help....

[BAM]

i got a Email on my Hotmail from [email protected] and it contains this: A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: [email protected]
File Attachment: nothing.zip
Attachment Status: deleted

--- Original message information follows ---

From: [email protected]
To: [email protected]
Date: Fri, 2 Apr 2004 22:49:00 -0600
Subject: its me
Received: from perfectiontruss.com ([68.102.247.235])
by www.starlumber.com (SAVSMTP 3.1.0.29) with SMTP id M2004040222505811567
for <[email protected]>; Fri, 02 Apr 2004 22:50:58 -0600


is this true ? or is it just a Hoax ?

 

[putasolution]

It is a virus laden email, delete it immediately. It doesn't mean you have the virus, more likely someone who has you in their address book has the Netsky virus

 

[BAM]

no but the Mail said that i had sent a Email containing the Virus to some one else ... oh and were cna i get Hi jak this or what its called ?

 

[jameso321]

The Virus spoofs the sender address so if your name is on it is meaningless. Well its not conclusive I mean.


You want HJT ? Info is below.



Hijack This Request


Go to http://www.spywareinfo.com/~merijn/files/HijackThis.exe and download 'Hijack This!'.
make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log (in the security section)
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

 

[BAM]

here ... anything bad on my comp ?

Logfile of HijackThis v1.97.7
Scan saved at 12:12:44, on 2004-04-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
D:\Users\HemPC\Mina dokument\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38014.3167708333

 

[jameso321]

I do not see anything bad there.

Make sure at least one other Tech. looks at this.

Norman AV/Firewall sure has a lot of stuff loaded.


If you want to do an online virus scan for the heck of it, here is info below.

To check for a virus please visit one of the following sites for a free online virus scan. Even if you a virus scanner installed, this one gives you a second opinion, and it will be up-to-date which yours might not be.

Symantec:
http://security.symantec.com/ssc/lu...ie&venid=sym&plfid=23&pkj=MKDWPWFYJOKMFIDPMSV

Trend Micro:
http://housecall.trendmicro.com



I think you are fine though based on that Log




jameso321

 

[putasolution]

I concur, though personally I would take the creative registration and the splash screen out.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Norman ZANDA] :\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

 

[BAM]

why :-S ? (what does the Splash screen do ?)