Virus, i think, but nothing finds it

Discussion in 'Windows Desktop Systems' started by Caligo, Dec 10, 2003.

  1. Caligo

    Caligo Guest

    Ok, here are the things that have happened so far:
    1. ZoneAlarm and Norton 2002 open with the interfaces missing most of their buttons and all information(can't close zlclient process, says I don't have permission and access denied)
    2. Logon password character changed from dot to pipe "|"
    3. www.sarc.com won't open, nor will several other antivirus sites, like mcaffee(Only in IE are they blocked) By blocked, I mean they don't load all the way. Only the top banner and a few links.
    4. downloaded avg and another virus checker from panda software but they found nothing.
    5. Changes fonts on most sites in Mozilla 1.5

    Does anyone recognize this as something?? I can't format and start over until the end of next week. Any suggestions will be greatly appreciated. Thanks.
     
  2. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    Haven't heard that one before. Think you'll just have to take precautions, while seeing it through til the end of next week mate.

    On the other hand, have you done any system maintenance recently? Like use Norton Utilies to find errors and stuff? Maybe that'll fix some of the problems you have.
     
  3. Caligo

    Caligo Guest

    I don't have norton utilities, just the antivirus. Should I run some of the maintenance tools in windows and see if it finds anything? Does this sound like a virus or did windows just screw up again? Happened a few months ago, windows just decided it would no longer boot(couldn't find some files and it wouldn't let me write to the drive when I booted into the repair console) and I had to redo it. Possibly related?? Thanks.
     
  4. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    Informed Enyo, he might have some things for you to try
     
  5. mbx

    mbx Guest

    use the online virus checker at http://housecall.antivirus.com/housecall/start_frame.asp, if you think it might be a virus.
    This will take a while on a slow connection because it downloads the software and virus definition files from scratch, but does mean it isn't messed with by an installed virus.
     
  6. Caligo

    Caligo Guest

    Thanks, I will try that site as soon as I get back to the computer and then post an update on anything it finds.
     
  7. Caligo

    Caligo Guest

    It didn't find anything. I think my computer is sending email too. Every time I do a send and receive in Outlook 2003 the thing says it's receiving on both accounts but also that it's sending on both of my accounts. Also, I've gotten a few blank emails. No sender, or recipient, size is 0, just the time it was received.
     
  8. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    wierd, have you checked msconfig for strange startup items? what about this registry value, has anything tacked itself on with explorer.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    check the value of "Shell"
     
  9. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    put one of your other addresses in your email library, and don't send yourself anythinhg

    see if you get anything from this account.
     
  10. Caligo

    Caligo Guest

    Ok, the value for shell is Explorer.exe. I looked through all of the latest threats on sarc.com and none of them fit the problems I am getting.
     
  11. Caligo

    Caligo Guest

    Just restarted my computer and it said at post, Back up all data SMART has detected an imminent failure may occur, or something like that. Not sure what to think of that, but I won't be restarting it again.
     
  12. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    Sounds like a windows repair is in order. Plus try reinstalling chipset drivers. My system kept falling apart when I didnt have any chipset drivers installed. Might be a trojan, these arent as easy to detect, see what is loading during startup - get asviewer or startup control panel.
     
  13. Caligo

    Caligo Guest

    Would that cause the SMART error at the beginning or is it likely that there is something genuinely wrong with the drive?
     
  14. dreamliner77

    dreamliner77 The Analog Kid

    Messages:
    4,702
    Location:
    Red Sox Nation
    sounds like your drive is about to give up the ghost
     
  15. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    SMART is the hard drive internal diagnostics. Built into the drive to detect something going bad. It has detected the HD is about to die.

    Back up your data.
    Run the manufacturers diagnostics
    Send in diagnostic report and get RMA.
    Get a new drive free. :)

    The SMARTs message may / or may not be related to the original problem but you should not ignore it.
     
  16. Enyo

    Enyo Moderator

    Messages:
    1,338
  17. Caligo

    Caligo Guest

    Here is the output from open ports. Startuplist output is attached.

    ______________________________________________________________________________

    SYSTEM [0]
    TCP 192.168.1.101:1644 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1636 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1601 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1613 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1649 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1645 207.44.192.61:80 TIME_WAIT
    TCP 127.0.0.1:1582 127.0.0.1:31595 TIME_WAIT
    TCP 192.168.1.101:1626 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1594 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1650 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1647 207.44.192.61:80 TIME_WAIT
    TCP 192.168.1.101:1611 207.44.192.61:80 TIME_WAIT
    SYSTEM [4]
    TCP 192.168.1.101:139 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    UDP 192.168.1.101:137 0.0.0.0:0 LISTENING
    UDP 192.168.1.101:138 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:445 0.0.0.0:0 LISTENING
    svchost.exe [636]
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    svchost.exe [668]
    TCP 0.0.0.0:1201 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1198 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    UDP 127.0.0.1:123 0.0.0.0:0 LISTENING
    UDP 192.168.1.101:123 0.0.0.0:0 LISTENING
    svchost.exe [752]
    UDP 0.0.0.0:1074 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:1040 0.0.0.0:0 LISTENING
    svchost.exe [768]
    TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
    UDP 127.0.0.1:1900 0.0.0.0:0 LISTENING
    UDP 192.168.1.101:1900 0.0.0.0:0 LISTENING
    iexplore.exe [952]
    TCP 192.168.1.101:1640 217.79.127.10:80 ESTABLISHED
    TCP 192.168.1.101:1641 213.130.34.120:80 ESTABLISHED
    TCP 0.0.0.0:1640 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1641 0.0.0.0:0 LISTENING
    UDP 127.0.0.1:1244 0.0.0.0:0 LISTENING
    spmd.exe [1100]
    TCP 0.0.0.0:7050 0.0.0.0:0 LISTENING
    ray3xsi3_0server.exe [1304]
    TCP 0.0.0.0:7003 0.0.0.0:0 LISTENING
    WebProxy.exe [1716]
    TCP 127.0.0.1:31595 0.0.0.0:0 LISTENING
    UDP 127.0.0.1:18001 0.0.0.0:0 LISTENING
    Mozilla.exe [1828]
    TCP 127.0.0.1:1508 127.0.0.1:1509 ESTABLISHED
    TCP 127.0.0.1:1509 127.0.0.1:1508 ESTABLISHED
    TCP 127.0.0.1:1508 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1509 0.0.0.0:0 LISTENING
     
  18. Enyo

    Enyo Moderator

    Messages:
    1,338
    Both logs appear fine.
     
  19. Caligo

    Caligo Guest

    That's good. So does this mean that my hard drive is going bad or did XP dropkick itself? I'll run the diagnostic tools from Western Digital later today and see what comes up.

    Leedog, you mentioned installing chipset drivers. Did you mean for the motherboard chipset? I installed those when I formatted and reinstalled back in October.

    Thanks for the help.
     
  20. Caligo

    Caligo Guest

    IT'S FIXED!!! I downloaded the diagnostic tool from western digital and it did a complete scan of the drive. It said that it found several lbad sectors but it could fix them. I backed up my data and let it try. I restarted and everything is back to normal. How could something like that cause the problems that I was having? Thanks for all the help everyone.