1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

some prog keeps sending packets???

Discussion in 'Windows XP' started by malinkie, Sep 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. malinkie

    malinkie Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    2
    Something on my machine keeps sending on my connection and after a certain amount of time, blocks all traffic outgoing from my machine all together ??!??

    Win XP
    P4 2GHz
    1Gig ram

    ---
    Logfile of HijackThis v1.97.2
    Scan saved at 21:23:21, on 15/09/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wins\DLLHOST.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
    C:\WINDOWS\System32\wins\svchost.exe
    C:\Program Files\Opera\Opera.exe
    C:\Documents and Settings\smorrice\My Documents\Programs\Hyjack This!\HijackThis.exe

    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDD4DEB-D8EB-410A-93F8-304ABD7F8458}: NameServer = 213.120.62.104 213.120.62.97
    ---


    Have also ran ad-aware to find problems (and there were a few).

    Don't know what else to do!

    Can anyone help!!!!
     
  2. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,891
    First Name:
    Rob
  3. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I don't recognize the service running here from the WINS directory, looks bogus to me! There is nothing in my WINS folder, and I really doubt a second copy of SVCHOST.EXE should be there, nor the DLLHOST.EXE.

    C:\WINDOWS\System32\wins\svchost.exe
    C:\WINDOWS\System32\wins\DLLHOST.EXE

    I also would wonder what this is, since I also don't have one of those. I have an MSPMSPSV.DLL, and I suspect this is masquerading as that one. Interestingly enough, on W2K, I have a MSPMSPSV.EXE and not a MSPMSPSV.DLL.

    C:\WINDOWS\System32\MsPMSPSv.exe
     
  4. Jedi_Master

    Jedi_Master

    Joined:
    Mar 12, 2002
    Messages:
    5,520
  5. prospect

    prospect

    Joined:
    Jun 13, 2002
    Messages:
    1,354
    How do you guys know when something is a virus? What were ya looking for in malinkie post. I always wondered how the people here know what a virus is.
     
  6. Jedi_Master

    Jedi_Master

    Joined:
    Mar 12, 2002
    Messages:
    5,520
    Howdy prospect...

    I'm not the best here, as a matter of fact I'm probably the worst on detecting these things, what I look for is programs that don't look right, then do a google search on them ( like johnwill pointed out those two files shouldn't be loading from those directories, and all I did is do a search for \wins\DLLHOST.EXE )...
     
  7. malinkie

    malinkie Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    2
    OK, i haven't done the virus test yet but how can you guys tell this!!! What are you looking for in the log file i passed that told you it was a virus?


    Maybe i've got yo start hanging around these forums. Learn a few things.


    Update...
    OK. found 2 worms on the machine.

    Worm MSBLAST.A
    Worm NACHI.A

    I'm going to look for cleanup remedies now.

    Does anybody know of a good free anti virus software??
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - prog keeps sending
  1. Technoid1
    Replies:
    12
    Views:
    391
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165267

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice