TechSpot

Problem with my PC

By Dielli
Jul 13, 2008
  1. I have a problem with my PC. Before 2 days ago, i was chatting in a X web-page. I saw a man, using my nickname. And i told him to delete that. After a few minutes when I came back, i saw myself with that nickname who was using by X person. I dout that anyone is checking my PC. I know that i disconnected from that page, and when i came i saw myself login in. Strong! My question is: What to do in this case?! I have the txt information what hicakthis found. If anyone of admis will tell me how to do, it would be nice, cos', as i told, someone in checking my PC!
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It's a little difficult to follow what you're saying, so I'll just state the wisest choice.

    If you feel someone is using your "username" in a chat site, log in and immediately change your password. Also report the issue to the boards Admin (or support area)

    Note: a nickname is not a username, so there may be some confusion here.
     
  3. Dielli

    Dielli TS Rookie Topic Starter

    These are the information from hijack:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:41:04 PM, on 7/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\rserver30\RServer3.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\BrushGroup\FS WebSearch 5\ws.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
    O2 - BHO: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
    O3 - Toolbar: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [FSWSDesktop] "C:\Program Files\BrushGroup\FS WebSearch 5\ws.exe" desktop
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E277086-5A0E-4366-B1CF-C189A5457B33}: NameServer = 213.163.97.5 213.163.97.10
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 2556 bytes
    Do i have to Fix checked?! Apart of that My Internet sometimes is too slow?! Pliz, give em an suggestion what to do!
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I noticed that you are running Kaspersky Anti-Virus 6.0, which is now old version.
    Sadly the newest version of Kaspersky tends to slow down computers a bit, so if your Antivirus still updates I suppose that's ok.

    Yes all the "(no file)" lines can be fixed and removed

    You could run Malwarebytes' Anti-Malware (download/update and scan)

    I am not a HJT expert, but I don't see any obvious issues with it.
     
  5. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    That does not looks like the whole list can you attach the file
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please do as Kimsland said install MBAM and update it then run a full scan in safe mode. Can you also download ComboFix from the link below and run it in normal mode make sure to disable any antivirus, anti-spyware or firewall protection you have before running the tools above

    combofix
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
     
  7. Dielli

    Dielli TS Rookie Topic Starter

    Yes......thanks brothers...but his is the rezult of the Malware:
    Malwarebytes' Anti-Malware 1.20
    Database version: 930
    Windows 5.1.2600 Service Pack 2

    4:44:00 PM 7/15/2008
    mbam-log-7-15-2008 (16-44-00).txt

    Scan type: Quick Scan
    Objects scanned: 37133
    Time elapsed: 5 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully.

    It means, My PC has got viruses...on the other side, do i have to re-install kaspersky, cos' i've already deleted the old one...or this program delete automatically the items detected?!
     
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    ComboFix

    • Download ComboFix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    ----------------------------------------------

    Download & Install SDFix
    • Download SDFix & save it to your Desktop.
    • Double click SDFix.exe & it will extract the file to %systemdrive%
      (Drive that contains the Windows Directory, Typically C:\SDFix)

    Boot into Safe Mode
    • Restart your computer & start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

    Run SDFix
    • Open the extracted SDFix folder & double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    Post a fresh hijackthis log after running both tools make sure to post the following logs

    combofix
    sdfix
    hijackthis
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...