MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 06-18-06, 06:13
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default WHAT is netbios-ssn & netbios-dgm

a few commands i have never seen before have appeared while doing a netstat in cmd

ever since i have seen this

i have problems with my firefox browser

i cannot use the delete private data option in Tools>delete private in the firefox browser

also a "iaskmp"

alot more highrated hits in zonealarm have been happening

maybe its just a portscanner
Reply With Quote
Sponsored links
  #2  
Old 06-18-06, 13:08
Shadow_Puter_Dude's Avatar
Shadow_Puter_Dude Shadow_Puter_Dude is offline
MG Authorized Malware Fighter
 
Join Date: Apr 2005
Location: Northern NY
Posts: 8,845
Thanks: 1
Thanked 68 Times in 66 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
  • Make sure you check version numbers and get all updates.
Quote:
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (
these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis
__________________
Kevin Zoll
Emsisoft Team - www.emsisoft.com


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote
  #3  
Old 06-18-06, 17:15
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

I am now Following read & run me procedure

first i will Run hijackthis now

and run it again after i have finished following the procedure

Reply With Quote
  #4  
Old 06-18-06, 21:04
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

I have run readme

i attached hijack before and after procedure

have labelled

now i am waiting for bitdefender and panda to finish

will post next

if my internet explorer browser is hijacked why would i do a panda scan there or a bitdefender from there???
Attached Files
File Type: txt FirstHijakLog.txt (3.4 KB, 2 views)
File Type: txt hijackthisAFTERreadandrunme.txt (3.8 KB, 5 views)
Reply With Quote
  #5  
Old 06-18-06, 21:14
Shadow_Puter_Dude's Avatar
Shadow_Puter_Dude Shadow_Puter_Dude is offline
MG Authorized Malware Fighter
 
Join Date: Apr 2005
Location: Northern NY
Posts: 8,845
Thanks: 1
Thanked 68 Times in 66 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

Quote:
Originally Posted by jones23
if my internet explorer browser is hijacked why would i do a panda scan there or a bitdefender from there???
Because the logs from those 2 scans will show me things that HijackThis doesn't and isn't designed to find.

Your HijackThis log appears to be from Safe Mode, it shows that both AntiVir PersonalEdition and Zone Alarm are installed but not running. I need a log from Normal Mode.
__________________
Kevin Zoll
Emsisoft Team - www.emsisoft.com


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote
Sponsored links
  #6  
Old 06-18-06, 22:58
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

Ok here i have a hijckthis in normal mode

and a bitdefender in normal mode

it found 1 spyware,virus

I am now removing flashget supposedly its detected as a virus

i couldnt upload the bitdefender log ill try in the next post

the log exceeds your limit
Attached Files
File Type: txt hijackthisAFTERbitdefenderIn Normal Mode.txt (5.7 KB, 6 views)
Reply With Quote
  #7  
Old 06-18-06, 23:05
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

i still cannot upload

this is the most recent scan of bitdefender

as it appears
FILE:

"<system>=>HKEY_CLASSES_ROOT\CLSID\{A5366673-E8CA-11D3-9CD9-0090271DO75B"

STATUS:

Detected: FlashGet

and then it was deleted

thats the only one bitdefender can find

I will run another NETSTAT TO SEE IF IT IS GONE
Reply With Quote
  #8  
Old 06-18-06, 23:14
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

THIS IS MY NETSTAT, I left my computer name blank

XP sP1

C:\Documents and Settings\ME!!!>netstat -a

Active Connections

MY computer NAME GOES before all the BLANK ~> :

Proto Local Address Foreign Address State
TCP :1025 :0 LISTENING
TCP :3008 :0 LISTENING
TCP :3009 :0 LISTENING
TCP :3018 :0 LISTENING
TCP :3026 :0 LISTENING
TCP :3065 :0 LISTENING
TCP :3069 :0 LISTENING
TCP :3071 :0 LISTENING
TCP :18350 :0 LISTENING
TCP :netbios-ssn :0 LISTENING
TCP :3065 a-61-9-209-159.deploy.akamaitechnologies.com:htt
p ESTABLISHED
TCP :3068 a.tribalfusion.com:http TIME_WAIT
TCP :3069 216.239.57.104:http ESTABLISHED
TCP :3071 geek.esselbach.com:http ESTABLISHED
TCP :3072 a-61-9-209-158.deploy.akamaitechnologies.com:htt
p TIME_WAIT
TCP :3073 a-61-9-209-158.deploy.akamaitechnologies.com:htt
p TIME_WAIT
TCP :netbios-ssn :0 LISTENING
TCP :3001 :0 LISTENING
TCP :3002 :0 LISTENING
TCP :3003 :0 LISTENING
TCP :3005 :0 LISTENING
TCP :3005 localhost:3009 ESTABLISHED
TCP :3006 :0 LISTENING
TCP :3006 localhost:3008 ESTABLISHED
TCP :3008 localhost:3006 ESTABLISHED
TCP :3009 localhost:3005 ESTABLISHED
TCP :3018 localhost:18350 ESTABLISHED
TCP :3025 localhost:3026 ESTABLISHED
TCP :3026 localhost:3025 ESTABLISHED
TCP :10025 :0 LISTENING
TCP :10110 :0 LISTENING
TCP :18350 localhost:3018 ESTABLISHED
UDP :isakmp *:*
UDP :3004 *:*
UDP :3029 *:*
UDP :ntp *:*
UDP :netbios-ns *:*
UDP :netbios-dgm *:*
UDP :ntp *:*
UDP :netbios-ns *:*
UDP :netbios-dgm *:*
UDP :ntp *:*
Reply With Quote
  #9  
Old 06-18-06, 23:35
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

ALso MY FIREFOX

Tools>Clear Private Data function is still unavailable

how can i fix this
Reply With Quote
  #10  
Old 06-19-06, 04:20
jones23 jones23 is offline
Private First Class
 
Join Date: May 2006
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

Does this mean i am not infected

and can continue

or something else someone is not telling me

:
Reply With Quote
Sponsored links
  #11  
Old 06-20-06, 18:56
Shadow_Puter_Dude's Avatar
Shadow_Puter_Dude Shadow_Puter_Dude is offline
MG Authorized Malware Fighter
 
Join Date: Apr 2005
Location: Northern NY
Posts: 8,845
Thanks: 1
Thanked 68 Times in 66 Posts
Default Re: WHAT is netbios-ssn & netbios-dgm

No, it does not mean you are not infected; in fact you are infected. I did not ask you to install BitDefender, the instructions in our Read Me First are very clear on what must be done and what tools are to be used in what order and what modes. Both of your HijackThis logs clearly show that you have not followed our standard cleaning procedures.

The instrcutions are there so that I am not wasting your time with several posts asking you to run various tools, before I give you specific cleaning instructions. They are also there to keep poster from wasting our time.

I will not give you any further assistance until you have completed our cleaning procedures with out skipping a step, using the tools we specify and you have posted the logs that are required.

Follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
  • Make sure you check version numbers and get all updates.
Quote:
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (
these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis
__________________
Kevin Zoll
Emsisoft Team - www.emsisoft.com


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:28.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger