Jump to content

Hijacked

mark

By mark
in Malware Prevention and Security

 Share

Recommended Posts

mark

mark

Posted
  • Author
Posted

Thanks Tarun. Will do. Only question I have is about the fxsclnt.exe because we do use Windows fax. I guess the others, if need be, can be repaired or reinstalled.

Got a couple of programs to check out also from what has been listed above.

DL

Link to comment
Share on other sites

mark

mark

Posted
  • Author
Posted (edited)

Ok, I've run highjackthis and 'fixed' the indicated lines. New highjackthis log attached below.

I can throw a CD in the CD drive and now there is no flickering of the 'Windows Installer' window but still can not access the contents of the CD, but if I throw in an autorun CD, it runs and I can access the contents of that CD even though the 'Windows Installer' window pops up for a good solid second.

Two desktop.ini files ( actually one that is opened twice ) have now started opening up upon Windows startup. They are from the Startup folder. !?!? attached below.

I'm slowly bracing myself for a reinstallation.

On a side note, my nephew just got a virus. Apparently a really nasty one. I'm going to check it out. :D Lucky for him, AVG is stopping further infestation. The virus in his box is trying to bring in more cr@p. AVG is storing the incoming stuff in a vault. I'ld like to take a look at that.

If there is someone out there with a true shield for computers at a reasonable price, I think now is a time they are going to get wealthy. It seems that the production of more malicious stuff is on the increase.

DL

desktop.txt

hijackthis_3_.txt

Edited by DL
Link to comment
Share on other sites
mark

mark

Posted
  • Author
Posted
If you delete the CD-ROM drive from the device manager, Windows should re-detect and reinstall its driver on the next reboot... that might fix the problem with it.

I'm not at that computer at the moment but if the driver has been deleted, it wasn't by me and also, keep in mind that when I put an autorun CD in, Windows runs the CD and I can close that window and then I can access the CD through 'My Computer' or where ever. The only CDs that I can't open are the ones with nothing but data on them.

Thanks,

DL

Link to comment
Share on other sites
  • 1 month later...
Jeremy

Jeremy

Posted
Posted (edited)

DL, why didn't you give me a shout bro? I just spent the last 10 minutes reading over this entire topic.

First of all, this Windows Installer thing, is actually quite common and is not spyware/viruses. You have Microsoft Office installed, right? Well, that's the reason. Do a reinstall of Office and do not delete the source files (C:\MSOCache). This will fix your problem.

Second, NOD32 (or McAfee VirusScan 2006 if you have a lot of RAM) is your best bet for anti-virus. I'm not telling you this simply because I use it, but because I have read countless forums, reviews, articles, opinions, and tried out all 5 anti-virus programs I have, and NOD32 is the most regarded. Take it or leave it. Kaspersky, Avast are still great AV products. As long as you don't use Norton. Check out this site. It shows a list of AV programs that caught all 206 variants of the WMF Metafile exploit and a list of the ones that missed some. Regarding the ones that missed some, don't use them. If an AV program can't do the whole job for you, especially with all the crap floating around online these days, it can't be trusted. It's as simple as that.

Third, you're not supposed to "fix" everything that shows up in HijackThis, only anything that looks malicious. If you don't recognise a process, Google the filename. The first result will be "name - filename.exe - Process Information" from http://www.liutilities.com/products/wintas...processlibrary/ .

Fourth, use a software firewall, I recommend Sygate Personal Firewall or Kerio (if you like to be notified about everything that sends a call to either your Internet connection or a system process. Kerio is also not as user friendly as Sygate. You need to be warned of anything and everything making calls on your PC nowadays my friend, better safe than sorry, eh?

Did I miss anything? :hello:

Cheers bud,

Jeremy

PS: I just noticed how old this topic is, oh well.

Edited by Jeremy
Link to comment
Share on other sites
mark

mark

Posted
  • Author
Posted

@ Jeremy-Maybe an old thread, but I still came back. :) Thank you for the information, in particular about MS Office.

Do a reinstall of Office and do not delete the source files (C:\MSOCache). This will fix your problem.

I spent hours searching and backing up stuff off that computer. I don't use it so it is layed out the way two others use it. What a hash.

Thank you again.

Cheers,

DL

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...