Help please, think some 1 has control over proccesses

Help please,
My name is jeff and this is concerning my parents computer. I have had problems with this puter before, but never like this. Today, I looked and was haveing some problems w/ this puter, but then I looked and had a random network conection added to it. It was LINUX IGD added. Bassicly, some one is on the puter So, any ways, tyried to remove, tried to start in safe mode to remove it, but the puter wont let me, it frezes when trying to start. Also, some of the proccesses can not be stoped, Remote procder call can not be stoped, aka they have control over it

So I now ask for the genius peoples help. I ahve ran norton antivirus, finds nothing/ spy-bot, found somethings, removed and are now gone, ad-aware, nothing, and bazoka, once again nothing. I ahve hijack this, and have log if needed.

Any ideas or info on this would be nice

Thanks so much peoples

Jeff

 

LINUX IGD this is a deamon that emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to work properly from behind a Linux NAT firewall.

Now with that said Chas, bj all yours.

 

so, what about the RPC not being able to be stoped or disabled? Do you think that nothing is wrong then? I dont know...

Im comfused...
so their comp is plugged directly into a actiontec DSL modem, which also has wierless routing. You thinking that thats causing the IGD thing?

Cause I have never noticed it before...

info?

thanks
Jeff

 

I'm not the expert at removing malware, chaslang and bjgarrick are the experts here. Several wireless routers have NAT firewalls, it could be the cause of the LINUX IGD.

Please follow ALL of the steps below completely. Do not skip anything.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Ran all things on that. Also now ran hijackthis. Attached is log file.

Please help with this. When I am in safemode, the LINUX does not appear, only when I start up in normal; mode.

Thanx.

Jeff

 

Run Hijack This Do a System Scan Only

Select the following line:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

Click on Fix Checked

Close Hijack This

Now Download Hijack This 1.99.1

Finally, DO NOT install Hijack This to the Desktop, any folder under Documents and Settings (Win2k, WinXP), a temp folder or choose to run it directly from the downloaded ZIP file. You will not get backups or could easily lose them if you do not follow these directions. Place Hijack This in its own folder that is safe for storing Backups. C:\Program Files\HJT is a good example.Also do not run Hijack This in safe mode unless someone specifically requests that you do so.

Now reboot into normal mode, and run Hijack this from C:\Progam Files\HJT.

 

Shadow_Puter_Dude,

That line is legit!

 

Got it. I was using the HijackThis log file analysis and it reported it as a nasty.

 

Its not 100% accurate

 

So...am I suposed to do that system scan and fix that or what am I suposed to do now...

I am comfused..

advice?

Thanks

Jeff

 

No, Do NOT fix that entry, it is legit!

Please update to Hijack This 1.99.1 and attach a new log using the new version.

 

I'm starting to figure that out, rest of the log looked ok, but then that was in safe mode.

 

BTW,

Here is the log file from that version of HJT that you told me to dl and it was run in norm mode not safe

Thnx
Jeff

 

Scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

Make sure All Browser Windows are Closed when you Click FIX.

After fixing the above, your log will be clean. Are you having any further problems?

 

Well, I deleated those ones, restarted, then ran another hijack this log. Posted here, so thats that. As far as any other problems, is the net connection LINUX IGD normal or is it some one did something...??? Because when I go in safe mode its not there @ all. And when I start up it is initially not there, then loads a tiny bit latter, and wont let me disable it at all or any thing like that. So jsut some things like that make me think its not normal, that some one put/got into the computer some how. Also, in administrator servieces, it wont let me turn off/disable RPC at all, I didnt know if that was normal.

Help/advice?

Thanks
jeff

 

Your HJT log is clean!

First, why are you trying to disable the RPC service? This is a legit service and should not be messed with.

LINUX IGD is normal. It's a deamon that emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to work properly from behind a NAT firewall.

 

OK, I didnt know if it was, it jsut seemed weird and I was gettin mixed things from different people of weither it should be or not. Alos I didnt have it and it jsut randomly appered one day, so was just making sure.

Thanks for answers

Jeff

P.S.
This is why I ask you peps because ur all genioses

THNX

 

Your Welcome!

To stay Malware free, you should check out this article on How to Protect yourself from malware!