Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Possible bug/virus

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Security & Virus Discussion
Reload this Page Possible bug/virus
Register FAQ Members List Calendar Mark Forums Read

Possible bug/virus
Reply
Page 1 of 2 1 2
 
Thread Tools
Old 03-11-2009, 12:56   #1
tabatha
Inactive
 
Join Date: Jun 2003
Location: winchester
Posts: 465
tabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to all
Question Possible bug/virus
When doing an internet search with Google I keep getting the following page

http://67.201.36.16/nolink.html.Sorry, this page no longer available

I then get up to 6 tabs opening..headed "page error opening"

This started about a week ago.

Avast/ad-aware/malwarebytes/ccleaner fail to find any bugs/problems.

I seem to recall reading that VM had introduced a "search option" that defaulted to a "guess" if it did not recognise an address..is this connected this is an "opt-out", but cannot find anything further on it..

Running the latest Firefox..I have removed/reinstalled this and I have deleted all my add-ons

Any advice please
tabatha is offline   Reply With Quote
Advertisement
Old 03-11-2009, 13:00   #2
CHiLL
cf.geek
 
Join Date: Sep 2008
Location: Liverpool
Age: 37
Services: Sky+ TV and Virgin Media 10MB Internet.
Posts: 830
CHiLL is a glorious beacon of lightCHiLL is a glorious beacon of lightCHiLL is a glorious beacon of lightCHiLL is a glorious beacon of lightCHiLL is a glorious beacon of lightCHiLL is a glorious beacon of lightCHiLL is a glorious beacon of light
Re: Possible bug/virus
If you're using a 32-bit operating system, try an anti-root kit.
CHiLL is offline   Reply With Quote
Old 03-11-2009, 13:06   #3
MovedGoalPosts
Inactive
 
MovedGoalPosts's Avatar
 
Join Date: Jun 2003
Location: 127.0.0.1
Age: 61
Posts: 15,868
MovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny stars
MovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny stars
Re: Possible bug/virus
Can you still browse to www.google.co.uk? Is it just the search that then falls over?

If you have any doubts about your PC, go to one of the free online antivirus scanners - preferably a site that is not operated by your chosen a/v software - such as Kaspersky, Norton, Panda, to name just a few. See what that comes up with.
MovedGoalPosts is offline   Reply With Quote
Old 03-11-2009, 13:09   #4
Kymmy
Inactive
 
Join Date: Dec 2007
Posts: 18,385
Kymmy has a pair of shiny starsKymmy has a pair of shiny starsKymmy has a pair of shiny starsKymmy has a pair of shiny starsKymmy has a pair of shiny stars
Kymmy has a pair of shiny starsKymmy has a pair of shiny starsKymmy has a pair of shiny starsKymmy has a pair of shiny stars
Re: Possible bug/virus
Yep, I had one recently and could I find it...NOPE!!!

Serves me right for trying to do something dodgy online

Still it gave me an excuse to upgrade to Win7
Kymmy is offline   Reply With Quote
Old 03-11-2009, 14:17   #5
tabatha
Inactive
 
Join Date: Jun 2003
Location: winchester
Posts: 465
tabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to all
Re: Possible bug/virus
Quote:
Originally Posted by Rob View Post
Can you still browse to www.google.co.uk? Is it just the search that then falls over?

If you have any doubts about your PC, go to one of the free online antivirus scanners - preferably a site that is not operated by your chosen a/v software - such as Kaspersky, Norton, Panda, to name just a few. See what that comes up with.
Thanks....Yes , can still browse to Google..then the fun starts....

Kaspersky not online at the mo.

Panda found nothing

Esets found 3...Win 32/adware virtumonde neo application

which it has removed....

Time will tell.....

Thanks...
tabatha is offline   Reply With Quote
Old 03-11-2009, 17:08   #6
tabatha
Inactive
 
Join Date: Jun 2003
Location: winchester
Posts: 465
tabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to all
Re: Possible bug/virus
Problem still on the Computer

Anyone any ideas, please..
tabatha is offline   Reply With Quote
Old 03-11-2009, 17:39   #7
Mick Fisher
Inactive
 
Mick Fisher's Avatar
 
Join Date: Aug 2004
Location: Northants
Age: 81
Services: Sky Unlimited FibrePro Sky Talk Sky+HD
Posts: 5,122
Mick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze array
Mick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze arrayMick Fisher has a bronze array
Re: Possible bug/virus
Try scanning with a-squared free and Malware bytes, maybe one of them might find something.
Mick Fisher is offline   Reply With Quote
Old 03-11-2009, 18:40   #8
Matty_
cf.geek
 
Join Date: May 2008
Location: Wherever i lay my hat!
Age: 54
Posts: 736
Matty_ has reached the bronze age
Matty_ has reached the bronze ageMatty_ has reached the bronze ageMatty_ has reached the bronze ageMatty_ has reached the bronze ageMatty_ has reached the bronze ageMatty_ has reached the bronze ageMatty_ has reached the bronze age
Re: Possible bug/virus
Try GMER if you suspect you have a Rootkit http://www.gmer.net/

If you wan`t you can also try Combofix, allthough it is usually best to do this with in conjuction with someone at bleepingcomputer, it can permanantly damage your system if incorrectly used.
http://www.bleepingcomputer.com/comb...o-use-combofix
Matty_ is offline   Reply With Quote
Old 03-11-2009, 20:23   #9
tabatha
Inactive
 
Join Date: Jun 2003
Location: winchester
Posts: 465
tabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to all
Re: Possible bug/virus
Quote:
Originally Posted by Mick Fisher View Post
Try scanning with a-squared free and Malware bytes, maybe one of them might find something.
Thanks...have tried both of these...no luck..

---------- Post added at 19:23 ---------- Previous post was at 18:12 ----------

Quote:
Originally Posted by Matty_ View Post
Try GMER if you suspect you have a Rootkit http://www.gmer.net/

If you wan`t you can also try Combofix, allthough it is usually best to do this with in conjuction with someone at bleepingcomputer, it can permanantly damage your system if incorrectly used.
http://www.bleepingcomputer.com/comb...o-use-combofix
I have run GMER and have a page of "something" under rootkit/malware..

Not sure what to do next...nothing is highlighted,,,no sign of a delete this button..

Any further advice please...
tabatha is offline   Reply With Quote
Old 04-11-2009, 01:33   #10
georgepomone
Inactive
 
Join Date: Jun 2003
Services: Tivo. VIP 120 Pack.
Posts: 291
georgepomone is a name known to allgeorgepomone is a name known to allgeorgepomone is a name known to allgeorgepomone is a name known to allgeorgepomone is a name known to allgeorgepomone is a name known to allgeorgepomone is a name known to allgeorgepomone is a name known to all
Re: Possible bug/virus
Had something similar or the same on a friends computer. Tried a number of different things to clear it. I then thought I hadn't tried SuperAntispyware. I'd been messing about for three hours. That cleared it. Sadly I can't remember what it said it was.
georgepomone is offline   Reply With Quote
Old 04-11-2009, 02:20   #11
MovedGoalPosts
Inactive
 
MovedGoalPosts's Avatar
 
Join Date: Jun 2003
Location: 127.0.0.1
Age: 61
Posts: 15,868
MovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny stars
MovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny starsMovedGoalPosts has a pair of shiny stars
Re: Possible bug/virus
Do you have a second computer, or is there a friend who can assist? You might need to create a CD boot disc on a clean computer, together with an antivirus / antimalware scanners and then boot from the CD to scan the affected computer.
MovedGoalPosts is offline   Reply With Quote
Old 04-11-2009, 11:59   #12
Aragorn
Inactive
 
Aragorn's Avatar
 
Join Date: Apr 2004
Location: Minas Tirith, Gondor
Age: 60
Posts: 3,458
Aragorn has a nice shiny star
Aragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny star
Re: Possible bug/virus
Quote:
Originally Posted by tabatha View Post

I have run GMER and have a page of "something" under rootkit/malware..
Can you post the log from GMER?
Can you download HiJack This and post the log file?

Do you have recover CD's for this system (& data/picture backups)? Might be a quicker/safer option!
Aragorn is offline   Reply With Quote
Old 04-11-2009, 14:18   #13
tabatha
Inactive
 
Join Date: Jun 2003
Location: winchester
Posts: 465
tabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to all
Re: Possible bug/virus
Quote:
Originally Posted by Aragorn View Post
Can you post the log from GMER?
Can you download HiJack This and post the log file?

Do you have recover CD's for this system (& data/picture backups)? Might be a quicker/safer option!
I think/hope this is the logfile you mean....from hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:12, on 04/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 3934 bytes
tabatha is offline   Reply With Quote
Old 04-11-2009, 15:30   #14
Aragorn
Inactive
 
Aragorn's Avatar
 
Join Date: Apr 2004
Location: Minas Tirith, Gondor
Age: 60
Posts: 3,458
Aragorn has a nice shiny star
Aragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny starAragorn has a nice shiny star
Re: Possible bug/virus
Nothing dangerous in there, but how about the GMER rootkit log?
Aragorn is offline   Reply With Quote
Old 04-11-2009, 15:49   #15
tabatha
Inactive
 
Join Date: Jun 2003
Location: winchester
Posts: 465
tabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to alltabatha is a name known to all
Re: Possible bug/virus
Quote:
Originally Posted by Aragorn View Post
Nothing dangerous in there, but how about the GMER rootkit log?
Deleted ..clicked the wrong button....

Can download again if needed..

Can I do a "system restore"...go back about a week...??

Thanks for your help..
tabatha is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 00:05.

Contact Us - Service Status - Cable Forum - Archive - Privacy Statement - Terms of Service - Top

Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum
Copyright © 2025 Cable Forum Hosted On Hetzner Cloud