virus/spyware?

hey im having issues with my computer. its a windows xp home.ive noticed that my modem and router lights keep blinking even tho im not doing any internet activity. this only happens on my router port. when my laptops are connected the light stay off untill i do somthing internet related.ive scanned my computer numerous times with Adaware SE professional.i cant scan it with norton because i cant open it! every time i try to it just doesnt do anything. when i press CTRL ALT DELETE nothing pops up. and i try to launch MSCONFIG form the run thing nothing happens. but when i type in CLEANMGR it pops right up. it looks like something is preventing me from altering any programs that open up durning the boot up. and i cant switch users with out logging off the current user. what the **** is happening?

You most likely have some Virus/Spyware, or a combination of the two. Please follow the two stickies on the subject at the top of the forum, and if you still have trouble, post a HijackThis log file.

http://www.ocforums.com/showthread.php?t=307720
http://www.ocforums.com/showthread.php?t=319615

[edit]

BTW to get rid of your virus, you'll need to do an online scan:
http://housecall.trendmicro.com/

on that online scan link you gave me every time i try to run i tit gives me this error.

Go here, download and run this tool: http://vil.nai.com/vil/stinger/

Then, attempt to use the scanner at http://securityresponse.symantec.com/

I'm not sure why you are receiving the error from the trend micro site.

IMOG that stinger thing did not detect any viruses and i cant find the online scanner at the symantec website. this is really annoying me.

try panda:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

I'd also like to point out that you may have to take care of any spyware/adware problems before trying to get rid of any viruses, that may be why you're getting weird errors and Norton does not work.

ok ill give panda a try. btw ive scaned my computer using adaware MANY times in one hour lol and no spyware comes up.

ati said:

ok ill give panda a try. btw ive scaned my computer using adaware MANY times in one hour lol and no spyware comes up.

Click to expand...

Were you using the latest version of Adware? Did you download the newest Update file for it?

AdAware may not find all the spyware on a particular machine. It's best to run 2 or 3 different programs, like it says in both guides. Give Spybot a try, as well as SpySweeper. Running only AdAware, especially if it isn't updated, won't fix your problems (if they are spyware related) - no matter how often you run it

thnx man! i used spybot and it removed all the s**tty spycrap. i always thought adawre was good enogh.

ati said:

thnx man! i used spybot and it removed all the s**tty spycrap. i always thought adawre was good enogh.

Click to expand...

Glad to help, always scan with 2 or 3 different programs, one will pick up what the other misses and vice versa.

however spy bot cant delte this one spyware called hot keys. even tho i scan right before windows loads. how do i delte this one?

Make sure you have System Restore turned off, and are scanning in Safe Mode.

when i press F8 and select SafeMode it loads then i see the safmode logo on all corners but the screen is black. then a few seconds later it boots into normal xp.WTF?

Can you list the processes you have running, or run a hijackthis scan and post the log for us?

At this point, it may be easier to explain to you which virus you are infected with and how to disable its operation so that you can repair it.

Logfile of HijackThis v1.98.2
Scan saved at 12:25:22 AM, on 9/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Documents and Settings\KeVin\My Documents\Tecra 8100 original drive\WINSE (D)\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\MMViewer.exe
C:\PROGRA~1\METAMA~1\Common\CmpgnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\KeVin\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MCIEPlugIn Class - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IE\IEPlugIn.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab

I looks like you had or have a wildtangent advertising infection, you can remove this line:

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/...lim/install.cab

Also, go into add/remove programs and ensure there is nothing listed there that you have not installed yourself.

How do you have your system configured? I find these things abnormal maybe, but they do not indicate infections AFAIK. If these are intended to be where they are that is fine:

C:\Documents and Settings\KeVin\My Documents\Tecra 8100 original drive\WINSE (D)\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\MMViewer.exe
C:\PROGRA~1\METAMA~1\Common\CmpgnSrv.exe

What is MMviewer? Very little information on the web from searching its executable name.

You can run the symantec virus scan from here:

http://security.symantec.com/sscv6/...&langid=ie&venid=sym&close_parent=true&bhcp=1

C:\Documents and Settings\KeVin\My Documents\Tecra 8100 original drive\WINSE (D)\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\MMViewer.exe
C:\PROGRA~1\METAMA~1\Common\CmpgnSrv.exe

yea thats alright i have a hdd copy of my toshiba laptop on here.
anyways while i was having problems yesterday i trie dot uninstall norton but all it did was remove it form the add/remov list but its still on my hdd. how od i uninstall this manually? because when i try to reinstall it, norton says INSTALLATION FAILED.

Norton is not the best at uninstalling from what I have heard... There are a lot of scattered files it leaves around the HDD. At this point, you are getting close to the point where a fresh reinstall may be a better option for you, if you have a good backup solution.

Could you run the norton online scan?

yea i got the symantec scan working. and im scanning right now. the computer is fine now every thing is in working order and the router and modem lights dont flash anymore. just that i cant remove the spyware called "hotkeys". and that norton is being a b**ch

Oh ok, you aren't in too bad of shape then, I thought you were still having more problems.

I need more details on the hotkeys spyware... Just the name hotkeys is not useful for using as a keyword on google, so I cannot find anything out about what you were infected with... If you have any logs from the program which found the hotkey infection, save the log as a txt file and attach it to your post. I can then find out more about this.