The W
Views: 101457294
Main | FAQ | Search: Y! / G | Calendar | Color chart | Log in for more!
19.12.14 2236
The W - Internet & Computers - Virus/Malware problem
This thread has 69 referrals leading to it
Register and log in to post!
Thread rated: 6.21
Pages: 1
(464 newer) Next thread | Previous thread
User
Post (11 total)
Sterling Golden
Cotechino








Since: 17.6.02
From: Silk City

Since last post: 2519 days
Last activity: 2506 days
#1 Posted on | Instant Rating: 6.69
Hello everybody,
My computer has apparently contracted a virus. Programs such as Adobe Acrobat and Registry Mechanic will not open. Any ideas on how to fix my problem?
Thanks



Monsoon: Ted Arcidi's gonna drop by.
Brain: What a jerk.
Monsoon: He's buying dinner.
Brain: Oh, that Ted Arcidi. He's a wonderful human being.
Promote this thread!
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 8 hours
Last activity: 7 hours
AIM:  
ICQ:  
Y!:
#2 Posted on | Instant Rating: 8.81
You have not provided enough information for anyone here to help you. Because you didn't provide enough information, I am hesitant to attempt to help you - perhaps you would be more comfortable taking your system in to a local computer shop instead of doing your own repairs? I'm not trying to be harsh, but it appears that you don't know a lot about fixing software issues just from the lack of useful troubleshooting information provided. Perhaps you were just in a hurry and can provide us with more data so that we can help you.




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Sterling Golden
Cotechino








Since: 17.6.02
From: Silk City

Since last post: 2519 days
Last activity: 2506 days
#3 Posted on | Instant Rating: 6.69
When I try to open Adobe, the opening picture appears on the screen, than nothing happens. When trying to run Registry Mechanic a box apperas that states" Error while unpacking program, code 4. Please report to author." When I contacted the company, their reply was the prpblem may relate to a malware infection on my system. They suggested that I download their Malware detective program and email them the results. Unfortunately, I am not able to find the results of scan to send to them. Guru, you are correct in that I'm not well versed in fixing software problems, although I have limited successes in the past. Let me know if this isn't enough info.



Monsoon: Ted Arcidi's gonna drop by.
Brain: What a jerk.
Monsoon: He's buying dinner.
Brain: Oh, that Ted Arcidi. He's a wonderful human being.
i before e
Chorizo








Since: 17.10.03

Since last post: 1458 days
Last activity: 218 days
#4 Posted on | Instant Rating: 2.37
Can you open up task manager? If so, can you post the programs that are running under "processes" tab? Also, try downloading Hijack This! and post the results. First show me the task manager, maybe I can determine your problem there.

Hijack this is available here (any one of these should work):
http://www.merijn.org/files/hijackthis.zip
http://www.majorgeeks.com/HijackThis_d3155.html
http://www.filehippo.com/download_hijackthis/
http://www.bleepingcomputer.com/files/Merijn/HijackThis.zip

Post the Processes first then run Hijack This! If I cant help you, I'm sure someone on this board will get the info they need from your hijack This log.
Sterling Golden
Cotechino








Since: 17.6.02
From: Silk City

Since last post: 2519 days
Last activity: 2506 days
#5 Posted on | Instant Rating: 6.69
The following are the results of HiJack This:
Logfile of HijackThis v1.99.1
Scan saved at 1:45:36 PM, on 11/3/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TEMP\TED78.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - blank (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/2288.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = rutgers.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = rutgers.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.110,85.255.112.151





Monsoon: Ted Arcidi's gonna drop by.
Brain: What a jerk.
Monsoon: He's buying dinner.
Brain: Oh, that Ted Arcidi. He's a wonderful human being.
Mr. Boffo
Scrapple








Since: 24.3.02
From: Oshkosh, WI

Since last post: 509 days
Last activity: 470 days
#6 Posted on | Instant Rating: 5.12
With help from the HijackThis! Auto Analyzer, I would recommend removing the following:

C:\WINDOWS\TEMP\TED78.EXE
There's no information about this file anywhere on Google. It's probably a virus/malware with a random name. Plus it's running from a Temporary folder.

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB- 9B51-7695ECA05670} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53- 2644-206D7942484F} - blank (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17- ADC1-64B5B4FF55D0} - blank (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E- 8773-474BF36AF6E4} - blank (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17- ADC1-64B5B4FF55D0} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2- 892F-0090271D4F88} - blank (file missing)
None of these are that big a deal, but when the file is missing they might as well be removed.

O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
Sites are mixed about these. Some say that they cause popups, while another says that it's a registration reminder used by companies such as Iomega, Hasbro, & Microprose. Either way it can be safely removed.

O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C- 95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
Same as the missing files from above.

O16 - DPF: {89122070-4199-11D4- 8BAF-0050045B552C} - http://download.rocketpipe.com/ bundles/ 2288.cab
RocketPipe.com seems to have been taken over by a cybersquatter, so I'd remove this one.

O16 - DPF: {A7EA8AD2-287F-11D3- B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/ cif/ download/ bin/ actxcab.cab
I would probably remove this. brightstreet.com has something to do with a thing called "E-Centives". Something about getting coupons from companies. If you don't use that regularly, I'd remove it.

O16 - DPF: {89D75D39-5531-47BA- 9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/ include/ cab/ CWDL_ DownLoad.CAB
Do you use CallWave? It looks like some sort of call-waiting feature on your computer. If you don't, you might as well remove it.

O16 - DPF: {4ED9DDF0-7479-4BBE- 9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/ molbin/ shared/ mcinsctl/ en- us/ 4,0,0,83/ mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614- A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/ molbin/ shared/ mcgdmgr/ en- us/ 1,0,0,20/ mcgdmgr.cab
What Antivirus do you have? The thing earlier said Trend Microsystems, now this stuff is from McAfee. More than one active antivirus can cause conflicts.

O16 - DPF: {352797A0-EFD0-4FA6- B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/ v3/ setup/ activex/ DIGHardwareControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA- 8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/ resources/ MsnPUpld.cab
O16 - DPF: {2F003D51-39FD-4D18- 9016-95CF70B92ABE} - http://download.movienetworks.com/ install/ US/ altpmtscab.cab
Remove any of these if you don't use them. They appear to be from Disney Blast (a kid's site), one for uploading Pictures in Hotmail, and one from MovieNetworks.com.

So only the first one is obviously bad. The rest are just things that are cluttering things up and might as well be removed.

I'd recommend restarting your computer in Safe Mode (Press and Hold F8 while the computer is starting, then choose the Safe Mode option), running HijackThis!, and removing those items listed above. Then restart your computer, run HijackThis again, and we can see if everything has been removed.

(edited by Mr. Boffo on 3.11.06 1410)
Sterling Golden
Cotechino








Since: 17.6.02
From: Silk City

Since last post: 2519 days
Last activity: 2506 days
#7 Posted on | Instant Rating: 6.69
I'm going to try right now. I'll get back to you. Thanks for the help.



Monsoon: Ted Arcidi's gonna drop by.
Brain: What a jerk.
Monsoon: He's buying dinner.
Brain: Oh, that Ted Arcidi. He's a wonderful human being.
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 8 hours
Last activity: 7 hours
AIM:  
ICQ:  
Y!:
#8 Posted on | Instant Rating: 8.81
Ted78 is probably the random name that the Office Scan watcher was assigned. Look for an icon of a little dog on it. If so, it's from Trend, and can be safely ignored.




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Sterling Golden
Cotechino








Since: 17.6.02
From: Silk City

Since last post: 2519 days
Last activity: 2506 days
#9 Posted on | Instant Rating: 6.69
I found the dog, and so I'll keep that.



Monsoon: Ted Arcidi's gonna drop by.
Brain: What a jerk.
Monsoon: He's buying dinner.
Brain: Oh, that Ted Arcidi. He's a wonderful human being.
i before e
Chorizo








Since: 17.10.03

Since last post: 1458 days
Last activity: 218 days
#10 Posted on | Instant Rating: 2.37
Hmm... No obvious sign of infection.. out of morbid curiosity, how does your hosts file look? Also, I have these two questions: 1) how up to date is your anti-virus software. and 2) Have you mad any recent changes to the system? This includes any Microsoft updates, any patches, firewall changes, etc.

Keep that info coming! Any other programs exhibiting weird behavior? What happens in safe mode? Can you run these programs there?

As silly as this sounds, you may just have some corrupt files (driver, dll etc) or even some bad registry entries preventing you from running this software. The solution may even be as simple as running scan disk and disk defragmenter, but we wont be able to tell unless you can get more info. Slowly but surely we'll get to the solution, its just process of elimination at this point!

Sterling Golden
Cotechino








Since: 17.6.02
From: Silk City

Since last post: 2519 days
Last activity: 2506 days
#11 Posted on | Instant Rating: 6.69
The anti virus software that runs is Trend-Micro it automatically updates. I had been using the free Zone Alarm
firewall. Once they stopped updating for Windows ME, I uninstalled the program.



Monsoon: Ted Arcidi's gonna drop by.
Brain: What a jerk.
Monsoon: He's buying dinner.
Brain: Oh, that Ted Arcidi. He's a wonderful human being.
Thread rated: 6.21
Pages: 1
Thread ahead: Maybe avoid jsonline.com for now??
Next thread: Folding @ Home
Previous thread: iPod vs. iPod Nano
(464 newer) Next thread | Previous thread
Not sure if anyone has ever used this, but I found a pretty great program while searching for a way to use PowerPoint without paying through the nose. Open Office (http://www.openoffice.org/)
- EastCoastAvenger, Open Office (2005)
The W - Internet & Computers - Virus/Malware problemRegister and log in to post!

The W™ message board

ZimBoard
©2001-2014 Brothers Zim

This old hunk of junk rendered your page in 0.084 seconds.