I might need help...

Discussion in 'Malware Help (A Specialist Will Reply)' started by trowter, Feb 10, 2005.

  1. trowter

    trowter Private First Class

    Hi there...I'm not sure if I need help or not. This could be my computer doing funky things or it could be spyware/virus etc.
    First of all, I am running a P4 2.8, 1 GIG of RAM, Win XP SP2 with a 160G harddrive.
    About 2 weeks ago at least my MacAfee started resetting each time I logged in...I would change my parental controls to a child, it would change my cookie settings and it would change to make me ok every program that tried to use the internet.
    I've also been having problems with my Outlook Express...It won't let me send anything at times, at other times it is fine.
    Then MacAfee quarentined that W32 BJ bagle worm, and since then, my spamkiller is just not working...It just stops responding when you try to look at messages which are tagged as spam (they shouldn't have been tagged).
    My last problem is internet explorer...I can't tell you how many times a day that it just stops working and says it needs to close. It is especially prevalent when doing updates to MacAfee.
    I have used MacAfee Virusscan, Trend Micro, Adaware, Spybot, MS Antispyware, MacAfee Antispyware, A couple of weeks ago I also ran the Norton Online scan...all coming up negative.
    I have reinstalled MacAfee several times in the last couple of days, hoping that maybe that bagle worm, had just corrupted a few files, but we just keep coming up with more problems. Now Spamkiller keeps telling me it needs to be updated, but it doesn't.
    What do you guys think? Does this sound like malware which I just can't find? Or do you think is a softwre problem which I also can't find?
    Thanks so much
     
    trowter, Feb 10, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I know some of what is below may seem like a repeat but work thru it in the order listed and let's see what happens. If you have any problems trying to do any steps, just note the problems to tell us later and then continue with the next steps.

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Feb 11, 2005
    #2
  3. trowter

    trowter Private First Class

    Hi Chaslang,
    Thanks for your reply...I did all the steps on the sticky. The only thing that came up with anything was the HSRemove, which removed 8 items, I don't know what they were, it didn't say.
    I was going to post my hijack log for you to see, but the instructions scared me, and I didn't want to do it wrong. When you say to close everything, I closed all of the programs running, and shut down everything on the system tray on the bottom right hand corner, but in task manager it still said I have 48 processes running. Is this OK?
    Also, when I downloaded Hijack this, I put it in C://Program Files/HJT, which is what I thought I was supposed to do...then when I went to open Hijack this, it said it appeared as though I was opening it from a temp file, and to quit and open it from a different place. What did I do wrong?
    Sorry for the questions, but I figured it would be better to ask and get it right the first time. Thanks
     
    trowter, Feb 11, 2005
    #3
  4. TheOldThug

    TheOldThug First Sergeant

    Trowter

    How did u get Jigsaw Puzzle Champion! and that picture under your name?
     
    TheOldThug, Feb 11, 2005
    #4
  5. trowter

    trowter Private First Class

    Hi ThisOldThug,
    When you get a high score on a game in the arcade, it shows up under your name like that. In my case, I got the high score on the Jigsaw Puzzle game.
    Hope that answers your question :) :) :)
     
    trowter, Feb 11, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to extract HijackThis from the ZIP file into that folder. What you downloaded was HijackThis.zip. That's a compressed file containing hijackthis.exe You need to unzip it into the folder mentioned using a program like WinZip

    The reason it looks like it is running from a temp file is because you are running it from inside the ZIP file.
     
    chaslang, Feb 12, 2005
    #6
  7. trowter

    trowter Private First Class

    ok...I hope I have it right...Here is my log.

    All of the scans went fine, nothing found except one tracking cookie.
    I tried to close everything, and hopefully I got it all
     

    Attached Files:

    trowter, Feb 13, 2005
    #7
  8. trowter

    trowter Private First Class

    The other log still had some McAfee running...I think this one is better
    Thank you for your patience Chaslang...
     

    Attached Files:

    trowter, Feb 13, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I do not see any obvious reasons for your problem. It could be configuration issues.

    However a side note and a gripe about McAfee.
    You have so much stuff running from McAfee it is a wonder that you can do anything else. If they keep up like this (them and Symantec), pretty soon everyone will need one 4 Ghz Pentium processor just to run their applications and another one to actually do what we want.

    This is almost rediculous. Here is all the stuff from you log related to McAfee:
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE <-- why do they need two of them
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

    By the way I would uninstall and not use MS Antispyware until they get all their problems with it worked out. It is still a beta and very buggy.

    You can have HJT fix the below two lines but they have nothing to do with your problems:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    The next paragraph is your decision:
    Perhaps you can try uninstalling everything from McAfee and see how your PC runs. You should not do too much on line stuff without a virus scanner and a firewall. You could first download and install (after uninstalling all McAfee stuff) the programs listed in the below link (they are not resource hogs):

    How to Protect yourself from malware!
     
    chaslang, Feb 13, 2005
    #9
  10. trowter

    trowter Private First Class

    THANK YOU for your time and expertise Chaslang...I really appreciate it. You provide an invaluable service to computer novices like myself.
     
    trowter, Feb 13, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. But what is your current status and what are you thinking about my gripe on McAfee.
     
    chaslang, Feb 13, 2005
    #11
  12. trowter

    trowter Private First Class

    After installing and uninstalling it several times, McAfee is working ok, but it took hours of playing around with it. Window updates are not working, and Steve's outlook express still isn't working, he can receive email, just not send it, and IE is still shutting down unexpectedly.
    I didn't realize that McAfee used so many resources. WOW!!! Maybe I don't notice the difference in performance because we've always had either Norton or McAfee on the computer. I read the sticky on how to protect yourself from Malware, and discussed it with my husband. He is a really hard sell on Freeware. He firmly believes that if it is free, then you will get a substandard version. So I guess for now that means we will be staying with McAfee :( :( :( . I'll keep working on him. I'm sure McAfee will bugger up again, and when it does I will bring up the subject again. Sooner or later he will get so sick of trying to fix it he will give in.
    Again, Thank you so much for your help...
     
    trowter, Feb 14, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The three free versions of antivirus applications:
    - Avast
    - AVG
    - AV Personal

    are better than McAfee and Norton. We have had many polls here and neither McAfee or Norton/Symantec have ever even place in the top 5.
     
    chaslang, Feb 14, 2005
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds