1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unknown worm

Discussion in 'Virus & Other Malware Removal' started by comeaugn, Oct 31, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. comeaugn

    comeaugn Thread Starter

    Joined:
    Sep 21, 2002
    Messages:
    21
    I got a new machine from Fry Electronics. In my wisdom I chose Fry's own brand, "Great Quality". In trying to install my DSL modem I got a worm that I can't identify or fix. My DSL connection is running now (sort of). When I connect I can go for about 1-2 minutes before I get the "page not found" screen. When I try to get Task Manager I get, "The application failed to initialize properly (oxc0000017). Click on OK to terminate the application."

    I have tried to run 3 different antivirus programs and none of them detect a problem. I can't connect to download new virus definitions. I have run Adaware and Spybot and they both indicate things are OK.

    This is the HijackThis log:

    Logfile of HijackThis v1.97.3
    Scan saved at 8:07:56 PM, on 10/31/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\system32\ZoneLabs\vsmon.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\INTEL\DSLSetup\ProDsl.exe
    I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    I:\WINDOWS\System32\wuauclt.exe
    I:\Documents and Settings\Dad\Desktop\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DSL Connection Manager] I:\Program Files\INTEL\DSLSetup\ProDsl.exe
    O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [WebScan] I:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
    O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37915.8453125


    Any ideas?

    Gil
     
  2. Vilhon

    Vilhon

    Joined:
    Oct 31, 2003
    Messages:
    5
    Shot in the dark, but I've seen this a few times. Try disabling Zonealarm, and see if your connection returns. I've seen Zonealarm freak out a few times; and frequently on WinXP (which, by default) has it's own firewall.
     
  3. IMM

    IMM Malware Specialist

    Joined:
    Feb 1, 2002
    Messages:
    3,259
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    This needs to go too:

    O4 - HKLM\..\Run: [WebScan] I:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k

    restart and delete:

    The C:program files\Accelleration software folder
     
  5. comeaugn

    comeaugn Thread Starter

    Joined:
    Sep 21, 2002
    Messages:
    21
    I tried all the suggestions. I am posting the new hijackthis log. I still have the same symptoms. I should mention that frequently during this process I get a big blue screen which says that a device driver is a problem. The only device driver I have installed is for Intel3200 dsl modem. Also one of the times it quit (to the BSOD) Zonalarm said svchost was trying to access the internet. I know this can be a legit file that is used by a worm. Thank you all for your help so far. Any more ideas?

    Gil
     
  6. comeaugn

    comeaugn Thread Starter

    Joined:
    Sep 21, 2002
    Messages:
    21
    Forgot:

    Logfile of HijackThis v1.97.3
    Scan saved at 4:41:35 PM, on 11/1/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\INTEL\DSLSetup\ProDsl.exe
    I:\WINDOWS\System32\wuauclt.exe
    I:\Documents and Settings\Dad\Desktop\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DSL Connection Manager] I:\Program Files\INTEL\DSLSetup\ProDsl.exe
    O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\System32\\NeroCheck.exe
    O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37915.8453125
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/176076