modem keeps sending and sending......

I am having aproblem for the last month now with my internet connection sending and sending. I have let it go for only about 15 minutes to see if it will stop and it just keeps on going(like the energizer bunny!) I am not doing anything or down loading anything when this is happening.
When I do try to download or even just surf to a web page it takes forever and then sometimes another page pops up. Lately it has been www.powow.com/naufnauf . But it has also been www.air689.startdedicated.com and www.dnsmadeeasy.com
I have done almost everything in the sticky. I cannot get online when booting in safe mode with networking so I had to do it with a normal boot.
I could not get the scan at Trend or Symantec, Ravantivirus, Trojan scan and a-squared because of the continual sending and receiving hogging the lines. I did manage to get all the other stuff downloaded and did run them and thought I had it licked, but then the next day it started again.
Over the last couple of weeks the programs have found these things:
C:\temp.exe win32 small.BC
C:\temp.exe trojan.posfuse.A
C:\Backdoor.Rbot.gen

and my Norton has been finding and quarantining this:
C:\ windows\system32\ftpupd.exe has been infected with the Korgo.Z virus.
this has happened numerous times with different letters after the Korgo._

I am running Windows XP without a service pack and using a dialup connection.
I have a HP with
1.6Gz pentium processor
256mg ram
I have downloaded Hijackthis but put it on the desktop...can I just move it to the C drive or should I try to download it again directly there?

I am using a laptop to get through to you guys and hope that you can help this granny get back to normal. I hope that I have included everything you need to try to help me.

Thanks a lot
Mary

 

Hi Mary,

You should get Service Pack 1a but DO NOT INSTALL SP2 Until your machine is clean.

Please start here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been pretty busy with work lately, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Hi Thanks for your reply. I am having trouble logging in on my other computer so I can't attach the log file. When I try to log in I get sent to a redirect page and it never takes me anywhere. When I click on the button that tells me to click if I haven't been redirected I get sent back to the log on page again.....What am I missing here?

 

OK I think I figured it out, I found an old floppy and have copied the log to it and will try to attach it from there.

Hi guys
Ok I ran all the things on the sticky AGAIN and I still can't get Symantec online scan or Trend online scan to work. It took 10mins on Symantec to try to download and I had sent 2,120,800 bytes and received 2,900,014 bytes.
I attempted the Trend online scan for 15 min and sent 2,700,518 bytes and received 4,683,153 bytes. Isn't that a LOT of bytes to be sent and received in that time allotment?
I didn't try the alternative scans this time but have run Bitdefender, Avast! and ADS SPY on the earlier scans. the online ones would not work just as the others.

Everything else ran and was OK this time. Refer to above post for the results of previous scans. I ran them in safe mode with restore off and hidden files enabled. I ran the HJT in safe mode too. Please let me know if I should run it in normal mode.

I haven't gotten any service packs as I can't download with whatever this is doing all the sending and receiving. I did send for service pack2 from Microsoft though.

thanks again for all your time
Mary

I am attaching the log. I hope you can help me as I am going crazy here.

 

Alrighty! I did all you said to do except that there wasn't an entry on this hijack log for 09-extra buttonno name),etc. I am attaching 2 logs to show you this. log2 is the one I used to fix the things you said and log3 is the result after fixing.
I went back online after that and was on for about 17 minutes and nothing happened! wahoo! No pages I didn't want and no extra work by the modem!
THANK YOU, THANK YOU! I am hoping it stays that way.
can you tell me what was making it do that? and where did those pages come from?

I see all those entries for the online games and no I don't use them anymore and will fix those also if you think it is OK. If I just check all the ones I know are the online games will that be OK?

One last question.....why can't I get logged on on the other computer that I just fixed(this is the laptop) I still get to the redirect page and I can't get logged on. When I look up top of the page my name is there, but it says I cannot post.

OHOH I lied...another question....I deleted the Microsoft JAVA and couldn't get the Sun Java to install...maybe it will do it now? Or should I try to put the Microsoft back?

I will try to get the service pack1 and 2 now if my machine stays working..

thank you so much for your help.

A very appreciative granny
Mary

 

Thanks, chaslang for your help. I have deleted the old version of HJT and used the current one this time. there still wasn't a listing for the 09 extra button (no name) though...
Here is the last HJT log.

Sorry to confuse you. I am fixing a desktop pc but couldn't access the forum from it, so I had to use a laptop. the problem of logging on to the forum has been fixed though I had to change the cookie setting.

Things still seem to be working great with the modem sending problem. I t is working normally now! Thanks! I still would like to know how it started doing that though.

My Norton did catch 2 virus's right after the fix, the W32.Pinfi and the W32. Korgo.V. they were in the ftpupd.exe file. I was online at this forum and had my OE open when this happened. Is there anyway to keep that from happening again?

thanks again for all your help

Mary

 

Thanks Chas
I got everything working great again!! Thanks to you guys and this forum my computer is clean and up to date!

Thanks again
Mary