KWSN Orbiting Fortress Forum Index KWSN Orbiting Fortress
KWSN Distributed Computing Teams forum
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Desperate woman seeks valiant Knight for strange problem
Goto page 1, 2  Next
 
Post new topic   Reply to topic    KWSN Orbiting Fortress Forum Index -> Ye Olde Help Scrolls
View previous topic :: View next topic  
Author Message
Michelle
Moistened Bint
Prince


Joined: 28 Oct 2004
Posts: 10232
Location: At my desk

PostPosted: Wed Jan 12, 2005 9:29 am    Post subject: Desperate woman seeks valiant Knight for strange problem Reply with quote

Something strange is going on with my computer. I've done everything I can think of over the last couple of days and it's driving me crazy.

A few days ago I discovered that my 13 year old has accessed some sights that he is way tooooooo young to see...so I became very vigilant. Banned the kiddies from using Internet Explorer because we were getting porn popups. Embarassed Think I've managed to get rid of those, but I realised yesterday that our ISP dial-up number is being changed to an international number. This happens at random while on the computer, but is always there when the computer is restarted. I've actually had it happen a few times while I've been online, so I have to keep the network connections dialogue box open and be ready to disconnect if it changes over. Mad I have no idea how long this has been happening or how many hours we've run up on some strange international number and I am dreading the next phone bill. Shocked
I have the XP firewall, ZoneAlarm, Spybot, Ad-Aware and now Microsoft Anti[spyware programs installed and running. I run Norman Virus Control, and use online virus scans at Symantec, Trend Micro and Panda ActiveScan. The only virus scan that has picked anything up so far is Panda when it picked up

Quote:
Incident Status Location

Virus:Trj/Aders.B Disinfected Operating system
Virus:Trj/Aders.B Renamed C:\WINDOWS\system32\vbsys2.dll

The system was supposedly disinfected when restarted. I did the Trend Micro and Symantec scans after that and they didn't pick anything up. I'm doing Panda again now and it's all looking okay. I did the Symantec security check and everything was good there. I've also downloaded I don't know how many patches and fixes from Windows update since yesterday. Confused
Microsoft AntiSpyware picks up 2 instances of SearchSquire every time I run it. AdAware is only picking up negligible objects. Spybot picks up 5 DSO Exploits every time I run it. I remove all these objects but they are always back again the next time.
Does anybody know what could be going on with this machine, and does anybody have any idea at all what could be causing my dial-up number to change to 00112463472953 instead of what it should be?
Shocked
_________________
My brain hurts.
Jammy's Brain Donor.



[img]http://www.katrinashome.com/KWSN_Michelle_counter.php[/img]
Back to top
View user's profile Send private message
Sir Hamster of Elderberry
KWSN ArchBishop
KWSN ArchBishop


Joined: 20 May 2002
Posts: 5117
Location: Beer City, Cheese Quadrant

PostPosted: Wed Jan 12, 2005 10:11 am    Post subject: Reply with quote

I'm no expert, but my guess is that some sort of trojan "browser plug-in" is causing this problem. At least that's what MY teenager did to our computer at home. Rolling Eyes If this is installed as a browser plug-in, then it is re-installing itself every time you start up your browser.

I used a program called "HijackThis" to remove the unwanted plug-ins.
http://www.spychecker.com/program/hijackthis.html

Caution, this is not particularly simple to use, and you can remove things you don't want to remove quite easily. The program will give you a listing of all your browser plug-ins. If you have trouble figuring out what needs to be removed, then post that log here, and we can probably help you identify the troublemakers. (There are also many newsgroups of people who specialize in this sort of thing.)

If you haven't done so already, you should run a complete virus scan in Safe Mode too. Look for and uninstall any programs your teenager may have installed recently too, some of these Spyware programs come bundled with other things (like music sharing).

ni! i!u
Back to top
View user's profile Send private message Visit poster's website
Michelle
Moistened Bint
Prince


Joined: 28 Oct 2004
Posts: 10232
Location: At my desk

PostPosted: Wed Jan 12, 2005 10:38 am    Post subject: Reply with quote

Thanks, Sir Hamster. I downloaded and ran HijackThis and now have a huge log file. I recognise a lot of the stuff on it but I'm not technically savvy enough to know which of the other things might be causing problems.
I know my son has downloaded some music recently, and he's also downloaded a game creator program.

Anyway, here's the huge log file...

Quote:
Logfile of HijackThis v1.99.0
Scan saved at 1:27:37 AM, on 13/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\acer\KnobService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
C:\acer\KnobMonitor.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\Program Files\MagicKey\MagicKey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\usbn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SETI@home\SETI@home.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\MagicKey\OSD.EXE
C:\Program Files\Open Office\program\soffice.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_4.08_windows_intelx86.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://au.yahoo.com/"); (C:\Documents and Settings\Michelle\Application Data\Mozilla\Profiles\default\jp3xh3p9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Michelle\Application Data\Mozilla\Profiles\default\jp3xh3p9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SSER] sser.exe
O4 - HKLM\..\Run: [StopHS] stopHS.bat
O4 - HKLM\..\Run: [Aspire Schedule] C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c110 -w
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\Open Office\program\quickstart.exe
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099453254622
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14CF0BF1-50CD-46F0-B431-A45ACC42DA8C}: NameServer = 203.2.75.132 198.142.0.51
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Knob Service - Acer Inc. - c:\acer\KnobService.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Thread Master - http://threadmaster.tripod.com - threadmaster@europe.com - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


I appreciate all the help I can get at the moment.
_________________
My brain hurts.
Jammy's Brain Donor.



[img]http://www.katrinashome.com/KWSN_Michelle_counter.php[/img]
Back to top
View user's profile Send private message
Sir Hamster of Elderberry
KWSN ArchBishop
KWSN ArchBishop


Joined: 20 May 2002
Posts: 5117
Location: Beer City, Cheese Quadrant

PostPosted: Wed Jan 12, 2005 10:40 am    Post subject: Reply with quote

Sir Hamster of Elderberry wrote:
I'm no expert, but my guess is that some sort of trojan "browser plug-in" is causing this problem. At least that's what MY teenager did to our computer at home. Rolling Eyes If this is installed as a browser plug-in, then it is re-installing itself every time you start up your computer.

I used a program called "HijackThis" to remove the unwanted plug-ins.
http://www.spychecker.com/program/hijackthis.html

Caution, this is not particularly simple to use, and you can remove things you don't want to remove quite easily (things critical to proper functioning!). The program will give you a listing of all your browser plug-ins, start-up software and services. If you have trouble figuring out what needs to be removed, then post that log here, and we can probably help you identify the troublemakers. (There are also many newsgroups of people who specialize in this sort of thing.)

If you haven't done so already, you should run a complete virus scan in Safe Mode too. Look for and uninstall any programs your teenager may have installed recently too, some of these Spyware programs come bundled with other things (like music sharing).

ni! i!u


Oops Embarassed I was editting my post and ended up quoting my edits .. some computer whiz I am ... Embarassed
_________________
-- Have you seen my goat?
Back to top
View user's profile Send private message Visit poster's website
Sir Hamster of Elderberry
KWSN ArchBishop
KWSN ArchBishop


Joined: 20 May 2002
Posts: 5117
Location: Beer City, Cheese Quadrant

PostPosted: Wed Jan 12, 2005 11:08 am    Post subject: Reply with quote

wow. that a lot of stuff ... Sad

Here is the general process, try to classify everything on this list as:
1) Something you recognise as friendly and/or essential.
2) Something you have no idea what it is.
3) Something that has some similarity to the URLs your computer is being redirected to.

This THREADMASTER looks very suspicious, I'm guessing it's a 3. Unless you know what it is, kill it.
Active process - kill it in the Task Manager before you try to remove anything, then have Hijack This remove it for you:
O23 - Service: Thread Master - http://threadmaster.tripod.com - threadmaster@europe.com - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe

Trouble, trouble, trouble!!!
O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe
(kidding! It's a 1. Very Happy)

This log raises more questions than I can answer, so hopefully someone else will bail us out (hint hint).
Back to top
View user's profile Send private message Visit poster's website
Cohiba
Prince
Prince


Joined: 13 Jul 2004
Posts: 1721
Location: A tabbaco plantation

PostPosted: Wed Jan 12, 2005 1:12 pm    Post subject: Reply with quote

After the spyware infection I had to deal with today, I'd say sometimes it is easier to copy off any files you might need wipe the system and start over..
_________________
Smoke-em if you got-em I do..
Back to top
View user's profile Send private message Visit poster's website AIM Address
KWSN Sir CADCAM
hoser
hoser


Joined: 27 Sep 2002
Posts: 7498
Location: South of Nunavuut

PostPosted: Wed Jan 12, 2005 1:21 pm    Post subject: Reply with quote

You should also run CWShredder which you can download here:- http://www.download.com/3120-20_4-0.html?qt=cwshredder&tg=dl-2001
_________________
KWSN Sir CADCAM of the Wooden Rabbit
"Semper In Excrementa" "Hominem Iniocosum Non Diffidite"
"Cîam en des sterko" "Havi ne malesperi personoj kiu havi ne kompreno humuro"
Back to top
View user's profile Send private message
jbyram2
Prince
Prince


Joined: 23 Jun 2004
Posts: 7129
Location: NMoP EpISdn

PostPosted: Wed Jan 12, 2005 1:26 pm    Post subject: Reply with quote

Can't help. I've been reading your hijack log over lunch, and googling anything suspicious, but havn't found anything.

Threadmaster seems to be a CPU utilization monitor program, not unusual for DC.

She also has a variety of nvidia and ATI stuff loaded, as if she changed cards several times.

Spywarefighting stuff, like she was saying.

On win98, "msconfig" would list any services that run at startup.m Is there a equivalent for XP?

It does seem that C:\WINDOWS\System32\vbsys2.dll is missing, it was renamed as part of the Trj/Aders.B infection cleanup. Has that been fixed?

One thing to try is to set Zonealarm to notify when anything tries to access the internet, and see what is doing it. At least the things can't call home and reinstall themselves + their friends.
_________________
0.0 Giggly hertzes Folding!
Go Diskless..Pure computing elegance, no frills


The brain I'm wearing makes me eat chocolate and cry!!
Something Completely different
Back to top
View user's profile Send private message Visit poster's website
Cohiba
Prince
Prince


Joined: 13 Jul 2004
Posts: 1721
Location: A tabbaco plantation

PostPosted: Wed Jan 12, 2005 1:56 pm    Post subject: Reply with quote

I also went through the log and looked stuff UP, man girl you have a lot of crap loaded on that pc again i'd start fresh, but everything I looked up is not spyware, so either a website you visit or program that is not running changes your number.

I mean just from the log alone it looked like you were running 2 different virus scanners. 3 different spyware programs.

So far with SP2 and windows xp the infection rate of spyware has gone down drasticly at work. Also we don't turn off the active x blocker and popup blocker on SP2. Wish ya luck but again with all the stuff possibly conflicting on there i'd take your files and reload the computer.
_________________
Smoke-em if you got-em I do..
Back to top
View user's profile Send private message Visit poster's website AIM Address
djsmiley2k
Knight
Knight


Joined: 16 Aug 2004
Posts: 39
Location: Coventry, UK

PostPosted: Wed Jan 12, 2005 2:21 pm    Post subject: Reply with quote

c:\acer\KnobService.exe < spyware or oddnaming?
_________________
Smiley
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
Fart in your gen direxion
I am the goatse.cx guy
Prince


Joined: 24 May 2002
Posts: 2022
Location: Regrettably for you, I'm Upwind in Upstate N.Y.

PostPosted: Wed Jan 12, 2005 4:24 pm    Post subject: Reply with quote

Knob Service Shocked ?!

Mildew knows all about that Razz !

#ni-2
Back to top
View user's profile Send private message Visit poster's website
Sir Latch
Dutchubus
Prince


Joined: 30 Oct 2004
Posts: 2394
Location: Closer than you want (Arbutus, MD)

PostPosted: Wed Jan 12, 2005 8:37 pm    Post subject: Reply with quote

I still recommend Pest Patrol.... I have posted about it on the forums before... let me see if I can find the original thread...



Okay... different problem but I would recommend you try a similar the same solution... here is the Original Thread

Good luck!
_________________
Sir Latch of the Highlands
Bewarer of the Loonies
I visited the castle in the swamp and all I got was this alpaca scarf... *BURP*
The general rule about people on IRC seems to be: Attractive, Single, Mentally Stable... choose two.
Back to top
View user's profile Send private message
Michelle
Moistened Bint
Prince


Joined: 28 Oct 2004
Posts: 10232
Location: At my desk

PostPosted: Wed Jan 12, 2005 9:53 pm    Post subject: Reply with quote

I was online before to check the replies, and while I was switching from the Valiant Knight thread to the Gorge...the dial-up number changed in front of my eyes so I disconnected.
I've taken a couple of things off with HijackThis - to do with programs I don't have any more. Some of the stuff is multimedia stuff. This computer is an Acer Aspire multimedia thingy so it can be used as a tv or radio as well, that's what knobmonitor etc is for. lol
I've also just signed up with another ISP to see if that makes a difference. It probably won't, but I've been wanting to go back to this ISP for a while now because they were heaps better than my current one.
I took off my son's recently downloaded music and game creator but that didn't make any difference. I'm debating whether to uninstall Netscape and then reinstall it, but I've got so much email in the mail program to catch up on that I don't really want to do that.
As for Cohiba's suggestion of wiping everything off - I don't know. I've had to do that twice over the last six months for other problems and I really don't want to have to do that again.
I'll check out Pest Patrol and see what happens. Smile
Anyway I'll go through that log again, and repost the amended one with only the stuff I don't know.
I'll be later to check it out more - off to do some shopping now.

Thanks, guys. Smile You're great! Very Happy

p.s. ThreadMaster is a BOINC add-on. It keeps the power usage down a bit so that BOINC isn't always using all the available resources.
_________________
My brain hurts.
Jammy's Brain Donor.



[img]http://www.katrinashome.com/KWSN_Michelle_counter.php[/img]
Back to top
View user's profile Send private message
KWSN - Den Store Mester
Princess


Joined: 20 May 2002
Posts: 705
Location: Danish kvadrant, Greater Copenhagen area, formerly of the Orion Beltway

PostPosted: Thu Jan 13, 2005 2:29 am    Post subject: Reply with quote

I can give zero input to the promblem solving, but I have downloaded hijack and run it on the komputer at the home-matrikel. Seem as if I have been good at keeping the babarians from the door, I will go on a skiing holiday tonight, upon my timely return I will go through the log line by line.

#ni-1

P.S. I do not need artificial knobcontrol
_________________
NI! NI! NI!
KWSN - Den Store Mester
Back to top
View user's profile Send private message
Mr. Snrub
Prince
Prince


Joined: 20 May 2003
Posts: 1916
Location: Someplace far away...yes, that'll do.

PostPosted: Mon Jan 17, 2005 9:07 am    Post subject: Reply with quote

Are you using the latest versions complete with updates? One of these, I can't remember which, can not be upgraded simply by clicking for updates. You must go to the website and start from scratch. (Spybot S&D 1.3, Ad-Aware 1.05, ZoneAlarm 5.5)

Quote:
c:\acer\KnobService.exe < spyware or oddnaming?

A quick search seems to suggest that this is something factory installed on only Acer machines and not malware (?). It is therefore a private matter between you and your computer and need not be discussed further to prevent any future embarrassment.

Quote:
I have the XP firewall, ZoneAlarm

It is written that you shouldn't mix and match firewalls - they may not play nicely together. link
Back to top
View user's profile Send private message Visit poster's website
Michelle
Moistened Bint
Prince


Joined: 28 Oct 2004
Posts: 10232
Location: At my desk

PostPosted: Mon Jan 17, 2005 9:52 am    Post subject: Reply with quote

Sir Hamster wrote:
Here is the general process, try to classify everything on this list as:
1) Something you recognise as friendly and/or essential.
2) Something you have no idea what it is.
3) Something that has some similarity to the URLs your computer is being redirected to.

Well, I was going to do that but it seemed like too much hard work at the time.

Sir CADCAM wrote:
You should also run CWShredder which you can download here:-

Thanks, I did download and try CWShredder but that didn't find anything.

jbyram2 wrote:
Can't help. I've been reading your hijack log over lunch, and googling anything suspicious, but havn't found anything. .........It does seem that C:\WINDOWS\System32\vbsys2.dll is missing, it was renamed as part of the Trj/Aders.B infection cleanup. Has that been fixed?

One thing to try is to set Zonealarm to notify when anything tries to access the internet, and see what is doing it. At least the things can't call home and reinstall themselves + their friends.
Thanks for spending your lunch googling. Smile You really didn't have to do that. Embarassed I never did work out what happened to that file, and I usually do have Zonealarm set to do that.

Cohiba wrote:
I also went through the log and looked stuff UP, man girl you have a lot of crap loaded on that pc again i'd start fresh

Yep, I ended up doing that, Cohiba. Confused So far so good, so I hope it stays that way for a while. I still think it was caused by my son accessing a site/sites that he shouldn't have at his age. Shocked

Sir Latch wrote:
I still recommend Pest Patrol.... I have posted about it on the forums before... let me see if I can find the original thread...



Okay... different problem but I would recommend you try a similar the same solution... here is the Original Thread

Thanks, Latchy. I did try Pest Patrol and that didn't help either.

KWSN Den Store Mester wrote:
P.S. I do not need artificial knobcontrol

Well, that's good to know. Laughing

Mr Snrub wrote:
Are you using the latest versions complete with updates? One of these, I can't remember which, can not be upgraded simply by clicking for updates. You must go to the website and start from scratch. (Spybot S&D 1.3, Ad-Aware 1.05, ZoneAlarm 5.5)

Yep, always updating the things. Spybot and Ad-Aware can be updated from the program. ZoneAlarm takes you to the website to download the latest version.

Mr. Snrub wrote:
Quote:
c:\acer\KnobService.exe < spyware or oddnaming?

A quick search seems to suggest that this is something factory installed on only Acer machines and not malware (?). It is therefore a private matter between you and your computer and need not be discussed further to prevent any future embarrassment.
Laughing
_________________
My brain hurts.
Jammy's Brain Donor.



[img]http://www.katrinashome.com/KWSN_Michelle_counter.php[/img]
Back to top
View user's profile Send private message
The King of Swamp Castle
Prince
Prince


Joined: 28 Oct 2004
Posts: 802
Location: the dutch swamps

PostPosted: Mon Jan 17, 2005 10:27 am    Post subject: Reply with quote

Michelle wrote:
I was online before to check the replies, and while I was switching from the Valiant Knight thread to the Gorge...the dial-up number changed in front of my eyes so I disconnected.


Have you tried googling for that number?

Or post it here so we too have something fun to do during lunch hours. Smile
_________________
Save the rainforest! Eat more woodpeckers!
Back to top
View user's profile Send private message
Michelle
Moistened Bint
Prince


Joined: 28 Oct 2004
Posts: 10232
Location: At my desk

PostPosted: Mon Jan 17, 2005 10:59 am    Post subject: Reply with quote

I didn't think of googling the actual number. Confused Nothing comes up for the number itself but I now know where in the world it is.
0011 is our international access code...246 is the country code for Diego Garcia. Shocked
I'm off to google the rest of the number and see what happens.

00112463472953
_________________
My brain hurts.
Jammy's Brain Donor.



[img]http://www.katrinashome.com/KWSN_Michelle_counter.php[/img]
Back to top
View user's profile Send private message
Dagger
Prince
Prince


Joined: 10 Mar 2004
Posts: 2918
Location: BC Canada

PostPosted: Mon Jan 17, 2005 11:04 am    Post subject: Reply with quote

isn't Diego Garcia an island with a US airforce base on it?
_________________
When in doubt, kick it until it works.
Back to top
View user's profile Send private message
Michelle
Moistened Bint
Prince


Joined: 28 Oct 2004
Posts: 10232
Location: At my desk

PostPosted: Mon Jan 17, 2005 11:09 am    Post subject: Reply with quote

It certainly appears to be.

http://www.greatestcities.com/Asia/British_Indian_Ocean_Territory.html?pl=10
_________________
My brain hurts.
Jammy's Brain Donor.



[img]http://www.katrinashome.com/KWSN_Michelle_counter.php[/img]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    KWSN Orbiting Fortress Forum Index -> Ye Olde Help Scrolls All times are GMT - 5 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Optimized Seti@Home App | BOINC Stats