A little help needed here...all steps followed

Hi there folks.
Had a small virus problem, that mostly got sorted out. Everything is running pretty much okay...except that emails keep being sent out from my machine. I have tried a lot of stuff, and cannot solve this problem. My AVG email scanner is running almost constantly, bringing up a list of IP addresses that it is trying to contact, and then it occasionally sends out a flurry of emails. Would appreciate it if someone could give me a hand with this one...
Thanks in advance

 

This sounds like the new mass mailing WORM. If you have followed the READ ME procede with a HJT log.

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thanks for getting back to me. I ran a scan with Panda's online virus scanner, and they detected a new form of malware on my system: Trj/Downloader.CXE, and after a struggle, I managed to delete the thing, and to get the mailing stopped. But it has left me with a couple of problems that seem to be lingering.
The first is that my ICF is down, and cannot be restored. When I tried to restart it, I got the following error message: "Windows could not load the installer for NET. Contact your hardware vendor for assistance" I also get the following error message straight after that: "An error occurred while Internet sharing was being enabled. The dependency service or group failed to start.
I ran services.msc under start/run, and checked the dependency groups for the firewall, and they were okay, until I got to Remote Access Control Manager, which was not started. When I tried to start it, it gave me error code 5, access denied. Also, the BITS on my system seems to be inactive too, with an error message telling me that it could not be started, and telling me to view the system event log, or if it was not a MS product, to contact the vendor, with the error code -2147024891 I don't know if these are both related to the problem I was having, but I would appreciate any advice on the matter. I have attached the most recent HJT log to this post for you to view. The one thing that strikes me as odd is that on the HJT log, there are two instances of svchost.exe being shown. But on the task manager, there are four... I'm wondering if this might be something to do with it
Awaiting your reply, and thanks in advance

 

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. You need to install Service Pack 2 for security purposes and to stay clean!

Your HJT log is clean, I do not see anything thats a threat. Are you having any Malware related problems?

 

Can you recommend a good link to download it from? I can't use microsoft update, due to the BITS problem...until that's cleared, I'm a little stuck on that front...

 

Sorry, didn't see the malware bit of your message. Not as far as I am aware of... And I followed all of the sticky thread on spy/malware removal...

 

Windows XP Service Pack 2

After download is complete, double click to install.

 

Thanks, downloading now. I am also getting some advice at Techsupport forums on this. They have recommended isntalling updates until my system is shown to be totally clean, so I will hold off on the installation for the time being...don't want to install it on a compromised system..

 

Without installing this update you will continue to have problems. If you going to get help somewhere else then why are we wasting time here?

 

Well okay, if you think that it would be safe to install it straight away, I will do so.. And I hope this is not wasting time at all. I am just making sure that I am covering all the angles, no offence intended in any way.

 

After you install the update, reboot and post a fresh HJT log.

 

Okay, I have installed SP2, and rebooted. Here is my new HJT log

 

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

After doing the above, your HJT log will be clean.

Are you having any problems at the moment?

 

Hi again,
Downloaded and ran Host.exe. But I am still getting the following problems:
My firewall has been reconfigured to SP2, it appears to be up and running on services.msc, but when I go to the firewall settings under My network connection, it shows that it is turned off, and the selection boxes are all greyed out, so I cannot change it.
Also BITS is still not working, I am still getting the same messages as before. I tried using windows update as a test, and it came up with a list of updates under critical. However, when I clicked to download and install them, the thing just locked up, and gave no sign of being active...
erm... help?

 

Your Windows Firewall should be off and disabled as you have ZA installed. ZA automatically disables the windows firewall as running 2 will cause conflicts.

As far as the other problem, can you explain in detail whats going on?

 

Hi there,
Well, the firewall being down doesn't sound like an issue any more then..thanks for letting me know!
The second problem started when I experienced trouble with microsoft update. It keeps failing, and post SP2 install, it locks up and will not respond.
I checked the error code that I was receiving, and it told me that I was having trouble with the BITS service. When I checked it under services.msc, I found it was inactive. When I try to activate it, I get the following error message: Windows could not start the Background Intelligence Transfer service on local computer. For more infomation, please view the system event log. If this is a non-Microsoft service, please contact the service vendor, and refer to service specific error code -2147024891 I had a look on the microsoft forums, and found that there were quite a few entries on this problem, with many different replies, and lots of solutions that work for some people and not for others.. quite frankly, it has me stumped..

 

Since this isnt Malware related, I will move this thread into the Software Forum or you can post this in the software forum. Those guys will get you fixed up.

Let me know!

 

okay, and thanks for the help I will let you know how it goes

 

You want this thread moved to the Software Forum or are you posting this in the Software Forum?

 

If you would be so kind....It would be much appreciated! Thanks

 

Thread moved as per your request. Just to give everyone in the Software Forum heads up of whats going on, it would be a good idea to drop a message explaining whats going on.

Good Luck!

 

See if this will fix your BITS issue

BITS 2.0 for Windows XP

 

Thanks for suggesting that...no go, I'm afraid. The BITS is still down..

 

I spent a good deal of the afternoon researching that error code, and the closest I could get was this MS Article for Win2000.

A repair install may be needed if this isn't a workable solution.

 

Hmmmm... looked promising, but it didn't seem to work.. and I have already done a repair install of XP...So that was a wash out too. Frankly, I'm stumped..

 

This article is interesting

http://www.faqshop.com/misc/default.htm?http://www.faqshop.com/misc/miscbits.htm

 

and this one http://www.faqshop.com/misc/default.htm?http://www.faqshop.com/misc/miscbits.htm

 

Got it! Deleting the dowloader directory in C://documents&setting/all users/application data/microsoft/network/ did the trick! Thanks for the help

 

Your welcome

 

If you have XP with SP2 try going to Add/Remove programs. Remove SP2 then reinstall it. This worked for me.