some prog keeps sending packets???

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

malinkie

Thread Starter
Joined
Sep 16, 2003
Messages
2
Something on my machine keeps sending on my connection and after a certain amount of time, blocks all traffic outgoing from my machine all together ??!??

Win XP
P4 2GHz
1Gig ram

---
Logfile of HijackThis v1.97.2
Scan saved at 21:23:21, on 15/09/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wins\DLLHOST.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\WINDOWS\System32\wins\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\smorrice\My Documents\Programs\Hyjack This!\HijackThis.exe

O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDD4DEB-D8EB-410A-93F8-304ABD7F8458}: NameServer = 213.120.62.104 213.120.62.97
---


Have also ran ad-aware to find problems (and there were a few).

Don't know what else to do!

Can anyone help!!!!
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,425
I don't recognize the service running here from the WINS directory, looks bogus to me! There is nothing in my WINS folder, and I really doubt a second copy of SVCHOST.EXE should be there, nor the DLLHOST.EXE.

C:\WINDOWS\System32\wins\svchost.exe
C:\WINDOWS\System32\wins\DLLHOST.EXE

I also would wonder what this is, since I also don't have one of those. I have an MSPMSPSV.DLL, and I suspect this is masquerading as that one. Interestingly enough, on W2K, I have a MSPMSPSV.EXE and not a MSPMSPSV.DLL.

C:\WINDOWS\System32\MsPMSPSv.exe
 
Joined
Jun 13, 2002
Messages
1,354
How do you guys know when something is a virus? What were ya looking for in malinkie post. I always wondered how the people here know what a virus is.
 
Joined
Mar 12, 2002
Messages
5,520
Howdy prospect...

I'm not the best here, as a matter of fact I'm probably the worst on detecting these things, what I look for is programs that don't look right, then do a google search on them ( like johnwill pointed out those two files shouldn't be loading from those directories, and all I did is do a search for \wins\DLLHOST.EXE )...
 

malinkie

Thread Starter
Joined
Sep 16, 2003
Messages
2
OK, i haven't done the virus test yet but how can you guys tell this!!! What are you looking for in the log file i passed that told you it was a virus?


Maybe i've got yo start hanging around these forums. Learn a few things.


Update...
OK. found 2 worms on the machine.

Worm MSBLAST.A
Worm NACHI.A

I'm going to look for cleanup remedies now.

Does anybody know of a good free anti virus software??
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top