|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
06-11-2008
| #1 (permalink) |
| Vista Business 32bit | Help is it a virus Hi All of a sudden I get a small alert window pop into the middle of the screen called "ENTER NETWORK PASSWORD" then text saying "type your username and password" Then there is three boxes with the details of my username etc and my password ****'d out. I can click "OK" or "CANCEL" or "CLOSE" but the box comes back. I am running Symantec virus protector and it finds nothing and Spybot and it shows there is a couple of items it can't correct unless I have admin profile. Heres the log from Hijackthis: Logfile of HijackThis v1.99.1 Code: Scan saved at 17:17:35, on 09/06/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\WinZip E-Mail Companion\loadwzco.exe C:\windows\System32\igfxtray.exe C:\windows\System32\hkcmd.exe C:\windows\System32\igfxpers.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Users\admin\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\system32\taskeng.exe C:\Program Files\eMule\emule.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\explorer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Hijackthis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = BT broadband office R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\admin\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Wil |
My System Specs |
|
06-11-2008
| #2 (permalink) |
| vista ultamate 64bit | Re: Help is it a virus in the advanced options/settings of spybot there is a check box that you can tick so you can run a scan at next boot... this should set a scan to run b4 windows boots and requires you to have admin rights.... dont forget to change to advanced mode first  |
| My System Specs |
|
06-11-2008
| #3 (permalink) |
| Vista Business 32bit | Re: Help is it a virus Thanks, just ran a-squared which picked up 120 bits spybot missed. |
| My System Specs |
|
06-11-2008
| #4 (permalink) |
| Ultimate SP1 x64 & x86 | Re: Help is it a virus btdna.exe-------> CastleCops® BitTorrent DNA btdna.exe Startup and file information |
| My System Specs |
|
06-12-2008
| #5 (permalink) |
| Vista Business 32bit | Re: Help is it a virus sid you are a star |
| My System Specs |
|
06-13-2008
| #6 (permalink) |
| Vista Business 32bit | Re: Help is it a virus ok now I have removed the offending BTDNA.exe it hasn't made any difference. I get the stupid box popping up every 10 mins even if I have selected to remember the password. It is prompted by Outlook Explorer. Any ideas please? |
| My System Specs |
|
06-13-2008
| #7 (permalink) |
| Ultimate SP1 x64 & x86 | Re: Help is it a virus Argh!! I did not think of Outlook. Which version do you use? May be caused by AV? Can you try Outllook in safe mode: Start, type: outlook.exe /safe in the Start Search box, and press ENTER. |
| My System Specs |
|
06-13-2008
| #8 (permalink) |
| Vista Business 32bit | Re: Help is it a virus yes sorry I only just noticed it. its the 2007 release, can't for the life of me find what version number it is though. i am a little enexperienced but will try to articulate what you wish me to do. to start in safe mode (as a mac user i used to hold down shift, but i think-) i can just select it from the boot up sequence, correct? from there i can type in the executeable file ie "outlook.exe" sorry if I am not on the right track here as i say I am a little unexperienced at this kind of stuff, please confirm or correct. Thanks in advance |
| My System Specs |
|
06-13-2008
| #9 (permalink) |
| Ultimate SP1 x64 & x86 | Re: Help is it a virus Click on the start button, then in the search bar type in: outlook.exe /safe Press Enter, outlook should start in safe mode (do not confuse with vista safe mode) If it works without the popup, the problem should come from another software like your antivirus for example. |
| My System Specs |
|
06-16-2008
| #10 (permalink) |
| Vista Business 32bit | Re: Help is it a virus sorry i need further explaination as i don't quite follow. i click on the bottom left start button from my desktop, i select search and then click "for files or folders"? type outlook.exe /safe unfortunately I must be doing something wrong as it doesn't find anything.....shall i take this to pm? assuming I am able to do this, will it mean i have to start outlook like this each time to avoid the annoying popup. I am on a network and it is doing to the other pc as well. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| virus | Vista mail | |||
| Virus or What? | Vista performance & maintenance | |||
| HELP! I have a virus... | System Security | |||
| Virus??? | Vista file management | |||
| Got a virus alert on a virus that is over a year old | System Security | |||
