[SOLVED] HELP!!!! somone has taken over my computer

[Moritz]

HELP!!! SOMEONE IS USING MY COMPUTER


Came in to my room and saw that my mousearrow was moving.
"Dameware mini remote control" was suddenly installed on my computer and
someone was using my computer.

Have taken virusscan and spy boot
Had to disconnect from internet while doing this cause my machine was
disconnected (shut down) by remote user.
When I send this he is probably "looking"

I was in contact with cookiegal two days ago with other proble(svchostss.exe

Regards Moritz





Logfile of HijackThis v1.98.2
Scan saved at 20:44:26, on 08.09.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Programfiler\Fellesfiler\Panda Software\PavShld\pavprsrv.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\pavsrv50.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SYSTEM32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
C:\Programfiler\Pop-Up Zero\Pop-Up Zero.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINNT\system32\internat.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\avciman.exe
C:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Pop-Up Zero] C:\Programfiler\Pop-Up Zero\Pop-Up Zero.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O20 - AppInit_DLLs: PAVWAIT.DLL

 

[~Candy~]

Do you see that program in add/remove?

C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE

Those two look like they may be associated.

 

[~Candy~]

http://www.pestpatrol.com/pestinfo/d/dameware_mini_remote_control.asp

More info.

 

[Moritz]

What do I do, just delete them and go to Safemodus
Im new at this

Moritz

 

[~Candy~]

I'd do the removal as outlined in the link I posted from Pest Control.

 

[Moritz]

Sorry for not replying sooner but Ive been off.
I.m fed up with windows 2000. Tried Pest control but could not remove everything.
Have had problems with 2000/viruses since I installed 2 months ago.

So what I did was install Windows Xp during the night. Hope this will be better for me.

Thank God for your FORUM so I did not install windows SP2, so hopefully no new problems there.

Thank u very much for your help and I will hopefullybe in touch again.

M

 

[cybertech]

Sorry I didn't see this sooner. But fyi Dameware records access both in your application log and in the registry. You could have figured out who was accessing your system.

 

[~Candy~]

Thanks CT. I was looking for someone to assist yesterday, but I couldn't track anyone down

 

[Moritz]

Dont misunderstand, Im very grateful for all help and it looks like you guys take a lot of time/and patience to help everybody out.

Ive been thinking of changing to XP for a long time and Im really not that much in to computers and patience I dont have.
Once in awhile I think back to the good old days when we only used a typewriter.

I will probably be back to ask for your help in other issues, and I take a peak in here everyday. You can learn alot.

Moritz