Solved: Virus Help Please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Haligirl

Thread Starter
Joined
Jan 7, 2006
Messages
23
Hi,
I'm hoping someone can help me. I just got the internet hooked up this morning and right away a message popped up titled "Messenger Service" it says the following:

Message from SYSTEM to ALERT on 1/7/2006 8:05:46PM
CRITICAL SYSTEM ERROR DETECTED
Windows has detected a critical error in C:\WINDOWS\SYSTEM32\
KB#74232 Buffer Overrun in Messenger Service Allows Remote Code Execution
Visit www.pcspywarescan.com for Urgent Repair[/B]

This is a series of four or five different messages saying basically the same thing (ie: Windows Registry is going to crash) They have been popping up pretty much every 5-10 minutes for the past 10 hours!! I have run Spy Catcher, AVG anti virus, CCleaner, and Housecall Trend Micro.

I have no clue what else to do. My father put this computer together for me over Christmas and it was perfectly fine when I left home and now I don't know what happened to it. I don't download anything on it and basically just use it for email and word processing.

I'm hoping someone will be able to help.
Many thanks!
 
Joined
Jul 8, 2002
Messages
14,681
Go to Start>>Run>>services.msc>>OK
Right-click Messenger and choose Properties
On the General tab under Service Status, click Stop
Set Startup Type to Disabled and click Apply>>OK
NOTE: If you get an error while attempting to stop the service, skip this step and continue with the instructions​


Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here
 

Haligirl

Thread Starter
Joined
Jan 7, 2006
Messages
23
brendandonhu said:
Go to Start>>Run>>services.msc>>OK
Right-click Messenger and choose Properties
On the General tab under Service Status, click Stop
Set Startup Type to Disabled and click Apply>>OK
NOTE: If you get an error while attempting to stop the service, skip this step and continue with the instructions​


Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here
Hi Brendan,
Here is the log...thanks for your help with this!


Logfile of HijackThis v1.99.1
Scan saved at 2:08:28 AM, on 1/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\FTP.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\MMC.exe
C:\Documents and Settings\Charlotte Hansen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135619360833
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: ATIintergrated - Unknown owner - C:\WINNT\atigraphics.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 

Haligirl

Thread Starter
Joined
Jan 7, 2006
Messages
23
No more popups! Thanks so much for the help, I really appreciate it!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top