1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Dial up connection "talking" to something??

Discussion in 'Virus & Other Malware Removal' started by Airmapper, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    First off, nice boards. I've been looking for computer help, and found this board and decided to give it a try.

    I have recently installed Win 2000 Pro on my Thinkpad, it was an "Upgrade" type installation. To my great surprise, it works well on the older notebook and I like it much more than 98.

    I have Dial-up Internet, and when connecting it seems to work fine. I log into my ISP server and it will even browse sites. The problem is forces unknown are using my connection. I only have 24k speed, and with something interfering it is near impossible to use the Internet. I set up the connection without any browser open, and it is transferring data at full speed, both sending and receiving, without any prompting.

    It sounds to me like a virus or spyware problem, but I find it improbable as it has had extremely limited contact with the Internet. I also considered an automated update program but cannot find anything.

    Any help is appreciated, I have no experience with Win 2000, limited experience with XP, and lots of experience with Win 98SE.

    Thanks in advance.
     
  2. chardin

    chardin

    Joined:
    Apr 10, 2006
    Messages:
    55
    Could possibly be Windows Update downloading the latest security and software upgrades.
    Hard to say really, could be anything
     
  3. win2kpro

    win2kpro

    Joined:
    Jul 19, 2005
    Messages:
    11,670
    Go to http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5 to download the HijackThis self installer.

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch HijackThis.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

    After the log is displayed one of the software guru’s will have a look at it and advise you what actions need to be taken.
     
  4. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    Thanks, here is the information requested.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:21:48 AM, on 7/29/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
    C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
    C:\WINDOWS\system\mstask.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\tp4mon.exe
    C:\Program Files\Microsoft Office\Office\Findfast.exe
    C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
    C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.<myISP>.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.<myISP>.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\mwcpyrt.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Global Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.logantele.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154050226855
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
    O23 - Service: Windows Task Scheduler (MSTASK) - Unknown owner - C:\WINDOWS\system\mstask.exe
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE


    I'll also add that I get prompted for a Internet connection on windows startup, it is persistent and asks me 3-4 times again after hitting cancel.
     
  5. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    Your boards are pretty active, it fell off the page, Bump.
     
  6. win2kpro

    win2kpro

    Joined:
    Jul 19, 2005
    Messages:
    11,670
    Are you running a antivirus program? I don't see any listed. If you don't have one, you should install an antivirus program and scan your machine.

    Also, I would go to http://www.majorgeeks.com/Ad-Aware_SE_Personal_d506.html and download and install Ad-Aware. After you install Ad-Aware, launch the program and click on "check for updates now". Let the program update then launch the program, click next then check "perform full system scan" and then click next again and let Ad-Aware scan your machine. You can safely delete anything it finds.
     
  7. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    Ad-Aware found Alexa on there! Not completely sure what it is, but I know it's bad. I haven't exposed this laptop to the internet but for a brief period. I'm fixing to put Avast on it, but a 10MB download is making me cringe as I have 24k Dial up.

    I connected it to the internet after my scan and it still my connection will not go slack, it is constantly communicating. An attempt to update Ad-Aware failed, it is at a standstill.

    Right now my plan is to get Avast on there and scan it with that. After that I need the software guru's to help me out.
     
  8. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    I have noticed I get 4 connection prompts on startup before the desktop icons come up. Is this just something Win 2000 does, or is something wanting a connection, possibly the program eating up my bandwidth.
     
  9. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    Well, I have made some progress. I'm using the Thinkpad to post this, so obviously I can use the internet now.

    Avast found two Trojan viruses, where they came from I don't know. I just updated the database and am preparing for another scan.

    The connection still will not go slack, it is constantly sending and recieving data.
     
  10. win2kpro

    win2kpro

    Joined:
    Jul 19, 2005
    Messages:
    11,670
    The software guru's seemed t have missed this thread. Why don't you do an online malware scan at http://www.ewido.net/en/

    The online scan is just on the left hand side of the opening page.

    After the scan completes, save a copy of the results and if it doesn't solve your problem click on the red triangle in the upper right hand corner of the post (just to the right of the post #) and ask a mod to move this thread to security and maybe one of the guru's will find it faster.

    If they don't move it to security they will move it somewhere where you can get some help.
     
  11. fatbobthefirst

    fatbobthefirst

    Joined:
    May 24, 2006
    Messages:
    324
    Someone did mention about the Update Mgr.
    See if you have this stuff running.
    In the Windows Task Manager see if you have wgatray.exe
    I didnt see it in your Hijack this.
    But it does sound like the WGA non Genuine Windows.
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG 7 install it, check for updates and run a full scan

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
    ========================
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  13. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    Thanks for the assistance, I'll post back with the results.

    I installed Avast, and it found several viruses, and Spybot found several items. I thought for a short while that I had them cleaned off, I had normal activity on the connection, but it has returned. I ran a full sweep of anti malware programs, (namely Stinger, Ad-Aware, Spybot, and Avast.) and I turned up clean, but I suspect I still have a bug.

    I'll try the other AV programs, and if that doesn't help I'll go with win2kpro and see about moving the thread to a more appropriate board.
     
  14. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    I'm back with the info.

    Hereis what Ewido had to report:
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    e w i d o a n t i - s p y w a r e - S c a n R e p o r t
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    + C r e a t e d a t : 1 1 : 0 7 : 2 0 P M 7 / 3 1 / 2 0 0 6
    + S c a n r e s u l t :

    C : \ D o c u m e n t s a n d S e t t i n g s \ <my Name> \ L o c a l S e t t i n g s \ T e m p \ p f s v g a e . s y s - > B a c k d o o r . G e n l o t . D X : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

    C : \ W I N D O W S \ S Y S T E M \ _ _ d e l e t e _ o n _ r e b o o t _ _ m _ s _ t _ a _ s _ k _ . _ e _ x _ e _ - > B a c k d o o r . S d B o t . x d : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ c o m [ 1 ] . t x t - > T r a c k i n g C o o k i e . C o m : C l e a n e d .
    : : R e p o r t e n d

    And Hijack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:12:52 PM, on 7/31/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
    C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system\mstask.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\tp4mon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office\Findfast.exe
    C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my ISP>.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.<my ISP>.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\MANAGER\mwcpyrt.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Global Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.<my ISP>.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154050226855
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
    O23 - Service: Windows Task Scheduler (MSTASK) - Unknown owner - C:\WINDOWS\system\mstask.exe (file missing)
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
     
  15. Airmapper

    Airmapper Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    56
    Whatever it is I don't think it's gone yet, the connection is still sending info without my prompting.

    I'm going to ask that the thread be moved.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Dial connection
  1. dtall
    Replies:
    0
    Views:
    591
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487394

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice