1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help....

Discussion in 'Windows XP' started by BAM, Apr 5, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    i got a Email on my Hotmail from [email protected] and it contains this: A virus was found in a message sent by this
    account.

    --- Scan information follows ---

    Result: Virus Detected
    Virus Name: [email protected]
    File Attachment: nothing.zip
    Attachment Status: deleted

    --- Original message information follows ---

    From: [email protected]
    To: [email protected]
    Date: Fri, 2 Apr 2004 22:49:00 -0600
    Subject: its me
    Received: from perfectiontruss.com ([68.102.247.235])
    by www.starlumber.com (SAVSMTP 3.1.0.29) with SMTP id M2004040222505811567
    for <[email protected]>; Fri, 02 Apr 2004 22:50:58 -0600


    is this true ? or is it just a Hoax ?
     
  2. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    It is a virus laden email, delete it immediately. It doesn't mean you have the virus, more likely someone who has you in their address book has the Netsky virus
     
  3. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    no but the Mail said that i had sent a Email containing the Virus to some one else ... oh and were cna i get Hi jak this or what its called ?
     
  4. jameso321

    jameso321

    Joined:
    Jun 26, 2002
    Messages:
    176
    The Virus spoofs the sender address so if your name is on it is meaningless. Well its not conclusive I mean.


    You want HJT ? Info is below.



    Hijack This Request


    Go to http://www.spywareinfo.com/~merijn/files/HijackThis.exe and download 'Hijack This!'.
    make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log (in the security section)
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  5. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    here ... anything bad on my comp ?

    Logfile of HijackThis v1.97.7
    Scan saved at 12:12:44, on 2004-04-05
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\NORMAN\Nvc\BIN\npfmsg2.exe
    D:\Users\HemPC\Mina dokument\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38014.3167708333
     
  6. jameso321

    jameso321

    Joined:
    Jun 26, 2002
    Messages:
    176
    I do not see anything bad there.

    Make sure at least one other Tech. looks at this.

    Norman AV/Firewall sure has a lot of stuff loaded.


    If you want to do an online virus scan for the heck of it, here is info below.

    To check for a virus please visit one of the following sites for a free online virus scan. Even if you a virus scanner installed, this one gives you a second opinion, and it will be up-to-date which yours might not be.

    Symantec:
    http://security.symantec.com/ssc/lu...ie&venid=sym&plfid=23&pkj=MKDWPWFYJOKMFIDPMSV

    Trend Micro:
    http://housecall.trendmicro.com



    I think you are fine though based on that Log




    jameso321
     
  7. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    I concur, though personally I would take the creative registration and the splash screen out. ;)

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Norman ZANDA] :\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
     
  8. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    why :-S ? (what does the Splash screen do ?)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217213

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice