William Mc
Premium
join:2004-07-27
Washougal, WA
| Whats going on here?
Whats going on here?
Help please, comes up randomly, and no I don't visit porn sites, and having trouble going to my favorites, click them nothing happens.
Damn stuff, ran AVG and Avast, crap cleaner, Spybot all came back with nothing.
--
Ground Control, Internet Access 100, DW6000 with static IP, software release 4.3.3.5, .74m dish, IA8 1390, Linksys WRT54G. |
|
raw
War Eagle
Premium
join:2001-01-17
Madison, AL
clubs: | Did you run HijackThis? |
|
William Mc
Premium
join:2004-07-27
Washougal, WA
1 edit | reply to William Mc
First time ever, I think.
Moderator note: HJT log removed! See link at the top of the forum:
Hijack This logs?
--
Ground Control, Internet Access 100, DW6000 with static IP, software release 4.3.3.5, .74m dish, IA8 1390, Linksys WRT54G. |
|
William Mc
Premium
join:2004-07-27
Washougal, WA
| reply to William Mc
Another... |
|
Le Boule
join:2001-09-20
Selma, AL
2 edits | reply to raw
»Security Cleanup
Looking at your screenshots reminds me of last year when I had a VUNDO infection in my PC and I needed a lot of help from Calamity Jane in the Broadband Reports Forum to fix it.
Suggest you follow the recommended steps for obtaining assistance through the Security Clean-Up Forum.
After seeing your HJT LOG and last screenshot I'd bet money you got a VUNDO infection probably through an old Sun Java file 1.4.2.
Follow those MANDATORY instructions at the top of this forum, post what you did and what you have found and I'm sure one of the forum experts will help you eliminate this intruder.
Good luck! |
|
William Mc
Premium
join:2004-07-27
Washougal, WA
| Thanks, but I don't like sun java, so its never installed.
I unplugged network and ran more scans, nothing has ome up, so I will continue with Security Cleanup link.
--
Ground Control, Internet Access 100, DW6000 with static IP, software release 4.3.3.5, .74m dish, IA8 1390, Linksys WRT54G. |
|
norwegian
Premium
join:2005-02-15
Outback
 ·WestNet Broadband
| reply to William Mc
First off, are you running Avast and AVG in realtime, or is one turned off, and used for an occasional scan ?
Also what does these belong too ?
O2 - BHO: (no name) - {4CB7329E-601D-426D-A1B4-9ACCD3BD2C71} - C:\WINDOWS\system32\its866.dll
O20 - Winlogon Notify: its866 - C:\WINDOWS\SYSTEM32\its866.dll
Maybe someone may know, but google comes back with nothing.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
William Mc
Premium
join:2004-07-27
Washougal, WA
| said by norwegian  :First off, are you running Avast and AVG in realtime, or is one turned off, and used for an occasional scan ? Also what does these belong too ? O2 - BHO: (no name) - {4CB7329E-601D-426D-A1B4-9ACCD3BD2C71} - C:\WINDOWS\system32\its866.dll O20 - Winlogon Notify: its866 - C:\WINDOWS\SYSTEM32\its866.dll Yep to both in real-time, the file its866.dll was installed today, according when you hover over it, nothing in properties what file actually is for.
Never had a problem running both in real-time, this started not long ago.
--
Ground Control, Internet Access 100, DW6000 with static IP, software release 4.3.3.5, .74m dish, IA8 1390, Linksys WRT54G. |
|
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
·MTA Online
| reply to William Mc
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
This .dll is an essential function of SpyBot Search & Destroy and should give you pause for concern as well. Your choice to visit the Security Cleanup Forum and follow their procedures is wise.
You're in good hands at the Security Cleanup Forum. |
|
Psicop
More human than human
Premium
join:2005-12-21 | reply to William Mc
And please switch to a more secure browser:
1. Firefox
2. Opera
3. Avant
4. Maxthon
5. K-Meleon
There is a wide range to choose from.
Good luck with the cleaning up process. |
|
William Mc
Premium
join:2004-07-27
Washougal, WA
1 edit | said by Psicop :And please switch to a more secure browser: 1. Firefox
2. Opera
3. Avant
4. Maxthon
5. K-MeleonThere is a wide range to choose from. Good luck with the cleaning up process. No thanks, don't see anything special with them, I've been using IE for years(actually since 1995).
--
Ground Control, Internet Access 100, DW6000 with static IP, software release 4.3.3.5, .74m dish, IA8 1390, Linksys WRT54G. |
|
Le Boule
join:2001-09-20
Selma, AL
3 edits | O2 - BHO: (no name) - {4CB7329E-601D-426D-A1B4-9ACCD3BD2C71} - C:\WINDOWS\system32\its866.dll
O20 - Winlogon Notify: its866 - C:\WINDOWS\SYSTEM32\its866.dll
The above files are (if my memory is correct) the offending files in your system. It may not have entered your PC through an old SUN file but from looking at it it's VUNDO or a close cousin.
Notice the file OWLBET referred to? It's the only mention of SPYBOT in your log. I share OWLBET'S concern unless you previously uninstalled SPYBOT S & D and the file is left over.
Do what you need to do and then post details and your HJT log in Security CleanUp if you haven't done so. And while you're at Security CleanUp ask one of them about whether you should use AVG and AVAST at the same time; I've read many times that you should only install one antivirus program on a computer.
By the way GESC is giving you good advice....I prefer IE as you do and may use it for sites I visit daily and am comfortable with but I use Firefox most of the time and try to get my wife and daughter to do the same. The virus/trojan writers direct their programs towards IE which unfortunately has a history of "security" holes.
When you're fixed up and "cured" suggest Spywareblaster (free) be added to your system.
Good luck! |
|
Psicop
More human than human
Premium
join:2005-12-21
4 edits | reply to William Mc
OK, fair enough. This might help you to review your position:
»en.wikipedia.org/wiki/Internet_Explorer
Scroll down to security.
I like these quotes:
1. As of May 28, 2006, Secunia reports 104 vulnerabilities in Internet Explorer. 19 are unpatched, of which the most severe is rated "extremely critical".
2. In May 2006, PC World rated Internet Explorer 6 the eighth worst tech product of all time.
This picture (also depicted on that link) is quite self-explanatory:
So you see now why you are here asking for help? 
BTW, that dll you got in there is malware. Forgot about that. |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
 ·RoadRunner Cable
| reply to William Mc
IE or not.. that is vundo, and you should address it:
Follow this faq
»Security »How Do I Remove Trojan Vundo/Winfixer/Virtumonde?
--
da Cajun Darn I hate Malware |
|
Psicop
More human than human
Premium
join:2005-12-21 | reply to William Mc
This one is good too:
»wiki.castlecops.com/Malware_Remo···rtumundo |
|
