1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Win 95 socket error 10048

Discussion in 'Virus & Other Malware Removal' started by psbuilder, Jan 25, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    Have nagging window opening repeatedly and grabbing mouse displaying "windows socket error (10048) on API "bind"' Found responce in forum for same problem saying to "set local port property to zero etc. including "place the code just before the line that does the connect" . Unfortunately this is all "greek" to me. Is this a prblem caused by virus and if so does the proposed solution fix the problem. How exactly do I follow the instructions proposed if I don't "get them". Can't I just go to a website and let Microsoft access my windows system and patch in a fix.
    Too tech for "just a user'
    PS BUILDER
     
  2. brianF

    brianF

    Joined:
    Dec 2, 1999
    Messages:
    12,041
    I know very little about it only that it can be caused by bad visual basic code or virus.

    Basically two devices are trying to use the same port on the computer.

    I would go run the online virus scan at http://housecall.antivirus.com/housecall/start_corp.asp
    to see if it is virus related.

    Hopefully some else who knows for sure will come along.
     
  3. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    Thanks: houscall does show but cannot fix a few troj virus which were not identified by AVG scan. these may be the cause; also removed worm hybris.m; but win problem remains.
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  5. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    RR: More good advise, no; i did not replace wsock and frankly am not sure I can follow the directions to do so. Will mess around a bit and try as prescribed. Thanks
     
  6. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    R R: just read rest of you post the other stuff identified ny houscall were: Troj Net Dev.SVR, Troj Network.A., JS Exception.Gen, and Troj Task Reg.A (cleaned)
     
  7. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    Further update ; have downloaded "the cleaner" it identified and "corrected" Net Devil " found however net devil keeps reappearing and the cleaner seems to be duplicating itself then hanging. Lots of disease here.
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN

    http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETWORK.A

    I'll have to look further on some of the others.

    Let us know what files are infected that couldn't be cleaned. You can probably delete them, but we should know what they are first.

    I'm going to move this to the AntiVirus Forum for further follow-up.

    http://home.earthlink.net/~rmbox/Reticulated/Toys.html

    Download the startuplog.zip file from the site above. Unzip and run startuplog.com. Copy/paste startuplog.txt (not stubbpaths.txt) in your next reply.

    Net Devil is a very recent trojan. I can't get any manual removal instructions. But I can probably nail it with the use of the startup log. It may be reloading through the use of a winstart.bat file. Startuplog will show all.
     
  9. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    JUst a further update before I crash. eartlink start up zip seems to have been attacked and is showing file has been changed then when i chooose ignore Flags illegal operation file closed.
    The cleaner seems unable to completeafull clean cycle but is notifying me of warnings about files changing. Time out for now.
    system says " please...... doonn't ....... dooooo...... thhhhiiisssss............daaaaaaaaaaaaavvvvvvv
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Try the unzipped version on this page. Usually requires IE to download.

    http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html

    Do a Find Files for Winstart.bat, if you have the file, just delete it. It's being used lately only for loading trojan files and crashing scanners like Moosoft and Norton

    Try running Moosoft in safe mode. Ctrl key on startup>startup menu>safe mode.
     
  11. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    start uplog copy paste as followss below; Don't understand how to instructions to start in safe mode for rerun moosoft.
    ---------- C:\WINDOWS\desktop\StartUp.Log

    Start-Ups checked at 01-26-2002 10:37:43.18a
    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log for Windows 95/98 - Freeware by rmbox
    __________________________________________________________________________
    __________________________________________________________________________

    Comments:

    This is a log of all the programs on your computer that
    are starting automatically every time you start Windows.
    Using this log can be a quick way to spot trojans.

    StartUp Log (version 1.54) - Release Date 12/12/2001

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SystemTray"="SysTray.Exe"
    "AtiKey"="Atikey32.exe"
    "ATIGART"="c:\\ati\\gart\\atigart.exe"
    "AtiCwd32"="Aticwd32.exe"
    "AtiQiPcl"="AtiQiPcl.exe"
    "BrowserWebCheck"="loadwc.exe"
    "AtiPTA"="Atiptaxx.exe"
    "EM_EXEC"="c:\\logitech\\mouse\\system\\em_exec.exe"
    "LoadQM"="loadqm.exe"
    "SaveNow"="C:\\Program Files\\SaveNow\\SaveNow.exe"
    "QuickTime Task"="C:\\WINDOWS\\SYSTEM\\QTTASK.EXE"
    "AVG_CC"="C:\\PROGRA~1\\GRISOFT\\AVG6\\avgcc32.exe /STARTUP"
    "tcactive"="C:\\PROGRA~1\\THECLE~1\\tca.exe"
    "tcmonitor"="C:\\PROGRA~1\\THECLE~1\\tcm.exe"


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ATI Launchpad"=""
    "Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"


    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "ATIGART"="c:\\ati\\gart\\atigart.exe"
    "Avgserv9.exe"="C:\\PROGRA~1\\GRISOFT\\AVG6\\Avgserv9.exe"


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file

    run=lxdboxcp.exe

    load=

    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    @C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
    rem - By Windows Setup - MSCDEX.EXE /D:WIN95001 /L:E

    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    C:\WINDOWS\Start Menu\Programs\StartUp\Desktop Application Director.lnk

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder


    *(No start-ups found)*

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders


    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -=========================-
    HKU (.Default) Run - Registry
    -=========================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
    "ATI Launchpad"=""
    "Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"


    -==============================-
    HKU (.Default) RunOnce - Registry
    -==============================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    -================================-
    StubPaths - Registry (Partial Listing)
    -================================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "StubPath"=""
    "StubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "StubPath"="\"C:\\Program Files\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
    "StubPath"="\"C:\\Program Files\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

    -=================-
    DOSSTART.BAT File - (c:\windows\dosstart.bat)
    -=================-

    MSCDEX.EXE /D:WIN95001 /L:E
    c:\logitech\mouse\mouse.exe



    -=========================-
    ICQ Inet Registry StartUp
    -=========================-

    Shows applications that start when connected to Inet


    [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps]
    "Launch Browser"="No"


    -=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-


    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    TMP=C:\WINDOWS\TEMP
    TEMP=C:\WINDOWS\TEMP
    winbootdir=C:\WINDOWS
    PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    COMSPEC=C:\WINDOWS\COMMAND.COM
    windir=C:\WINDOWS


    ==========================================================================
    __________________________________________________________________________

    - End -
     
  12. psbuilder

    psbuilder Thread Starter

    Joined:
    Jan 24, 2002
    Messages:
    8
    R.R. I don't exactly which of the many efforts have fixed (for now?) the problems; But housecall identified two (non cleanable) troj today incl. Troj Net.Svr in windows temp file which I deleted, and Troj Network A on program file morpheus which I deleted.
    Last night anti virus programme was dualling unsuccessfuly with net devil. I did download sytartuplog as above if its of any interest, and this was before deleting toj's. All seems OK for now ; \
    with thanks to all "psbuilder"
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Looks virus/trojan clean. Only real bugger there is SaveNow a piece of "spyware" installed with something you downloaded (perhaps Morpheus). I would strongly recommend you go to Add/Remove programs and remove it. There may be other "spyware" apps hidden as well, usually where there's one there is others, not all show as running tasks. If you want to detect and clean spyware, install Ad-Aware from lavasoft.

    http://www.lavasoftusa.net/

    Also download the current signature list (reflist.zip). Unzip and copy it to the Ad-Aware programs folder to overwrite the existing sig file. When running Ad-Aware, configure it to scan all drives on which you have installed programs, memory, and deep regisgtry. Check what it finds and click "make backup", then Finish. Reboot afterwards.

    You also have some lexmark related printer entries to be found in Win.ini and System.ini. They can be removed with out ill effect and may resolve any printer conflicts that might occur for you.

    http://www.micro-solutions.com/tech_support/printer_comp/lexmark6.html

    Glad to hear that all is well. I'll mark your thread "Resolved" unless you indicate further.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/66404

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice