TechSpot

Ismon, Isnotify, Ishost, and more....

By mcfarljd
Jul 27, 2006
  1. Hey whats goin on fellas... Tryin to help out my parents computer here, looks like its been hit with quite a few things. They have trendmicro, and i'm scanning now to find out what I can, and so far its found the following...

    Troj_puritysca.p
    Troj_puritysca.v
    Troj_vundo.be
    Troj_puritysca.v again
    Troj_small.bzq

    I've seen those aforementioned IS.exe's running in the processes currently, along with what someone else mentioned in a previous thread of the "little x in the task bar" stating a malware problem... I believe I may have eridicated that as I deleted a few programs including "Spyquake2" and I believe something on the lines of "Zoingo".

    Here's the pre-trend micro scan of my HJT log... I'll post another once it is completed to see if there are any differences.

    Thanks for all your help.
     
  2. mcfarljd

    mcfarljd TS Rookie Topic Starter

    Sorry for the extra post, I couldn't edit the last one for some reason... It also appears that every other word on this forum is underlined by a popup "intellitxt" advertisement.
     
  3. mcfarljd

    mcfarljd TS Rookie Topic Starter

    tryin to figure this out as much on my own... now pc-cillin has security popups, all listing those "purity...." files as the detection name and windows\system32\csrss.dll as the incident name... i went ahead and followed the instructions on another topic i saw here involving ishost and whatnot so that problem is most likely gone... here's an updated HJT
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log as a .txt attachment into this thread only after doing the above.

    I have removed your .doc attachments as they may be infected, that`s why we need a .txt attachment.

    Regards Howard :wave: :wave:
     
  5. mcfarljd

    mcfarljd TS Rookie Topic Starter

    hey sorry man, yea i tried to post the HJT reports before but they were in a "log" format unsupported by the uploads apparently so figured formatting as .doc would be cool, i'll do txt this time...

    they have the full version of trendmicro, and that is still coming up with a few adaware and cookies that it deletes each time but doesnt seem to be anything major, the main problem is the csrss.dll in the system32 folder... i went ahead and put that in the quarantine folder before starting up my browser because for some reason the computer wouldnt recognize the dsl with trend micro running...

    for some reason f-secure isnt being too friendly, along with an estimated 13 hours of scanning left and rising for bitdefender... so i will just repost another HJT for the time being and see if you can notice anything offhand
     
  6. mcfarljd

    mcfarljd TS Rookie Topic Starter

    kaspersky also kept restarting for some reason, so i only scanned a the system and system32 folders to find this
     
  7. N3051M

    N3051M TS Evangelist Posts: 2,115

    Intellitxt is part of this site.. kinda like GoogleAds for others.. but if it does pop up while you're trying to click on something, just move your mouse away from the bubble for a few seconds and it should dissapear. Or click on it :D
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with all kinds of crap.

    You really do need to follow the instructions in the link I gave you.

    However, if you`re having problems with some of the online scanners, skip that part and go on to the rest of the instructions.

    Post a fresh HJT log when done.

    Regards Howard :)
     
  9. mcfarljd

    mcfarljd TS Rookie Topic Starter


    ha thanks, sorry i realized that afterwards when i searched google for intellitxt and realized i probly sounded like a jerk noticing it was helping out with the site...

    here are the results from those scans (ewido, bitdefender, kaspersky)... these are of the whole system
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    As I`ve already said, follow the instructions in the link I gave you, then post a fresh HJT log as a .txt attachment into this thread.

    The online scanner reports just show that your system is badly infected, but we already knew that. In your case the online scanners haven`t been able to remove all the infections. That`s why it`s important you follow the rest of the instructions.

    Once you`ve done that and I have your fresh HJT log. I will be able to advise you further.

    Regards Howard :)

    This thread is for the use of mcfarljd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. mcfarljd

    mcfarljd TS Rookie Topic Starter

    Alright, so i nearly completed all of those instructions. I was in the process of the 3rd set of instructions where you reboot in safe mode and run HJT... well, now the computer won't start. It gets stuck on the screen that simply says Microsoft windows xp, similar to the one where you would choose what user to logon as, but it doesn't make it that far. I've tried to reboot in regular and safe mode but both have the same problem... Any way around this???

    Thanks
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Oh dear, I`ve never known that to happen before.

    When you prees the F8 key during bootup, do you get to the options screen? If so, try choosing last known good config. If you can`t get to the options screen, try doing a Windows repair as per this thread HERE.

    Regards Howard :)
     
  13. mcfarljd

    mcfarljd TS Rookie Topic Starter

    yes i can get the options if i hit f8, i saw the "last known config" but wasn't sure about it, i guess its probly the only option until having to completely reset it eh?
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, give it a try.

    Please post a fresh HJT log from normal mode, once you get into windows.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...