Mr Andrewson Posted August 18, 2006 Share Posted August 18, 2006 Ok i have recently been experiencing problems with my computer... I have a dsl connection and i used to recieve normally about 6000 bytes per day but now i seem to have been downloading things without doing anything. Ive noticed when im not active on the internet i recieve no bytes but when i go onto a website (any) i will recieve like 300,000 bytes and i ran spyware doctor and it came up with 2nd-thought.com trojan and i'm wondering if this maybe the problem i have spy sweeper and that did'nt pick it up so it would be nice to have some instructions on how to remove 2nd-thought.com manually because i simply don't want to pay... and ive googled my heart ut for cookies.txt 'cause spyware doc gave me the location of 2nd-thought.com and some other tracking cookies and it said the location was cookies.txt-line #22 (and some other numbers) please help 'cause i'm only like 12 years old and english (dumb)... And i have avg anit-virus free edition and norton system works and they didn't pick anything up so if anyone who's smart and knows what they are talking about help me? Thanx, Mr Andrewson Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 plz help Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 18, 2006 Share Posted August 18, 2006 Could you explain so more about what is actually happening? And would you mind using a spell check and working on the gramma a little please? Have you tried removing the trojan in question? Quote Link to comment Share on other sites More sharing options...
stingwray Posted August 18, 2006 Share Posted August 18, 2006 I have a dsl connection and i used to recieve normally about 6000 bytes per day but now i seem to have been downloading things without doing anything. Doesn't mean much without a contexted, also I don't think you mean bytes. Run AVG virus scan with the latest definitions. Run CCleaner. Run Spybot S&D with the latest definitions. Install a free firewall and set it to notify you everytime a program wants to access the internet. Can't say much more than that without information. Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 Well 2nd-thought.com is a trojan and yes of course ive tried to remove it... And i am seriously worried about how many bytes i am recieving for just going on a 32k website.. like i am recieving 300kb for a 32kb website could anyone help me manually remove this trojan or tell me if they know of what this may be? Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 ive ran avg with latest definitions and spybot s&d but whats this ccleaner and could u give me a link to a free firewall ( a good one) Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 18, 2006 Share Posted August 18, 2006 Look for kerio/sunbelt personal firewall or zonealarm, both can be found for free on download.com. Quote Link to comment Share on other sites More sharing options...
degoba Posted August 18, 2006 Share Posted August 18, 2006 ive ran avg with latest definitions and spybot s&d but whats this ccleaner and could u give me a link to a free firewall ( a good one) when in doubt reformat. Also hardware firewalls are relatively inexpensive, and can save alot of time and headache. If you have an old computer lying around you could turn that into a firewall as well. http://www.smoothwall.org/ Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 Thanx all ill let you know if i fix it and if i don't :? Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 Ive downloaded zone alarm the best free one on download.com Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 Help! Not Fixed! I got ZoneAlarm and it has picked up the problem... I have 2 generic hosts from Win32 services on my computer so any suggestions on how to remove them? Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 18, 2006 Share Posted August 18, 2006 Just block them from having network access? http://www.kaspersky.com/scanforvirus.html http://www.pandasoftware.com/product..._principal.htm http://housecall.trendmicro.com/ http://www.ravantivirus.com/scan/ http://www.bitdefender.com/scan/licence.php List of online virus checkers if you want a 2nd verdict. If you are worried try doing this: 1: back up your personal data to a DVD or CD, things like docs, save games etc 2: download AVG and Zone alarm to a CD 3: reinstall windows 4: before you do anything at all, even connect it to the net, install AVG and zone alarm. 5: connect to the net again and do a full MS update 6: scan the backups of your personal data for viruses etc, while its on the CD 7: once that has completed, just reinstall your applications that way you can be sure that your computer is protected right from the get go, and that there are no nastys left over from the prior install. I basically hold a policy of "if i don't know what it is, i don't let it do what it wants to do until i'm sure its ok" Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 But i'm 12 and my mum would'nt be happy with me doing that... and zone alarm isn't picking it up... Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 18, 2006 Share Posted August 18, 2006 Can I ask how you know you have this virus? Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 how can i block from network? Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 18, 2006 Share Posted August 18, 2006 /me repeats him self How do you know you have this virus? Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 Basic Symptoms of a Virus: Slow Laggy Computer (Tick) And i have a load of rubbish being downloaded to my computer without me doing anything... And Generic s a type of Trojan and Win32 is a windows microsoft app thing but usually to do with viruses. So hers how i see it... The Generic Win32 is accessing my internet and downloading things... I WANT TO STOP IT!!! IT@S DRIVING ME MAD!!! Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 18, 2006 Share Posted August 18, 2006 Post the list of proccess your computer is running. Edit: Use spybot to create an exported list. Quote Link to comment Share on other sites More sharing options...
stingwray Posted August 18, 2006 Share Posted August 18, 2006 Format and Reinstall. Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 ssu.exe CamTool.exe firefox.exe SUPERAntiSpyware.exe swdoctor.exe msnmsgr.exe ctfmon.exe msmsgs.exe zlclient.exe SpySweeperUI.exe mouse32a.exe avgcc.exe vsnpstd3.exe jusched.exe sprtcmd.exe dragdiag.exe kbdAp32A.exe moffice.exe qttask.exe realplay.exe CamCheck.exe GhostStartTrayApp.exe ccApp.exe explorer.exe alg.exe WindowsSearch.exe NPROTECT.EXE Navapsvc.exe taskmgr.exe MDM.EXE GhostStartService.exe gaurd.exe SAgent2.exe eEBSvc.exe ccEvtMgr.exe avgemc.exe avgupsvc.exe avgamsvr.exe spoolsv.exe vsmon.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe lsass.exe services.exe winlogon.exe csrss.exe smss.exe SpySweeper.exe WindowsSearchIndexer.exe svchost.exe NOPDB.EXE System System Idle Process Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 stingwray my mum would'nt like it and she don't know about this... She gets angry :S... Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 18, 2006 Share Posted August 18, 2006 Which is why (yes, it said it potentialy after you read my last post, so it's partly my fault) I said to use spybot to create a exported list. To create an exported list change spybot to advanced mod, in the tools section selecte process list then click export. Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-08-18 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-08-18 IncludesCookies.sbi 2006-08-18 IncludesDialer.sbi 2006-08-18 IncludesHijackers.sbi 2006-08-18 IncludesKeyloggers.sbi 2004-11-29 IncludesLSP.sbi 2006-08-18 IncludesMalware.sbi 2006-08-18 IncludesPUPS.sbi 2006-08-18 IncludesRevision.sbi 2006-08-18 IncludesSecurity.sbi 2006-08-18 IncludesSpybots.sbi 2005-02-17 IncludesTracks.uti 2006-08-18 IncludesTrojans.sbi PID: 0 ( 0) [system] PID: 492 ( 4) SystemRootSystem32smss.exe PID: 572 ( 492) ??C:WINDOWSsystem32csrss.exe PID: 596 ( 492) ??C:WINDOWSsystem32winlogon.exe PID: 640 ( 596) C:WINDOWSsystem32services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 652 ( 596) C:WINDOWSsystem32lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 792 ( 640) C:WINDOWSsystem32svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 840 ( 640) C:WINDOWSsystem32svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 876 ( 640) C:WINDOWSSystem32svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 920 ( 640) C:WINDOWSSystem32svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1048 ( 640) C:WINDOWSSystem32svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1064 ( 640) C:WINDOWSsystem32ZoneLabsvsmon.exe size: 75768 MD5: ACE93FFFFD1F6B2C3E9F9C996BDEC6DB PID: 1272 ( 640) C:WINDOWSsystem32spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PID: 1376 ( 640) C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe size: 336896 MD5: 9BF46D959F713D64C8FF3DE2B2437863 PID: 1392 ( 640) C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe size: 84480 MD5: 66093610FA61142F6BCFD83AFB7E8A29 PID: 1428 ( 640) C:PROGRA~1GrisoftAVGFRE~1avgemc.exe size: 281088 MD5: 07C595396C6F4631E88F9792E1BECD7E PID: 1452 ( 640) C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe size: 308936 MD5: BA2FEB4DE7146B972FFBFD5D48F3FC90 PID: 1468 ( 640) C:Program FilesCommon FilesEPSONEBAPIeEBSVC.exe size: 77824 MD5: CD64CE62BE47DF0E9A459FD9002221FE PID: 1488 ( 640) C:Program FilesCommon FilesEPSONEBAPISAgent2.exe size: 94208 MD5: 12CDB5DC7774298223099D6E41ED5CE7 PID: 1556 ( 640) C:Program Filesewido anti-spyware 4.0guard.exe size: 172032 MD5: F8D982556A9E0795829632FF0812DC2D PID: 1816 ( 640) C:Program FilesNorton SystemWorksNorton GhostGhostStartService.exe size: 200704 MD5: BC9C77FAC763D84BFDF09B55D4B41AFA PID: 1840 ( 640) C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE size: 315392 MD5: 66F861E308F47B395A12072FA76AA29A PID: 1904 ( 640) C:Program FilesNorton SystemWorksNorton AntiVirusnavapsvc.exe size: 116336 MD5: C313B28853F53818B7AB4698FBB9E911 PID: 1928 ( 640) C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE size: 135168 MD5: 4914A155F9B73317B14F94BBA4A79639 PID: 176 ( 640) C:PROGRA~1NORTON~1SPEEDD~1nopdb.exe size: 172065 MD5: 305365A42F7D38D8D10B233ECE1C84C6 PID: 220 ( 640) C:WINDOWSSystem32svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 268 ( 640) C:Program FilesWebrootSpy SweeperSpySweeper.exe size: 3068928 MD5: 8837B1162A69EF9792D2EFE80A92A109 PID: 2084 ( 640) C:WINDOWSSystem32alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 2480 (2432) C:WINDOWSExplorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 2732 (2480) C:Program FilesCommon FilesSymantec SharedccApp.exe size: 50880 MD5: 0A0ACC6852A00997987FDF8A914755A5 PID: 2792 (2480) C:Program FilesNorton SystemWorksNorton GhostGhostStartTrayApp.exe size: 94208 MD5: 45725CE2A9BD68CF1526728FCFFCC24E PID: 2804 (2480) C:Program FilesNuCamCamCheckCamCheck.exe size: 90112 MD5: F5F03FFC67A4E05E3DD5B07181D2A6E1 PID: 2832 (2480) C:Program FilesRealRealPlayerRealPlay.exe size: 26112 MD5: 849D97FE4CC09CFC2772D10F641E1BAF PID: 2840 (2480) C:Program FilesQuickTimeqttask.exe size: 98304 MD5: C341CCFBE98BC7DF6E0B856BB9FC265A PID: 2864 (2480) C:Program FilesLabtecMouse2.1moffice.exe size: 802816 MD5: E0D694DD19D10AA14871A5AE489EF1BA PID: 2876 (2480) C:Program FilesLabtecMedia KeyboardV5.0KbdAp32A.exe size: 387584 MD5: A2704E47F9AC4CB6469D22A72B477A66 PID: 2884 (2480) C:Program FilesThomsonSpeedTouch USBDragdiag.exe size: 866816 MD5: D40191AA225638AB20E59524CDD74030 PID: 2912 (2480) C:Program FilesTalkTalkbinsprtcmd.exe size: 192512 MD5: E7A42AE15A34EE32004E44FED0F407B2 PID: 2936 (2480) C:Program FilesJavajre1.5.0_07binjusched.exe size: 36975 MD5: 892EB04BC0B1A542A97197D3FA31268F PID: 2952 (2480) C:WINDOWSvsnpstd3.exe size: 339968 MD5: 7AB9C03D02ACCD484896A3C279F0EAC7 PID: 2992 (2480) C:PROGRA~1GrisoftAVGFRE~1avgcc.exe size: 369664 MD5: 32E0D24EAD2A5C7EE7B6AD516EAFE8EE PID: 3036 (2864) C:Program FilesLabtecMouse2.1MOUSE32A.EXE size: 356352 MD5: 53EE2896B37BA5E39AF6C011FEBEE2C8 PID: 3052 (2480) C:Program FilesWebrootSpy SweeperSpySweeperUI.exe size: 3871744 MD5: C1E87DA7B09E0CCA67E0120BF80BCF25 PID: 3064 (2480) C:Program FilesZone LabsZoneAlarmzlclient.exe size: 968696 MD5: D1D3726A8508B6183C620B4F6CE82F70 PID: 3096 (2480) C:Program FilesMessengermsmsgs.exe size: 1694208 MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259 PID: 3104 (2480) C:WINDOWSsystem32ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 3148 (2480) C:Program FilesMSN Messengermsnmsgr.exe size: 5324584 MD5: 12AC5691BDDB838187F2449ABB7009A9 PID: 3332 (2480) C:Program FilesSpyware Doctorswdoctor.exe size: 2083040 MD5: 7BFCA70F2CEE69C174910A497C163776 PID: 3428 (2480) C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe size: 1257472 MD5: 420D1414EB2F212EFAD2462CAB715B6C PID: 4012 (2480) C:Program FilescamtoolVideoMonitorCamTool.exe size: 94208 MD5: 21B7AA86678A99CE52ED17871A9BAD90 PID: 2020 (2480) C:Program FilesMSN Toolbar SuiteDS02.05.0001.1119en-usbinWindowsSearch.exe size: 238080 MD5: 01994DD914B238E4DD43709F41FD84D4 PID: 240 ( 792) C:Program FilesMSN Toolbar SuiteDS02.05.0001.1119en-usbinWindowsSearchIndexer.exe size: 113664 MD5: 100ACC55BDE488C7E2D6DD8C154D615E PID: 3736 (2480) C:Program FilesMozilla Firefoxfirefox.exe size: 7183469 MD5: 2C291E37AB2796FC43944B8219D47C61 PID: 2604 ( 268) C:Program FilesWebrootSpy SweeperSSU.EXE size: 164864 MD5: 39F37E28C643904A79AD5A45ECA7B2A9 PID: 2564 (2480) C:Program FilesSpybot - Search & DestroySpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 18, 2006 Share Posted August 18, 2006 If your mum doesn't understand, just point her here and we'll explain why this needs to be done. Its a simple operation, and if you have a 2nd PC, i'll talk you threw it on IRC if you want. Should take about 3 hours start to finish. As sparda says, we're not 100% sure you have a virus yet, but imo SUPERAntiSpyware.exe doesn't bode well. By the sounds of it though, you do have a pile of crap on the system thats slowing it down, and there isn't an easy way to fix it. (anyone else remeber when Mr Balmer sent in a bunch of high end windows enginers to fix a mates spyware riddled box, and they had to give up in the end). edit: Norton is crap btw, a good move would be removing it. Quote Link to comment Share on other sites More sharing options...
Mr Andrewson Posted August 18, 2006 Author Share Posted August 18, 2006 No trust me my mum doesn't understand anything to do with computers... and i don't have a second computer... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.