1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

iis6? Trojan? Internet newbie might need help.

Discussion in 'Virus & Other Malware Removal' started by Rennsport, Jan 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Rennsport

    Rennsport Thread Starter

    Joined:
    Jan 12, 2003
    Messages:
    3
    Wandering around in my Windows directory (OS: XP Home SP1), I came across a log file that appears to refer to something "returned from France". The log file is iis6.log and, as something of a newbie to the internet, I was concerned that some surreptitious communication was being sent from my pc to someone/thing somewhere else (trojan?). I run a reputable firewall and a highly regarded anti-virus program, both of which are kept religiously up to date. The only thing that I can think of is that it might have something to do with Microsoft's IIS "thingie"; could this possibly be the case? If anyone in the forums could put my mind at rest or help me out, I would seriously appreciate it. For reference's sake, I enclose the last entry from the log file. Again, many thanks in advance.


    [11/27/2002 0:8:53] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****].
    [11/27/2002 0:8:53] Initial thread locale=c09
    [11/27/2002 0:8:53] returned from France fix with locale c09
    [11/27/2002 0:8:53] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
    [11/27/2002 0:8:53] OC_INIT_COMPONENT:[iis,(null)] Start.
    [11/27/2002 0:8:53] OC_INIT_COMPONENT:26/11/2002 13:04:55 _____N__ 6.0.2600.1106: 6.0.2600.1106 (xpsp1.020828-1920): x86: C:\WINDOWS\System32\Setup\iis.dll
    [11/27/2002 0:8:53] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
    [11/27/2002 0:8:53] OC_INIT_COMPONENT:CmdLine="D:\microsoft\service packs\xpsp1_en_x86\update\update.exe"
    [11/27/2002 0:8:53] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
    [11/27/2002 0:8:53] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING.
    [11/27/2002 0:9:24] OC_CLEANUP:Final Check:LogFile Close.

    PS. I ran a full anti virus scan, nothing. I downloaded the excellent spybot and that gave me a clean bill of health.
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    welcome to T.S.G. rennsport.
    i think this is probably innocuous but its best to be safe.
    www.moosoft.com has a very good trojan scanner.......download,update and run the program and set your mind at ease;)
     
  3. Rennsport

    Rennsport Thread Starter

    Joined:
    Jan 12, 2003
    Messages:
    3
    Thanks for the quick response, Steve...have been broswing the forum as I was downloading the trojan scanner. Will set it up and run it now. Cheers!
     
  4. Rennsport

    Rennsport Thread Starter

    Joined:
    Jan 12, 2003
    Messages:
    3
    Steve, I've run the scanner (nice piece of work, btw) and 59 000 files later I've received the all clear (whew!). The only file that presented a problem to the scanner was C:\pagefile.sys which I assume, given that I disabled my anti virus during the trojan scan, windows "locks" for some reason. I'll keep looking into iis6.log, if only for interest's sake; if I find anything, I'll post to this thread in case some other poor sod like me is confused. At any rate, cheers for the help.
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    pagefile.sys is the widows pagefile,you will get that message every scan(win2k/xp) there is no problem with that.

    good luck mate;)
     
  6. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,886
    Rennsport,

    If you want to doublecheck your trojan check, take a look at Trojan Remover;http://www.simplysup.com/tremover/details.html

    It's free for 30 days and scans the usual places that trojans launch from, or your whole hard drive if you wish. I use The Cleaner in background and TR as a backup. If you decide to try it you must make sure you have read and understood all the instructions because it does alter files.

    Alternatively, if you're interested in what your copy of XP may be up to, look here;http://www.hevanet.com/peace/microsoft.htm
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/113186

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice