Yeah... so a couple months back or so I saw a thread in here that had to do with some sort of program that would find all sorts of files on one's computer and make it so the problematic ones could be deleted, this getting rid of viruses.

Well, I contracted a Trojan a little over a month ago, and although through the power of AdAware and SpyBot I was able to get my laptop to actually start working again, the virus is still there and slows the computer down like a motherfucker.

Any help on whatever that program thingy was, and maybe help in isolating the problem and actually getting rid of it?

Thanks, sirs.

Did you check out all the reccomendations by SoS in this thread?
http://www.wackbag.com/showthread.php?t=11726
I'm not real big on this stuff, but SoS usually has the answers.

First, goto www.windowsupdate.com and get all the patches that you need. THIS DOES NOT INCLUDE ALL OF THEM!

Make sure you have the latest version of adaware and spybot:S&D. Then check to see if they have all the updates. Run them. For Spybot, run immunization.

Microsoft Antispyware beta (http://www.microsoft.com/athome/security/spyware/software/default.mspx) works very well if you have a legit windows copy.


Next, make sure you are running an antiviral program. If you don't have one, try McAfee or AVG or PcCillian or Nod32.

If that doesn't solve the problem, Download Hijackthis! (http://www.spywareinfo.com/~merijn/downloads.html) , run, copy, paste, and post the log it puts out.

Stop using Internet Explorer & Outlook.
Make sure you have a firewall.
Update or Upgrade all programs that you can.

I've never met you but I love you.

go into the DOS window

then type: format c

It cleans up everything... ;-)


<M.E. Don't do this.>

or use the fdisk comand.

Have fun.
<M.E. Don't do this>

Do you know the name of the trojan?

You can also give TrendMicro's Housecall (a free online scanning and removal tool) a try.

housecall.trendmicro.com

You can also give TrendMicro's Housecall (a free online scanning and removal tool) a try.

housecall.trendmicro.com

this is definitely the way to go. this site works great for finding and deleting trojans, spyware, and other evil shit.

http://housecall.trendmicro.com/

...and get a real time anitvirus running sir

I only got the virus because I was being a Rushing Robert and didn't check my sources before I downloaded something that I really wanted. It was legit (well, as in it wasn't porn), since I was just trying to get something that would allow me to save streaming video, but it gave me a virus. Hell, I think I should get some credit for being fairly good at this shit, as I was able to work my computer from not even being able to get past that blue screen that comes up with your little XP icon, to getting it past after waiting for like 10 hours between when I turn off the computer and when I try to turn it back on, up to the point where I was able to get the computer to go on whenever I wanted it to, and now to the point where it's just running a bit slow.

I am kinda a bit gooder at this.

So is your computer still infected/compromised?

I use Norton Anti-Virus and SunBelt Software's Counterspy and run a weekly scan with each program. Counterspy works really well. I also have Iolo Technology's System Mechanic 6 Professional. It's a very good all-around problem solver.

You can NEVER be too careful.

Backup everything you can, rebuild it bro, you will be better off in long run...

Yeah... so a couple months back or so I saw a thread in here that had to do with some sort of program that would find all sorts of files on one's computer and make it so the problematic ones could be deleted, this getting rid of viruses.

Well, I contracted a Trojan a little over a month ago, and although through the power of AdAware and SpyBot I was able to get my laptop to actually start working again, the virus is still there and slows the computer down like a motherfucker.

Any help on whatever that program thingy was, and maybe help in isolating the problem and actually getting rid of it?

Thanks, sirs.
How the fuck did you get rubbers for your computer?

I'm in the process of getting everything done right now, SOS. I had class today and the internet wasn't working until about 20 minutes ago.

Well, there's no annoying red X on my taskbar with a damn popup bubble that's telling me I have a virus and I got rid of a lot of shit and updated all sorts of stuff... it seems as though my problems have been alleviated.

I give many thanks, mister Ess Oh Ess.

Well, there's no annoying red X on my taskbar with a damn popup bubble that's telling me I have a virus and I got rid of a lot of shit and updated all sorts of stuff... it seems as though my problems have been alleviated.

I give many thanks, mister Ess Oh Ess.
Nice....told ya, SoS knows his stuff. :xyxthumbs

The computer is no longer out and out telling me there's a virus, but it's running slow still (not as much, but it still is) and I had to open IE once last night to use something, and the homepage was a bluescreen that was telling me that I still had a virus. Here's my Hijack This logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:42:59 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LSASS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick's Computer Area\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F.. - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012.. - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\system32\outpstd.exe
O4 - HKLM\..\Run: [Microsoft tool] C:\WINDOWS\system32\mstool.exe
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\system32\msjcf.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue in Star Downloader - C:\PROGRA~1\STARDO~1\sdieenq.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501.. - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501.. - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263.. - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C.. - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45.. - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE.. - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d.. - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683.. - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683.. - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C.. (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700.. (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3.. (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138030364156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D.. (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe"

Are you running MS SQL Server? Do you need to? If so, there's viruses (virii?) that target the default port the database listens on. I recommend changing the port if you need the database, or turn it off altogether if you dont use it.

I have no idea what that even is, fella. Little explanation? While I'm good with getting things working to a point, I don't actually know what things are.

MS SQL is Microsoft's database server. Other programs on your system may have installed it. If this is a work computer, it may be something that they installed.

If you know for sure you dont need it, you should be able to uninstall it via add/remove programs in the control panel. Not only will that patch up one hole that viruses can come in on, it will free up system resources and maby speed up your pc a bit.

(Further googling on this shows this may be needed by Outlook for the "Outlook contact manager" program, so you may not want to remove it).

I would say that this is fairly safe to leave in, as long as you have the other firewall/spyware/antivirus programs running.

Everything else in that list seems ok to me, but there could be something else in there that others (SOS?) may know as a problem.

The Viewpoint toolbar might be a problem... but it isn't what caused the original problem. I'm confused now. The outlook thing I need for my school email.

viewpoint is definately shady, in my experience it hasnt infested my pc with popup windows or anything, but I know it spys on you in some form. I think it comes from AOL IM.

So if I get rid of it, it will only affect my AIM?

I seem to be having a problem with something called Spy-Sheriff -- I think it's something posing to be a spyware cleaner. It is one of the things that downloaded with what ended up being the virus I downloaded, and it doesn't seem to be out of my system.

Anybody know anything about this?

EDIT: I just did a quick search, and that's exactly what it is. I am so smart, S-M-R-T.

Download Process Explorer -thanks zagman (http://www.sysinternals.com/Utilities/ProcessExplorer.html)/
Unzip to /Program Files/Process Explorer/
Create a shortcut of the program
Place a copy of the shortcut in the Start--->Programs ---> StartUp

*****Create a restore point with system restore.*******

Download l2mfix.exe -run if you can no longer connect to the internet afterwards.
Keep all mswsck2.dll s
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Run Process Explorer

Next:
Menu:File ---->Save as
Copy and paste the text of that file in a new post.
Google the listed processed that you do not know
Kill process of offending process and sumbit it to http://virusscan.jotti.org/ .
If the file scan and google search reports that it is infected, Delete the file associated with the process(the .exe file).

Is outpstd.exe part of anything you want? If not, delete it.

Host.zip (http://mvps.org/winhelp2002/hosts.zip)
Extract the file & overwrite the existing copy located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\host

Stop using IE. Use FireFox (http://www.mozilla.com/firefox/) or Opera (http://www.opera.com/) or Netscape (http://browser.netscape.com/) instead.

If you are using the MS firewall and you are on cable, DSL, or ethernet LAN, download Zone Alarm (http://www.zonelabs.com/) or the kerio firewall.


SECURING INTERNET EXPLORER
From within Internet Explorer click on the Tools menu and then click on Internet Options.
* Select the Security tab
o Click once on the Internet icon so it becomes highlighted.
o Select Custom Level .
+ Change 'Download signed ActiveX controls' to Prompt
+ Change 'Download unsigned ActiveX controls' to Disable
+ Change 'Initialize and script ActiveX controls not marked as safe' to Disable
+ Change 'Installation of desktop items' to Prompt
+ Change 'Launching programs and files in an IFRAME' to Prompt
+ Change 'Navigate sub-frames across different domains' to Prompt
+ When all these changes have been made, click on the OK button.
o If it prompts you as to whether or not you want to save the settings, press the Yes button.
* Select OK to exit the Internet Properties page.

IE-SPYAD2 (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD) download and run this.

Process PID CPU Description Company Name
System Idle Process 0 98.46
Interrupts n/a Hardware Interrupts
DPCs n/a 0.77 Deferred Procedure Calls
System 4
smss.exe 484 Windows NT Session Manager Microsoft Corporation
csrss.exe 844 Client Server Runtime Process Microsoft Corporation
winlogon.exe 876 Windows NT Logon Application Microsoft Corporation
services.exe 920 Services and Controller app Microsoft Corporation
ati2evxx.exe 1116
svchost.exe 1136 Generic Host Process for Win32 Services Microsoft Corporation
gcasDtServ.exe 636 Microsoft AntiSpyware Data Service Microsoft Corporation
svchost.exe 1192 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1232 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1364 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1388 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1696 Spooler SubSystem App Microsoft Corporation
acsd.exe 424 AOL Connectivity Service America Online, Inc.
avgamsvr.exe 628 AVG Alert Manager GRISOFT, s.r.o.
avgupsvc.exe 740 AVG Update Service GRISOFT, s.r.o.
DefWatch.exe 764 Virus Definition Daemon Symantec Corporation
MDM.EXE 808 Machine Debug Manager Microsoft Corporation
sqlservr.exe 820 SQL Server Windows NT Microsoft Corporation
svchost.exe 1504 Generic Host Process for Win32 Services Microsoft Corporation
Rtvscan.exe 1764 Symantec AntiVirus Symantec Corporation
wdfmgr.exe 2012 Windows User Mode Driver Manager Microsoft Corporation
wanmpsvc.exe 2140 Wan Miniport (ATW) Service America Online, Inc.
WLTRYSVC.EXE 2208
BCMWLTRY.EXE 2252 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Computer Corporation
iPodService.exe 2688 iPodService Module Apple Computer, Inc.
alg.exe 3340 Application Layer Gateway Service Microsoft Corporation
lsass.exe 932 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1992
explorer.exe 176 Windows Explorer Microsoft Corporation
realsched.exe 364 RealNetworks Scheduler RealNetworks, Inc.
winampa.exe 372
iTunesHelper.exe 504 iTunesHelper Module Apple Computer, Inc.
qttask.exe 524 Apple Computer, Inc.
gcasServ.exe 532 Microsoft AntiSpyware Service Microsoft Corporation
avgcc.exe 564 AVG Control Center GRISOFT, s.r.o.
ctfmon.exe 572 CTF Loader Microsoft Corporation
Rainlendar.exe 2032 Rainlendar Rainy
firefox.exe 2588 Firefox Mozilla
procexp.exe 3956 0.77 Sysinternals Process Explorer Sysinternals

Process: Procexp Pid: -2

Type Name

It looks like you are running AVG and Norton. If you have the most recent version of Norton, use that instead of both.

AVG is less of a memory hog but it is free and lets lots of things get through.

Norton is more of a resource hog and it will get mostly all of the recent viruses and trojans.

I have Symantec, not Norton. Same difference as far as what you said, though?

Unless you are running the various tools in safe mode, you are never going to completely clean the machine. Press and hold the F8 key as the computer is booting up. You will get a menu with a number of startup choices. This prevents any non-necessary items from being loaded into memory. This will also possibly expose what are called 'rootkits' - malicious programs that hide themselves from normal detection by removing references to themselves after they load into memory.

Run Spybot, Adaware and AVG in safe mode.

BTW - I prefer AVG to Norton (Symantec makes Norton) for a number of reasons, but most importantly, there are many viruses that target Norton and disable it.

Thanks, lord. I actually got rid of a lot of crap over this past week, and I stopped that damn word bubble from popping up and telling me I had a virus, but my computer's still running really slow, and it's stopping me from watching a lot of streaming video, and it kept me off my internet radio show tonight because the computer couldn't handle talking to more than one person.

I'll try that right now.