• Mustang Forums
  • 1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk-

Got a virus or two....URGENT!

  • Thread starter Thread starter stprorolla49
  • Start date Start date Feb 12, 2006
  • 1
  • 2
Next
1 of 2 Next Last

stprorolla49

Active Member
Oct 9, 2004
1,455
15
39
Fairfield, CT/North Jersey
Feb 12, 2006
#1
  • Feb 12, 2006
  • #1
i think ive got some viruses on my computer because when i got up this morning and turned the moniter on, there were like 20 windows open, there were programs loaded that i never loaded, and the computer is acting realy sluggish now....last time i had a problem a few of you guys suggested HiJackThis....here are my questions...

1) would this work?
2) if i ran the program, and posted the results can someone tell me which programs to get rid of?
3) any other suggestions??

this is my only computer that i have full access to, and i need it working right by this afternoon because i have some school work to do....please help!!
 
S

Synned

took tubgirl on a date and got banned
Mar 31, 2005
991
1
0
Philly
Feb 12, 2006
#2
  • Feb 12, 2006
  • #2
For now >
start>run > msconfig
Go to the startup tab and disable everything.

Restart the computer and download SpySweeper or Spybot and run those. They will rid you of most spyware.

I hate to say it, and many people may disagree with me,

but you will never get rid of it 'all'.
 

final5-0

Mustang Master
Apr 6, 2003
6,817
12
79
DFW Texas
Feb 12, 2006
#3
  • Feb 12, 2006
  • #3
Synned said:
For now >
start>run > msconfig
Go to the startup tab and disable everything.

Restart the computer and download SpySweeper or Spybot and run those. They will rid you of most spyware.

I hate to say it, and many people may disagree with me,

but you will never get rid of it 'all'.
Click to expand...

I know you are a PC WIZ

I have had good results with using Spybot as well.

I have used Ad-Aware with good results also.

I usually run both programs on a regular basis to keep things clean.

Do you have any comments good or bad about Ad-Aware?

Grady
 

Zero Signal

Active Member
Feb 24, 2003
2,633
2
46
Tucson, AZ
Feb 12, 2006
#4
  • Feb 12, 2006
  • #4
Post your scan for the HiJackthis. I could tell you what to remove.

Also consult with this site, post it in the box and hit Analyze. http://www.hijackthis.de/

I have no virus software, I only use hijackthis and a program called 'startup control panel' combined with Mozilla. I've gone two or three years without any problems.

I used Adaware and Spybot for awhile and they just don't do it for me. I would run them and have to finish the job manually in the reg. half the time.

I fixed a friend's computer who had major problems. Lesson: stay away from the ****, warez, and file sharing programs and you will NEVER have a problem. My brother is a tech at the University and he basicly says **** and file sharing is the culprit in at least 85% of the problems he encounters. The rest of them are sorry bastards who install junk from ads or fall for virus emails.
 
Z

zZsKyZz

Member
Dec 1, 2005
503
0
17
Feb 12, 2006
#5
  • Feb 12, 2006
  • #5
First do the msconfig thing like Synned said.
Then go download norton antivirus or kaspersky antivirus. After installing them update the definition file and scan your computer. then reboot your computer and scan again.
If that doesn't work I suggest trying ctrl+alt+del and killing all the proccesses that you can. This is so the virus doesn't bind itself to any services that windows starts with and then it runs hiddenly. I know some versions of RxBot will recreate explorer.exe and does the same thing, but also acts as a bot; so launch your AV program first then kill everything except the AV. Also, the virus may change your HOSTS file and block the address to where the AV program tries to update so if it does I would try a few different AV programs such as norton, KAV, panda, and if you must mcaffee (even though it's crap).

Also, check your win.ini and boot.ini files.
 

RedStallion43

Member
Sep 10, 2004
61
0
6
Chi-Town
Feb 12, 2006
#6
  • Feb 12, 2006
  • #6
Watch out whatever you do, with Hijackthis and similar programs you can screw up your computer if not done right
 
S

Synned

took tubgirl on a date and got banned
Mar 31, 2005
991
1
0
Philly
Feb 12, 2006
#7
  • Feb 12, 2006
  • #7
Yeah, go into task manager (Ctrl alt del)
and look for processes that you don't recognize.
If you don't have any experience with this stuff, kill programs that are like sadchdsuj8e.exe just long stuff that doesn't look like it has a meaning.
This may not help with newer spyware, which will just re-open itself instantaneously. For that you have to find the process that is linked to the one you are trying to kill and kill them both.
Ad-Aware is also a good spyware program.
Any updates on what you have tried/done?
 

VibrantRedGT

"STANGNET'S PENGUIN SMACKER"
15 Year Member
Nov 29, 1999
14,679
424
154
Boca Raton, Florida
Feb 12, 2006
#8
  • Feb 12, 2006
  • #8
I use AdWare and Norton every single day. Been doing this for years. Never had a virus of any kind. I have both programmed to do it automatically. Take the advice of the above posts.
 
C

Chronos[AsG]

Member
Dec 20, 2003
86
0
6
NC
Feb 12, 2006
#9
  • Feb 12, 2006
  • #9
The problem with killing processes is that there is usually a large number of them and many of them are generic windows processes. It can get confusing about what you should kill and what you shouldn't. If Zero can help you with the HiJackThis results it would be extremely helpful but I still dont think it would hurt to run Ad Aware (which has become very mediocre in the last year or two), Spybot: Search and Destroy and then run a good anti-virus. I would recommend AVG as it is free and effective. Stay away from Norton and McAfee. They're both resource hogs and aren't very good anyway.

After everything is back to normal you might want to run spyware and virus scans every week or so.
 

stprorolla49

Active Member
Oct 9, 2004
1,455
15
39
Fairfield, CT/North Jersey
Feb 12, 2006
#10
  • Feb 12, 2006
  • #10
aite heres my logfile from HiJackThis...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\znzniqj.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms0403007-625.exe
C:\WINDOWS\znzniqjA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\ninety5fiveoh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms0403007-625] C:\WINDOWS\ms0403007-625.exe
O4 - HKLM\..\Run: [znzniqjA] C:\WINDOWS\znzniqjA.exe
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\lv4009hme.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWljaGFlbCBCYXJiYWxpbmFyZG8\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\znzniqj.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
 
Z

zZsKyZz

Member
Dec 1, 2005
503
0
17
Feb 12, 2006
#11
  • Feb 12, 2006
  • #11
C:\WINDOWS\znzniqj.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms0403007-625.exe
C:\WINDOWS\znzniqjA.exe

I'd look into these... They don't seem right. The only legit one may be SYSC00.exe.
 

stprorolla49

Active Member
Oct 9, 2004
1,455
15
39
Fairfield, CT/North Jersey
Feb 12, 2006
#12
  • Feb 12, 2006
  • #12
after running my logfile through hijackthis.de and analyzing it, it cannot delete the o10 files which are all "nasty" files....also, when i go the startup tab in msconfig, when i uncheck all the files, and restart, and i go back to the startup tab, they are all still unchecked except the 4 that i believe are viruses/spyware ...anyone?????
 
8

8950HO

New Member
Mar 31, 2005
658
2
0
Feb 12, 2006
#13
  • Feb 12, 2006
  • #13
Try Microsoft Anti Spyware Beta 1.It`s free off the Microsoft site and removed some serious **** off my pc a while back that both Ad-Aware and Spybot could not remove.

Microsoft has a free malicious software removal tool that`s also free to download I believe.
 
S

Synned

took tubgirl on a date and got banned
Mar 31, 2005
991
1
0
Philly
Feb 12, 2006
#14
  • Feb 12, 2006
  • #14
Not to sound offence, but with the computer experience it sounds like you have it's gonna be hard for you to remove all of that. Boot into safe-mode and run all of the anti-spyware programs in safe mode that way they will not be running at the time. Also in safe mode, do the msconfig thing once more.
 

stprorolla49

Active Member
Oct 9, 2004
1,455
15
39
Fairfield, CT/North Jersey
Feb 12, 2006
#15
  • Feb 12, 2006
  • #15
Synned said:
Not to sound offence, but with the computer experience it sounds like you have it's gonna be hard for you to remove all of that. Boot into safe-mode and run all of the anti-spyware programs in safe mode that way they will not be running at the time. Also in safe mode, do the msconfig thing once more.
Click to expand...
haha thanks man....i acutually have a good bit of computer experience, im just retarted today for some reason...ive done all this before on my bros computer and had no problems....sry for keeping on asking all this ****...whats your SN on aim if you have one? in case i need help later...thanks a lot buddy, i appreciate it!
 
S

Synned

took tubgirl on a date and got banned
Mar 31, 2005
991
1
0
Philly
Feb 12, 2006
#16
  • Feb 12, 2006
  • #16
stprorolla49 said:
haha thanks man....i acutually have a good bit of computer experience, im just retarted today for some reason...ive done all this before on my bros computer and had no problems....sry for keeping on asking all this ****...whats your SN on aim if you have one? in case i need help later...thanks a lot buddy, i appreciate it!
Click to expand...

Yeah, spyware can be a bitch to get rid of.
If you need any help at all...sn's renaxgade. I'll try to help you to the best of my knowledge.
 
M

Monsterbishi

Member
Jan 17, 2006
107
3
18
Christchurch, New Zealand
Feb 12, 2006
#17
  • Feb 12, 2006
  • #17
There are quite a few trojans out there that are programmed to stop task manager from being able to stop them, when cleaning up peoples pc's we use a program called "Security Task Manager" that the trojans, etc do not regard as a threat. Beyond that I'm old school - DOS, notepad and regedit are my weapons.

On top of that - doing it with the OS in safe mode is the key.
 

VibrantRedGT

"STANGNET'S PENGUIN SMACKER"
15 Year Member
Nov 29, 1999
14,679
424
154
Boca Raton, Florida
Feb 12, 2006
#18
  • Feb 12, 2006
  • #18
8950HO said:
Try Microsoft Anti Spyware Beta 1.It`s free off the Microsoft site and removed some serious **** off my pc a while back that both Ad-Aware and Spybot could not remove.

Microsoft has a free malicious software removal tool that`s also free to download I believe.
Click to expand...


Wow, good call. I used my Ad-Aware this morning. The Microsoft software found lots more.
 

stprorolla49

Active Member
Oct 9, 2004
1,455
15
39
Fairfield, CT/North Jersey
Feb 12, 2006
#19
  • Feb 12, 2006
  • #19
fixed! synned helped me out for like 2 hrs over the phone cause hes the man, and we ended up ****in the computer up more, losing internet, then just doin a system restore and it worked....thanks guys!
 

Zero Signal

Active Member
Feb 24, 2003
2,633
2
46
Tucson, AZ
Feb 12, 2006
#20
  • Feb 12, 2006
  • #20
Start by getting rid of these. If you know that some of these are ok, then don't mess with it, so check first. As mentioned, you can do more damage than good if you start shooting from the hip with a program like this. Since I don't know everything you have installed, I can't tell which ones are good, but these are the ones I would instantly delete from MY machine. As a rule of thumb, if you have all your progams closed (nothing in the taskbar either) you should have 20-25 running processes. If you have a multi-function printer, it may be more like 30.

EDIT: Just saw that you got it fixed. Good deal Still worth looking into though . . .

C:\WINDOWS\znzniqj.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms0403007-625.exe
C:\WINDOWS\znzniqjA.exe
C:\WINDOWS\System32\wuauclt.exe

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms0403007-625] C:\WINDOWS\ms0403007-625.exe
O4 - HKLM\..\Run: [znzniqjA] C:\WINDOWS\znzniqjA.exe
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\lv4009hme.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWljaGFlbCBCYXJiYWxpbmFyZG8\command.exe (file missing)

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\znzniqj.exe
 
  • 1
  • 2
Next
1 of 2 Next Last
You must log in or register to reply here.

Similar threads

A
95 Gt intermittent backfire
  • A_A_Ron
  • May 26, 2025
  • 1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk-
Replies
0
Views
402
1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk- May 26, 2025
A_A_Ron
A
S
Help with window and possible engine
  • StefRena22
  • Jun 12, 2025
  • 1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk-
Replies
19
Views
809
1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk- Jun 21, 2025
Willybill32
J
Car Diagnosis
  • j.2016
  • Aug 31, 2025
  • 2015 - 2023 (S550) Mustang -General/Talk
Replies
3
Views
295
2015 - 2023 (S550) Mustang -General/Talk Aug 31, 2025
Noobz347
Place to Avoid: Jamison Auto Group in Gulfport, MS
  • D Durden
  • Oct 20, 2025
  • 1965 - 1973 Classic Mustangs -General/Talk-
  • 2 3
Replies
45
Views
2K
1965 - 1973 Classic Mustangs -General/Talk- Feb 4, 2026
nickyb
Progress Thread Nicholase "lights out" build- TKX install
  • nicholase
  • Aug 10, 2024
  • 1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk-
  • 26 27 28
Replies
542
Views
33K
1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk- Jun 14, 2026
Mac131
Share:
Bluesky Email Share Link
  • Mustang Forums
  • 1979 - 1995 (Fox, SN95.0, & 2.3L) -General/Talk-
Menu
Log in

Register

  • Forums
  • What's new
  • Media
  • Resources
  • Contact
  • Sponsor
X

Privacy & Transparency

We use cookies and similar technologies for the following purposes:

  • Personalized ads and content
  • Content measurement and audience insights

Do you accept cookies and these technologies?

X

Privacy & Transparency

We use cookies and similar technologies for the following purposes:

  • Personalized ads and content
  • Content measurement and audience insights

Do you accept cookies and these technologies?