Page 3 of 3 FirstFirst 123
Results 31 to 41 of 41
  1. #31
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    61
    Posts
    7,290

    Re: Virus infection: My IP address is in the black hole range

    Modified, due to your wise words.
    Last edited by Sick Willie; 02-25-2008 at 07:36 PM.

  2. #32
    Joined
    Oct 2003
    Location
    Dallas, TX
    Posts
    390

    Re: Virus infection: My IP address is in the black hole range

    Heh heh I sense some facetiousness there...but thats ok because I bet you're much wiser than I am. I don't think I know it all.

  3. #33
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    61
    Posts
    7,290

    Re: Virus infection: My IP address is in the black hole range

    No, what you said made sense. A modifier was needed. Can't have it if you don't get it.

    I'm Sick, not wise.

  4. #34
    Joined
    Oct 2003
    Location
    Dallas, TX
    Posts
    390

    Re: Virus infection: My IP address is in the black hole range

    When combofix is running, I get the 'confirm safe mode' dialog box a few times. During this last scan, I ignored it and after I saved and closed the log, the pc was acting strange. Ctrl-alt-del would bring up an empty box with switch to... , end task, etc. but no functions up top. After getting several identical instances of this, I went a little mad on the 3-key, it came up properly and I was able to click restart. But it shut down instead. Maybe thats significant, maybe not...
    Anyways, time to figure out how to get spybot as a complete download... I'll be back.

    ComboFix 08-02-25.3 - Home 2008-02-25 20:46:52.4 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.375 [GMT -6:00]
    Running from: K:\VIRUS TOOLS\ComboFix.exe
    Command switches used :: K:\VIRUS TOOLS\CFScript

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    K:\wd_windows_tools\setup.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-25 06:23 . 2007-01-18 06:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-02-22 00:41 . 2008-02-22 00:41 <DIR> d-------- C:\VundoFix Backups
    2008-02-21 20:50 . 2008-02-21 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-20 17:49 . 2008-02-21 20:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-22 02:50 --------- d-----w C:\Program Files\Lavasoft
    2008-02-21 00:14 --------- d-----w C:\Program Files\Windows Defender
    2008-02-21 00:14 --------- d-----w C:\Program Files\Photo Story 3 for Windows
    2008-02-21 00:13 --------- d-----w C:\Program Files\Google
    2008-02-21 00:13 --------- d-----w C:\Program Files\DivX
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LTMSG"="LTMSG.exe" [2003-07-14 09:52 40960 C:\WINDOWS\ltmsg.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 20:10 344064]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\Alcxmntr.exe]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 09:05 135168]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-02-10 16:27 1420560]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-09-12 20:32:42 217088]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
    S3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-02-04 11:53]
    S3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys [2004-12-01 18:35]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-02 05:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-22 08:13:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe-Scan -ScanType config -Privileges restricted
    "2007-11-24 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Home.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
    "2007-11-01 14:00:00 C:\WINDOWS\Tasks\rpc.job"
    - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 20:48:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-25 20:48:56
    ComboFix-quarantined-files.txt 2008-02-26 02:48:54
    ComboFix2.txt 2008-02-25 19:39:01
    ComboFix3.txt 2008-02-25 19:34:03
    ComboFix4.txt 2008-02-25 12:42:12

  5. #35
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: Virus infection: My IP address is in the black hole range

    Quote Originally Posted by nickdank View Post
    I didn't get to have sex with the hot chick today, so that sucks. I'd have rather been alone, too, but you gotta work for these things sometimes.
    Um... You gave up hot sex to be alone?! Are you OK?

  6. #36
    Joined
    Oct 2003
    Location
    Dallas, TX
    Posts
    390

    Re: Virus infection: My IP address is in the black hole range

    Yeah man, this virus stuff is buggin' me so much I couldn't get it up! Haha all kidding aside, she didn't offer herself up today. She wouldn't have to ask me twice. I got to have sex with her a few times before, but she complained I was too rough. I said, what do you expect? You're just so hot, and it just kinda happens. Plus she's a bit of a whiner, literally half the time she's complaining about not feeling good so I don't have the patience for that.

    Anyways, I'm trying to update Avira manually and it has failed twice now. The first time it said the update file was corrupt, and the second time it said 'Update of the VDF Update Kit failed.' (no mention of corruption) I am in safe mode still, do the rules still apply? 1) Leave the cat5 out and 2) Boot only to safe mode.

    AVG says something about I need to uninstall another antivirus first, but the only thing I see in add/remove is Windows Defender. I can't uninstall it in safe mode.

    Here's something else, on my pc, I go to empty my recycle bin and it asks Are you sure you want to delete 'WINDOWS'? But when I double-click the recycle bin its empty inside. Creepy eh? Or am I just paranoid?
    Last edited by nickdank; 02-26-2008 at 12:08 AM.

  7. #37
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: Virus infection: My IP address is in the black hole range

    If you can ignore what AVG says, do that and continue the install process. When it's finished installing, turn off Resident Shield.

    What you can do is plug it into your network after you turn off or unplug the other PC's, boot Windows normally and see if you can update that way. If it doesn't work, there are a couple of things to check, starting with making sure the HOSTS file hasn't been replaced with a dodgy one (as discussed before). Jump back into Safe Mode once the updates are installed.

    First and foremost, I'd be running the anti-rootkit program and then going onto the antivirus programs.

  8. #38
    Joined
    Oct 2003
    Location
    Dallas, TX
    Posts
    390

    Re: Virus infection: My IP address is in the black hole range

    Ok, I'll try to do exactly as you say. I just ran AVG and it found 11 items. Most of them were in the qoobox/quarantine, but some weren't. That 640x480 is so difficult to work in because I can't see everything, and I can't get the top of the window to drag it around either. I'm not sure if AVG quarantined those items or ignored them. I closed it down to reboot, and now theres no video output, hdd led is on solid and the fans are on full blast. I'll shut 'er down and try again, fingers crossed that its not fubar. (or just more work)

    Avira just found TR/Dldr.Zlob.Gen...I assume quarantine is the recommended choice...Oh boy its finding a lot...BDS/Delf.BF Would a log be better? Hmm examining the log shows me most of the stuff it found was already in quarantines like qoobox and symantec.
    Last edited by nickdank; 02-26-2008 at 01:56 AM.

  9. #39
    Joined
    Oct 2003
    Location
    Dallas, TX
    Posts
    390

    Re: Virus infection: My IP address is in the black hole range

    I'm getting tired of looking at this thing. I'm about ready to wipe it out. There's just one problem: the lady lost her recovery cd, and I can't find any hint of a recovery cd creator program. She told me HP wants to charge her $100 to ship her a new recovery cd. I know thats B.S. They just want her to buy a new pc; thats capitalism. (edit)<--Its not as bad as she thinks - sorry to bail on ya mjölnir, but I definitely got some new tricks in the bag now! :cheers:
    After all this scanning and everything, I still can't even ping yahoo.
    Ok wait, I see...the HOSTS file is independent of any firewall, its just that the firewall can lock it. Ok I used the batch file but it still won't connect. Maybe I'll install zonealarm on it next. Then I'll run the .bat again.... But how do I know it won't be compromised immediately, before I can go to ZA and lock it? OK I did that, now I can see my firewall asking me to allow firefox to access the internet...but after a few seconds, its "server not found." Could there be any other reason I can't connect? SBC locked the pc to that modem? Virii disabled the onboard nic?

    - 2 days until nuke -
    Last edited by nickdank; 02-26-2008 at 02:37 PM.

  10. #40
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: Virus infection: My IP address is in the black hole range

    That's quite alright. As I mentioned before, formatting was one of the options you had. Just make sure that whatever you back up, you scan vigorously for viruses.

  11. #41
    Joined
    Oct 2003
    Location
    Dallas, TX
    Posts
    390

    Re: Virus infection: My IP address is in the black hole range

    OK I got the 10! recovery cd's. Very early in the recovery process, I get an error: C:\i386\SYSTEM32\CatRoot2\dberr.txt cannot be recovered ! I told it to do the full format and recovery, why would this happen? Nevermind I had to hit ctrl-backspace at the menu to get to the advanced tools. Its doing a low-level format now. Actually, no, I keep getting that error. According to support, they say if anything has been added or removed the restore will not work. This is why I advise people not to buy HP or Gateway pc's.
    Last edited by nickdank; 02-28-2008 at 09:50 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •