

G:\Dynzele\SecureInstall_LOFS020701Inst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

G:\E Drive 1 2 05\Down from the net\nv4pro_b.zip/nv40inst.exe/data0044 Infected: not-a-virus:AdWare.Win32.TimeSinc skipped

G:\E Drive 1 2 05\Down from the net\nv4pro_b.zip/nv40inst.exe Infected: not-a-virus:AdWare.Win32.TimeSinc skipped

G:\E Drive 1 2 05\Down from the net\nv4pro_b.zip ZIP: infected - 2 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{4BA899E6-CFC3-4B13-B381-27831024D7B5}\RP268\A0070120.exe Infected: not-a-virus:AdWare.Win32.180Solutions.am skipped

G:\System Volume Information\_restore{4BA899E6-CFC3-4B13-B381-27831024D7B5}\RP296\A0076034.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f skipped

G:\System Volume Information\_restore{4BA899E6-CFC3-4B13-B381-27831024D7B5}\RP321\A0102040.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f skipped

G:\System Volume Information\_restore{98311045-DADB-411F-8A3B-8D22E14AEA31}\RP90\A0030809.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Mostofate.e skipped

G:\System Volume Information\_restore{98311045-DADB-411F-8A3B-8D22E14AEA31}\RP90\A0030809.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.e skipped

G:\System Volume Information\_restore{98311045-DADB-411F-8A3B-8D22E14AEA31}\RP90\A0030809.exe NSIS: infected - 2 skipped

 

Scan process completed.

 

Juliet has been an Angel and I hope we are almost done with it, but there could be a few Lurking that we are working on.

 

Thank God for The Pit!

 

:sparkle::wub::sparkle:

Link to post
Share on other sites

dumping bear share wouldn't hurt for the future....file sharing is a good way to pick up trojans

 

:geezer:

 

Joe,

 

My Lad has just copped a serious talk from Dad.

 

He is very humble and apologetic!

 

BTW, I will run the Proxy thing past my Provider, it just maybe a clue? My Dial up was using that LandLine before I switched to ADSL with the same Company? Maybe it thought I was still on Dial Up?

 

I will keep everyone in touch with it!

 

:laughing::laughing::laughing:

Link to post
Share on other sites

:geezer:

 

Email to my Provider has been sent, but contains too many Personal Details for me to Post a Copy here.

 

I think it is instructive enough to get an immediate Response, but time will tell. I will keep you all Posted on it.

 

:sparkle::wub::sparkle:

Link to post
Share on other sites

:blink:

any news?

 

 

:geezer:

 

Not from Iprimus yet, Mate.

 

Yesterday I received a call from 888888888 and when I checked out my Charges awaiting Billing they had altered dramaticly downwards but still showing double Billing accross the board, just some calls to Mobile (Cell) Numbers were missing!

 

Last month I had received two identical emails regarding the amount of last months Bill that is directly debited from my Bank Account. I received my Bank Statement this morning and am happy to say only one amount was deducted from my Account. (I get monthly Statements on that Account).

 

The latest Bill is about to be issued and I have documented the changes to the Charges awaiting Billing to compare them. Not much else I can do till then, I am afraid, except wait and Hope.

 

It seems that a Number and Frequency change may be in order? Time will tell and I certainly will keep everyone Posted on it.

 

Just to be sure, I will run Kaspersky again, you never know?

 

:sparkle::wub::sparkle:

Link to post
Share on other sites

:geezer:

 

What a Crazy thing?

 

I just checked my Charges awaiting Billing.

 

It started off as over $125.00 then dropped to over $95.00, now stands as $6.21???????

 

Something smells off in the Fish Market, Mate!

 

I am Documenting it!

 

Funny enough, I spent some time compiling an Excel Document showing the exact use of the Account over the past 10 months, including Numbers of all Calls and Charges made during that period. It is a Spreadsheet, that noone can argue with! :pullhair::pullhair:

 

But even on the adjusted figures, every thing is doubled?

 

Is it possible to get a Virus that automatically doubles every thing you view? I have a few emails that do that? They show it once then a duplicate of it? But not individual Items?

 

Example is here? This is the Current State of the Charges awaiting Billing. :pullhair:

 

 

Summary for Telephone Number 0xxxxxxxxx

All charges are displayed exclusive of GSTCall Usage No. Calls/Units Charge

Local Calls 28 $4.71

+ Details...

Date Time Called Number Call Duration

(min:sec)

25/01/2008 16:40:43 07320xxxxx 10:14

25/01/2008 16:40:43 07320xxxxx 10:14

25/01/2008 16:51:56 07320xxxxx 20:18

25/01/2008 16:51:56 07320xxxxx 20:18

26/01/2008 19:41:35 07320xxxxx 4:07

26/01/2008 19:41:35 07320xxxxx 4:07

28/01/2008 17:42:06 07337xxxxx 14:27

28/01/2008 17:42:06 07337xxxxx 14:27

28/01/2008 18:04:51 07337xxxxx 3:04

28/01/2008 18:04:51 07337xxxxx 3:04

28/01/2008 18:09:34 07337xxxxx 13:26

28/01/2008 18:09:34 07337xxxxx 13:26

28/01/2008 23:46:03 07312xxxxx 0:22

28/01/2008 23:46:03 07312xxxxx 0:22

28/01/2008 23:46:35 07312xxxxx 61:16

28/01/2008 23:46:35 07312xxxxx 61:16

29/01/2008 14:10:30 07335xxxxx 1:26

29/01/2008 14:10:30 07335xxxxx 1:26

29/01/2008 14:25:59 07329xxxxx 169:59

29/01/2008 14:25:59 07329xxxxx 169:59

29/01/2008 17:24:43 07337xxxxx 8:15

29/01/2008 17:24:43 07337xxxxx 8:15

30/01/2008 10:08:09 07324xxxxx 1:33

30/01/2008 10:08:09 07324xxxxx 1:33

31/01/2008 11:19:16 07337xxxxx 2:43

31/01/2008 11:19:16 07337xxxxx 2:43

31/01/2008 11:53:56 07320xxxxx 87:08

31/01/2008 11:53:56 07320xxxxx 87:08

Total Calls: 28 Total Charge: $4.71

 

Miscellaneous 6 $1.50

+ Details...

Date Time Description Called Number Destination Call Duration

(min:sec) Charge

25/01/2008 10:27:34 Calls to 13 Numbers 13xxxx 0:17 $0.25

25/01/2008 10:27:34 Calls to 13 Numbers 13xxxx 0:17 $0.25

28/01/2008 18:27:05 Calls to 13 Numbers 1300xxxxxx 3:15 $0.25

28/01/2008 18:27:05 Calls to 13 Numbers 1300xxxxxx 3:15 $0.25

31/01/2008 16:02:38 Calls to 13 Numbers 13xxxx 0:13 $0.25

31/01/2008 16:02:38 Calls to 13 Numbers 13xxxx 0:13 $0.25

Total Calls: 6 Total Charge: $1.50

 

Total $6.21

 

 

 

 

Summary for Telephone Number 0xxxxxxxxx

All charges are displayed exclusive of GSTCall Usage No. Calls/Units Charge

Local Calls 28 $4.71

+ Details...

Date Time Called Number Call Duration

(min:sec)

25/01/2008 16:40:43 07320xxxxx 10:14

25/01/2008 16:40:43 07320xxxxx 10:14

25/01/2008 16:51:56 07320xxxxx 20:18

25/01/2008 16:51:56 07320xxxxx 20:18

26/01/2008 19:41:35 07320xxxxx 4:07

26/01/2008 19:41:35 07320xxxxx 4:07

28/01/2008 17:42:06 07337xxxxx 14:27

28/01/2008 17:42:06 07337xxxxx 14:27

28/01/2008 18:04:51 07337xxxxx 3:04

28/01/2008 18:04:51 07337xxxxx 3:04

28/01/2008 18:09:34 07337xxxxx 13:26

28/01/2008 18:09:34 07337xxxxx 13:26

28/01/2008 23:46:03 07312xxxxx 0:22

28/01/2008 23:46:03 07312xxxxx 0:22

28/01/2008 23:46:35 07312xxxxx 61:16

28/01/2008 23:46:35 07312xxxxx 61:16

29/01/2008 14:10:30 07335xxxxx 1:26

29/01/2008 14:10:30 07335xxxxx 1:26

29/01/2008 14:25:59 07329xxxxx 169:59

29/01/2008 14:25:59 07329xxxxx 169:59

29/01/2008 17:24:43 07337xxxxx 8:15

29/01/2008 17:24:43 07337xxxxx 8:15

30/01/2008 10:08:09 07324xxxxx 1:33

30/01/2008 10:08:09 07324xxxxx 1:33

31/01/2008 11:19:16 07337xxxxx 2:43

31/01/2008 11:19:16 07337xxxxx 2:43

31/01/2008 11:53:56 07320xxxxx 87:08

31/01/2008 11:53:56 07320xxxxx 87:08

Total Calls: 28 Total Charge: $4.71

 

Miscellaneous 6 $1.50

+ Details...

Date Time Description Called Number Destination Call Duration

(min:sec) Charge

25/01/2008 10:27:34 Calls to 13 Numbers 13xxxx 0:17 $0.25

25/01/2008 10:27:34 Calls to 13 Numbers 13xxxx 0:17 $0.25

28/01/2008 18:27:05 Calls to 13 Numbers 1300xxxxxx 3:15 $0.25

28/01/2008 18:27:05 Calls to 13 Numbers 1300xxxxxx 3:15 $0.25

31/01/2008 16:02:38 Calls to 13 Numbers 13xxxx 0:13 $0.25

31/01/2008 16:02:38 Calls to 13 Numbers 13xxxx 0:13 $0.25

Total Calls: 6 Total Charge: $1.50

 

Total $6.21

 

 

It looks like the actual Billing Period starts on the 25th of the Month?

 

Not long to wait. It is Friday here.

 

:sparkle::pullhair::pullhair::sparkle:

Edited by Drovers Dog
Link to post
Share on other sites

Regarding the presence or possibilities with virus involvement, I'd stick with the good advice you are already receiving from Sweet Juliet.

 

But I'd darn sure be talking to my bank, certainly changing passwords, and most likely changing account numbers.

 

I wish you the best with this confusing bummer.

 

Doug

Link to post
Share on other sites

Regarding the presence or possibilities with virus involvement, I'd stick with the good advice you are already receiving from Sweet Juliet.

 

But I'd darn sure be talking to my bank, certainly changing passwords, and most likely changing account numbers.

 

I wish you the best with this confusing bummer.

 

Doug

 

:geezer:

 

BTW, I have never Banked over the Net, after this, I doubt if I ever will?

 

This thing has more Heads than the Monster Hydra, the one that Hercules faced?

 

Thank God for the Call Display!

 

Today at 12.10 I received a call from 54550. Yet another Funny one. Then at 14.23 I received this from this Number, 0862102300, (I show this because they were up to trying a Scam on us..) I am going to report it.

 

It was supposedly from Telstra, our Phone Supplier from nearly a year ago, informing us we had a $70.00 Credit, from the old Account, that they wanted to reinburse us with.

 

I said, "Fine, as long as we can do it nicely, you realise that you are ringing into a Private line, any Problems I will report you!"

 

He then went into rapid fire talk, saying it was being recorded to ensure we got our Credit.

 

I am a little hard of Hearing, due to Industrial Problems, but am not Deaf, nor Stupid. I just said, "Slow down, Mate!" "Are you trying to sign us up to your Company with this?"

 

"Only way to get your Credit." was his reply. I will not Post the Language, from Building Sites I used back at him. Needless to say he went away with tail between legs!

 

Makes you Wonder?

 

I am still working on the rest, Mate!

 

 

:sparkle::wub::wub::sparkle:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...