Ginge !

the aplication keeps opening up, ive got about 30 ipconfig.exe's in the task manager and its filling the pressesor usage up to 100% and the more i close em down it still keep opening em up and me pc is running very very slow

who can help me solve the issue, it might not be a ipconfig issue but thats the program that keeps opening up and its still doing it

Stu.H

sounds like some sort of virus mate.

REINSTALL

JohnnyB

you have a virus, you must have

Ipconfig is used to see what IP address and Gatway etc. Even is you put it in the startup menu it would only run once.

Virus

Ginge !

i cant find a virus though ????

help me please

if i write all the programs that appear in the task manager then can ya tell me if there ment to be there

Ginge !

i canceled a binkara.exe program and seems to have closed the ipconfig.exe programs

does that sound like a virus and why couldnt my anti virus find the fooking thing

AndyBlackFRST

Sounds like spyware / adware loaded onto your machine.

There is one that replaces the mplayer32.exe so that when you try and run it, it executes another app and spreads more.

Can't find anything about that binkara.exe anywhere though.

Run adware, spybot and 'hijack this'

AndyBlackFRST

Just looking around this seems to be your problem..

filename is as follows: c:\windows\prefetch\ipconfig.exe-2395f30b.pf

So in task manager it looks like the legit ipconfig.exe, but is actually loading the program to download more ads etc onto your pc

Jim Galbally

stop downloading shit ginge

Ginge !

jim i dont download anything

pc is fine since i closed the blankara or binkari.exe program

im running hitman pro now and gonna run another antivirus program and see what happens

Jim Galbally

with the antivirus, make sure you update the thing 1st.... its a mistake a lot of people use running visus definitions 6 months+ old!

AndyBlackFRST

It doesn't look to be a virus, so it prob won't show up.

More than likely the apps your closed are set in the registry to run at startup.

Rub 'Hijack This' and post a report.. will be able to tell then

Ginge !

whats hijack this ????

ya got a link as im not pc person

oh and jim im not totally stupid , i got me antivirus set to run every night at 3am adn that checks for updates automaticly

just for the last 4 days its been really slow so today i figured it was time to see and the ipconfig was all over the taks manager and so i kept closing em and thought all was ok till i realised it was opening em more

Ginge !

this is the result , im confused about all of this so if ya can take the time to help id like it


Logfile of HijackThis v1.99.1
Scan saved at 1:57:57 PM, on 5/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hitman Pro\hitmanpro2.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Dan\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://passionford.com/forum/index....5b94d0c35615a2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSN service] mslima.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [op3T36l] seron32.exe
O4 - HKLM\..\Run: [JAVA UPDATER DLL] javaupdate.exe
O4 - HKLM\..\Run: [WINRUN] taskgmr.exe
O4 - HKLM\..\Run: [WINRUN z] W1NT45K.exe
O4 - HKLM\..\Run: [A New Windows Updater] w32NTupdt.exe
O4 - HKLM\..\Run: [NDdehsetdapter] wow123.exe
O4 - HKLM\..\Run: [A N3w Windows Updater] w32NTupt.exe
O4 - HKLM\..\Run: [WIn32 Java DLLx] srtsr32.exe
O4 - HKLM\..\Run: [Windows 32Bit Fixer] bilankara.exe
O4 - HKLM\..\RunServices: [MSN service] mslima.exe
O4 - HKLM\..\RunServices: [Video Process] yejpnjd.exe
O4 - HKLM\..\RunServices: [WINRUN z] W1NT45K.exe
O4 - HKLM\..\RunServices: [A New Windows Updater] w32NTupdt.exe
O4 - HKLM\..\RunServices: [NDdehsetdapter] wow123.exe
O4 - HKLM\..\RunServices: [A N3w Windows Updater] w32NTupt.exe
O4 - HKLM\..\RunServices: [WIn32 Java DLLx] srtsr32.exe
O4 - HKLM\..\RunServices: [Windows 32Bit Fixer] bilankara.exe
O4 - HKLM\..\RunOnce: [Windows 32Bit Fixer] bilankara.exe
O4 - HKLM\..\RunOnce: [NDdehsetdapter] wow123.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows 32Bit Fixer] bilankara.exe
O4 - HKCU\..\Run: [ZEs3RWJ7i] mindexts.exe
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - HKCU\..\Run: [WINRUN] taskgmr.exe
O4 - HKCU\..\Run: [WINRUN z] W1NT45K.exe
O4 - HKCU\..\Run: [A New Windows Updater] w32NTupdt.exe
O4 - HKCU\..\Run: [NDdehsetdapter] wow123.exe
O4 - HKCU\..\Run: [A N3w Windows Updater] w32NTupt.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [NDdehsetdapter] wow123.exe
O4 - HKCU\..\RunOnce: [Windows 32Bit Fixer] bilankara.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108498775077
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)


ya see its got that blinkara thingy on it

Ginge !

come on peeps, help me out please

Jim Galbally

you realise you gotta have the pc switched on for it to work....


...don't you?

CabrioTurbo

right this is difinately a virus i had the same thing.. but i cant for the life of me think what it was called!
I will have a quick look on the symantec site and try and remember!
CheeRs
Phil

Ginge !

i cant get access to te symantec site , i tried


jim my pc is never off as i hate waiting for it to load up

Ginge !

anyone fancy looking at the log report and telling me what to scrap

Ginge !

rudey thats too much like hard work, cant i just wipe the virus

cossiechris

Quick look at your log shows the following fella !

O4 - HKLM\..\Run: [WINRUN] taskgmr.exe

Variant of W32.Mytob.R@mm Virus.

O4 - HKLM\..\Run: [WINRUN z] W1NT45K.exe

Another variant of W32.Mytob.R@mm Virus.

O4 - HKLM\..\Run: [A New Windows Updater] w32NTupdt.exe

Another variant of W32.Mytob.BM@mm

O4 - HKLM\..\Run: [NDdehsetdapter] wow123.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\Run: [A N3w Windows Updater] w32NTupt.exe

another variant of the MYBTOB virus

O4 - HKLM\..\Run: [WIn32 Java DLLx] srtsr32.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\Run: [Windows 32Bit Fixer] bilankara.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\RunServices: [MSN service] mslima.exe

Spyware/malaware REMOVE

O4 - HKLM\..\RunServices: [Video Process] yejpnjd.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\RunServices: [WINRUN z] W1NT45K.exe

Variant of the W32.Mytob.BL@mm virus

O4 - HKLM\..\RunServices: [A New Windows Updater] w32NTupdt.exe

Variant of the W32.Mytob.BL@mm virus

O4 - HKLM\..\RunServices: [NDdehsetdapter] wow123.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\RunServices: [A N3w Windows Updater] w32NTupt.exe

Variant of the W32.Mytob.BL@mm virus

O4 - HKLM\..\RunServices: [WIn32 Java DLLx] srtsr32.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\RunServices: [Windows 32Bit Fixer] bilankara.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\RunOnce: [Windows 32Bit Fixer] bilankara.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKLM\..\RunOnce: [NDdehsetdapter] wow123.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\Run: [Windows 32Bit Fixer] bilankara.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\Run: [ZEs3RWJ7i] mindexts.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\Run: [WINRUN] taskgmr.exe

Variant of W32.Mytob.R@mm Virus.

O4 - HKCU\..\Run: [WINRUN z] W1NT45K.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\Run: [A New Windows Updater] w32NTupdt.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\Run: [NDdehsetdapter] wow123.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\Run: [A N3w Windows Updater] w32NTupt.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\RunOnce: [NDdehsetdapter] wow123.exe

Unsure, probably randomly generated filename for the MYTOB virus

O4 - HKCU\..\RunOnce: [Windows 32Bit Fixer] bilankara.exe

Unsure, probably randomly generated filename for the MYTOB virus


O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)

SDBot Worm. Remove this entry.

I would say you have the MYTOB Virus !

Here’s how to remove it…. Use this removal tool.
http://securityresponse.symantec.com...oval.tool.html

First turn off system restore (if you have ME or XP)
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

Follow the instructions on the above page and then turn System Restore back on. It’s actually not as bad as it looks as I can only see one infection, just a lot of variants of it !

Enjoy.………….. sort of !

Ginge !

okmwhat does the mytob virus do

cheers for taking the time to reead all through it and tell me what to do

cossiechris

PM'd ya fella

Any time

Ginge !

FAO:xrt-si