Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Windows Update Problem (Please Help)

by OMRSS210 Nov 9, 2008 1:53PM PST

Hi,
Am a new member here , just created the account and i have problem with my laptop .
I have a windows xp Home edition service pack 3 . My laptop was working fine today morning , After asking a friend about the pop ups and how i can block them , he said u need to use anti virus , go download it with torrent . i get excited about the idea of getting a free anti virus so i downloaded one of the files in isohunt.com . when i tried to install them , i think i got a virus or something , a big time virus . which made me restart my computer . i restarted , it worked fine and then it stopped without any notice .
the only way for me to get this solved was to fomart the laptop and re install windows xp . i did that and everything worked fine . when i wanted to install the messenger from messenger.msn.com , i couldnt get into the installation site , everytime i click on download i get (The page cannot be displayed) when i tried the other laptop it worked perfectly .
i asked a friend , he tried and tried and reached a point where he said go to windows update and update ur windows , i clicked on it and it transfered me to the home page of msn .
Fixing the windows update problem might fix the messenger problem .
I tried searching google for a solution and get to your forum , there is a similar problem in ur forum with a solution , i tried the solution but it didnt work out too :S . The problem was posted for a member called LISA .

Can you please help me out with this . I need it .


Omar

Discussion is locked

12 Posts
- Collapse + Expand Details
- Collapse -
Give the following a try:
by Marianna Schmudlach Nov 9, 2008 2:42PM PST

Please download Malwarebytes Anti-Malware or alternate download link

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

..

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".

- Collapse -
did all ur steps
by OMRSS210 Nov 9, 2008 3:42PM PST

Hi,
Thank you for your early reply.
I did all the instructions above . Tried the first program you instruct me to use and found 6 infected files and removed them . But when i restarted the files just appeared back . Here is the log :-

Malwarebytes' Anti-Malware 1.30
Database version: 1379
Windows 5.1.2600 Service Pack 3

11/10/2008 3:37:00 AM
mbam-log-2008-11-10 (03-36-57).txt

Scan type: Quick Scan
Objects scanned: 40702
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9a545248-1b17-4773-8c2e-936be9f82236}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9a545248-1b17-4773-8c2e-936be9f82236}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9a545248-1b17-4773-8c2e-936be9f82236}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The 2nd program you instruct me to use gave me 16 threats which were found in the cookies folder , i deleted them but nothing changed regarding windows update or the messenger download .

Any other solutions ?

Omar

- Collapse -
Run MBAM again........
by Marianna Schmudlach Nov 10, 2008 12:13AM PST

and let it quarantine all the infections found as I see in your MBAM log: No action taken.

Reboot your computer, run MBAM (MalwareBytes AntiMalware) again and c\p the log. Thanks.

- Collapse -
did ur 2nd step
by OMRSS210 Nov 10, 2008 12:36AM PST

Hi,
I did the step you told me about in ur last reply . I still didn't restart my computer but i have the MBAM LOG , It's kind of different than the log i sent u before . here it is :-

Malwarebytes' Anti-Malware 1.30
Database version: 1379
Windows 5.1.2600 Service Pack 3

11/10/2008 12:34:44 PM
mbam-log-2008-11-10 (12-34-44).txt

Scan type: Quick Scan
Objects scanned: 42827
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9a545248-1b17-4773-8c2e-936be9f82236}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9a545248-1b17-4773-8c2e-936be9f82236}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.9 85.255.112.209 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Omar

- Collapse -
and still
by OMRSS210 Nov 10, 2008 12:45AM PST

and still i get the same problem , after restarting , it showed that i have 6 threats instead of 4 :S . i don't know how am i gonna solve this problem .

- Collapse -
Let's try........
by Marianna Schmudlach Nov 10, 2008 1:02AM PST

it again......

Update Malwarebyte Anti Malware and run it again.....

then:

Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

Then:

Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

[quote] ipconfig /flushdns [/quote]


Hit Enter and exit the Command Prompt.

- Collapse -
Nothing changed
by OMRSS210 Nov 10, 2008 1:15AM PST

I tried all the instructions u gave me but nothing changed yet . i did the update for the virus protection program and i also scanned it again and restarted the computer . i also went to my wireless connection properties to set the obtain dns servers automatically and i did the command prompt .
any other solution u might think of ?


Omar

- Collapse -
Have a look IF you can find........
by Marianna Schmudlach Nov 10, 2008 1:40AM PST
- Collapse -
couldnt find it
by OMRSS210 Nov 10, 2008 2:01AM PST

Hi,
I did ur instructions but couldnt find anything from the files you gave me on my system32 folder .
I also opened the link u gave me but found it similar to what u instruct me . Sorry for disturbing you but the problem is really driving me crazy .


Omar

- Collapse -
Last "thing" you could do......
by Marianna Schmudlach Nov 10, 2008 2:05AM PST

as I am running out of ideas.....

Download HiJackThis - HOW to post your HJT log on ONE of the HJT forums

Download and instructions:

http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2639147&tag=forums06;posts#2639147

Here's a list of reputable HJT forums:

http://www.bleepingcomputer.com/forums/forum22.html

http://www.geekstogo.com/forum/index.php?s=e39ad7e237ae123f43517316e44bf4bf&showforum=37

http://www.spywareinfoforum.com/index.php?s=5028cc67f4e5562d636b9a77c9017749&showforum=18

Good Luck !

- Collapse -
Hidjackthis
by OMRSS210 Nov 10, 2008 2:22AM PST

Hi,
thanks for ur help again.
i used the program u gave me and it gave me this log :-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:18 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manutd.com/
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 4131 bytes


Didn't know what to delete and what to fix and what to keep . So can you please instruct me .

Omar

- Collapse -
The infection is still there......
by Marianna Schmudlach Nov 10, 2008 2:45AM PST

Please post your HJT log on ONE of the HJT forums I mentioned, they will use "special tools" to remove that infection.

Do NOT fix anything yourself in the log !

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info