Jump to content
Sign in to follow this  
plowdriver01

[Solved]Need some serious help before it is lost

Recommended Posts

And one more

 

 

---------------------------------------------------------

ewido security suite - Connection report

---------------------------------------------------------

 

+ Created on: 4:11:22 PM, 6/13/2005

+ Report-Checksum: E9C996D1

 

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING

TCP 24.239.217.106:139 0.0.0.0:0 LISTENING

TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING

TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING

TCP 127.0.0.1:5001 127.0.0.1:1109 CLOSE_WAIT

UDP 0.0.0.0:445

UDP 0.0.0.0:500

UDP 0.0.0.0:1029

UDP 0.0.0.0:4500

UDP 24.239.217.106:123

UDP 24.239.217.106:137

UDP 24.239.217.106:138

UDP 127.0.0.1:123

UDP 127.0.0.1:1159

Share this post


Link to post
Share on other sites

Copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same.

Close it, saving to your desktop as:

 

File name: Rem.reg

Save As Type: All Files

REGEDIT4

 

[-HKEY_CURRENT_USER\Software\aurora]

Double click the file and allow it to merge with the registry. You may get an alert from MSAS........allow it.

 

Then copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same.

Close it, saving to your desktop as:

 

File name: ico.bat

Save As Type: All Files

 

cd\windows\system32

del /Q *.ico

Double click the file to run it.

 

Open Internet Options in the control panel and click Delete Cookies. Then empty the recycle bin. Do this from both the Bob and Denise user accounts.

 

From either account, right click My Computer and choose properties. On the System Restore tab, check the box to turn off. Click OK to exit.

 

Reboot.

 

Turn System Restore back on.

 

Run FindIt and Ewido again and post the logs.

Share this post


Link to post
Share on other sites

Part of Sun's Star Office program. Try unchecking it in msconfig and see if it helps or causes problems with the program after rebooting.

 

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

 

 

Non-essential startup items that can be fixed with HijackThis.

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\documents and settings\denise kozer\desktop\qttask.exe" -atboottime

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~2\PHOTOS~1\data\xtras\mssysmgr.exe

 

 

Open My Computer and right click Local Disk C:, then choose properties. If Indexing is checked, uncheck it and click apply. Apply to all folders and sub-folders. Then click tools and defragment the drive.

 

If this is a stand-alone computer (not networked), click Tools on any Windows Explorer menu, then Folder Options. Click the view tab and uncheck 'Automatically search for network folders and printers'. Click OK to close the window.

 

Reboot and let us know if startup is better.

Share this post


Link to post
Share on other sites

Ok,

Here is Ewido.

 

 

-------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

 

+ Created on: 5:17:56 PM, 6/14/2005

+ Report-Checksum: CE7C51BE

 

+ Date of database: 6/14/2005

+ Version of scan engine: v3.0

 

+ Duration: 129 min

+ Scanned Files: 162474

+ Speed: 20.90 Files/Second

+ Infected files: 4

+ Removed files: 2

+ Files put in quarantine: 2

+ Files that could not be opened: 0

+ Files that could not be cleaned: 2

 

+ Binder: Yes

+ Crypter: Yes

+ Archives: Yes

 

+ Scanned items:

C:\

C:\

 

+ Scan result:

C:\Documents and Settings\Bob Kozer\Cookies\bob [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Bob Kozer\Cookies\bob [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Bob Kozer\Cookies\bob [email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning

C:\Documents and Settings\Bob Kozer\Cookies\bob [email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning

 

 

::Report End

Share this post


Link to post
Share on other sites

And here is the findit scan.

 

 

 

Microsoft Windows XP [Version 5.1.2600]

The current date is: Tue 06/14/2005

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Dont delete file's in the section without guidance

If any doubt back them up first

 

* UPX! C:\WINDOWS\UNWASH.EXE

* UPX! C:\WINDOWS\TSC.EXE

 

»»»»» lagitamate file's can/will show in this section.

 

* UPX! C:\WINDOWS\VSAPI32.DLL

»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

 

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

 

Volume in drive C has no label.

Volume Serial Number is 8080-0043

 

Directory of C:\WINDOWS\SYSTEM32

 

»»»»» Checking for SAHAgent ico files.

Volume in drive C has no label.

Volume Serial Number is 8080-0043

 

Directory of C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»».

Share this post


Link to post
Share on other sites

Looks good! :)

 

Check to make sure you're using the latest versions of Spybot and Ad-aware, version 1.4 and SE Personal respectively. I recommend you open Spybot and click mode on the menu, then advanced. Click Immunize in the left pane, then immunize again, this time from above with the green + beside it (always recheck this setting after downloading updates). Click Tools in the left pane, then Resident. Check the box for Resident "SD Helper". Then click IE Tweaks in the left pane and at least check the box to lock the hosts file.

 

Also recommend you download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

 

That will give you some added layers of protection against unwanted parasites.

 

Things running OK now?

Share this post


Link to post
Share on other sites

Things seem alot better now.

Boot up is good but sometimes it still seems to take awhile to get going on the internet.

Where do I get the latest spy-bot?

I am running 1.2 and cannot do all you ask me to.

Also ,do I need to add those registry quotes into Denises' side too?

Share this post


Link to post
Share on other sites

Ok,

Downloaded the latest spybot.

It found a few things on my side and took care of them.

It also found that damn abetternet on Denises' side and it took care of that ,for now. I hope this crap don.t come back.

I did download the others you asked me to but did not install yet.

 

Is there anything else I need to do?

Thanks Bob

Share this post


Link to post
Share on other sites

Thanks for everything.

you guys are the greatest.

..

 

one more thing,Is there a way to delete the guest account.

Maybe my kids will not get on here.

I turned it off, but what they do is turn it on and shutdown,then while we are at work they just go wild. lol

Share this post


Link to post
Share on other sites

Very happy to have helped. :)

 

I'm assuming you are letting them on one of the accounts, which has admin rights. You could instead create another account for them with limited user rights, then password protect it (don't tell them the password). You could also place a BIOS password on it, which will stop anyone from getting beyond a prompt for a password every time the computer is turned on.

Share this post


Link to post
Share on other sites

No, What they did was while we were logged on they went and created a guest account. As long as it is turned on they can access it.

But we have to be logged on for them to turn it on.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...