Ismon, Isnotify, Ishost, and more....

Status
Not open for further replies.
M

mcfarljd

Posts: 8   +0
Hey whats goin on fellas... Tryin to help out my parents computer here, looks like its been hit with quite a few things. They have trendmicro, and i'm scanning now to find out what I can, and so far its found the following...

Troj_puritysca.p
Troj_puritysca.v
Troj_vundo.be
Troj_puritysca.v again
Troj_small.bzq

I've seen those aforementioned IS.exe's running in the processes currently, along with what someone else mentioned in a previous thread of the "little x in the task bar" stating a malware problem... I believe I may have eridicated that as I deleted a few programs including "Spyquake2" and I believe something on the lines of "Zoingo".

Here's the pre-trend micro scan of my HJT log... I'll post another once it is completed to see if there are any differences.

Thanks for all your help.
 
Sorry for the extra post, I couldn't edit the last one for some reason... It also appears that every other word on this forum is underlined by a popup "intellitxt" advertisement.
 
tryin to figure this out as much on my own... now pc-cillin has security popups, all listing those "purity...." files as the detection name and windows\system32\csrss.dll as the incident name... i went ahead and followed the instructions on another topic i saw here involving ishost and whatnot so that problem is most likely gone... here's an updated HJT
 
Hello and welcome to Techspot.

Go HERE and follow the instructions exactly.

Post a fresh HJT log as a .txt attachment into this thread only after doing the above.

I have removed your .doc attachments as they may be infected, that`s why we need a .txt attachment.

Regards Howard :wave: :wave:
 
hey sorry man, yea i tried to post the HJT reports before but they were in a "log" format unsupported by the uploads apparently so figured formatting as .doc would be cool, i'll do txt this time...

they have the full version of trendmicro, and that is still coming up with a few adaware and cookies that it deletes each time but doesnt seem to be anything major, the main problem is the csrss.dll in the system32 folder... i went ahead and put that in the quarantine folder before starting up my browser because for some reason the computer wouldnt recognize the dsl with trend micro running...

for some reason f-secure isnt being too friendly, along with an estimated 13 hours of scanning left and rising for bitdefender... so i will just repost another HJT for the time being and see if you can notice anything offhand
 
kaspersky also kept restarting for some reason, so i only scanned a the system and system32 folders to find this
 
mcfarljd said:
Sorry for the extra post, I couldn't edit the last one for some reason... It also appears that every other word on this forum is underlined by a popup "intellitxt" advertisement.
Click to expand...
Intellitxt is part of this site.. kinda like GoogleAds for others.. but if it does pop up while you're trying to click on something, just move your mouse away from the bubble for a few seconds and it should dissapear. Or click on it :D
 
Your system is infected with all kinds of crap.

You really do need to follow the instructions in the link I gave you.

However, if you`re having problems with some of the online scanners, skip that part and go on to the rest of the instructions.

Post a fresh HJT log when done.

Regards Howard :)
 
N3051M said:
Intellitxt is part of this site.. kinda like GoogleAds for others.. but if it does pop up while you're trying to click on something, just move your mouse away from the bubble for a few seconds and it should dissapear. Or click on it :D
Click to expand...


ha thanks, sorry i realized that afterwards when i searched google for intellitxt and realized i probly sounded like a jerk noticing it was helping out with the site...

here are the results from those scans (ewido, bitdefender, kaspersky)... these are of the whole system
 
As I`ve already said, follow the instructions in the link I gave you, then post a fresh HJT log as a .txt attachment into this thread.

The online scanner reports just show that your system is badly infected, but we already knew that. In your case the online scanners haven`t been able to remove all the infections. That`s why it`s important you follow the rest of the instructions.

Once you`ve done that and I have your fresh HJT log. I will be able to advise you further.

Regards Howard :)

This thread is for the use of mcfarljd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Alright, so i nearly completed all of those instructions. I was in the process of the 3rd set of instructions where you reboot in safe mode and run HJT... well, now the computer won't start. It gets stuck on the screen that simply says Microsoft windows xp, similar to the one where you would choose what user to logon as, but it doesn't make it that far. I've tried to reboot in regular and safe mode but both have the same problem... Any way around this???

Thanks
 
Oh dear, I`ve never known that to happen before.

When you prees the F8 key during bootup, do you get to the options screen? If so, try choosing last known good config. If you can`t get to the options screen, try doing a Windows repair as per this thread HERE.

Regards Howard :)
 
yes i can get the options if i hit f8, i saw the "last known config" but wasn't sure about it, i guess its probly the only option until having to completely reset it eh?
 
Status
Not open for further replies.

Similar threads

Bob O'Donnell
Qualcomm's next-gen Arm SoC runs Windows, can beat Intel and Apple in some applications...
Replies
18
Views
672
hwertz
hwertz
Bob O'Donnell
Google unveils AI tools for Gmail, Google Docs, Meet and more
Replies
3
Views
735
Tetr1s
Tetr1s
Bob O'Donnell
Microsoft and Nvidia are working on their own more practical metaverse
Replies
10
Views
1K
tommy48
T

Latest posts

Back