|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
08-09-2008
| #11 (permalink) |
| Vista x64 Ultimate | Re: Left UAC off...Huge virus problems As along as the backup finishes, it won't be bad to reinstall. |
My System Specs |
|
08-09-2008
| #12 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems  Quote: Originally Posted by SCSIraidGURU  As along as the backup finishes, it won't be bad to reinstall. Later  Ted |
| My System Specs |
|
08-09-2008
| #13 (permalink) |
| Vista x64 Ultimate | Re: Left UAC off...Huge virus problems I agree. 8 cores are running Avast Pro scan, Trendmicro scan, and other things all together. |
| My System Specs |
|
08-09-2008
| #14 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems When I first started coming around here someone told me to never save anything to C: Install on C: but always save everything to one of my other partitions. That way when (not if) I mess something up I won't lose any of my program installers. When I have to wipe C: I don't have to make backups because there is nothing to lose. I just have to export my IE favs. and reinstall. Later Ted |
| My System Specs |
|
08-09-2008
| #15 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems Quote: Originally Posted by SCSIraidGURU I agree. 8 cores are running Avast Pro scan, Trendmicro scan, and other things all together. Later Ted |
| My System Specs |
|
08-09-2008
| #16 (permalink) |
| Vista Ultimate X64 SP2 | Re: Left UAC off...Huge virus problems Quote: Originally Posted by SCSIraidGURU Turned off UAC in Vista x64 Ultimate Received an e-mail that appeared to be my CNN alerts. It was Antivirus XP 2008 virus. Avast Pro 4.8 has been finding viruses in both Safe Mode and regular. Search and Destroy can't seem to deal with them. Backing up my data right now. Ready to reinstall everything. S&D reports clear. IE7 does not always work. I reset and internet connection gets blocked. Antivirus XP 2008 Exchanger Trojan Other Trojan horses When I clear all viruses and activate UAC the Trojan horses are still present. Code: Logfile of HijackThis v1.99.1 Scan saved at 11:19:05 AM, on 8/9/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\IEPro\MiniDM.exe E:\My Documents\My Downloads\hijackthis(1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Breaking News, Weather, Business, Health, Entertainment, Sports, Politics, Travel, Science, Technology, Local, US & World News - msnbc.com- MSNBC.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Popup] "C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Supero Doctor III Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O15 - Trusted Zone: Adobe O15 - Trusted Zone: Americorp Financial: Capital Equipment Leasing O15 - Trusted Zone: http://rdm.eamericorp.com O15 - Trusted Zone: Cruises to Alaska, Europe, the Caribbean, Mexico and the world on Holland America, one of the best cruise lines O15 - Trusted Zone: PlanetAMD64 Home Page O15 - Trusted Zone: SCIFI.COM O15 - Trusted Zone: http://www.scsiraidguru.com O15 - Trusted Zone: TREND MICRO HouseCall 6.5 O15 - Trusted Zone: http://www.vistax64.com O15 - Trusted IP range: http://192.168.0.150 O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - http://rdm.eamericorp.com/crystalrep...iveXViewer.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://symantec.webex.com/client/T2...t/ieatgpc1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F834BB09-03DF-4091-9E11-87B3FC944789}: NameServer = 64.233.217.3,64.233.217.5 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MSMFramework - Unknown owner - C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\NTService.exe O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\Windows\SysWOW64\SD3Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\Xitami\xisrv32.exe First mistake you need to correct is Avast! In testing it It failed to detect 19 malware programs in Vista sp1. To rely on such a program for protection is just asking for trouble. A decent antimalware program wouldnt have let it get on your system in the first place. NOD32 would have prevented it installing whether you enabled UAC or not. Eset NOD32 Scanner and cleaner Free ESET Online Antivirus Scanner |
| My System Specs |
|
08-09-2008
| #17 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems Quote: Originally Posted by Bare Foot Kid  Later Ted |
| My System Specs |
|
08-09-2008
| #18 (permalink) |
| Vista Ultimate X64 SP2 | Re: Left UAC off...Huge virus problems Quote: Originally Posted by Bare Foot Kid Quote: Originally Posted by Bare Foot Kid Later Ted Apparently for all those malware programs to have installed when UAC was off they must have already been on the computer/Internet files. Avast doesnt do a very good job at stopping malware before it installs, and appears to be somewhat reactive. |
| My System Specs |
|
08-09-2008
| #19 (permalink) |
| Vista Ultimate x64 | Re: Left UAC off...Huge virus problems Quote: Originally Posted by Bare Foot Kid All that "Unknown Owner/File Missing" stuff doesn't look good. Oh and those CNN alerts are the latest version of the Storm Worm, SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc snopes.com: FBI vs. Facebook / CNN Top 10 |
| My System Specs |
|
08-09-2008
| #20 (permalink) |
| Vista x64 Ultimate | Re: Left UAC off...Huge virus problems I have seen NOD32 and AVG have issues with Vista x64 Ultimate and missing Trojans also. Avast is working on the issue. I don't trust anything call NOD 32 as in 32-bit. Avast did block three files and deleted them. It was the other files that got past it. Avast knows I am not happy. I am also mad at my ISP for my blocking this crap to begin with. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Having huge problems with Windows Mail | Vista mail | |||
| Huge problems with Vista Ultimate 64 bit | Vista General | |||
| Problems since virus removal | Vista performance & maintenance | |||
| hardware problems or virus | Vista performance & maintenance | |||
| Anti Virus Problems | Vista security | |||
