Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

unknown worm

(New)
(!)

comeaugn's Avatar
comeaugn comeaugn is offline
Junior Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2002
Location: seattle
31-Oct-2003, 11:14 PM #1
unknown worm
I got a new machine from Fry Electronics. In my wisdom I chose Fry's own brand, "Great Quality". In trying to install my DSL modem I got a worm that I can't identify or fix. My DSL connection is running now (sort of). When I connect I can go for about 1-2 minutes before I get the "page not found" screen. When I try to get Task Manager I get, "The application failed to initialize properly (oxc0000017). Click on OK to terminate the application."

I have tried to run 3 different antivirus programs and none of them detect a problem. I can't connect to download new virus definitions. I have run Adaware and Spybot and they both indicate things are OK.

This is the HijackThis log:

Logfile of HijackThis v1.97.3
Scan saved at 8:07:56 PM, on 10/31/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\INTEL\DSLSetup\ProDsl.exe
I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Documents and Settings\Dad\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSL Connection Manager] I:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WebScan] I:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?37915.8453125


Any ideas?

Gil
Vilhon's Avatar
Vilhon Vilhon is offline Vilhon has a Profile Picture
Junior Member with 5 posts.
 
Join Date: Oct 2003
Location: Western NC
Experience: Building computers for 18 years
31-Oct-2003, 11:23 PM #2
Shot in the dark, but I've seen this a few times. Try disabling Zonealarm, and see if your connection returns. I've seen Zonealarm freak out a few times; and frequently on WinXP (which, by default) has it's own firewall.
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
31-Oct-2003, 11:34 PM #3
You should remove
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
using HijackThis as well
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
31-Oct-2003, 11:41 PM #4
This needs to go too:

O4 - HKLM\..\Run: [WebScan] I:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k

restart and delete:

The C:Program files\Accelleration software folder
comeaugn's Avatar
comeaugn comeaugn is offline
Junior Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2002
Location: seattle
01-Nov-2003, 07:49 PM #5
I tried all the suggestions. I am posting the new hijackthis log. I still have the same symptoms. I should mention that frequently during this process I get a big blue screen which says that a device driver is a problem. The only device driver I have installed is for Intel3200 dsl modem. Also one of the times it quit (to the BSOD) Zonalarm said svchost was trying to access the internet. I know this can be a legit file that is used by a worm. Thank you all for your help so far. Any more ideas?

Gil
comeaugn's Avatar
comeaugn comeaugn is offline
Junior Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2002
Location: seattle
01-Nov-2003, 07:50 PM #6
Forgot:

Logfile of HijackThis v1.97.3
Scan saved at 4:41:35 PM, on 11/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\INTEL\DSLSetup\ProDsl.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Documents and Settings\Dad\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSL Connection Manager] I:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\System32\\NeroCheck.exe
O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?37915.8453125
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2