03-21-2006, 01:54 AM | #1 (permalink) |
Something like that..
Location: Oreygun.
|
Virus or spyware?
I'm not really sure how to describe this well enough to google it, but this is the second time this has happened to me, and I'm not really sure how to get rid of it, if its even possible.
Both times it has happened after a bastard cousin of mine hijacked my computer while I was at work. The first time, I resulted in 33 viruses, and this problem. Second time however, no viruses according to this free antivirus, I'm scanning now with norton. I also scanned the first time with ad-aware and it resulted in a few things and supposedly deleted, this time however I don't have it. The problem is, the first time when I was on the desktop and right-clicked my mouse to the New folder (to create folders, shortcuts etc) the windows explorer would restart. Like, the screen would go like it was shutting down, no icons or anything, then just go back to what it was before. This second time however, it only happens when I am in my computer and select a hard drive and either right click or go to the file menu in the upper left hand corner. My question is, has anyone heard of this happening before? It's never happened to me and i've been using this media center edition for a little while. Operating system is Windows xp media center edition. Amd processor ~2200, 256mb radeon video card, 768mb ram, audigysound card. Any help is appreciated.. I formatted between the first time and now, and it was completely fine until my cousin got ahold of it... Hope I explained it well enough to be comprehended haha.
__________________
"Eventually I became too sexy for my gym membership fee." |
03-21-2006, 08:01 AM | #2 (permalink) |
Junkie
Location: Go A's!!!!
|
Run your AV, like you are doing, get ad aware and spybot, and look into getting your hands on spyware blaster, or even the microsoft anti spyware program as both offer a realtime approach to blocking the spyware and stuff from even infecting the system. Neither one is a substitute for a good updated virus scanner, but with the realtime spyware blocking they can prevent many things from even getting installed on the system to start messing it up, maybe get a copy of hijack this and run it. go through the list and look at the entires, maybe even post it here some people can help you by pointing out what is good or bad to remove and even googling some of the entries yourself to find out what something is.
__________________
Spank you very much |
03-22-2006, 12:32 PM | #3 (permalink) |
Something like that..
Location: Oreygun.
|
Ah yes, I forgot about Hijack This. Well I got Ad-Aware and am scanning now, so far only 3 things.. and here is my hijackthis log..
C:\WINMCE\System32\smss.exe C:\WINMCE\system32\winlogon.exe C:\WINMCE\system32\services.exe C:\WINMCE\system32\lsass.exe C:\WINMCE\system32\Ati2evxx.exe C:\WINMCE\system32\svchost.exe C:\WINMCE\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINMCE\system32\Ati2evxx.exe C:\WINMCE\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINMCE\system32\spoolsv.exe C:\WINMCE\eHome\ehRecvr.exe C:\WINMCE\eHome\ehSched.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINMCE\ehome\ehtray.exe C:\WINMCE\system32\CTHELPER.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINMCE\eHome\ehmsas.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\WINMCE\system32\dllhost.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe C:\DOCUME~1\MYCOMP~1\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINMCE\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - Startup: XPizeReloader.lnk = C:\WINMCE\XPize\XPizeReloader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINMCE\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINMCE\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe I really didn't see anything out of the ordinary, that is taking into consideration that brands I recognize would hopefully not be the ones to fuck stuff up. Thanks for your help by the way, hopefully it's one of the things that ad-aware has picked up on..
__________________
"Eventually I became too sexy for my gym membership fee." |
03-22-2006, 02:03 PM | #5 (permalink) |
Adequate
Location: In my angry-dome.
|
It sounds like you have a broken shell extension. Malware and virus scans won't show a normally good program that's come unglued.
Do right-clicks on files or drives ever work? Do you have any registry cleaners/scanners available? That could help tie up loose ends, though you'll probably find a thousand issues if you don't do this regularly. Something like JV Powertools would work. I'd be watching for issues with anything in a shellex branch (i.e. ...shellex\ContextMenuHandlers) or with installed programs you know add themselves to right-clicks: Winzip, virus scanners, etc.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195 |
03-22-2006, 02:25 PM | #6 (permalink) |
Adequate
Location: In my angry-dome.
|
Oh, have a look in HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers
Think about the software those point to, and if you updated or modified any of them soon before the problems began. If so I'd be uninstalling it/them completely. You can always install fresh copies later.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195 |
03-22-2006, 07:02 PM | #7 (permalink) |
Something like that..
Location: Oreygun.
|
The only thing that I have in the HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers folder is excryption menu, offline files, sharing and winrar. I recently formatted and that is probably the reason for that.
Right clicking on any other icons, files or anything is perfectly normal, just not the drives in my comoputer. (a, c, d, e, f, g) The shared document folder I can right click normally. I think that the ehome thing has something to do with the media center extender thing for my xbox 360, altho I could be wrong. Googles just turned up random information like, ehome being some infrared receiver for something.. I downloaded that jv powertools, there is a ton of shit on there, anything specifically I should be looking for?
__________________
"Eventually I became too sexy for my gym membership fee." |
Tags |
spyware, virus |
|
|