I'm new....I think my computer's sick...can anyone help?

[newgirl]

Hey Everyone!

I'm, new here, like the title says, I'm not great at computers. Anyways lately my computer's been very slow, and I notice in the task manager there's all these weird things that are taking up a bunch of space, and some pop up called gizm0luvsu comes outta nowhere. I'm in university (live in rez) and my computer's connected to a bunch of ppl so I probably do have a virus of some sort. My anti-virus program doesn't seem to pick it up. I have Windows 2000 Professional Edition is that helps....So here's my HijackThis log...any help would be GREATLY appreciated

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\netinfo.exe
C:\WINNT\system32\bcvsrv32.exe
C:\WINNT\system32\updatesp2.exe
C:\WINNT\system32\netinfo.exe
C:\WINNT\system32\updatesp2.exe
C:\WINNT\system32\netinfo.exe
C:\WINNT\system32\netinfo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\ccrsb\Start Menu\Programs\HijackThis.exe


O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [sp2update] updatesp2.exe
O4 - HKLM\..\Run: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] netinfo.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\RunServices: [sp2update] updatesp2.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netinfo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] netinfo.exe

[southernlady]

newgirl, the top part of your log is missing and I need that information. It telss me what operating system you are running, etc. So if you could post that part, I would appreciate it. Also have you done an AdAware SE, Spybot 1.3, and A/V scan yet?

If not, download those and run them. You can find the links to AdAware and Spybot in my signature and that will clean out lots of junk to make it easier for us to read the logs. Liz

[newgirl]

Thanx for the reply SouthernLady....I have tried Adaware and Spybot...didn't help. I'm not sure what A/V is though)...here's the rest of my log...hope it helps


Logfile of HijackThis v1.98.2
Scan saved at 7:59:45 PM, on 12/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\netinfo.exe
C:\WINNT\system32\bcvsrv32.exe
C:\WINNT\system32\updatesp2.exe
C:\WINNT\system32\netinfo.exe
C:\WINNT\system32\updatesp2.exe
C:\WINNT\system32\netinfo.exe
C:\WINNT\system32\netinfo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\ccrsb\Start Menu\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [sp2update] updatesp2.exe
O4 - HKLM\..\Run: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] netinfo.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\RunServices: [sp2update] updatesp2.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netinfo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] netinfo.exe

[southernlady]

A/V is an antivirus amd thanks for the rest of your log...I'll get to work on it now. Do you have an antivirus to scan with?

If not, use one of the online scanners here:
http://www.kaspersky.com/remoteviruschk.html
http://www.pandasoftware.com/activescan/
http://virusscan.jotti.dhs.org/
http://www.bitdefender.com/scan/licence.php Liz

[beedubaya]

Have you tried CWShredder?

[southernlady]

DONT!

[southernlady]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows 2000's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Go to add/Remove programs and Remove Spybot. You managed to get an infected copy and you can't use it ever again unless you completely re-format.

Go here and apply the McAfee Spybot Worm fix for your computer.
http://www.networkassociates.com/us/downloads/

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [Bcvsrv32] bcvsrv32.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] netinfo.exe

O4 - HKLM\..\RunServices: [Bcvsrv32] bcvsrv32.exe

O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] netinfo.exe

Restart to safe mode. http://service1.symantec.com/SUPPOR...001052409420406

Because 2000 will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete these files:

C:\WINNT\system32\netinfo.exe

C:\WINNT\system32\bcvsrv32.exe

C:\WINNT\system32\updatesp2.exe

C:\WINNT\system32\netinfo.exe

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp%in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Then post another log. Liz

[newgirl]

Hey liz thanx so much for your help, I'm ok with doing everything on the list except the system restore part, that option isn't there in my "my computer" properties...is it absolutely necessary...or is there another way in windows 2000

oh and is the infected spy-bot the reason this happened?

edit: my add/remove programs isn't working as well....so i removed spy-bot through the uninstall option in program itself

[southernlady]

Yes, the infected spybot is at least one of the reasons for all of this. And you did just fine using the uninstall program to remove spybot.

Okay, it's ME that has the system restore not 2000 so don't worry about that.

Are you ready to post a new log? Liz

[newgirl]

Oh my gosh Liz thanx so much for your help....i did what you said n i THINK it's all fixed. My hijackthis log says no suspicious items found, and my task manager doesn't have that netinfo and updatesp2 anymore....I'll let it run for a little while and then check hijackthis again, but hopefully it won't come back

Thanx again Tiffany