1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[SOLVED] HELP!!!! somone has taken over my computer

Discussion in 'Virus & Other Malware Removal' started by Moritz, Sep 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Moritz

    Moritz Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    13
    HELP!!! SOMEONE IS USING MY COMPUTER


    Came in to my room and saw that my mousearrow was moving.
    "Dameware mini remote control" was suddenly installed on my computer and
    someone was using my computer.

    Have taken virusscan and spy boot
    Had to disconnect from internet while doing this cause my machine was
    disconnected (shut down) by remote user.
    When I send this he is probably "looking"

    I was in contact with cookiegal two days ago with other proble(svchostss.exe

    Regards Moritz





    Logfile of HijackThis v1.98.2
    Scan saved at 20:44:26, on 08.09.2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\SYSTEM32\DWRCS.EXE
    C:\WINNT\System32\svchost.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
    C:\Programfiler\Fellesfiler\Panda Software\PavShld\pavprsrv.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\pavsrv50.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\SYSTEM32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\SOUNDMAN.EXE
    C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
    C:\Programfiler\Pop-Up Zero\Pop-Up Zero.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
    C:\WINNT\system32\internat.exe
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
    C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\avciman.exe
    C:\My Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [Pop-Up Zero] C:\Programfiler\Pop-Up Zero\Pop-Up Zero.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 3.9\THGuard.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O20 - AppInit_DLLs: PAVWAIT.DLL
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Do you see that program in add/remove?

    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\SYSTEM32\DWRCS.EXE

    Those two look like they may be associated.
     
  3. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
  4. Moritz

    Moritz Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    13
    What do I do, just delete them and go to Safemodus
    Im new at this

    Moritz
     
  5. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I'd do the removal as outlined in the link I posted from Pest Control.
     
  6. Moritz

    Moritz Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    13
    Sorry for not replying sooner but Ive been off.
    I.m fed up with windows 2000. Tried Pest control but could not remove everything.
    Have had problems with 2000/viruses since I installed 2 months ago.

    So what I did was install Windows Xp during the night. Hope this will be better for me.

    Thank God for your FORUM so I did not install windows SP2, so hopefully no new problems there.

    Thank u very much for your help and I will hopefullybe in touch again.

    M
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Sorry I didn't see this sooner. But fyi Dameware records access both in your application log and in the registry. You could have figured out who was accessing your system.
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Thanks CT. I was looking for someone to assist yesterday, but I couldn't track anyone down :(
     
  9. Moritz

    Moritz Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    13
    Dont misunderstand, Im very grateful for all help and it looks like you guys take a lot of time/and patience to help everybody out.

    Ive been thinking of changing to XP for a long time and Im really not that much in to computers and patience I dont have.
    Once in awhile I think back to the good old days when we only used a typewriter.

    I will probably be back to ask for your help in other issues, and I take a peak in here everyday. You can learn alot.

    Moritz
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/271696

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice