problem with bsnl's internet connexion
- Status
Choto Cheeta
Rebooting
seems that system has plenty of Virus and Possible infection of Maleware...
Get a Good AVS to run a full system scan...
Install the Windows Server 2003 SP1 or upgrade to Windows Server 2003 R2
..
Now by Error trouble shoot,
Follow this bellow guide to resolve the issue...
*www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Possible due to W32.Blaster.Worm ... You may use the bellow tool from Symantec to resolve the issue, and get Windows Server 2003 SP1 or Upgrade to the Windows Server 2003 R2...
and for all other Install the latest updates for Windows Server 2003 !! get the SP1... and scan the system with a Good AVS like Symantec CE 10.1 or KAV !!
Get a Good AVS to run a full system scan...
Install the Windows Server 2003 SP1 or upgrade to Windows Server 2003 R2
..Now by Error trouble shoot,
Follow this bellow guide to resolve the issue...
*www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Possible due to W32.Blaster.Worm ... You may use the bellow tool from Symantec to resolve the issue, and get Windows Server 2003 SP1 or Upgrade to the Windows Server 2003 R2...
and for all other Install the latest updates for Windows Server 2003 !! get the SP1... and scan the system with a Good AVS like Symantec CE 10.1 or KAV !!
OP
slugger
Banned
i had avast running yesterday when i first faced this problem [i l8r formatted disk]
also i'm unable to copy paste anythin from web pages and not able to save the pages.
will dowload the patches and wuill keep u posted
i installed the security update that was provided in the link by saurav_cheeta, but did not solve my problem. i'm currently operating usin the method provided by outlaw. i'm also unable to save any webpages or copy paste anything from any web page dat i've opened
i opened task manager and found some files running
they were
oiumpg.exe
uayajhxj.exe
kqkzgmk.exe
wmiprvse.exe
w3wp.exe
ylchv.exe
do they mean any thing
also i'm unable to copy paste anythin from web pages and not able to save the pages.
will dowload the patches and wuill keep u posted
i installed the security update that was provided in the link by saurav_cheeta, but did not solve my problem. i'm currently operating usin the method provided by outlaw. i'm also unable to save any webpages or copy paste anything from any web page dat i've opened
i opened task manager and found some files running
they were
oiumpg.exe
uayajhxj.exe
kqkzgmk.exe
wmiprvse.exe
w3wp.exe
ylchv.exe
do they mean any thing
Last edited:
Choto Cheeta
Rebooting
Quiz_Master
* Teh Flirt King *
@slugger
Hi mate!!!
There is 98 % chance that ur pc is infected witha trojen horse / spyware.
Install spyware search and destroy and clean ur pc with it. Also check that u r using the original windows not pirated one.
Remove any suspicious entry from ur startup. Using command msconfig.
Post a detailed info about ur problem.
Hi mate!!!
There is 98 % chance that ur pc is infected witha trojen horse / spyware.
Install spyware search and destroy and clean ur pc with it. Also check that u r using the original windows not pirated one.
Remove any suspicious entry from ur startup. Using command msconfig.
Post a detailed info about ur problem.
OP
slugger
Banned
a problem that i noticed was that, i've been getting this shutdown message only when i'm opening a browser window, be it ie or firefox. i ran a spybot s&d scan for which it connected to the net for downloading updates but there was no shutdown message
@saurav_cheeta
posting the log file
Logfile of HijackThis v1.99.1
Scan saved at 11:26:41 PM, on 4/9/2007
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST\aswUpdSv.exe
C:\Program Files\AVAST\aswServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\system32\kqkzgmk.exe
C:\WINDOWS\system32\lssas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVAST\aswDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\FIREFOX\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FDM\iefdmcks.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SAInstall] SaInstall.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\kqkzgmk.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST\aswDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FDM\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FDM\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FDM\dllink.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{77A37C51-90AA-4290-B3DA-31F84E701F21}: NameServer = 218.248.240.208 218.248.255.193
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\AVAST\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\AVAST\aswServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\AVAST\aswMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\AVAST\aswWebSv.exe" /service (file missing)
i installed win2k3 sp2. i also ran the security tool provided by ms. installed spybot s&d and wormguard. as of now my rig doesn't seem to be giving me the shutdown message anymore.
however noticed a few things
spybot give me this message
*img201.imageshack.us/img201/9894/errorkx2.gif
the names of the old file and the file it replaces keeps changing
also in my startup there is this entry
*img254.imageshack.us/img254/3217/startupro2.gif
@saurav_cheeta
posting the log file
Logfile of HijackThis v1.99.1
Scan saved at 11:26:41 PM, on 4/9/2007
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST\aswUpdSv.exe
C:\Program Files\AVAST\aswServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\system32\kqkzgmk.exe
C:\WINDOWS\system32\lssas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVAST\aswDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\FIREFOX\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FDM\iefdmcks.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SAInstall] SaInstall.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\kqkzgmk.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST\aswDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FDM\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FDM\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FDM\dllink.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{77A37C51-90AA-4290-B3DA-31F84E701F21}: NameServer = 218.248.240.208 218.248.255.193
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\AVAST\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\AVAST\aswServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\AVAST\aswMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\AVAST\aswWebSv.exe" /service (file missing)
i installed win2k3 sp2. i also ran the security tool provided by ms. installed spybot s&d and wormguard. as of now my rig doesn't seem to be giving me the shutdown message anymore.
however noticed a few things
spybot give me this message
*img201.imageshack.us/img201/9894/errorkx2.gif
the names of the old file and the file it replaces keeps changing
also in my startup there is this entry
*img254.imageshack.us/img254/3217/startupro2.gif
Last edited:
Choto Cheeta
Rebooting
ooppss... Sorry mate, one may see from the log you have posted you have mulitple infection of some masty Virus and Trojan !!
lets see,
C:\WINDOWS\system32\lssas.exe
Possible Sober Worm W32.Sober ... Follow this guide of Symantec to download the tool and remove the worm..
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
W32.LinkBot.M
Follow this guide of Symantec to download the tool and remove the worm..
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
Try and delete the file... and get a good AVS, SP2 should have taken care !! r u sure u have deployed the SP2 successfully ?? looks to me you may have a currupt installation of SP2 where its not installed with all patches.. !!
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
Its a Trojan !! Run a full system scan with your spybot search and destry !! it should clean it up... !!
I seriously doubt that you have a successful deplyment of the SP2 !! HijackThis also doesnt reflect that installation !!
Get a proper AVS.. looks like for some reason Avast is not doing its job !! if you run a business, then time to switch to Symantec CE or Kaspersky solutions... !!
lets see,
C:\WINDOWS\system32\lssas.exe
Possible Sober Worm
W32.Sober ... Follow this guide of Symantec to download the tool and remove the worm..O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\system32\winIogon.exe
W32.LinkBot.M
Follow this guide of Symantec to download the tool and remove the worm..
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
Try and delete the file... and get a good AVS, SP2 should have taken care !! r u sure u have deployed the SP2 successfully ?? looks to me you may have a currupt installation of SP2 where its not installed with all patches.. !!
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
Its a Trojan !! Run a full system scan with your spybot search and destry !! it should clean it up... !!
I seriously doubt that you have a successful deplyment of the SP2 !! HijackThis also doesnt reflect that installation !!
Get a proper AVS.. looks like for some reason Avast is not doing its job !! if you run a business, then time to switch to Symantec CE or Kaspersky solutions... !!
OP
slugger
Banned
@saurav_cheeta
sorry m8, i ran d hijack scan b4 installing sp2
here i'm posting the log now dat i've installed sp2
also i inadvertently allowed a certain program to run using spybot s&d. now i'm unable to undo it.
the program dat i allowed to run was
i also ran the sober tool from from symantec, but it was unable to find anythin [i ran it in normal boot mode]
i also noticed dat with win2003 sumtimes when i try to shutdown, it instead restarts. happens quite often
sorry m8, i ran d hijack scan b4 installing sp2
here i'm posting the log now dat i've installed sp2
also i inadvertently allowed a certain program to run using spybot s&d. now i'm unable to undo it.
the program dat i allowed to run was
plz tell me how to go about doing this
i also ran the sober tool from from symantec, but it was unable to find anythin [i ran it in normal boot mode]
i also noticed dat with win2003 sumtimes when i try to shutdown, it instead restarts. happens quite often
Choto Cheeta
Rebooting
well still atleast there are 2 Worms present...
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
POEBOT-J WORM ....
and
C:\WINDOWS\system32\lssas.exe
W32.Sober
I suggest, uninstall the Avast and get a good AVS like Kaspersky or Norton,
try one more thing, run a online scan from either Kaspersky Online Scanner or Symantec Online Scanner not sure but i think they do support Server 2003 !!
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
POEBOT-J WORM ....
and
C:\WINDOWS\system32\lssas.exe
W32.Sober
I suggest, uninstall the Avast and get a good AVS like Kaspersky or Norton,
try one more thing, run a online scan from either Kaspersky Online Scanner or Symantec Online Scanner not sure but i think they do support Server 2003 !!
OP
slugger
Banned
thanx saurav_cheeta
ur suggestion of using kaspersky av proved useful. it detected a lot of torjans on my computer
*img227.imageshack.us/img227/4346/treatedkw5.gif
ran hijack this after that
results
also a million thanx to outlaw for suggesting the
which proved to be a boon in the first few sessions
shud i remove wormguard and spybot s&d and rely only on kspaersky to give me a decent level of protection
is there any freeware protection sw that can offer a similar level of protection [i don't mind installing different freewares for different types of protection]
ur suggestion of using kaspersky av proved useful. it detected a lot of torjans on my computer
*img227.imageshack.us/img227/4346/treatedkw5.gif
ran hijack this after that
results
Code:
Logfile of HijackThis v1.99.1
Scan saved at 4:40:03 PM, on 4/13/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\KASPERSKY AV\avp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KASPERSKY AV\avp.exe
C:\Program Files\SPYBOT\TeaTimer.exe
C:\Program Files\ADOBE READER\Reader\reader_sl.exe
C:\Program Files\KASPERSKY AV\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FDM\iefdmcks.dll
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [SAInstall] SaInstall.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVP] "C:\Program Files\KASPERSKY AV\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\SPYBOT\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\ADOBE READER\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\ADOBE READER\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FDM\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FDM\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\FDM\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FDM\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{77A37C51-90AA-4290-B3DA-31F84E701F21}: NameServer = 218.248.240.208 218.248.255.193
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\KASPERSKY AV\avp.exe" -r (file missing)also a million thanx to outlaw for suggesting the
Code:
shutdown -ashud i remove wormguard and spybot s&d and rely only on kspaersky to give me a decent level of protection
is there any freeware protection sw that can offer a similar level of protection [i don't mind installing different freewares for different types of protection]
Last edited:
Quiz_Master
* Teh Flirt King *
Don't Remove S&D. Use it as a extra protection. Running S&D once in a week won't hurt will it???
Choto Cheeta
Rebooting
slugger said:
Welcome
about the HijackThis log now, it looks clean to me
keep the spybot
but u may remove any thing else.. if you have Kaspersky as full time AVS, then you wont need any thing else - Status