|
Re: Help...Trying to get XPhome to connect via my NTLcable
Hi Paul,
ok, will do, i will check the 'add/remove' for anything that looks suspicious. As to reading CDs, well i will try again, but it hasn't been able to read the ones i have tried up to now, ones that will read ok in other machines(98). I suppose this might be a problem with the CD unit ... I could try using the floppy for some of the stuff. I will try to get 'Hi-Jack' on to the machine, somehow. Hi Incognitas, I haven't figured out how to get into 'Safe-Mode' yet. Its different from the 98 i'm used to .... John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
Do you have any software that you use to burn the CDs? Nero etc? If so make sure you are burning as a straight forward data cd.
Getting into safe mode is simply a case of repeatedly pressing F8 when the computer flicks past the BIOS boot screen. |
Re: Help...Trying to get XPhome to connect via my NTLcable
Quote:
If you can get email access on the affected machine you could try emailing it to yourself as an attachment. |
Re: Help...Trying to get XPhome to connect via my NTLcable
Hi Paul,
Yes, i do use Nero, and i have a data CD recorded a while ago, i think it has 'Hi-Jack' on it, i will try to get that onto the XPmachine. I will try again to get into safe-mode (i think i was trying F3 !!) Hi Raistlin, I had wondered if Email access might still work, but i haven't set any of the stuff on the XPmachine yet, if it reads data CDs ok then that should do, and the email can wait till its clean. I do appreciate all of your help. Regards, John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
I have managed to get it into safe mode ( i was trying F3 !! )
and i have put 'Hi-Jack this' onto it using a CD i made a while ago. Haven't run HJ yet, will get back as soon as i have. Cheers, John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
Hi, Ran the H.J. .... heres the logfile....
not too clever with it myself ..... Logfile of HijackThis v1.99.1 Scan saved at 21:31:26, on 06/07/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\ZONELABS\minilog.exe C:\WINDOWS\Explorer.EXE C:\windows\system32\sncntr.exe C:\windows\system32\dxvid.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\Hi-Jack this\HiJack3\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.ukj/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - {32386F8C-E797-40A3-8ADD-82494C4B37EE} - C:\WINDOWS\System32\ceeohh.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/ O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe O18 - Filter: text/html - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll O18 - Filter: text/plain - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\minilog.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: RtKit - Unknown owner - C:\WINDOWS\system32\RtKit\rtkit.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe Cheers, John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
This might be it ;)
http://www.sophos.com/virusinfo/anal...startpaer.html __________________ Have you run an up to date virus scan recently? __________________ Oh and this http://securityresponse.symantec.com...oor.rtkit.html Nice to see your anti-virus is working well :erm: __________________ Add this to the list http://www.sophos.com/virusinfo/anal...rojdlucai.html __________________ Oh and it looks like the dxvid.exe file entry is spyware too. __________________ Think you need to run adaware spybot S&D Spyware blaster A full virus scan with up to date definitions __________________ Adaware SpybotS&D Spyware Blaster |
Re: Help...Trying to get XPhome to connect via my NTLcable
Make sure you run them all from Safe Mode ;)
|
Re: Help...Trying to get XPhome to connect via my NTLcable
Quote:
|
Re: Help...Trying to get XPhome to connect via my NTLcable
Hi Paul, Hi Raistlin,
(the PC was aquired in this condition, it will be hopefully kept clean from now on ... ) I mentioned earlier, that almost everything is being sent to 127.0.0.1 except some annoying 'adult' site, and now i've just read this about the RTKIT(troj) from the Symantic site.... Routes all the Internet requests through itself using a packet driver, preventing normal utilities and applications from detecting the Backdoor's network traffic. So it looks like it maybe was the malware doing that, which is why i didn't find anything new in the Hosts folder ..... I will run those programs, from safe-mode. Adaware SpybotS&D Spyware Blaster And get back to you. John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
I've run it through the unofficial 'HiJack Checker'
http://hijackthis.de/index.php?langselect=english and its picked out these items for further scrutiny: C:\WINDOWS\system32\ZONELABS\minilog.exe I am inclined to trust this one C:\windows\system32\sncntr.exe running process. (sncntr.exe) Added as result of a Troj/Dluca-I trojan infection This is a nasty process! You should fix it and try to delete it manually! C:\windows\system32\dxvid.exe running process. (dxvid.exe) This is a unknown process. PAUL picked this one out as possible spyware R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html This entry should be fixed by HijackThis! This entry should be fixed by HijackThis! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html This entry should be fixed by HijackThis! This entry should be fixed by HijackThis! R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) Should be fixed. O2 - BHO: (no name) - {32386F8C-E797-40A3-8ADD-82494C4B37EE} - C:\WINDOWS\System32\ceeohh.dll Unknown application dunno what to do with this ... O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm Added as result of a Troj/Dluca-I trojan infection Hit rate: 99 % (result) Must be fixed! no room for ambiguity there then! O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm Unknown Hit rate: -1 % (result) Unknown application PAUL picked this out ...... O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/ This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'http://www.btopenworld.com/' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. ......This is the ISP of the previous owner (i think)...... O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe This entry is possibly nasty. Should be fixed. .........i better fix it then..... O18 - Filter: text/html - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. O18 - Filter: text/plain - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll Unknown ..........well i'll just have to guess then.... O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\minilog.exe Unknown service. (minilog.exe) ............think i will let this one by .......... O23 - Service: RtKit - Unknown owner - C:\WINDOWS\system32\RtKit\rtkit.exe (file missing) These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (rtkit.exe (file missing)) Unnecessary (deactivated) entry that can be fixed. ........... i think this will get the chop ........... ************ Well its a start. I will set to with that, after running Adaware, Spybot and SpywareBlaster. Be back later, and let you know how i get on ! Cheers, John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
Hi,
Since i last posted there's been some terrorist bombings in London. I'm not that central, i'm just within the M25 ring, in the North-west. Apparently all the mobile phone networks were shut down by the authorities. I can't really see how this helped very much, and probably upset and disturbed more people than it helped. If it helped at all. However, internet connections were not interfered with, as far as i know. I shall have to dig out my old CB-radio set if this kind of reaction is going to become a typical response to various disturbances. Some of my friends were very worried about family members unacounted for. They are now known to be ok, but it was a worrying day. Anyway, i will get on with working through that Hi-Jack report, and i will get back to you soon, Regards, John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
Hi,
A friend has told me that the mobile telephones were shut down because mobile telephones can be used to detonate bombs. That had not occurred to me, and i suppose that is quite prudent. I am now downloading the 'CWshredder' program, in order to run it on this XPmachine, which is now not connecting at all. I have run LSP-fix, which did not seem to make any difference. I will try to keep progress up to date on this thread. Regards, John :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
Stick with it John, sounds like you're getting there.
Never a quick process sorting out a machine when it's in this state. The last one that gave me this much trouble ended up with me using the ultimate virus removal tool on it, that solved all the problems quite nicely :) |
Re: Help...Trying to get XPhome to connect via my NTLcable
Quote:
|
| All times are GMT +1. The time now is 05:41. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum