Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Networking problem




  1. #1
    Join Date
    Feb 2002
    Location
    Somewhere in Bavaria, Germany
    Posts
    70

    Default

    hello there.

    i got a huge problem with my internetconnection. it's not that i can't log in into the internet or can't stay in the internet for long, it's really something different.

    When i'm connection to the internet, my PC starts uploading data. dunno, it just updates datas. after 5 sec. the i-net explorer pops up and direct me to a site, i've never been to! don't want to post the link here now, because i don't want to infect you (if there's somethin) it's called something like ClixGalore.

    I run my antivirus software, found nothin.
    I run my spy&destroy software, found nothin, exept some other cookies and sex trackers :|

    i don't know what it is, it started when my brother worked with this PC.

    So well... what to say? i'll wait 2 days 4 ur answer, after that i will format the pc and look what happens.

    Thx 4 all answers.
    My Computer:
    AMD XP Mobile +2500 @ 2000 Ghz
    MSI NV6600 Geforce 6600
    Infineon 2x256 DDR-RAM
    Corsair 256 DDR-RAM
    Abit NF7 Nforce2
    Creative Soundblaster Live! 5.1

  2. #2
    Join Date
    Feb 2002
    Location
    Somewhere in Bavaria, Germany
    Posts
    70

    Default

    i just found out, that the problemcauser is a program named wserv.exe. you heard something bout it? well, i blocked it with the sygate firewall, so it isn't much of a problem anymore. but i still want to solve that problem.
    My Computer:
    AMD XP Mobile +2500 @ 2000 Ghz
    MSI NV6600 Geforce 6600
    Infineon 2x256 DDR-RAM
    Corsair 256 DDR-RAM
    Abit NF7 Nforce2
    Creative Soundblaster Live! 5.1

  3. #3
    Join Date
    Jun 2003
    Location
    Sunderland, England
    Posts
    529

    Default

    its a spyware problem.
    uve already run spybot, run adaware. sometimes the scanners miss some.
    if that doesnt work try deleting the file.
    if it still doesnt work then its reformat time
    <img src="http://gfx.statgfx.com/old/folding.cgi?&username=metallicat666&teamid=33272&t rans=yes&.jpg" alt="www.Statgfx.com" />

  4. #4
    Join Date
    Nov 2003
    Location
    Minnesota, United States
    Posts
    4,543

    Default

    I hate to be a snitch, but your brother is into pornography. That's what's causing this spyware problem of yours.

    Firstly, download and run CWshredder:
    http://www.spywareinfo.com/~merijn/downloads.html (scroll down a bit)

    Then, download and run Ad-Aware:
    www.lavasoftusa.com

    Finally, download, run, and post the log of HijackThis:
    http://www.spychecker.com/program/hijackthis.html

    Upon completion of those steps, you should be completely free (or close enough) of spyware of all sorts (which is most certainly causing you problems).

  5. #5
    Join Date
    Aug 2002
    Location
    Ohio, USA
    Posts
    1,296

    Default

    The file "wserv.exe" is also included in some IRC and secure telnet apps and is not ,in itself, spyware. Something else is invoking it though, which may or may not be spyware or porn related. Deleting it should remove it.

  6. #6
    Join Date
    Feb 2002
    Location
    Somewhere in Bavaria, Germany
    Posts
    70

    Default

    ya, thx 4 the tips guys.

    So here's the log:

    Logfile of HijackThis v1.97.7
    Scan saved at 08:23:31, on 29.05.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\system32\netcom.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Logitech\MouseWare\system\em_exec.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\Programme\PestPatrol\PPMemCheck.exe
    C:\Programme\PestPatrol\CookiePatrol.exe
    C:\Programme\PestPatrol\PPControl.exe
    C:\WINDOWS\System32\wserv32.exe
    C:\WINDOWS\anvshell.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\framxpro\FreeRAM XP Pro 1.40.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\Dokumente und Einstellungen\Sincerity\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Acrobat\Reader\ActiveX\AcroIEHelper.d ll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
    O4 - HKLM\..\Run: [Microsoft Update] wserv32.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programme\framxpro\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [Microsoft Update] wserv32.exe
    O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/game...ts/y/gt2_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28c39734...dxIE601_de.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...135.3123842593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4662626-B5F6-405D-B288-5E439ED3CE59}: NameServer = 217.237.151.97 194.25.2.129

    haven't changed anything yet, i don't know what's alright, and what's not.

    I can only say so much:

    - I don't have anything particular from pandasoftware.
    - Pestpatrol is my anti-spywaresoftware with other software like spybot and ad-aware.
    - wserv32.exe is in the log from above.
    - and the googlebare i downloaded at the google.de homepage.
    - I've got Gamers IRC, will it cause anything when i delete the wserv32.exe-file?
    My Computer:
    AMD XP Mobile +2500 @ 2000 Ghz
    MSI NV6600 Geforce 6600
    Infineon 2x256 DDR-RAM
    Corsair 256 DDR-RAM
    Abit NF7 Nforce2
    Creative Soundblaster Live! 5.1

  7. #7
    Join Date
    Feb 2002
    Location
    Somewhere in Bavaria, Germany
    Posts
    70

    Default

    i'm running pestpatrol right now, and it found some spy- and adware:

    RedV
    Clientsniffer
    and CWS.GoogleMS.3

    Spybot found:
    DSO Exploit

    and ad-aware:
    Nothin :shock:
    maybe there's still something, so i'm waiting 4 your answers.

    I just run the sygate internet-test for trojans, found something interesting:

    2 Trojans:
    Port 113: Kazimas
    Port 5000: Bubbel, Back Door Setup, Sockets de Troie

    thx again
    My Computer:
    AMD XP Mobile +2500 @ 2000 Ghz
    MSI NV6600 Geforce 6600
    Infineon 2x256 DDR-RAM
    Corsair 256 DDR-RAM
    Abit NF7 Nforce2
    Creative Soundblaster Live! 5.1

  8. #8
    Join Date
    Aug 2002
    Location
    Ohio, USA
    Posts
    1,296

    Default

    Run a Google search on the spyware. You can usually find removal solutions. Any time I want to remove a file to see if it breaks anything, I just rename it. Usually put an X at the front of the original name (makes it easy to find later). If I want it back, I remove the X from the name.

  9. #9
    Join Date
    Feb 2002
    Location
    Somewhere in Bavaria, Germany
    Posts
    70

    Default

    i think i managed to erase the most spy- and adware, that was on my computer. I downloaded several anti-spy programs, like Yawgm0th said and i changed the names of some files too. thx jackusa. but i still think something in my system, because there still appears a pop-up from the i-net explorer when i'm trying to let wserv32.exe run. maybe it's just me, but i tried to erase the CWGoogleM3.thingo and after that it appeared again. do you think there's a new CW-spyware?
    My Computer:
    AMD XP Mobile +2500 @ 2000 Ghz
    MSI NV6600 Geforce 6600
    Infineon 2x256 DDR-RAM
    Corsair 256 DDR-RAM
    Abit NF7 Nforce2
    Creative Soundblaster Live! 5.1

  10. #10
    Join Date
    Aug 2002
    Location
    Ohio, USA
    Posts
    1,296

    Default

    Don't know about the new spyware question. I will mention though that I have used Mozilla for a browser for a long time. I don't get any popups and have never had the browser hijacked (and I do get crap from some porn sites, but Spybot Search & Destroy seems to take care of that).

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •