The Mother Board
 trojan war Goto page Previous  1, 2, 3, 4  Next
Author Message
kltsin
Black Belt 2nd Degree

Joined: 29 Jun 2004
Posts: 2792
Location: St. Augustine, Fl

Posted: Thu Dec 23, 2004 2:59 am    Post subject:

 tribaloverkill wrote: Format. The only way to be sure.

This maybe a true post, but there is alot of things wrong with this statement.
Its not his system, to spend time backing up someone elses data will take more time than fixing the issue.

Any good tech that works on a system has a responsibility to do this.
Yes the user is at fault and most techs just tell them they screwed up, then wipe their data and tell them they should have had better security or not be so stupid and back up more often. They then sell them abunch of programs and drives to back stuff up..

This isnt a good business plan or plan for anyone, this stuff can be fixed.

Too many people here are saying reformat reinstall because of a few bugs, chances are most of the systems I fix will be infected again and again and again no matter what software, firewall you install until the user makes better choices.

Have you ever had to reinstall an old 95 or 98 system running about 500mhz? What about having to reinstall all of those updated drivers?
This is a laptop which equals specialty drivers, a HUGE pain in the but when running windows 95/98/98se/me/2k/nt
You need to reboot inbetween each at least once, it takes hours, fixing the problem is much quicker. And after a while you get good at it...

Do you guys want to reinstall everytime something isnt working like you think it should?

More importantly I wont let the bastards win, ever.
But there is a time when an infection is so deep and is filled with some nasties that you can cave in, ive done it twice in the last 3 years because it attacked norton which then would not uninstall.
If norton didnt suck so much (design wise) I would have never reinstalled.
On my home systems I do reformat maybe once a year but i back up, and always have a new mobo installed so Im different than my clientel.

PS, I also have learned how the new cws variant attacks and can do it manually in a few minutes incase the cws shredder doesnt work, but I found it does so theres no worry.
PSS: sorry for rant but this is an easy fix
snap355
Black Belt 5th Degree

Joined: 13 Sep 2004
Posts: 9257
Location: 33258

Posted: Thu Dec 23, 2004 5:57 am    Post subject:

tribaloverkill wrote:
snap355 wrote:
 colinJohn wrote: I suppose a full format and re-install is out of the question? (Sometimes is quicker and it's always safer; I realise it's not as much fun

Yes a reinstall is quicker, but then you have to restore all the games and applications and your settings and data, so it's not really time consuming anymore unless you have a ghost image

This is why you are suppose to partition your drives! C:=OS, D:=DATA, E:=APPZ, F:=WEB CACHE. This way if some shizz like this goes down all you have to do is if format your OS, APPZ, and WEB CAHCE. Your data will be untouched and you data partition is most likely the largest of the other three so you will save time formating, YES, you will have to reinstall your appz but thats the price you pay for letting something infectious get into your system.

Even if you partition your drive, your settings for Windows are lost, your programs need to be reinstalled, etc... The only thing partition gives you is data backup and such. You still have to update windows, virus, etc.
_________________
Lend a hand and help with the folding project. Come join our 33258 team!

tribaloverkill
Black Belt 1st Degree

Joined: 22 Sep 2004
Posts: 1032
Location: Mount Holly New Jersey

Posted: Thu Dec 23, 2004 6:10 am    Post subject:

snap355 wrote:
tribaloverkill wrote:
snap355 wrote:
 colinJohn wrote: I suppose a full format and re-install is out of the question? (Sometimes is quicker and it's always safer; I realise it's not as much fun

Yes a reinstall is quicker, but then you have to restore all the games and applications and your settings and data, so it's not really time consuming anymore unless you have a ghost image

This is why you are suppose to partition your drives! C:=OS, D:=DATA, E:=APPZ, F:=WEB CACHE. This way if some shizz like this goes down all you have to do is if format your OS, APPZ, and WEB CAHCE. Your data will be untouched and you data partition is most likely the largest of the other three so you will save time formating, YES, you will have to reinstall your appz but thats the price you pay for letting something infectious get into your system.

Even if you partition your drive, your settings for Windows are lost, your programs need to be reinstalled, etc... The only thing partition gives you is data backup and such. You still have to update windows, virus, etc.

Exactly:) Data back-up. You format your OS, APPZ, and WEBCACHE,... leaving the largest partition along, the data partition. You wipe everything thing else clean and then reinstall everything again. That way you dont waiste time backing anything up. I would rather do that then download this, do that, try this,... maybe this will work.

 Quote: I am not sure if this version of cwshredder gets this variant of cws, it should.

Should? The time you spend trying stuff out, waiting for answers on this forum, downloading, researching because people write new maliciouc crap everyday,... you would be done. Even if it took the same amount of time,... you did it without the headache of being frustrated.
_________________
A.C. Ryan | Thrust & HEXX
kltsin
Black Belt 2nd Degree

Joined: 29 Jun 2004
Posts: 2792
Location: St. Augustine, Fl

 Posted: Thu Dec 23, 2004 6:31 am    Post subject: umm cough cough, all good points.. but isnt this post about editing a hjt log, this is a user fixing anothers system and i do see the merits of saving data but this isnt the time or place I cant even remember who posted it anymore.. I worked pretty hard on making sure i didnt miss anything with this particular log.. would love some feedback. and a new log.
colinJohn
Black Belt 3rd Degree

Joined: 24 Jul 2004
Posts: 3430
Location: UK

 Posted: Thu Dec 23, 2004 7:08 am    Post subject: hmm - didn't mean to 'hijack' the thread. I just mentioned format as an alternative for 2 reasons 1 I have no clue about editing registry entries or tracing malware entries. I think I'll have to start reading about it. Do you know any good sites klstin? 2 I like to format and re-install about once a year anyway just to de-crap things. I like that spring clean feel. It's the only time you *know* you have no malware on your machine. Speeds everything up too. Got to allow a whole afternoon tho'_________________"that's some catch that Catch 22" "It's the best that there is"
bubbatech
Initiate

Joined: 25 Jun 2004
Posts: 83

 Posted: Thu Dec 23, 2004 6:53 pm    Post subject: this battle seems to be over. before you guys came to the rescue i read previous forums and got the tip to try 'avast' virus control. it found them in various locations(they seemed to be spreading). but it wasn't able to end it. so when i read your posts i followed the process of delete and shut down with reckless abandon; then ran avast; turned on restore. run avast and now all is well. thank you for your help again ps format would have been the easier route but i just didn't know how much back up would be required. pss also about the hjt i figured that with the trojan still present with as little running processes as possible it would be easier to trace. psss i didn't run spy subtract schredder since it is a 30 day trial it seems to me after the trial these things cause trouble. thanks again the battle is ours; but, this war goes on.
bubbatech
Initiate

Joined: 25 Jun 2004
Posts: 83

 Posted: Thu Dec 23, 2004 7:02 pm    Post subject: hjt log final Logfile of HijackThis v1.98.2 Scan saved at 7:06:59 PM, on 12/23/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\drivers\etc\rundll\winupd32.exe C:\Program Files\NetZero\exec.exe C:\WINDOWS\System32\??plorer.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM95\aim.exe C:\WINDOWS\system32\cisvc.exe C:\Documents and Settings\Tanya\Application Data\eetu.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe F:\1104\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aasly.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aasly.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EZN R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O2 - BHO: (no name) - {229FBE4F-22E5-1C6A-14A8-91F46DF45208} - C:\WINDOWS\system32\crvr.dll (file missing) O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Login] system.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [A60A3154] C:\WINDOWS\System32\fknsoz.exe O4 - HKLM\..\Run: [Windows DLL host] "C:\WINDOWS\system32\drivers\etc\rundll\winupd32.exe" O4 - HKLM\..\RunServices: [Windows DLL host] "C:\WINDOWS\system32\drivers\etc\rundll\winupd32.exe" O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - HKCU\..\Run: [Mslacyi] C:\WINDOWS\System32\??plorer.exe O4 - HKCU\..\Run: [Fggqoj] C:\WINDOWS\System32\??oolsv.exe O4 - HKCU\..\Run: [Windows DLL host] "C:\WINDOWS\system32\drivers\etc\rundll\winupd32.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [Smps] C:\Documents and Settings\Tanya\Application Data\utsd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Tanya\Application Data\eetu.exe O4 - HKCU\..\RunServices: [Windows DLL host] "C:\WINDOWS\system32\drivers\etc\rundll\winupd32.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com
kltsin
Black Belt 2nd Degree

Joined: 29 Jun 2004
Posts: 2792
Location: St. Augustine, Fl

Posted: Thu Dec 23, 2004 8:23 pm    Post subject:

 bubbatech wrote: pss also about the hjt i figured that with the trojan still present with as little running processes as possible it would be easier to trace. psss i didn't run spy subtract schredder since it is a 30 day trial it seems to me after the trial these things cause trouble. thanks again the battle is ours; but, this war goes on.

There are 2 different downloads on that page, cwshredder or cwshredder with spysubtract.

The cwshredder is free and will not expire.
http://cwshredder.net/bin/CWShredder.exe

http://www.malwarebytes.biz/
kltsin
Black Belt 2nd Degree

Joined: 29 Jun 2004
Posts: 2792
Location: St. Augustine, Fl

 Posted: Thu Dec 23, 2004 8:33 pm    Post subject: Also check the IE settings, For the SecurityTab reset to default. Delete everything in the Trusted internet sites as well. dont run 2 anti-virus programs at the same time. Pick one or the other..
Mr T
Enlightened Master

Joined: 14 Jun 2002
Posts: 16654
Location: England

 Posted: Thu Dec 23, 2004 9:47 pm    Post subject: Disable system restore, then run the AV's and removers in SAFE MODE.... However as others have pointed out doing a total reformat is the best way to clear a system of this crap... It is easy enough to back up data using a portable USB hard drive or a CDRW.. Applications are the responsibility of the customer - no discs - no applications - simple... Economics is at play here - why waste hours removing adware, viruses etc when they can return on a simple reboot, cause a system crash 'cos AV deleted a system file or a virys fragment remains corrupting files... I think I would rather spend half an hour reinstalling windows....._________________I have been programming on computers since the ZX81. I am an apprentice trained Electronics Engineer with qualifications to back it up. I have been repairing computers since 1996. Yet to some people I still know nothing...
 Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First
 All times are GMT - 8 HoursGoto page Previous  1, 2, 3, 4  Next Page 2 of 4

 Jump to: Select a forum The Mother Board----------------AnnouncementsIndustry News And ReviewsMotherboards.org Folding TeamForum Problems/ErrorsTest ForumMBHW Q&A Hardware/Software----------------GeneralMotherboard Identification ForumRecommendationsTech SupportBIOSBuy, Barter, SellGamesNetworkingOperating SystemsProgrammingVirus/Spyware/Security General Discussion----------------The Water CoolerThe Hundred Year War Modding----------------Overclockers AnonymousGeneral Modding TalkSystem ModsModding Work logsModding GalleryModding QuestionsMembers Modding GuidesResource DatabaseCooling Tips and Tricks Motherboards.org Web Site----------------Articles & ReviewsErrors/ProblemsSite Feature RequestsMBHW Contests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum