1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Uh-oh...

Discussion in 'Virus & Other Malware Removal' started by Alayna, Oct 13, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Alayna

    Alayna Thread Starter

    Joined:
    Sep 15, 2003
    Messages:
    4
    Please help!:)

    Recently, I've been having issues with my computer again. :( The problem this time is that IE runs terribly slow, and downloads from Kazaa are next to impossible to complete because they're so slow. I have a 525 mhz processor in my computer, and am hooked up to DSL, so this should not be happening..I used to be able to load pages in no time.

    I ran virus scan on my computer, and it found two files infected with the PE Hantaner A virus. I cleaned and deleted these files...but I was wondering if there is anything else I need to do in order to get the virus out of my system and more permanently keep it away? Is this the reason my computer's internet connection has been so very slow?

    Thanks so much in advance!:)

    *~ Alayna
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Hi Alayna, Welcome to TSG.

    First, dump KaZaa. It's full of spy/mal ware and downloads all sort of crap onto your system.

    KaZaa Lite is an alternative:

    http://doa2.host.sk/

    Second, because of KaZaa, who knows what's on your pc. Go here and donload Hijack This and follow the instructions for scanning your system and then posting the scan log here so folks can take a look,


    http://www.tomcoyote.org/hjt/

    :)
     
  3. Alayna

    Alayna Thread Starter

    Joined:
    Sep 15, 2003
    Messages:
    4
    Hello there...:)

    Thanks so much for your help! I ran the HiJackThis program, and here is my log file:

    Logfile of HijackThis v1.97.3
    Scan saved at 7:00:52 PM, on 10/14/2003
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [HP DLA] "C:\Program Files\HP DLA\dlatray.exe" /t
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HP CD-DVD] C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MS Updates] C:\DOCUME~1\ALAYNA~1\LOCALS~1\Temp\aupd.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot
    O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    What is the difference between KaZaa and KaZaa Lite? I am a big fan of MP3's, so that is why I haven't deleted the program yet, even though the pop-ups slow down my system.

    Thanks ever so!

    *~ Alayna
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Hi Alayna.....the only difference between KaZaa and KaZaa Lite is that the Lite version has all of the spy/ad/mal ware stuff removed. You'll be better off without it.

    If you decide to switch, use this application to remove Kazaa before downloading the Lite version:

    http://www.majorgeeks.com/download.php?det=3446


    Okay, now onto your log. It actually looks pretty good. You can have HJT fix the following items. Close your browser, check the items in HJT, click fix.

    Reboot.


    R3 - Default URLSearchHook is missing


    O4 - HKLM\..\Run: [MS Updates] C:\DOCUME~1\ALAYNA~1\LOCALS~1\Temp\aupd.exe


    ...after rebooting, delete the following file:

    aupd.exe


    Not sure this is cause of your sluggishness, so post back.

    :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171750

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice