Continuous Connection Indication

Hello,

The name of the thread may not sound like I should be using this forum but I'm concerned that my computer may have been hijacked although I'm not able to find the "culprit." Both the Network Connection for Internet and Local Area Network icons in the Notification Area show a continuous blue condition with only an occasional blink to "unlit" status. Checking the "status" of the connection using a right click, shows that there is a continuous uplink/downlink underway. I have gone through the procedures listed for Malware removal and was able to run four of the five listed. Root Repeal would not run as I always got an error when attempting to scan.

I have attached the logs for the removal/testing applications.

Thanks,
Jerry.

 

Thank you very much Kestrel13!

I plan to get to this during the upcoming long weekend.

Thanks again,
Jerry1964

 

Hi Kestrel13!

Well, I finally got through the procedure of using analyse.exe followed by the registry fix. The registry fix did NOT give me a successful indication. And, I'm still plagued by the continuous connection indication. Now, one thing I did do, was to save the registry fix to notepad prior to doing the analyse.exe. Do you think that would have an effect on my results? Also, I was a bit unclear as to whether I should restore my anti-virus/spyware prior to the registry fix. Would that have mattered?

This computer is giving me fits as it is extremely slow and obviously has problems with shortcuts, which slows me down. I use Microsoft Security Essentials as my anti-virus and half the time, it won't launch, even when going to the program list at the start button.

I have tried to un-install MSE and it won't. Is there an anti-virus tool that you recommend?


Anyway, I plan to keep the cleanup tools for just awhile longer in case it is decided I need to do it all again. I don't mind really. I kind of enjoy the work.

So, any comments will be appreciated.

Have a great weekend and thanks again,
Jerry.

 

Hi Kestrel13!

Thanks for the reply. I downloaded Your Uninstaller and I'm in the progress of downloading and updating the Kaspersky Online Scanner.

Once I've done the uninstall and scan, I'll then need to replace MSSE with another anti-virus program. Is there one in particular that I should use in order to keep me virus free? I currently have both Super Anti-Spyware Professional and Malwarebytes paid edition running.

I'll let you know when the scan completes.

Have a great day,
Jerry.

 

Hello Kestrel13!

Well the Kaspersky online scan revealed the following:

Trojan-Dropper.Win32.Agent.bsvg (in two places)

not-a-virus:RemoteAdmin.Win32.PsExec.b (in two places)

It is strange that neither SuperAntispyware nor Malwarebytes found these.

Up for suggestions here!

Thanks,
Jerry.

 

Hello Kestrel13!

The locations were:

C:\System Volume Information\_Restore{4C64E8AF-F2CF-431D-8183-D12CF3F8050F}\RP64\A0023489.EXE

AND:

G:\SEAGATE BACKUP DELL 4600\HISTORY\LEVEL2\C\DOCUMENTS AND SETTINGS\JERRY\DESKTOP\MGTOOLS.EXE

These things referred to as "not-a-virus" by Kaspersky, were located at:

G:\SEAGATE BACKUP DELL 4600\HISTORY\LEVEL2\C\DOCUMENTS AND SETTINGS\JERRY\DESKTOP\MGTOOLS.EXE

AND:

C:\DOCUMENTS AND SETTINGS\JERRY\UNZIPPED\PSTOOLS[1]PS EXEC.EXE


So, I downloaded a 30 Day Trial of Kaspersky Internet Utilities (KSI) and ran it after a lengthy update. It located the above, removed one of the Trojan locations and found no file for the other one. After the complete scan, I did a search for the files and they are not there. Now, I would assume that the not-a-virus that was located on the G Drive was also deleted by KSI when it deleted the Trojan. I was going to go after the other not-a-virus but the computer locked up for some reason so I shut it down and went to bed. I had been fooling with this problem most of night before last and yesterday and I was bushed. So, this morning, I started the machine and it came up normally at first and then locked up. Presently it is off and I'm writing this from my laptop.

So...That is where I stand at this moment. Computer is off and I'm awaiting further instructions.

Thanks again. I now realize I inadvertently "bumped" my thread by telling you what Kaspersky had found and for that I am sorry. I'll try not to let that happen again. Guess I was a bit on the panicy side.

Have a good day and hope to hear from you soon.

Jerry.

 

Thanks for the reply, Kestrel13!

By final steps, I assume you are referring to the final steps in the first post of yours on the thread.?

When I get the time, I'll get right to it and report back to you.

I'm just wondering what the deal is with the Kaspersky Online Scanner finding the Trojan-Dropper and the same was found on the Kaspersky Internet Security 2011 program.?? (originally called Kaspersky Internet Utilities) Weird, I guess tiredness prevailed.

Anyway, I'll get back to you as soon as possible.

Jerry.

 

OK, thanks Kestrel13!

I'm running another scan in safe mode at this time. It will only come up to a locked up state in normal boot.

By the way, the Your Uninstaller program you wanted me to try would not un-install the MSE. MSE seems to be very entrenched in my computer and will not allow an un-install. The Your Uninstaller ran for hours to no avail. I think I need to go into the program files and uninstall the thing piece by piece. But, probably not really the best way to go about it. But, I do feel that MSE is the cause of alot of my troubles as it continually wants an update that will not install and come to find out, I'm using the latest version so I think it's totally corrupted.

Any thoughts on what I need to do while in safe mode to possibly get me running again in normal would be very appreciated. It seems a System Restore might just get me back to where I started.

Additionally, I am still VERY concerned about the continuous connection. Reading about the Trojan that I supposedly had doesn't make me feel comfortable at all about the safety of "things" on my computer.

Anyway, thanks again. I really appreciate the time you've been spending with me!!

Have a good evening,
Jerry.

 

Hello Kestrel13!

This morning I restarted out of Safe Mode and back into normal mode with no problem. I then did the System Restore cleanup and re-booted. It came up nicely and so I went in and established a new Restore Point. I had also gone through the cleanup of the other utilities I had downloaded. As I left for work things seemed to be working in good order. I still have not gone back in and tackled the MSE problems nor have I done any cleanout of the g and f drives. As you have suggested, if I have further problems I will contact the Software Forum folks. By the way, the Kaspersky Internet Security program seems to be a nice thing to have. I'll continue to evaluate it for the next 20 or so days and probably go ahead and buy it.

I'd like to thank you for all that you have helped me with. Nice job!

Have a good day,
Jerry.

 

Hello,

Well, my continuous connection started up again so I did some searching with different anti-virus tools. Last night, Spyware Doctor found Trojan-Downloader.Bagle. This will apparently reload and start its nasty business every time the computer is re-booted.

And, Oh By The Way, this thing will disable your anti-virus applications. Spyware Doctor seems to run OK though.

Any suggestions would be appreciated.

Thanks,
Jerry.