Tech Support banner

Not open for further replies.
1 - 3 of 3 Posts

2 Posts
Discussion Starter #1 (Edited)
Well, I was having severe problems with my computer due to viruses/spyware and all that fun stuff, generally I have no problem with it, but I reformatted and like an idiot installed something without realizing I had no virus scanner installed, so my computer started acting up, I tried all I could do to fix it(task manager, regedit and msconfig weren't working), so I resorted to reformatting, again. After doing so(about an hour ago it finished). I downloaded Avast again and did a bootup scan, it detected the same trojan and does everytime I reboot my computer, I don't understand how it stayed after I reformatted, right now I see no harm, but knowing it's there rather disturbs me. Last I recall it was in the file "ntfs.exe". And I keep getting messages(I'm guessing around, one every minute, at least) from Avast, saying; "Network Shield: blocked 'DCOM Exploit' - attack from". I'm not too sure what's going on right now, I could really use some help or atleast some advice on what to do. Currently for AV I use Avast and for Spyware I use Microsoft AntiSpyware. Any suggestions would be appreciated aswell, though I'm trying to stick with free stuff(without doing anything illegal). Thanks, sorry about the long post.

Logfile of HijackThis v1.99.1
Scan saved at 7:57:22 PM, on 03/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

It does puzzle me why cmd and ftp are running, but I'll leave them for now.
(I did have paint open, since it was the only way I could read the attack message, since it went by fairly quick :))

Also; on another note, if someone doesn't mind answering, I noticed my CMOS had a password as of late, yet I don't recall setting one, is there a way to go about resetting it?

2 Posts
Discussion Starter #2
Can't edit anymore..
But now it seems I can open task manager, but it won't move out of the system tray and I can have multiple instances of it running at the same time..Any ideas?

1,097 Posts
You seem to be infected with the Spybot/Rbot worm. You should post your logs in the HijackThis Log Help forum.

Also, if you see that a server like ftp is running, and you didn't start it, then it might be a good idea to kill that process.
1 - 3 of 3 Posts
Not open for further replies.