New OS scanned same day, 9 VIRUS'S!!!!

[tlarkin]

Ok, bare with me here. If you or someone else would be so kind explain these points? I don't know what "NAT" is? What is WMP? and I gathered that IE is "Internet explorer". Thanks.

Almost every router has those features by default ashdavid. If you look at your router's spec sheet from their web site and it lists them by default they are on.

WMP is windows media player. Not only is it resource hungry it also requires all kinds of crappy third party codecs. Downloading and installing these codecs you run the risk of getting malware. Some sites will trick you into downloading a needed codec.

Go here and use this

www.videolan.org

It plays everything out of the box, and I mean everything, even ISO files and it doesn't need any codecs, and it is 100% free.

 

[ashdavid]

Almost every router has those features by default ashdavid. If you look at your router's spec sheet from their web site and it lists them by default they are on.

WMP is windows media player. Not only is it resource hungry it also requires all kinds of crappy third party codecs. Downloading and installing these codecs you run the risk of getting malware. Some sites will trick you into downloading a needed codec.

Go here and use this

www.videolan.org

It plays everything out of the box, and I mean everything, even ISO files and it doesn't need any codecs, and it is 100% free.

Can unistall WMP seperately to free up some space? I like that link you posted and I can see what you mean with the codecs. That is how I got in this situation in the first place, I was tricked into Downloading one of these for WMP!

 

[evilfantasy]

Evil, what are your ideas on Microsoft program call Process Explorer?

It is a good program, but you need some insight into what you are doing with it. Don't just start stopping or removing stuff without being 100% sure what you are doing.

 

[ashdavid]

Ok I run those anti-malware programs and this is the new hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:02, on 2008/01/15
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logicool\Qcam10\Qcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ONKYO\CarryOn Music 10\Bin\CarryOn.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam10\Qcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe

 

[tlarkin]

It is a good program, but you need some insight into what you are doing with it. Don't just start stopping or removing stuff without being 100% sure what you are doing.

It is a required process. Explorer.exe is the GUI. If you kill that process you no longer have a graphical user interface.

 

[apj101]

1) Router that supports NAT and built in firewall

2) Patch your OS till it is completely updated.

3) Don't ever use IE, WMP, or any other MS product like Active X

4) - virus free

I agree with most of these, virus's can get onto a system quickly due to the order in which you reinstall everything
it may seem obvious but many people still bring on boards lots of software before bringing up the firewalls and v scanner.
Now in this case your log if quite clean, a few rough entries but no real spyware or viruses.
The order should be
1. Install OS
2. Update OS fully
3. Bring up firewalls (Ideally they should be in the router anyway)
4. Bring on virus and malware scanner
5. Browse freely and responsibly

ActiveX are only bad if you accept requests to install them on "dodgy" site. For example if you stumble across a p0rn site, or "hacking" site that need to install an activeX and you click yes....well you get whats coming to you

(note it can often be best to compile your own XP cd with all the current updates built into it (like SP2) this way they are installed when installing windows)

 

[ashdavid]

I agree with most of these, virus's can get onto a system quickly due to the order in which you reinstall everything
it may seem obvious but many people still bring on boards lots of software before bringing up the firewalls and v scanner.
Now in this case your log if quite clean, a few rough entries but no real spyware or viruses.
The order should be
1. Install OS
2. Update OS fully
3. Bring up firewalls (Ideally they should be in the router anyway)
4. Bring on virus and malware scanner
5. Browse freely and responsibly

ActiveX are only bad if you accept requests to install them on "dodgy" site. For example if you stumble across a p0rn site, or "hacking" site that need to install an activeX and you click yes....well you get whats coming to you

(note it can often be best to compile your own XP cd with all the current updates built into it (like SP2) this way they are installed when installing windows)

I ditched Bitdefender due to some compatiblity issues and run a Kaspersky scan and both software are comming up with a problem with volume. Now I can understand this b/c I am having a lot of trouble with Skype and people at the other end not able to hear me vise versa. I will try and get a copy of what I am talking about. Cheers.

 

[apj101]

I ditched Bitdefender due to some compatiblity issues and run a Kaspersky scan and both software are comming up with a problem with volume. Now I can understand this b/c I am having a lot of trouble with Skype and people at the other end not able to hear me vise versa. I will try and get a copy of what I am talking about. Cheers.

sorry didnt see you have vista, my last suggestion (re compiling your own update cd) should still work but Im not sure how to do it in vista

 

[ashdavid]

sorry didnt see you have vista, my last suggestion (re compiling your own update cd) should still work but Im not sure how to do it in vista

I will look into it for sure. Thanks

 

[tlarkin]

apj101 is mostly correct about active X controls. That is until a site is high jacked. There was a known active x exploit that infected over 50k websites, and then its infection transferred on to the client side. These zombie machines and zombie websites that have piss poor web masters don't ever get touched. So they get infected and then pass the infection on to any client that connects and installs the active X control.

You are most likely going to see this kind of stuff happen at porno sites, warez, and anything else that would be considered illegal like hacking. However, don't trust any other site you go to.

In my experience I never use IE unless I have to. When I was doing all the self maintaining at my old job for our HP enterprise products, their maintainer web front end ran heavily in active X, so I was forced to use IE. However, I don't use IE and if a site requires it, I just find another site. Unless it is an imperative for my job.

Now that I work with mainly a Macintosh environment I deal with 99% of my time going towards Mac support. We still do run PCs and Novell/Win2k3 servers but everything authenticates via ODM and home directories are stored on the mac side now. All of our PCs are deepfreezed because of the growing issues with spyware and malware issues and our help desk tickets have gone down ten fold on windows client machines. I don't ever really have to touch a PC at all anymore because of deep freeze.

 

[Vizy]

is it possible to not install activeX...wont the website not wokr?