1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My poor, poor baby!!!

Discussion in 'Virus & Other Malware Removal' started by Servant of Eru, Mar 26, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Servant of Eru

    Servant of Eru Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    2,106
    Well, I've booted up my ultimate gaming rig, and I've run into several snags. First, the only problems were there was no sound, it wasn't recognizing the hardware etc. All this time, it was not hooked up to the internet, as I hadn't found the Earthlink disc yet. I finally found my old Earthlink disc, though it had never been used before. I installed the Earthlink software, connected to the internet, and before you can say lickety split, as I'm trying to find the proper drivers to get my hardware to work properly, I start getting an error message almost identical to the telltale signs of the Blaster worm....only I'd not downloaded anything other than the Earthlink settings. :mad: Could I have picked up the Blaster worm and any other virii from the Earthlink disc, or downloading the settings? :confused:

    My system specs are roughly:

    AMD Athlon 2500+ XP, Barton Core
    1 Gig Mushkin low latency overclockers RAM
    DFI Lanparty Ultra MOBO
    Radeon 9600 XT
    US Robotics 56k Modem
    Dual 120 Gig Seagate HDD
    Pioneer DVD-RW
    Optorite CD-RW
    Alps Floppy Drive
    500 Watt Powmax Modded Power Supply (Heavy as hell, it's a good'un)

    <edit>I've gone through the motions to get it to stop doing the damned restarts....Patched the baby, now I just need to get whatever other creepy crawlies off it and make my hardware and drivers work right. <edit>
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    go to http://www.thespykiller.co.uk/files/HijackThis.exe and download 'Hijack This!'.
    make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    any internet connection with an unprotected computer can expose you to various of the worms that exploit recently discovered security breaches, if you are not up to date with ALL securty patches from M$ you are at risk
     
  3. Servant of Eru

    Servant of Eru Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    2,106
    Here's my log. :(

    Logfile of HijackThis v1.97.7
    Scan saved at 7:31:13 AM, on 4/12/2002
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\msblast.exe
    C:\Program Files\ATI Multimedia\main\launchpd.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wpabaln.exe
    C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
    C:\Documents and Settings\Jimmy Griffith\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1EABAE0D-2960-4AC2-86C9-2F1208224431}: NameServer = 207.69.188.185 207.69.188.186
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    O4 - HKLM\..\Run: [windows auto update] msblast.exe


    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\System32\msblast.exe
     
  6. Servant of Eru

    Servant of Eru Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    2,106
    Is there anything else I can delete and/or fix to enhance performance? :D

    Here's my new log:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:28:42 PM, on 3/26/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Atisetup.exe
    C:\Documents and Settings\Jim\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://darkevil1.proboards27.com/index.cgi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E97C064-2433-464E-A0F9-C8DA51C319F3}: NameServer = 207.69.188.185 207.69.188.186
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    there is just about nothing ruinning except the absolute basics

    If you are going on line i would strongly advise an up todate antivirus and a firewall urgently
     
  8. Servant of Eru

    Servant of Eru Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    2,106
    That's just the thing. I can't get the #@$%^$& Windows updates to install, as there's waaaay too many of them and my connection's waaaaay too slow because I'm on 36kbps maximum. I have 74.6 MB of updates to do, and I can't even get it to stay connected due to buggy drivers that need updated for even enough time for more than 1.4 MB of them to be updated! :mad: Is there any way I can download these at my church and install them here? Or am I just totally #$%&^*. :(
     
  9. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    You should be able to download them and burn them to disk.
    ;)
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/214794

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice