PDA

View Full Version : Immediate help needed



raidang
24-07-2008, 05:56 AM
Since a few days I have been facing problems browsing the internet. It has been giving me a real headache. I therefore seek the help of fellow members to help me solve the issue permanently..

The problems I have been facing are described below:

Often I'm not able to log in to www.orkut.com or www.gmail.com or www.wireclub.com..When I typed in Google in my Firefox browser it gives strings like "waiting for dt.tongji.cn.yahoo.com" and "waiting for log2.soft.cn.yahoo.com" in the Firefox status bar and my internet connection too gets slowed down. When I try to open www.gmail.com, it gives the string "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&l tmplcache=2" in the address bar and the page does not open. But sometimes it gets fine again.
And I also get errors using Yahoo Messenger. When I log in to Yahoo messenger, it gives errors similar to:
An error has occurred in the script on this page.

Line: 46
Char: 48
Error: Expected 'j'
Code: 0
URL: http://insider.msg.yahoo.com/client_ad.php?p=409640

and then it ask me to click either "yes" or "no"..

I am using Mcafee VirusScan 8.0.0 with latest updates (July 22, 2008). I have done full system scan in Safe Mode but could not find anything. But often sometimes when I log in to yahoo messenger and get the error mentioned above, Mcafee detects a Trojan named "VBS/Psyme". Mcafee only blocks the running of the script and it does not provide any option like "Clean, Delete or Quarantine".

I am also using Trojan Remover 6.7.1 with latest definition updates (23 July 2008) but it does not detect any problem. Scanned for issues using Safe Mode too but can't find any issue.

I am also using Spy bot Search and Destroy with latest definition updates but it does not detect any issue. Can't find any issue even if I scan my system in Safe Mode.

I also use SpywareBlaster with latest definition updates but it does not detect any issue.

I have also tried "Smitfraudfix.exe" but even it does not detect any issue.

I used CCleaner software to clean Temporary Internet files, clean the registry etc.

I even uninstalled Internet Explorer from the Add/Remove Programs-Add/Remove Windows Components option. But it does not help in any way.

I therefore request fellow members to help me solve this issue.

I have provided the HijackThis Log file below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:53, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\Softwares Collection\Hijack This\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E7A95C-9DCC-4526-8360-BB327E5017FC}: NameServer = 172.16.0.1
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4059 bytes

gary67
24-07-2008, 06:27 AM
You can delete this
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
and try disabling tea timer for spy bot

Then wait for someone like Speedy to give it a look later.

Do you have Java installed I don't see it in the list if not install it from Speedy's sig the log file looks quite short too is that everything?

pctek
24-07-2008, 08:59 AM
I am using Mcafee VirusScan 8.0.0 with latest updates (July 22, 2008). Mcafee detects a Trojan named "VBS/Psyme". Mcafee only blocks the running of the script and it does not provide any option like "Clean, Delete or Quarantine".



A new variant of VBS/Psyme has been observed which is part of a threat that attempts to spread on the premise that it offers a codec to see a video of the suicide attack that killed Pakistani Prime Minister Benazir Bhutto. For more information on this threat, please see the Avert Blog.

-- Updated October 8, 2006 --

Recently, this threat was proactively detected on a major Korean website. The exploit was hidden in an legitimate webpage believed to have been subjected to unauthorised modifications. Similar incidents had been reported before, on other relatively less known websites.

This threat causes unpatched Internet Explorer clients to download and execute further malware from:

* www6.iirs.net/(hidden)

This file is installed in:

* %Temp%\102084.exe (W32/HLLP.Philis installer at the time of writing)


McAfee is pretty hopeless.
Use another AV