Virus and McAfee Antivirus - both troubling

Status
Not open for further replies.
N

navjotjsingh

Wise Old Owl
Recently when I browsed to E:\My Documents\My Music Folder it was empty. All 300+MB Songs were deleted permanently. BTW my PC Config:

Intel P4-2.4Ghz, 256MB RAM, 80GB HDD, Intel 845Mobo with Windows XP Pro SP2.

Now I don't want to recover my songs. I have tried it already. System Restore does not help in this case. I want to ask you how is it possible? Because some songs were left and I copied them again to E:\My Documents\My Music to test and again they got deleted automatically after 1 day.

To tell you Nobody except me operates the PC.
Also I have moved My Documents folder to E:\My Documents\My Music as my official My Documents Folder. Also along with the songs many other files including a folder related to my college containg all files, project report were deleted. thankfully I had its backup.

How is this possible? Is it a virus?

Also now to figh back I got the latest McAfee VirusScan 10.0 and also have IE 7.0 Beta.

When I want to update the McAfee it opens IE window and shows
*img386.imageshack.us/img386/5500/mcafee17tp.th.jpg

Why it detects IE as Netscape? Also downloding Plugin does not help in Firefox as it shows in Firefox that cookies are not enabled which are enabled actually.

Also files 4584xdat.exe and sdat4584.exe to update McAfee does not update it. Why? Should I download some other file to update it. I think I will have to revert to IE 6 SP1 as Yahoo! is not compatible with IE 7 beta either.

Though IE 7 beta is a good nice browser.

Bye and Please help me.
Navjot Singh.
 
Vishal Gupta

Vishal Gupta

Microsoft MVP
Its saying Your primary browser is netscape...
Hv u netscape or firefox installed on ur system?
If YES, then its selected as Default browser for sure..

U can make Internet Explorer as the default browser either by going to its properties and click on make internet explorer my default browser, or by going to Set access and defaults in Add/remove programs...
 
OP
N

navjotjsingh

Wise Old Owl
I have already tried your solution and it does not work. BTW i have uninstalled IE 7 Beta and it now works on IE 6. Firefox still gives problems even after plugin is installed. In Firefox it still says to enable cookies which already have been enabled.

Also please give me solution as to why my mp3 files are getting deleted.

Also please tell me which files should i download to update McAfee VirusScan 10.0
 
T

theraven

Technomancer
1) use this software called r-studio to recover ur music
also make sure u dun doo too much data transfer on ur hdd or those songs will be lost forever ...
if u get ur hands on stellar phoenix go ahead. . its gr8 piece of software

2) post ur HJT log file here .. so we know if somethings wrong with regards to virii or spuware/adware

3) update ur virus definitiosn and do a sustem scan
there must be an update option on ur av software. USE IT

4) download mcafee stinger and do a system scan


at any point has anyone accessed ur comp ?
cuz it could be a simple prank which autostarts and deleted ur music files at every startup !

what is ur hard disk configuration ? as in c: d: e:
how many do u have ? what size is each partition
a few mroe details would be helpful
5)
 
anandk

anandk

Distinguished Member
just thinking aloud njs;

have u moved ur whole of my documents to the e drive ? then does this disappearing act occur only in the my music foledr, or others too ? if it doz then the problem cud b about moving the system folder to a difrnt drive. (i had also tried this, but was not too happy, gave me some probs...).

posting ur hijackthis log here wud help.
 
OP
N

navjotjsingh

Wise Old Owl
theraven -

I don't want to recover my music as i said earlier but want to know who did this?

Here is my Hijackthis logfile

Code: 
Logfile of HijackThis v1.99.1
Scan saved at 14:11:56 PM, on 21/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Antivirus and  PC Security\Anti-Spyware\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.trafficswarm.com/cgi-bin/swarm.cgi?330336&cef1b737db5681724393101f794a0083
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = *www.sify.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.100.104.146:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - *pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Administrator\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Administrator\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Zoom &In  - C:\Documents and Settings\Administrator\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out  - C:\Documents and Settings\Administrator\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - *download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123843151703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127070417875
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - *go.microsoft.com/fwlink/?linkid=49480
O17 - HKLM\System\CCS\Services\Tcpip\..\{262AA00D-A5F6-48E9-9917-9362D3A923B5}: NameServer = 202.144.50.4,202.144.115.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{262AA00D-A5F6-48E9-9917-9362D3A923B5}: NameServer = 202.144.50.4,202.144.115.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{262AA00D-A5F6-48E9-9917-9362D3A923B5}: NameServer = 202.144.50.4,202.144.115.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

Scanned my PC using McAfee VirusScan 10.0 updated yesterday and Skipped Stinger because its also by Mcafee.

Nobody except me operates my PC. I am dead sure about this.

I have a Seagatte barracuda 7200rpm 80GB ULTRA-ATA HDD - partitioned into 4 equal parts.

C: = Windows XP Pro Sp2

D:,E:,F: - Contains softwares and games.

All drives are FAT32.

anandk -
It is completely safe to transfer My Documents Folder. I have done this for past six months for prevention of data from untimely crashes.
 
OP
N

navjotjsingh

Wise Old Owl
No My Pictures and My Video folder also emptied. For rescue operations I have emptied My Documents Folder. What to do? Please help somebody.
 
__Virus__

__Virus__

Ambassador of Buzz
well dood what i can suggest from all the confusion is

1)get a folder monitor, and monitor your folder continously..there are many folder monitors available wch will monitor ur folder for xx minutes, customisable.

2)get x-netstat and monitor each and every connection (might not be the problem, but worth a try)

3) if music folder is shared, make sure its not "full access" shared..as wingays xp does by default :-s

4) stop using Mcafee, kaspersky hits bottomm

5)change your default music folder from registry (must try it)

i hope folder monitoring shd get u some hint...and changing default folder too and using kaspersky too :D
 
Status
Not open for further replies.
Top Bottom