something isn't right with my net connection.....

Status
Not open for further replies.
T

techmax

Broken In
whenever i connect to net through my dial up line ,some program or something starts transmitting data which slows down my net connection ,i tried spybot SnD ,virus scan but nothing showed uphelp me guyz

another thing i observe is the creation of iexplore.exe in the root of c:
and sxe.temp

i am also using kerio personel firewall
 
swatkat

swatkat

Technomancer
Hmm..This doesnt sound good. Download HijackThis . Run it, click the button Do a System scan and save log file. Copy the entire contents of the log file generated by it and post it here.
 
OP
T

techmax

Broken In
Logfile of HijackThis v1.99.1
Scan saved at 7:46:58 PM, on 11/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\netconf32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Deer Park Alpha 1\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.016\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3276AFA-71DC-4585-B548-6CFF3672C6C4}: NameServer = 61.0.96.33 61.0.0.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe



I only use firefox as the browser
 
S

sakumar79

Technomancer
I think Kerio makes a log of programs trying to access the internet... Check the log for any suspicious activity (including access of iexplore when you are not using it).

Also, run the Task Manager and in Process menu, sort by CPU and then check which processes are occupying CPU time...

The log file appears clean to me except the netconf32 program.... Not sure what it is... Check with an online scanning facility such as Trend Micros and also check with Adaware. One site listed netconf32 as a possible sign of backdoor.win32.sdbot.xd...

Arun
 
swatkat

swatkat

Technomancer
Hi,
Boot in Safe Mode.


Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named netconf32 and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".


Run HijackThis and click "Do only a system scan". And then select these entries:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe

Close all other programs and click "Fix Checked" in HijackThis.


Delete this file:-
C:\WINDOWS\netconf32.exe


Reboot to Normal Mode. I suggest you to perform an online scan at Kaspersky Online Scanner. If you run that scan, post back the log file it gives.
 
W

whim_gen

Journeyman
^^
Hey swat,
How much data transfer occurs when I run an online scan?
I am quite near my download limit now,so it would help to know the actual datatransfer...:sad:
 
S

sakumar79

Technomancer
Instead of online scan at Kaspersky, you can download Microworld Antivirus program to check for viruses/spyware (it scans and reports but wont remove). It is 3-4MB. It is regularly updated, so you will need to get the latest. Get it at *www.mwti.net/products/mwav/mwav.asp

Arun
 
swatkat

swatkat

Technomancer
Hi whim_gen,
Kaspersky Online Scanner downloads about 6 MB of definition files.

MWAV is of 9.1 MB, so the online scanner from Kaspersky is a better choice.

OR, if the download limit is too low, then you can use Ewido, which was given in recent Digit CD/DVDs.
 
Status
Not open for further replies.
Top Bottom