Internet warning message from my ISP, due to a virus.

By geno2k3 ยท 14 replies
Nov 26, 2007
  1. Hi, i closed my firefox window and opened another one. Only to find that my ISP (time warner cable) has a message or letter of some sort on the home page instead of It said my computer is infected with a virus and i will have to take steps to take the virus off or else my connection will be terminated. I clicked the little button that made me agree to taking steps to removing the virus.

    First off, im scared.

    How can i remove this virus that i never knew existed. Im downloading the FREE avg anti-virus right now. The other computers on my home network are actually working fine. Is it just on my computer? Will my internet service get terimnated? What is going on! What steps should i take.
  2. LuckyM

    LuckyM Banned Posts: 66

    the hijacked homepage thing sounds suspicious for me. are you sure the message came from your ISP? well i know they alert people if they notice that some computer is acting strange, but are you sure the message you saw wasn't a scam. yeah, i know, i sound paranoid, but that might be part of a scam. you should be careful about following some 'removal steps'.

    however, there is a possibility that you've been infected and you had no clue about it, cos most of those malicious programs sneak in secretly and work in a background. you should scan all your computer with anti virus and anti spyware scans just in cases.
  3. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    If this message only appears on one PC then the home page setting has been compromised. Download and run hijackthis.exe from - read the instructions about the home directory and renaming the program before running it, Save the log and post it here - if you are lucky, Howard will look at it!
  4. geno2k3

    geno2k3 TS Rookie Topic Starter Posts: 46

    Thanks for the replies, i havent restarted my computer like its telling me to because i looked online and it says the virus (if i have one) might take full effect upon startup.

    Also i ran AVI anti virus (free one) and avi anti spyware (trial). The anti virus didnt find anything but the spyware one found 236 files that were a medium threat (tracking cookies?). I deleted those and still i have this problem.

    Heres the log i got from hijack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:05:03 AM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Grisoft\AVG7\avgvv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HJT.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  5. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    This looks clean enough except for the PunkBuster file at 023 PnkBstrA - fix this.
    Then reset your home page to what you want it to be and restart - and let us know what happens.
  6. geno2k3

    geno2k3 TS Rookie Topic Starter Posts: 46

    TY agian for replies. I restarted my computer and everything seemed fine, i opened up my firefox window and boom i can go on again. I guess it was a real warning from my ISP that i do have a virus. I didnt delete the punkbuster file cause i researched it and its for my punkbuster games and anti-virus usually pick it up as a virus but it really isnt. So im guessing everything is fine now... exept i have a virus that wasnt detected? Thanks alot for the help, i will keep you posted if anything else happends.
  7. jobeard

    jobeard TS Ambassador Posts: 11,122   +982

    snow balls in H*** are more likely that TWC issuing warnings via homepages --

    Empty your browser cache, delete all temporary files; quit the browser and relaunch it.

    get Spywareblaster and install/update it.
  8. evilfantasy

    evilfantasy Banned Posts: 428

    The 023 Packet Sniffer is possibly what is being flagged as a virus/malware.


    [​IMG] Your Java is out of date
    Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

    Updating Java:
    * Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    * Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
    ** The latest version is Java 6 Update 3. Remove all other entries.
    * Click the Remove or Change/Remove button.
    * Repeat as many times as necessary to remove each of the Java versions.
    * Reboot your computer once all Java components are removed.

    * Download the latest version of Java Runtime Environment (JRE) 6
    * Click the Free Java Download button.
    * Click the Download Now button.
    * When the Software Installation dialog box opens. Click on the Install Now button.
    * Follow the prompts to complete installation.
  9. jobeard

    jobeard TS Ambassador Posts: 11,122   +982

    >the Hijack log contains:

    the log shows he's already at 6.0.2, so there's not a big jump here in support,
    rather just the last incremental update itself
  10. jobeard

    jobeard TS Ambassador Posts: 11,122   +982

    >the Hijack log contains:

    the log shows he's already at 6.0.2, so there's not a big jump here in support,
    rather just the last incremental update itself
  11. evilfantasy

    evilfantasy Banned Posts: 428

    So the security bug updates are no big deal?
  12. jobeard

    jobeard TS Ambassador Posts: 11,122   +982

    yes and no. If you read the update description you can determine for yourself how important the fix may be. If you're not familiar with the interal technologies then perhaps it's better to just accept the updates and move on. Java is not a primary technology in the real world so your exposure is not so huge.

    frankly, for myself (see my profile), I never perform automatic updates but
    periodically perform them when I wish to update my system(s).

    Many people were upset that MS force IE 7 on the community using autoupdate when IE 6 was just fine with them. In particular with MS and for this reason I validate update requirements (from by point of view) before allowing MS to install ANYTHING. [sorry for the personal rant ].
  13. evilfantasy

    evilfantasy Banned Posts: 428

    I understand where you are coming from. And yes some updates are unstable for some machines (and users sanity lol)

    The java 6 update 3 has been out for a while now and showing no signs of problems. I did find one thread in the java forums but I think it was deeper then just a java problem.

    Ultimately though, since this is a security forum and there was a security update in the last update, shouldn't it be addressed?
  14. jobeard

    jobeard TS Ambassador Posts: 11,122   +982

    probably. However, the thread started with one of those lousy popup warnings
    >It said my computer is infected with a virus and i will have to take steps to take the virus off or else my connection will be terminated.<
    which imo is totally bogus. Java didn't cause this and TWC didn't issue this warning.

    Some software vendors use this technique to get there products installed
    and the ethics therein is equally bogus.

    There's a bugger in the wood shed somewhere and a full scan is warranted.
    (see Howards suggestions).
  15. evilfantasy

    evilfantasy Banned Posts: 428

    Most likely there. The antivirus is seeing something suspicious and reporting it.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...