Go Back   The Scream! > COMPUTER RELATED > PC Security

Reply
 
Thread Tools Display Modes
  #1  
Old 18-August-2004, 08:19
Appuleius
Guest
 
Posts: n/a
Default How do I unlock a file?

I have been infected with Trojan Horse Norton has detected it and says file seasg.exe is a file that is causing me problems (constant sending stuff) I have found it but cant move or delete it , it says "file locked" is there ANY way I can get rid of this file? i.e unlock it to delete it?
Please HELP!!!!
Reply With Quote
  #2  
Old 18-August-2004, 09:07
Scoobs's Avatar
Scoobs Scoobs is offline
 
Join Date: May 2001
Location: In my own little world
Posts: 4,909
Default

Try booting in safe mode to see if you or norton can delete it that way (press f8 on boot to get menu)
__________________
SG5 Short Url
.......
Reply With Quote
  #3  
Old 18-August-2004, 10:31
Appuleius
Guest
 
Posts: n/a
Default

Many thanks Scoobs it worked

I am on broadband is it normal to "send" more information than "receive" I have now been on 44 minutes sent 12,001,568 and received 2,997,345 I am confused
Any help appreciated.
Reply With Quote
  #4  
Old 18-August-2004, 19:16
ormus55
Guest
 
Posts: n/a
Default

certainly not normal for me. my stats are just about opposite to yours?
Reply With Quote
  #5  
Old 18-August-2004, 19:27
Scoobs's Avatar
Scoobs Scoobs is offline
 
Join Date: May 2001
Location: In my own little world
Posts: 4,909
Default

nope its not normal the only time you would see that is if you are uploading .

have you run a hijack log yet.
__________________
SG5 Short Url
.......
Reply With Quote
  #6  
Old 18-August-2004, 20:23
ormus55
Guest
 
Posts: n/a
Default

or somebody is downloading from your puter behind your back?
make sure your files are not for sharing?
Reply With Quote
  #7  
Old 18-August-2004, 20:43
Appuleius
Guest
 
Posts: n/a
Default

Sorry had to post in two files would not accept one long file it said to many smilies!

Logfile of HijackThis v1.98.2
Scan saved at 20:37:08, on 18/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\program files\Evidence Eliminator\ee.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\program files\BigFix\BigFix.exe
C:\Palm\hotsync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\snlogsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDDIE BADGER\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

Last edited by Scoobs; 18-August-2004 at 20:52.
Reply With Quote
  #8  
Old 18-August-2004, 20:45
Appuleius
Guest
 
Posts: n/a
Default

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.power-search.info/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://directory.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.power-search.info/panel_search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.power-search.info/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.power-search.info/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Evidence Eliminator] C:\program files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: DigiChat Applet - http://www.rxxx.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5112F39E-A79B-410D-B654-60E773EFA122}: NameServer = 80.225.252.186 80.225.252.178

Last edited by Scoobs; 18-August-2004 at 20:52.
Reply With Quote
  #9  
Old 19-August-2004, 00:01
Zer02004
Guest
 
Posts: n/a
Default

You have a few infections but we need to deal with your trojan infection first.
The malicious file is C:\Windows\System\snlogsvc.exe
Did you download, update and run TDS-3 as I suggested in another thread? If not, do this first. Then we'll set about removing any other malware.

When posting HJT! logs, please use the "Post Reply" button rather than the "Quick Reply" feature. Now you will see that you have a few options available to you.
Uncheck "Automatically Parse URLs" and check "Disable Smilies". Now your log entries will be legible and they'll fit into a single post.
As soon as you've cleaned your trojan infection, reboot, rerun HJT! and post a fresh log here.

As this is a RAT, you would be very wise to change any passwords etc that you have entered. This type of software is capable of logging keystrokes and mouse clicks which means that your security has been completely compromised.

It's obvious from your traffic reports that someone is downloading from you or using you as a zombie. Before removing the trojan, run Netstat to find the IP and report the intruder to the relevant authorities.

Yet another triumph for Norton AV... NOT!

Last edited by Zer02004; 19-August-2004 at 00:06.
Reply With Quote
  #10  
Old 19-August-2004, 00:13
Zer02004
Guest
 
Posts: n/a
Default

Killbox is a useful tool for deleting files that are "in use" or "locked".

Some users may have heard of or previously used EndItAll, but it's no longer a free program unfortunately.
Reply With Quote
  #11  
Old 19-August-2004, 06:12
Appuleius
Guest
 
Posts: n/a
Default

I had run TDS-3 before reading your last email and it came up with the following..

Live Trojan Found (in process memory)
DCOM RCP report Exploit
C:\windows\system32\snlogsvc.exe

I deleted this under TDS-3 unfortunately before running NETSTAT

Logfile of HijackThis v1.98.2
Scan saved at 05:57:41, on 19/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\program files\Evidence Eliminator\ee.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\BigFix\BigFix.exe
C:\WINDOWS\System32\rundll32.exe
C:\Palm\hotsync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDDIE BADGER\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.power-search.info/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://directory.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.power-search.info/panel_search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.power-search.info/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.power-search.info/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Evidence Eliminator] C:\program files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: DigiChat Applet - http://www.rxxx.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5112F39E-A79B-410D-B654-60E773EFA122}: NameServer = 80.225.252.186 80.225.252.178
Reply With Quote
  #12  
Old 19-August-2004, 08:05
Appuleius
Guest
 
Posts: n/a
Default

Something has improved, since the offending file was removed (although it seems to be constantly sending out stuff) the status shows.... after 1hr 14mins sent 808,878 received 3,326,812

and this morning....after 39 mins sent 199,432 received 239,905
Reply With Quote
  #13  
Old 19-August-2004, 08:26
Zer02004
Guest
 
Posts: n/a
Default

Rerun HJT! and hit the config button. In the fields provided, enter your preferred home page etc; mine are as follows:
Default Start Page - http://www.the-scream.co.uk/forums
Default Search Page - http://www.google.co.uk
Default Search Assistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Default Search Customise - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

Now go back to the main screen and have it fix the items marked in red:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.power-search.info/panel_search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://directory.tiscali.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.power-search.info/panel_search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.power-search.info/panel_search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.power-search.info/panel_search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali

O1 - Hosts: 64.91.255.87 www.dcsresearch.com


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe

O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe


O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Evidence Eliminator] C:\program files\Evidence Eliminator\ee.exe /m

O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe

O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/

O16 - DPF: DigiChat Applet - http://www.rxxx.com/DigiChat/DigiClasses/Client_IE.cab

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab


O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5112F39E-A79B-410D-B654-60E773EFA122}: NameServer = 80.225.252.186 80.225.252.178


Reboot into safe mode, find and delete the following files:
snlogsvc.exe

Reboot as normal, rerun HJT! and post another log.
Reply With Quote
  #14  
Old 19-August-2004, 15:20
Appuleius
Guest
 
Posts: n/a
Default

Hi Zero,
All suggestions done and it still seems to be uploading?, many thanks for your patience and help this is the latest hijack this

Logfile of HijackThis v1.98.2
Scan saved at 15:13:40, on 19/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\program files\Evidence Eliminator\ee.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\program files\BigFix\BigFix.exe
C:\Palm\hotsync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\EDDIE BADGER\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Evidence Eliminator] C:\program files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe
O4 - Global Startup: Billminder.lnk = C:\quickenw\BILLMIND.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5112F39E-A79B-410D-B654-60E773EFA122}: NameServer = 80.225.252.186 80.225.252.178
Reply With Quote
  #15  
Old 19-August-2004, 18:30
Zer02004
Guest
 
Posts: n/a
Default

Your log looks clean but there are a few entries which if removed, will improve performance.

Firstly though, do you actually need all the programs that you are running? BigFix for example is one such program.
Take a look at your Add/Remove Programs applet and see if there's anything there that you don't need.
Do you use the MS Office StartBar?
Check the options in MS Messenger and on't allow it to start at boot.

You will upload some data - That's natural. If you're still worried, run another Netstat command and post the outcome here. Ensure that you are online but with nothing connected and make sure that you use -a switch with the command:
netstat -a
Reply With Quote
  #16  
Old 19-August-2004, 19:36
Appuleius
Guest
 
Posts: n/a
Default

Active Connections

Proto Local Address Foreign Address State
TCP your-obbuq8xnm4:epmap your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:microsoft-ds your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:1025 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:1026 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3155 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3220 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3223 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:5000 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:netbios-ssn your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3218 origin2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3220 support2.microsoft.com:http ESTABLISHED
TCP your-obbuq8xnm4:3221 origin2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3222 go.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3223 207.46.248.254:http ESTABLISHED
TCP your-obbuq8xnm4:3224 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3225 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3226 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3227 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3228 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3229 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3230 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3231 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3232 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3233 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3234 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3235 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3236 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3237 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:3238 support2.microsoft.com:http TIME_WAIT
TCP your-obbuq8xnm4:10858 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3001 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3002 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3003 your-obbuq8xnm4:0 LISTENING
TCP your-obbuq8xnm4:3006 your-obbuq8xnm4:0 LISTENING
UDP your-obbuq8xnm4:microsoft-ds *:*
UDP your-obbuq8xnm4:isakmp *:*
UDP your-obbuq8xnm4:3007 *:*
UDP your-obbuq8xnm4:3014 *:*
UDP your-obbuq8xnm4:3017 *:*
UDP your-obbuq8xnm4:ntp *:*
UDP your-obbuq8xnm4:netbios-ns *:*
UDP your-obbuq8xnm4:netbios-dgm *:*
UDP your-obbuq8xnm4:1900 *:*
UDP your-obbuq8xnm4:3019 *:*
UDP your-obbuq8xnm4:3235 *:*
UDP your-obbuq8xnm4:7249 *:*
UDP your-obbuq8xnm4:27027 *:*
UDP your-obbuq8xnm4:ntp *:*
UDP your-obbuq8xnm4:1900 *:*
UDP your-obbuq8xnm4:3025 *:*
UDP your-obbuq8xnm4:3192 *:*
UDP your-obbuq8xnm4:3213 *:*
Reply With Quote
  #17  
Old 19-August-2004, 21:02
Zer02004
Guest
 
Posts: n/a
Default

It's best if you run this test with no connections made to anything. That way, if you are secretly uploading to someone, it would be instantly recognisable.
However, nothing jumps out at me but you do have several ports open and listening. I'll have a look later to see what these may be for.
You also have NetBios running over TCP. That should be disabled.

You really need to get yourself a firewall and set it up properly.
Reply With Quote
  #18  
Old 19-August-2004, 21:55
Appuleius
Guest
 
Posts: n/a
Default

I have a second computer running Windows 98 networked is this what netbios is for? its sharing my Mitsubishi monitor, I only use this machine for running The Oxford English Dictionary ( I do a lot of writing) which will not operate under XP. I do not have the second PC set up for the internet, I do not require it, would it solve some of my problems if I ceased to have the second PC coupled up?

I am sure I am running XP firewall is this satifactory? or what would you suggest?

Many thanks for all your kind help and assistance.
Reply With Quote
  #19  
Old 24-August-2004, 14:13
Zer02004
Guest
 
Posts: n/a
Default

As I've just posted in another thread, the XP firewall did absolutely nothing to prevent or even warn you about your trojan "phoning home" so it's ineffectiveness has just been proved!

With regards to Netbios over TCP, open the advanced settings window for your actual internet connection and disable Netbios over TCP:

Reply With Quote
  #20  
Old 19-March-2014, 06:45
henrydcruz henrydcruz is offline
Registered User
 
Join Date: Mar 2014
Posts: 1
Default Re: How do I unlock a file?

Try Microsoft Excel password unlocker tool which smartly pull out lost Excel file password & unlock Excel file. Excel password recovery software works superbly when crack Excel file password. This software easily unlock Excel file without wasting your valuable time.
Reply With Quote
  #21  
Old 07-June-2016, 09:44
WilliamPerez WilliamPerez is offline
Registered User
 
Join Date: Jun 2016
Posts: 3
Default Re: How do I unlock a file?

How about a file that cannot be open on your USB? Any suggestions?
Reply With Quote
Reply

Tags
bbc, broadband, computer, context menu, email, feature, files, google, hijack, hijackthis, internet, lock, messenger, security, settings, sharing, software, speed, speedtouch, thomson, tiscali, tools, trojan, unlock, web, windows, zero, zombie

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 22:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!