Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

WORMS ISASS NETWORK HIDDING CONECTIONS

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 03-12-2008
ANDERSON
 

Posts: n/a
WORMS ISASS NETWORK HIDDING CONECTIONS
Hi,

My computer have a big problem in security system. He was infected by ISASS
malware, a WORM that hide in windows system folders and share my conection
with anothers users without my autorization.

In firewall i can see a lot of ports opened without my UAC identify. Anti
v├*rus like norton or kaspersky don't solve my problem. Spybot did not help me
too. I tried windows defender, and tried RegistryBooster 2, both without
sucess.

I studied a internet forum about the problems and i believed that i will
solve the problem with a tool of microsoft:

http://www.microsoft.com/downloads/d...displaylang=en

but after dowloaded and scanner computer, the tool dont find any problem...

I finded a soluction for WINDOWS XP in this link:

http://www.microsoft.com/technet/sec.../ms04-011.mspx

but its a soluction of 2004 year, and dont help windows vista users.

My firewall keep blocking some ports but it isn't a solucion for a problem.
I keep have problem, a critical problem, and i dont know how solve.

I founded a tool to solve a problem in "host file", on folder system, but i
dont believe that this tool will solve my problem. His name is RRT 4.6 and
was made for solve this kind of problem, but only remove malware problems if
i pay for this, and i dont believe that i will need this paralel soluction.

This is the log of HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:28 PM, on 3/11/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
c:\users\anderson\desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-6834
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} -
"C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera
Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cmpe] C:\Windows\system32\cmpe.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program
Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r
"C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.i ni"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet
Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program
Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program
Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}
- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} -
"C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare
safety scanner control) -
http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/reso...PUpldpt-br.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
http://www.onlineregister.com/gateway/serial/gwCID.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4D29593B-A1B0-4198-A748-A05CC3CC023B}:
NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs:
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
(file missing)
O23 - Service: Context Manager Process Extension (cmpe) - LightComm -
C:\Windows\system32\cmpe.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown
owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program
Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) -
Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program
Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)



My firewall keep showing a lot of SVCHOST.EXE paralel works, with TCP and
UDP ports opened without my autorization.

I dont know how solve my security problem. Can you help me?

Thanks
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 03-12-2008
Carey Frisch [MVP]
 

Posts: n/a
Re: WORMS ISASS NETWORK HIDDING CONECTIONS
Your computer is massively infected with malware and requires a clean install
of Windows Vista.

Cleaning a Compromised System
http://www.microsoft.com/technet/com...mt/sm0504.mspx

--
Carey Frisch
Microsoft MVP
Windows Shell/User

---------------------------------------------------------------

"ANDERSON" wrote:

Hi,

My computer have a big problem in security system. He was infected by ISASS
malware, a WORM that hide in windows system folders and share my conection
with anothers users without my autorization.

In firewall i can see a lot of ports opened without my UAC identify. Anti
v├*rus like norton or kaspersky don't solve my problem. Spybot did not help me
too. I tried windows defender, and tried RegistryBooster 2, both without
sucess.

I studied a internet forum about the problems and i believed that i will
solve the problem with a tool of microsoft:

http://www.microsoft.com/downloads/d...displaylang=en

but after dowloaded and scanner computer, the tool dont find any problem...

I finded a soluction for WINDOWS XP in this link:

http://www.microsoft.com/technet/sec.../ms04-011.mspx

but its a soluction of 2004 year, and dont help windows vista users.

My firewall keep blocking some ports but it isn't a solucion for a problem.
I keep have problem, a critical problem, and i dont know how solve.

I founded a tool to solve a problem in "host file", on folder system, but i
dont believe that this tool will solve my problem. His name is RRT 4.6 and
was made for solve this kind of problem, but only remove malware problems if
i pay for this, and i dont believe that i will need this paralel soluction.

This is the log of HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:28 PM, on 3/11/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
c:\users\anderson\desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-6834
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} -
"C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera
Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cmpe] C:\Windows\system32\cmpe.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program
Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r
"C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.i ni"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet
Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program
Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program
Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}
- C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} -
"C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare
safety scanner control) -
http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/reso...PUpldpt-br.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
http://www.onlineregister.com/gateway/serial/gwCID.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4D29593B-A1B0-4198-A748-A05CC3CC023B}:
NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs:
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
(file missing)
O23 - Service: Context Manager Process Extension (cmpe) - LightComm -
C:\Windows\system32\cmpe.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown
owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program
Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) -
Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program
Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)



My firewall keep showing a lot of SVCHOST.EXE paralel works, with TCP and
UDP ports opened without my autorization.

I dont know how solve my security problem. Can you help me?

Thanks

Reply With Quote
  #3 (permalink)  
Old 03-13-2008
Dwarf
 

Posts: n/a
RE: WORMS ISASS NETWORK HIDDING CONECTIONS
Hi ANDERSON,

I agree with Carey. You have got a variant of the 'Sasser' malware on your
system. This malware is notoriously difficult to remove and in many cases the
best solution is to reinstall Vista. In your case, from reading your post,
there are so many errors that this is really the only sensible option for
you. Make sure that when you do you choose the full format option and not the
quick format.
Dwarf


"ANDERSON" wrote:

> Hi,
>
> My computer have a big problem in security system. He was infected by ISASS
> malware, a WORM that hide in windows system folders and share my conection
> with anothers users without my autorization.
>
> In firewall i can see a lot of ports opened without my UAC identify. Anti
> v├*rus like norton or kaspersky don't solve my problem. Spybot did not help me
> too. I tried windows defender, and tried RegistryBooster 2, both without
> sucess.
>
> I studied a internet forum about the problems and i believed that i will
> solve the problem with a tool of microsoft:
>
> http://www.microsoft.com/downloads/d...displaylang=en
>
> but after dowloaded and scanner computer, the tool dont find any problem...
>
> I finded a soluction for WINDOWS XP in this link:
>
> http://www.microsoft.com/technet/sec.../ms04-011.mspx
>
> but its a soluction of 2004 year, and dont help windows vista users.
>
> My firewall keep blocking some ports but it isn't a solucion for a problem.
> I keep have problem, a critical problem, and i dont know how solve.
>
> I founded a tool to solve a problem in "host file", on folder system, but i
> dont believe that this tool will solve my problem. His name is RRT 4.6 and
> was made for solve this kind of problem, but only remove malware problems if
> i pay for this, and i dont believe that i will need this paralel soluction.
>
> This is the log of HijackThis:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 8:51:28 PM, on 3/11/2008
> Platform: Unknown Windows (WinNT 6.00.1904)
> MSIE: Internet Explorer v8.00 (8.00.6001.17184)
>
> Running processes:
> C:\Windows\system32\Dwm.exe
> C:\Windows\system32\taskeng.exe
> C:\Windows\Explorer.EXE
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
> C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
> C:\Program Files\Spare Backup\SpareBackup.exe
> C:\Program Files\Napster\napster.exe
> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
> C:\Windows\System32\igfxtray.exe
> C:\Windows\System32\hkcmd.exe
> C:\Windows\system32\igfxsrvc.exe
> C:\Windows\System32\igfxpers.exe
> C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
> C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
> C:\Windows\system32\wbem\unsecapp.exe
> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
> C:\Windows\ehome\ehtray.exe
> C:\Program Files\Skype\Phone\Skype.exe
> C:\Program Files\Picasa2\PicasaMediaDetector.exe
> C:\Program Files\Windows Live\Messenger\msnmsgr.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Windows\ehome\ehmsas.exe
> C:\Program Files\Windows Media Player\wmpnscfg.exe
> C:\Program Files\BigFix\bigfix.exe
> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
> C:\Program Files\Skype\Plugin Manager\skypePM.exe
> C:\Windows\system32\conime.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
> c:\users\anderson\desktop\hijackthis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-6834
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> O1 - Hosts: ::1 localhost
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
> - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
> O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}
> - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
> O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
> - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Windows Live Toolbar Helper -
> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
> Toolbar\msntb.dll
> O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} -
> "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
> O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
> - C:\Program Files\Windows Live Toolbar\msntb.dll
> O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
> Defender\MSASCui.exe -hide
> O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaanotif.exe"
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera
> Assistant Software for Gateway\traybar.exe"
> O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
> Desktop Search\GoogleDesktop.exe" /startup
> O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
> Backup\SpareBackup.exe" /silent
> O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
> O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
> Office\Office12\GrooveMonitor.exe"
> O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
> O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [cmpe] C:\Windows\system32\cmpe.exe
> O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
> Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
> O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
> Files\ScanSoft\PaperPort\pptd40nt.exe
> O4 - HKLM\..\Run: [IndexSearch] C:\Program
> Files\ScanSoft\PaperPort\IndexSearch.exe
> O4 - HKLM\..\Run: [PPort9reminder] "C:\Program
> Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r
> "C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.i ni"
> O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet
> Security 7.0\avp.exe"
> O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
> O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
> O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
> /minimized
> O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program
> Files\Picasa2\PicasaMediaDetector.exe
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
> Live\Messenger\msnmsgr.exe" /background
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> Player\WMPNSCFG.exe
> O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program
> Files\Microsoft Office\Office12\ONENOTEM.EXE
> O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
> O8 - Extra context menu item: Add to Anti-Banner - C:\Program
> Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
> O9 - Extra button: Web Anti-Virus statistics -
> {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
> Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
> O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
> - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
> O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer -
> {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
> Live\Writer\WriterBrowserExtension.dll
> O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}
> - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: S&end to OneNote -
> {2670000A-7350-4f3c-8081-5663EE0C6C49} -
> C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} -
> "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
> O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
> O11 - Options group: [INTERNATIONAL] International*
> O13 - Gopher Prefix:
> O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare
> safety scanner control) -
> http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
> O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
> http://gfx2.hotmail.com/mail/w2/reso...PUpldpt-br.cab
> O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
> http://www.eset.eu/buxus/docs/OnlineScanner.cab
> O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
> http://www.onlineregister.com/gateway/serial/gwCID.cab
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
> http://fpdownload2.macromedia.com/ge...sh/swflash.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{4D29593B-A1B0-4198-A748-A05CC3CC023B}:
> NameServer = 200.165.132.148 200.165.132.155
> O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
> C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
> O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
> C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
> O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
> C:\Program Files\Windows Live\Mail\mailcomm.dll
> O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
> C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
> O20 - AppInit_DLLs:
> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll
> O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
> O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
> O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
> Systems - C:\Windows\system32\agrsmsvc.exe
> O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner -
> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
> (file missing)
> O23 - Service: Context Manager Process Extension (cmpe) - LightComm -
> C:\Windows\system32\cmpe.exe
> O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown
> owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program
> Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
> O23 - Service: GoogleDesktopManager - Google - C:\Program
> Files\Google\Google Desktop Search\GoogleDesktop.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
> Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
> O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner -
> %windir%\system32\svchost.exe (file missing)
> O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
> Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
> O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) -
> Unknown owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program
> Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
> O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
> (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
> Player\wmpnetwk.exe (file missing)
>
>
>
> My firewall keep showing a lot of SVCHOST.EXE paralel works, with TCP and
> UDP ports opened without my autorization.
>
> I dont know how solve my security problem. Can you help me?
>
> Thanks

Reply With Quote
  #4 (permalink)  
Old 03-16-2008
Hank Arnold (MVP)
 

Posts: n/a
Re: WORMS ISASS NETWORK HIDDING CONECTIONS
ANDERSON wrote:
> Hi,
>
> My computer have a big problem in security system. He was infected by ISASS
> malware, a WORM that hide in windows system folders and share my conection
> with anothers users without my autorization.
>
> In firewall i can see a lot of ports opened without my UAC identify. Anti
> v├*rus like norton or kaspersky don't solve my problem. Spybot did not help me
> too. I tried windows defender, and tried RegistryBooster 2, both without
> sucess.
>
> I studied a internet forum about the problems and i believed that i will
> solve the problem with a tool of microsoft:
>
> http://www.microsoft.com/downloads/d...displaylang=en
>
> but after dowloaded and scanner computer, the tool dont find any problem...
>
> I finded a soluction for WINDOWS XP in this link:
>
> http://www.microsoft.com/technet/sec.../ms04-011.mspx
>
> but its a soluction of 2004 year, and dont help windows vista users.
>
> My firewall keep blocking some ports but it isn't a solucion for a problem.
> I keep have problem, a critical problem, and i dont know how solve.
>
> I founded a tool to solve a problem in "host file", on folder system, but i
> dont believe that this tool will solve my problem. His name is RRT 4.6 and
> was made for solve this kind of problem, but only remove malware problems if
> i pay for this, and i dont believe that i will need this paralel soluction.
>
> This is the log of HijackThis:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 8:51:28 PM, on 3/11/2008
> Platform: Unknown Windows (WinNT 6.00.1904)
> MSIE: Internet Explorer v8.00 (8.00.6001.17184)
>
> Running processes:
> C:\Windows\system32\Dwm.exe
> C:\Windows\system32\taskeng.exe
> C:\Windows\Explorer.EXE
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
> C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
> C:\Program Files\Spare Backup\SpareBackup.exe
> C:\Program Files\Napster\napster.exe
> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
> C:\Windows\System32\igfxtray.exe
> C:\Windows\System32\hkcmd.exe
> C:\Windows\system32\igfxsrvc.exe
> C:\Windows\System32\igfxpers.exe
> C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
> C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
> C:\Windows\system32\wbem\unsecapp.exe
> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
> C:\Windows\ehome\ehtray.exe
> C:\Program Files\Skype\Phone\Skype.exe
> C:\Program Files\Picasa2\PicasaMediaDetector.exe
> C:\Program Files\Windows Live\Messenger\msnmsgr.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Windows\ehome\ehmsas.exe
> C:\Program Files\Windows Media Player\wmpnscfg.exe
> C:\Program Files\BigFix\bigfix.exe
> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
> C:\Program Files\Skype\Plugin Manager\skypePM.exe
> C:\Windows\system32\conime.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
> c:\users\anderson\desktop\hijackthis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.gateway.com/g/startpage.h...s=PTB&M=M-6834
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-6834
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> O1 - Hosts: ::1 localhost
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
> - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
> O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}
> - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
> O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
> - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Windows Live Toolbar Helper -
> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
> Toolbar\msntb.dll
> O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} -
> "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
> O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
> - C:\Program Files\Windows Live Toolbar\msntb.dll
> O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
> Defender\MSASCui.exe -hide
> O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaanotif.exe"
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera
> Assistant Software for Gateway\traybar.exe"
> O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
> Desktop Search\GoogleDesktop.exe" /startup
> O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare
> Backup\SpareBackup.exe" /silent
> O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
> O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
> Office\Office12\GrooveMonitor.exe"
> O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
> O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [cmpe] C:\Windows\system32\cmpe.exe
> O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
> Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
> O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
> Files\ScanSoft\PaperPort\pptd40nt.exe
> O4 - HKLM\..\Run: [IndexSearch] C:\Program
> Files\ScanSoft\PaperPort\IndexSearch.exe
> O4 - HKLM\..\Run: [PPort9reminder] "C:\Program
> Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r
> "C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.i ni"
> O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet
> Security 7.0\avp.exe"
> O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
> O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
> O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
> /minimized
> O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program
> Files\Picasa2\PicasaMediaDetector.exe
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
> Live\Messenger\msnmsgr.exe" /background
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
> Player\WMPNSCFG.exe
> O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program
> Files\Microsoft Office\Office12\ONENOTEM.EXE
> O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
> O8 - Extra context menu item: Add to Anti-Banner - C:\Program
> Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
> O9 - Extra button: Web Anti-Virus statistics -
> {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
> Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
> O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
> - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
> O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer -
> {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
> Live\Writer\WriterBrowserExtension.dll
> O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}
> - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: S&end to OneNote -
> {2670000A-7350-4f3c-8081-5663EE0C6C49} -
> C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
> O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} -
> "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
> O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
> O11 - Options group: [INTERNATIONAL] International*
> O13 - Gopher Prefix:
> O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare
> safety scanner control) -
> http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
> O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
> http://gfx2.hotmail.com/mail/w2/reso...PUpldpt-br.cab
> O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
> http://www.eset.eu/buxus/docs/OnlineScanner.cab
> O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
> http://www.onlineregister.com/gateway/serial/gwCID.cab
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
> http://fpdownload2.macromedia.com/ge...sh/swflash.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{4D29593B-A1B0-4198-A748-A05CC3CC023B}:
> NameServer = 200.165.132.148 200.165.132.155
> O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
> C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
> O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
> C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
> O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
> C:\Program Files\Windows Live\Mail\mailcomm.dll
> O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
> C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
> O20 - AppInit_DLLs:
> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll
> O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
> O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
> O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere
> Systems - C:\Windows\system32\agrsmsvc.exe
> O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner -
> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
> (file missing)
> O23 - Service: Context Manager Process Extension (cmpe) - LightComm -
> C:\Windows\system32\cmpe.exe
> O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown
> owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program
> Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
> O23 - Service: GoogleDesktopManager - Google - C:\Program
> Files\Google\Google Desktop Search\GoogleDesktop.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
> Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
> O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner -
> %windir%\system32\svchost.exe (file missing)
> O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
> Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
> O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) -
> Unknown owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program
> Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
> O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
> (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
> Player\wmpnetwk.exe (file missing)
>
>
>
> My firewall keep showing a lot of SVCHOST.EXE paralel works, with TCP and
> UDP ports opened without my autorization.
>
> I dont know how solve my security problem. Can you help me?
>
> Thanks


I'll third Carey and Dwarf's suggestion. You are *WAY* past any chance
of a successful cleanup. Back up critical files and do a clean install
(boot from the XP CD). Be sure to install an AV application and scan any
backed up files before restoring them....

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
Reply With Quote
  #5 (permalink)  
Old 03-17-2008
ANDERSON
 

Posts: n/a
Re: WORMS ISASS NETWORK HIDDING CONECTIONS
Thanks, i did a full format...
but i dont believe that a worm of 2004 make me to do this...
I hate bill gates.
see u guys, thank you

Anderson

> >
> > Thanks

>
> I'll third Carey and Dwarf's suggestion. You are *WAY* past any chance
> of a successful cleanup. Back up critical files and do a clean install
> (boot from the XP - VISTA!!! - CD). Be sure to install an AV application and scan any
> backed up files before restoring them....
>
> --
>
> Regards,
> Hank Arnold
> Microsoft MVP
> Windows Server - Directory Services
>

Reply With Quote
  #6 (permalink)  
Old 03-17-2008
FromTheRafters
 

Posts: n/a
Re: WORMS ISASS NETWORK HIDDING CONECTIONS

"ANDERSON" <ANDERSON@discussions.microsoft.com> wrote in message
news:E14205C1-D0FA-49C8-BE27-FF0AA0CBF470@microsoft.com...
> Thanks, i did a full format...
> but i dont believe that a worm of 2004 make me to do this...


Sasser?

Wasn't there a patch for that vulnerability very shortly after its
discovery?
How could it possibly work its exploit against the new Vista OS!?

> I hate bill gates.


Rich geniuses piss me off sometimes too... but that's not really on point.
)
Clearly you did the right thing by not wasting time chasing down what might
have been done by some unknown malware, but I don't think Bill Gates
is the problem here.

Sasser, aside from exploit code, abuses functionality that is otherwise
beneficial.
Blame the malware, not the rich genius.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
mouse hidding behind text in text box Arcone microsoft.public.windows.vista hardware devices 2 03-09-2008 07:49
Benevolent Worms Paul Security News 0 02-19-2008 14:50
How to create multiple dial-up conections ?? Jay Somerset microsoft.public.windows.vista.networking sharing 6 05-10-2007 03:04
Next week: your 360 will get Worms Paul Security News 0 03-03-2007 02:33
Hidding XP from Vista =?Utf-8?B?QW5uZQ==?= microsoft.public.windows.vista.general 3 02-27-2007 19:48




All times are GMT +1. The time now is 10:24.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120