Unsolved
This post is more than 5 years old
8 Posts
0
1670
October 23rd, 2004 15:00
security problem
Hi! I hope someone can help me. I can't get into my msn account, order anything online or get into my bank account. Is this a virus? I have norton and a while back something showed up as an e-mail error and I had to reinstall my norton. I keep getting "This page is not available" when I try to get into these accounts. It also says DNS error. I have checked my security settings and they are fine. I am ready to toss my computer!!
Thanks,
Becky
0 events found
No Events found!
beckjamd
8 Posts
0
October 23rd, 2004 16:00
Midnight Star
4.8K Posts
0
October 23rd, 2004 16:00
Try entering in your browser's URL: 143.166.83.21 . This will being up a Dell webpage. Did the webpage display ok?
Mike.
Midnight Star
4.8K Posts
0
October 23rd, 2004 17:00
Becky,
It's possible that your ISP's DNS server(s) are down.
But just in case it's something else...
Ok, let's try this as a temporary work around:
To enter the IP Address Manually:
Now, reboot your computer and try your browser again.
To reverse that process, just follow the steps down to "Use the following DNS server addresses", but instead, click "Obtain DNS server address automatically".
Mike.
beckjamd
8 Posts
0
October 25th, 2004 17:00
Midnight Star
4.8K Posts
0
October 25th, 2004 21:00
beckjamd
8 Posts
0
October 29th, 2004 12:00
Midnight Star
4.8K Posts
0
October 29th, 2004 15:00
Midnight Star
4.8K Posts
0
October 30th, 2004 15:00
Let's see what's running on your system. Maybe adware/spyware is causing the problem:
Download and run HiJackThis version 1.98.2, click "Scan", then "Save log". Copy/paste the text that comes up, and post it back to this thread. Don't try and 'fix' anything, most of what it finds is good.
You can get HiJackThis from this link:
http://www.majorgeeks.com/download3155.html
Mike.
beckjamd
8 Posts
0
November 1st, 2004 18:00
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\vbtapi.exe
C:\WINDOWS\System32\sbxrya.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Becky Matthews\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [vbtapi] C:\WINDOWS\vbtapi.exe
O4 - HKLM\..\Run: [wgzcwtlrkclwq] C:\WINDOWS\System32\sbxrya.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [KRYBIOVC] C:\WINDOWS\KRYBIOVC.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [fgluh] C:\WINDOWS\fgluh.exe
O4 - HKLM\..\Run: [DJQWAGNT] C:\WINDOWS\DJQWAGNT.exe
O4 - HKLM\..\Run: [CJDJMTZA] C:\WINDOWS\CJDJMTZA.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [atwx] C:\WINDOWS\atwx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Documents and Settings\Becky Matthews\Local Settings\Temp\IamSetup.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e685f42af16b4ae133fb6395c0ae1826074370b6ef2ab58c7b394a46b7785ed02dcd1d18afd71cf37a3273507e405440345a19b4981e02e4ec71b0834b3328:522a1c137ec85ca995271ab95b94951b
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {6BC013D0-77D9-11D5-AB95-0050DA664D35} (Yodlee Assistant) - https://myaccounts.nationalcity.com/apps/install/psaver/Yodelizer.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0E11F79-01DD-4B6B-A25B-E282867D829F}: NameServer = 69.87.145.2 69.87.145.3
Midnight Star
4.8K Posts
0
November 1st, 2004 19:00
(stuff like that.)
Midnight Star
4.8K Posts
0
November 1st, 2004 20:00
Becky,
Good! Ok, let's remove the following:
Message Edited by Midnight Star on 11-01-2004 04:20 PM
beckjamd
8 Posts
0
November 1st, 2004 20:00
Ok, this is what I found:
My Password Saver, search assistant, software update manager, spielserver, VB runtime, web search tools, windows xp hotfex (it's on 24 times), win-tools easy installer, and WSEM update.
Those are the ones I'm not sure about.
Becky
Midnight Star
4.8K Posts
0
November 1st, 2004 21:00
Becky,
You need to run them again after updating their malware definitions. Make sure your using AdAware SE Personal; version 1.05, and Spybot S&D; version 1.3. Try the HouseCall online virus/ trojan scanner and see what it turns up.
I'm seeing at least 8 possibilities, with even more registry entry(s), more than likely present.
Here's a heads up:
WinUpdt.exe, sbxrya.exe, SysUpd.exe, KRYBIOVC.exe, fgluh.exe, DJQWAGNT.exe, CJDJMTZA.exe, atwx.exe
... among a bunch of others.
But first try those three scans and let's see what they remove. Remember, HiJackThis will remove one registry entry, and possibly the program, but this stuff usually dumps dozens of registry entries per 'problem', let the above program do most of the cleanup work for us.
Mike.
Midnight Star
4.8K Posts
0
November 1st, 2004 21:00
beckjamd
8 Posts
0
November 1st, 2004 21:00
I have Adaware and Spybot Search & Destroy but not the other one. I haven't scaned them in about a week.
Becky