help....

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
i got a Email on my Hotmail from [email protected] and it contains this: A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: [email protected]
File Attachment: nothing.zip
Attachment Status: deleted

--- Original message information follows ---

From: [email protected]
To: [email protected]
Date: Fri, 2 Apr 2004 22:49:00 -0600
Subject: its me
Received: from perfectiontruss.com ([68.102.247.235])
by www.starlumber.com (SAVSMTP 3.1.0.29) with SMTP id M2004040222505811567
for <[email protected]>; Fri, 02 Apr 2004 22:50:58 -0600


is this true ? or is it just a Hoax ?
 
Joined
Mar 20, 2003
Messages
4,823
It is a virus laden email, delete it immediately. It doesn't mean you have the virus, more likely someone who has you in their address book has the Netsky virus
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
no but the Mail said that i had sent a Email containing the Virus to some one else ... oh and were cna i get Hi jak this or what its called ?
 
Joined
Jun 26, 2002
Messages
176
The Virus spoofs the sender address so if your name is on it is meaningless. Well its not conclusive I mean.


You want HJT ? Info is below.



Hijack This Request


Go to http://www.spywareinfo.com/~merijn/files/HijackThis.exe and download 'Hijack This!'.
make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log (in the security section)
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
here ... anything bad on my comp ?

Logfile of HijackThis v1.97.7
Scan saved at 12:12:44, on 2004-04-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
D:\Users\HemPC\Mina dokument\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38014.3167708333
 
Joined
Jun 26, 2002
Messages
176
I do not see anything bad there.

Make sure at least one other Tech. looks at this.

Norman AV/Firewall sure has a lot of stuff loaded.


If you want to do an online virus scan for the heck of it, here is info below.

To check for a virus please visit one of the following sites for a free online virus scan. Even if you a virus scanner installed, this one gives you a second opinion, and it will be up-to-date which yours might not be.

Symantec:
http://security.symantec.com/ssc/lu...ie&venid=sym&plfid=23&pkj=MKDWPWFYJOKMFIDPMSV

Trend Micro:
http://housecall.trendmicro.com



I think you are fine though based on that Log




jameso321
 
Joined
Mar 20, 2003
Messages
4,823
I concur, though personally I would take the creative registration and the splash screen out. ;)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Norman ZANDA] :\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
why :-S ? (what does the Splash screen do ?)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top