Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 03-21-2006, 01:54 AM   #1 (permalink)
Something like that..
 
Location: Oreygun.
Virus or spyware?

I'm not really sure how to describe this well enough to google it, but this is the second time this has happened to me, and I'm not really sure how to get rid of it, if its even possible.

Both times it has happened after a bastard cousin of mine hijacked my computer while I was at work. The first time, I resulted in 33 viruses, and this problem. Second time however, no viruses according to this free antivirus, I'm scanning now with norton. I also scanned the first time with ad-aware and it resulted in a few things and supposedly deleted, this time however I don't have it.

The problem is, the first time when I was on the desktop and right-clicked my mouse to the New folder (to create folders, shortcuts etc) the windows explorer would restart. Like, the screen would go like it was shutting down, no icons or anything, then just go back to what it was before. This second time however, it only happens when I am in my computer and select a hard drive and either right click or go to the file menu in the upper left hand corner.

My question is, has anyone heard of this happening before? It's never happened to me and i've been using this media center edition for a little while.

Operating system is Windows xp media center edition.
Amd processor ~2200, 256mb radeon video card, 768mb ram, audigysound card.

Any help is appreciated.. I formatted between the first time and now, and it was completely fine until my cousin got ahold of it... Hope I explained it well enough to be comprehended haha.
__________________
"Eventually I became too sexy for my gym membership fee."
Chingal0 is offline  
Old 03-21-2006, 08:01 AM   #2 (permalink)
Junkie
 
MontanaXVI's Avatar
 
Location: Go A's!!!!
Run your AV, like you are doing, get ad aware and spybot, and look into getting your hands on spyware blaster, or even the microsoft anti spyware program as both offer a realtime approach to blocking the spyware and stuff from even infecting the system. Neither one is a substitute for a good updated virus scanner, but with the realtime spyware blocking they can prevent many things from even getting installed on the system to start messing it up, maybe get a copy of hijack this and run it. go through the list and look at the entires, maybe even post it here some people can help you by pointing out what is good or bad to remove and even googling some of the entries yourself to find out what something is.
__________________
Spank you very much
MontanaXVI is offline  
Old 03-22-2006, 12:32 PM   #3 (permalink)
Something like that..
 
Location: Oreygun.
Ah yes, I forgot about Hijack This. Well I got Ad-Aware and am scanning now, so far only 3 things.. and here is my hijackthis log..

C:\WINMCE\System32\smss.exe
C:\WINMCE\system32\winlogon.exe
C:\WINMCE\system32\services.exe
C:\WINMCE\system32\lsass.exe
C:\WINMCE\system32\Ati2evxx.exe
C:\WINMCE\system32\svchost.exe
C:\WINMCE\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINMCE\system32\Ati2evxx.exe
C:\WINMCE\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINMCE\system32\spoolsv.exe
C:\WINMCE\eHome\ehRecvr.exe
C:\WINMCE\eHome\ehSched.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINMCE\ehome\ehtray.exe
C:\WINMCE\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINMCE\eHome\ehmsas.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINMCE\system32\dllhost.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINMCE\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: XPizeReloader.lnk = C:\WINMCE\XPize\XPizeReloader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINMCE\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINMCE\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


I really didn't see anything out of the ordinary, that is taking into consideration that brands I recognize would hopefully not be the ones to fuck stuff up.

Thanks for your help by the way, hopefully it's one of the things that ad-aware has picked up on..
__________________
"Eventually I became too sexy for my gym membership fee."
Chingal0 is offline  
Old 03-22-2006, 12:56 PM   #4 (permalink)
Junkie
 
MontanaXVI's Avatar
 
Location: Go A's!!!!
hmm, this one might be tricky, I do not see anything outstanding in your log file or bad outside of that ehome?

Do you know what that is? I am not familiar with it to give you any info on my own.
__________________
Spank you very much
MontanaXVI is offline  
Old 03-22-2006, 02:03 PM   #5 (permalink)
Adequate
 
cyrnel's Avatar
 
Location: In my angry-dome.
It sounds like you have a broken shell extension. Malware and virus scans won't show a normally good program that's come unglued.

Do right-clicks on files or drives ever work?

Do you have any registry cleaners/scanners available? That could help tie up loose ends, though you'll probably find a thousand issues if you don't do this regularly. Something like JV Powertools would work.

I'd be watching for issues with anything in a shellex branch (i.e. ...shellex\ContextMenuHandlers) or with installed programs you know add themselves to right-clicks: Winzip, virus scanners, etc.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
cyrnel is offline  
Old 03-22-2006, 02:25 PM   #6 (permalink)
Adequate
 
cyrnel's Avatar
 
Location: In my angry-dome.
Oh, have a look in HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers

Think about the software those point to, and if you updated or modified any of them soon before the problems began. If so I'd be uninstalling it/them completely. You can always install fresh copies later.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
cyrnel is offline  
Old 03-22-2006, 07:02 PM   #7 (permalink)
Something like that..
 
Location: Oreygun.
The only thing that I have in the HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers folder is excryption menu, offline files, sharing and winrar. I recently formatted and that is probably the reason for that.

Right clicking on any other icons, files or anything is perfectly normal, just not the drives in my comoputer. (a, c, d, e, f, g) The shared document folder I can right click normally.

I think that the ehome thing has something to do with the media center extender thing for my xbox 360, altho I could be wrong. Googles just turned up random information like, ehome being some infrared receiver for something..

I downloaded that jv powertools, there is a ton of shit on there, anything specifically I should be looking for?
__________________
"Eventually I became too sexy for my gym membership fee."
Chingal0 is offline  
 

Tags
spyware, virus


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 02:45 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360