My First Comuter Virus

Cherryfizz · July 03, 2009, 12:47:46 AM

Hello, I was advised to come here by Zeb from the Computer Forum at Thathomesite.com

Here is a link to my post. I am not sure if I did the right thing with the virus that was found. I have been using Webtv for the last 7 years and was given this used computer and I really don't know too much about it.

http://ths.gardenweb.com/forums/load/comphelp/msg0722443515478.html?3

Not sure if the link worked or not.

Thank you for your assistance.

Anne

Cherryfizz · July 03, 2009, 12:49:58 AM

Sorry, it was Zep that advised me.

Corrine · July 03, 2009, 12:54:32 AM

Hi, Cherryfizz. Welcome to LandzDown Forum. Zep & ravencajun are both members here, although ravencajun goes by R-C. I think she got tired and shortened her name. :)

It has been a while since I've worked on a Windows 2000 computer but let's take a closer at what you have there. Please do the following (Note that if it is not on your computer, RSIT will download a second program, HijackThis, and install it on your computer.)

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Cherryfizz · July 03, 2009, 02:33:18 AM

Not sure if I did this right but here is one log

ogfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-02 22:32:27
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 2 GB (26%) free of 6 GB
Total RAM: 256 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:51 PM, on 7/2/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\S-1-5-21-1177238915-688789844-842925246-1003\..\Run: [ctfmon.exe] ctfmon.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1177238915-688789844-842925246-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Anne')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233514294260
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3874 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-08 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\system32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-24 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2001-02-20 8192]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINNT\system32\avgrsstx.dll [2009-06-24 11952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-02 22:20:06 ----D---- C:\Program Files\trend micro
2009-07-02 22:19:58 ----D---- C:\rsit
2009-06-09 23:30:43 ----A---- C:\WINNT\system32\javaws.exe
2009-06-09 23:30:43 ----A---- C:\WINNT\system32\javaw.exe
2009-06-09 23:30:43 ----A---- C:\WINNT\system32\java.exe
2009-06-09 22:47:46 ----HDC---- C:\WINNT\$NtUninstallKB968537$
2009-06-09 22:39:52 ----HDC---- C:\WINNT\$NtUninstallKB969897-IE6SP1-20090501.120000$
2009-06-09 22:37:52 ----HDC---- C:\WINNT\$NtUninstallKB969898$
2009-06-09 22:36:23 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2009-06-09 22:08:20 ----HDC---- C:\WINNT\$NtUninstallKB961501$

======List of files/folders modified in the last 1 months======

2009-07-02 22:20:06 ----RAD---- C:\Program Files
2009-07-02 22:20:05 ----AD---- C:\WINNT\system32
2009-07-02 22:12:53 ----D---- C:\Program Files\Mozilla Firefox
2009-07-02 16:56:46 ----AD---- C:\WINNT\security
2009-07-02 15:07:20 ----AD---- C:\WINNT\Debug
2009-07-02 15:07:18 ----D---- C:\WINNT\system32\NtmsData
2009-07-02 15:03:19 ----A---- C:\WINNT\SchedLgU.Txt
2009-07-01 18:20:24 ----AD---- C:\WINNT\system32\drivers
2009-07-01 15:30:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-01 08:10:26 ----AD---- C:\WINNT\Temp
2009-07-01 04:16:41 ----HD---- C:\$AVG8.VAULT$
2009-07-01 01:20:55 ----A---- C:\WINNT\wininit.ini
2009-06-28 14:43:14 ----SHD---- C:\WINNT\CSC
2009-06-24 17:01:00 ----A---- C:\WINNT\system32\avgrsstx.dll
2009-06-10 00:28:00 ----D---- C:\Program Files\Unity
2009-06-10 00:26:05 ----AD---- C:\Program Files\Common Files
2009-06-10 00:15:32 ----HD---- C:\WINNT\inf
2009-06-09 23:31:32 ----SHD---- C:\WINNT\Installer
2009-06-09 23:30:05 ----D---- C:\Program Files\Java
2009-06-09 22:59:34 ----RASHDC---- C:\WINNT\system32\dllcache
2009-06-09 22:49:08 ----AD---- C:\WINNT
2009-06-09 22:41:53 ----A---- C:\WINNT\imsins.BAK
2009-06-09 21:20:01 ----AD---- C:\WINNT\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-06-24 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-06-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2004-04-08 58000]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2004-04-08 23420]
R1 cdrbsvsd;cdrbsvsd; C:\WINNT\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R2 Secdrv;Secdrv; \??\C:\WINNT\system32\drivers\SECDRV.SYS []
R3 atirage3;atirage3; C:\WINNT\System32\DRIVERS\atimpab.sys [1999-11-10 71632]
R3 ltmodem5;LT Modem Driver; C:\WINNT\System32\DRIVERS\ltmdmnt.sys [1999-10-23 413712]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 NtApm;NT Apm/Legacy Interface Driver; C:\WINNT\System32\DRIVERS\NtApm.sys [1999-09-25 9104]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [1999-09-24 18704]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2003-02-17 16384]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 i740;i740; C:\WINNT\System32\DRIVERS\i740nt5.sys [1999-10-05 58800]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2003-02-17 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2003-02-17 83968]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2003-02-17 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2003-02-17 14976]
S3 USB-100;SMC Compact USB to Ethernet converter; C:\WINNT\system32\DRIVERS\SMC2208.SYS [2002-06-14 26498]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688]
S4 ACPI;ACPI; C:\WINNT\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-24 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-24 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------

Cherryfizz · July 03, 2009, 03:13:25 AM

Corrine, thank you I appreciate all the help I can get.

I hope the above is the log you wanted for now.

This computer has Internet Explorer 6 but I don't use it. The newer version is not compatable with Windows 2000. I also do not have a printer as I cannot find one that is compatable. I also think there might be something wrong with Flash as I cannot view the camera stream at Wildearth.tv. I used to be able to view it but then it stopped running right for me. I am sure you will see that I have tried to install and unistall it numerous times.

Anne

R-C · July 03, 2009, 02:02:49 PM

I see you made it Cherryfizz, welcome to LzD and with Corrine helping you, you could not ask for better.

winchester73 · July 03, 2009, 02:07:55 PM

Reposting the GardenWeb thread here, since my head was spinning going back and forth between windows:

QuoteI ran a complete AVG scan last night and I had the usual tracking cookies but when I opened the Resident Shield it said I had a Win32/Fujacks virus
Virus found Win/Fujacks
Object C\WINNT\system 32\dllcache\sigtab.dll
Result Infected
Type File
Process c\WINNT\system\winlogon.exe

I didn't know what to do with it so I ran a full Malwarebyte Scan and this was the log produced.

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.0.2195 Service Pack 4

7/1/2009 6:13:22 PM
mbam-log-2009-07-01 (18-13-22).txt

Scan type: Full Scan (C:\:)
Objects scanned: 115031
Time elapsed: 2 hour(s), 32 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1177238915-688789844-842925246-1000\Dc1.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1177238915-688789844-842925246-1000\Dc2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1177238915-688789844-842925246-1000\Dc3.exe (Rogue.Installer) -> Quarantined and deleted successfully.

I then used the Remove button to remove it.

Avg also found a potentially harmful Fake-AntiSpyware.
ALL C:Program Files\AdwareAlert\AdwareAlert.exe

One was deleted and the other was moved into the Virus Vault.

Are these the same ones that Malwarebytes found.

I don't know too much about computers. Is the infected virus gone now?

My operating system is Windows 2000 Professional

Thanks for any help you may have to offer me.

Anne

winchester73 · July 03, 2009, 02:43:50 PM

QuoteVirus found Win/Fujacks
Object C\WINNT\system 32\dllcache\sigtab.dll

That's not the normal file path for sigtab.dll, but it could be a legitimate file placed in the wrong path. Something is hinky with the AVG report, since "system 32" should not have a space. You said "One was deleted and the other was moved into the Virus Vault" ... what is the current status of this item? You said you didn't "know what to do with it". If you haven't done anything, please go here: http://virusscan.jotti.org/en

Copy/paste C\WINNT\system32\dllcache\sigtab.dll in the file to scan box at the top left (or do it manually via "Browse". Submit the file, and see what is returned.

QuoteAvg also found a potentially harmful Fake-AntiSpyware.
ALL C:Program Files\AdwareAlert\AdwareAlert.exe

This one is curious. It's not a running process on your computer. It is a legitimate item: http://www.bleepingcomputer.com/startups/AdwareAlert.Exe-10412.html ... it used to be considered a rogue on the SpywareWarrior list, but was delisted, meaning it is no longer considered malware. I wonder why AVG is objecting to it (MBAM didn't).

QuoteFiles Infected:
c:\RECYCLER\s-1-5-21-1177238915-688789844-842925246-1000\Dc1.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1177238915-688789844-842925246-1000\Dc2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1177238915-688789844-842925246-1000\Dc3.exe (Rogue.Installer) -> Quarantined and deleted successfully.

QuoteAre these the same ones that Malwarebytes found.

No, the C:\Recycler folder is a hidden system folder. It's where your deleted items go, and they are still there after you empty the Recycle Bin. MBAM found them, part of a previous removal by something.

Since your quesiton is about a virus, rather than malware, let's try an online virus scanner to get a second opinion. I used to use Panda all the time on my Win2k boxes, so let's try that one first: http://www.pandasecurity.com/activescan/index/

Cherryfizz · July 04, 2009, 03:22:10 AM

Thank you for helping me Winchester.

I should mention that I inadvertantly added the space between "system 32" and did not notice it when I posted it.

I went to Jotti and ran the scan. I was not able to copy and paste for some reason and I couldn't type in the box so I went to browse. LOL I really didn't know where I was supposed to find the File C\WINNT\system32\dillcache\sigtab.dll but after looking around in places on the computer I didn't know existed I found under WINNT Files a file called sigtab.dll so I ran that at Jotti. The result 0-20 scanners nothing found.

I then started the Panda Scan - that was over 9 hours ago. It seems to be still scanning but the bar is stagnant and not moving but the amound of files being scanned is still growing. As I left it a few minutes ago 170400 files have been scanned. It has been scanning WINNT installer files for a long, long time. So far 4 infections have been found - the first 3 within the first hour or two of the scan starting. How much longer should this scan take?

I will let the scan continue until I hear further from you. One other thing once the Panda scan has stopped is there a log I should be posting.

Anne

Cherryfizz · July 04, 2009, 06:12:56 AM

I am sure I probably should not have but I stopped the scan after 12 hours and only 49 percent scanned. It was stuck on 49 percent for most of the time.

When I stopped the scan it was scanning C:\WINNT\Installer\1f289c1.msp(unk 3065)

Files Scanned 202585
Files Infected 4

Low Danger Level 4

It is 2:15 am, I am off to bed. I should be back online in the early afternoon.

I will do the scan again if need be.

Anne

winchester73 · July 04, 2009, 01:44:41 PM

Let's try the NOD32 scanner instead: http://www.eset.com/onlinescan/

The "browse" can be a bit intimidating the first time, just think of your computer hard drive as a book with chapters, pages, etc. Try to remember ... did you follow this exact path to get to that file? C\WINNT\system32\dillcache\sigtab.dll ... you said you found it under WINNT files ... but we have to look at that EXACT file, in that EXACT location. The proper sigtab.dll is usually found in C\WINNT\system32\sigtab.dll (note there is no dllcache subdirectory).

Cherryfizz · July 05, 2009, 05:10:15 AM

Hi Winchester

I did the Eset scan and after 3 hours of scanning over 300000 files no threat was found.

I should mention the Eset scan ran with AVG running on my computer. I did not know how to disable iAVG temporarily.

Anne

winchester73 · July 06, 2009, 12:28:59 AM

Anne ... sorry for the delay. I had no Internet connection for most of the day, they are digging in my area. It was like being back in the Ice Age (which I saw with my daughter on Friday :) )

No worries on the time spent scanning. The MBAM scan took 2.5 hours ... :D

I used to have 3 Win2k boxes on my network ... they were outstanding computers, and I miss them. If I understood what you said correctly, you have recently acquired this computer, and whatever it came with. Personally, I'd like more memory, but the 256mb you have should be sufficient for most uses.

Do you know if the machine is current on its Windows updates?

Let's run a Secunia Software Inspector and see if you are current on common applications: http://secunia.com/vulnerability_scanning/online/

I don't think you have an viruses to worry about, but it would be useful to make sure everything is up to snuff ...

Cherryfizz · July 06, 2009, 02:39:37 AM

Hi Winchester. I bet your daughter enjoyed seeing Ice Age.

Here are the results of the scan

Detection Statistics:
8 Applications Detected in Total
0 Insecure Versions Detected
8 Patched Versions Detected

Running For:
10 Minutes, 36 Seconds

Errors with the scan:
0 Errors Detected, scan result should be correct

Scan Options:
Enable thorough system inspection
Display only insecure programs
Status / Currently Processing:
Detection completed successfully

-----------------------------------

I believe I have all the Window Updates. I run Belarc Inspection every now and then to make sure because I normally don't log under the Administrator Account.

Before I was given this computer it sat unused at my friend's house since 2004. I hooked it up at the end of December after having an Ethernet card installed. There are a lot of Windows Programmes on it but I have only used the Internet so far.

I found the computer was running a bit slow recently and whenever I scanned anything the scanner spent a lot of time on a game file on the 555 XP Games Championship. I had never used this gaming programme and after taking a look at it today I removed it. I think the computer has even sped up a bit.

I was really disappointed I was unable to watch anything on YouTube or most videos in general except for videos on news sites. I hear the audio of a video and sometimes will see it after it has loaded but only in bits and pieces. I was thrilled to be able to see the safari game drives on wildearth.tv as I had never experienced things like this while I had Webtv - the internet on my television. Now, I only hear audio and the image is frozen and sometimes I get a message saying that a script in the movie may cause the computer to not work properly and if I want to abort the script. I don't know if that is a problem with my Flash programme but I have unistalled and reinstalled Adobe Flash more than once. I have the current version.

I know this has nothing to do with viruses and trojans and probably shouldn't be on this thread.

I will check in again. I really like this forum, I have read a few posts just to get myself familiar with my computer and you all seem so helpful.

Thank you Winchester for your assistance.

Anne

winchester73 · July 06, 2009, 01:47:46 PM

Behind the scenes, Eric the Red and I have been discussing your problems. We're leaning toward some hardware problem ... not enough memory, flaky video card, etc. Let's see if anyone else has any ideas for you to try.