Computer grinding toahalt

Recently, I have found that my laptop almost gives upon me - it takes an
age to start up, seems to have something draining the memory, refuses to
allow AdAware to update and generally slows down until it is virtually
unusable. And it's getting worse!

Can anyone suggest whether or not malware is the issue?

The Hijack this thread is below.

Cheers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:42, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TCM\TCM Mouse Only\MouseDrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program
Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY]
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program
Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program
Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program
Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program
Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonit or
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\TCM\TCM Mouse
Only\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program
Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C42 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON
Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200
Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program
Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKCU\..\Run: [Creative Detector] C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [JAVA_IBM] Java (IBM)
O17 -
HKLM\System\CCS\Services\Tcpip\..\{07AD21C6-CBEE-4CAB-88F1-8 0178860B5B4}:
NameServer = 85.255.113.132,85.255.112.84
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2ED3D74B-4B9F-4652-9C3A-1 B707CDBFB25}:
NameServer = 85.255.113.132,85.255.112.84
O17 -
HKLM\System\CCS\Services\Tcpip\..\{5286690A-2E52-4528-B337-F D593684B538}:
NameServer = 85.255.113.132,85.255.112.84
O17 -
HKLM\System\CCS\Services\Tcpip\..\{562D2C36-B2EB-4533-9C12-B 5F19DB1AF86}:
NameServer = 85.255.113.132,85.255.112.84
O17 -
HKLM\System\CCS\Services\Tcpip\..\{67193EE9-EB56-433C-BC2D-9 88DDAC712FE}:
NameServer = 85.255.113.132,85.255.112.84
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7D8B2982-5E72-4A6F-BA9D-C 1DE2CBB12ED}:
NameServer = 85.255.113.132,85.255.112.84
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B04C4B4A-1F4D-426E-8815-8 57288BD0E3E}:
NameServer = 85.255.113.132,85.255.112.84
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
85.255.113.132 85.255.112.84
O17 -
HKLM\System\CS1\Services\Tcpip\..\{07AD21C6-CBEE-4CAB-88F1-8 0178860B5B4}:
NameServer = 85.255.113.132,85.255.112.84
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
85.255.113.132 85.255.112.84
O17 -
HKLM\System\CS2\Services\Tcpip\..\{07AD21C6-CBEE-4CAB-88F1-8 0178860B5B4}:
NameServer = 85.255.113.132,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
85.255.113.132 85.255.112.84
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
EPSON CORPORATION - C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner -
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner -
C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner -
C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation -
C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner -
C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10549 bytes


--
Wits End
------------------------------------------------------------ ------------
Wits End's Profile: http://forums.techarena.in/member.php?userid=30003
View this thread: http://forums.techarena.in/showthread.php?t=808299

http://forums.techarena.in

Re: Computer grinding toahalt

And you wonder? Your system is loaded full of shit.It is infected with IBM
driver stuff, Epson printer shit, Creative driver shit, a mouse driver, well
known malware like ZoneAlarm, GMail Notifier, MSN Messenger, RealPlayer and
iTunes. Your IE was hijacked by SkyBroadband and Yahoo after the system has
been rooted.

Nothing else than being utterly broken is to be expected.

Re: Computer grinding toahalt

Sebastian G.;3116683 Wrote:
> And you wonder? Your system is loaded full of ****.It is infected with
> IBM
> driver stuff, Epson printer ****, Creative driver ****, a mouse driver,
> well
> known malware like ZoneAlarm, GMail Notifier, MSN Messenger, RealPlayer
> and
> iTunes. Your IE was hijacked by SkyBroadband and Yahoo after the system
> has
> been rooted.
>
> Nothing else than being utterly broken is to be expected.

Yeah, I wondered. I didn't realise that just asking for help would
prompt that type of response. How helpful.


--
Wits End
------------------------------------------------------------ ------------
Wits End's Profile: http://forums.techarena.in/member.php?userid=30003
View this thread: http://forums.techarena.in/showthread.php?t=808299

http://forums.techarena.in

Re: Computer grinding toahalt

> Sebastian G.;3116683 Wrote:
>> And you wonder? Your system is loaded full of ****.
>
> Yeah, I wondered. I didn't realise that just asking for help would
> prompt that type of response. How helpful.
>

Expect it from Sebastian who knows no good software. :-)

Re: Computer grinding toahalt

Wits End wrote:

> HKLM\System\CCS\Services\Tcpip\..\{07AD21C6-CBEE-4CAB-88F1-8 0178860B5B4}:
> NameServer = 85.255.113.132,85.255.112.84

These are malicius DNS servers, usually seen in a case of malware infection.

Beside this, I don't see any other malicius process. So Hijackthis is
either tricked by malware (try to rename hijackthis executable), or you
have running rootkit or process infector.
These DNS servers show that your system is compromised, i.e. your
computer is *infected*

Disconnect from internet ASAP, flatt and rebuild your system (format
then clean installation).

http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx

Re: Computer grinding toahalt

"Sebastian G." wrote in message
news:5jddibF3tfc1nU1@mid.dfncis.de...
> And you wonder? Your system is loaded full of shit.It is infected with IBM
> driver stuff, Epson printer shit, Creative driver shit, a mouse driver,
> well known malware like ZoneAlarm, GMail Notifier, MSN Messenger,
> RealPlayer and

RealPlayer is NOT malware.

Re: Computer grinding toahalt

Bud wrote:

>> Sebastian G.;3116683 Wrote:
>>> And you wonder? Your system is loaded full of ****.
>> Yeah, I wondered. I didn't realise that just asking for help would
>> prompt that type of response. How helpful.
>>
>
> Expect it from Sebastian who knows no good software. :-)


I know a lot of good software. However, in this case it's only important to
know bad software. All of the mentioned one are highly suspectible to cause
the described symptoms.

And yes, usually bad software is a much more reasonable explanation than
malware.

Re: Computer grinding toahalt

Chilly8 wrote:

> "Sebastian G." wrote in message
> news:5jddibF3tfc1nU1@mid.dfncis.de...
>> And you wonder? Your system is loaded full of shit.It is infected with IBM
>> driver stuff, Epson printer shit, Creative driver shit, a mouse driver,
>> well known malware like ZoneAlarm, GMail Notifier, MSN Messenger,
>> RealPlayer and
>
> RealPlayer is NOT malware.

- puts a useless tray icon into the notification area
- always bogs around with file associations
- highly complex configuration, and if you don't access it through the
control panel applet it will connect to the net without any chance to cancel
- annoys with a lot of advertisement
- limits your ability to save streams based upon a flag without offering any
choice
- hogs system resources like hell

Definitely malicious behaviour with the matching intend behind.

Re: Computer grinding toahalt

Post removed (X-No-Archive: yes)

Re: Computer grinding toahalt

Chilly8 wrote:


> However, it is what is required if you want to listen to music
> from many Internet radio stations,


Bullshit. VideoLanClient exists, MPlayer exists.

> and with one deal the RIAA concluded America, many internet

> stations will have to use anti-streamripping technology only found
> in RealPlayer or Windows Media Player,

Or almost any stream-ripping tool.

Re: Computer grinding toahalt

Post removed (X-No-Archive: yes)

Re: Computer grinding toahalt

Wits End wrote:

> Yeah, I wondered. I didn't realise that just asking for help would
> prompt that type of response. How helpful.

I think a complete reinstall is your only option. And go easy on the
add-ons, hey, why not try Linux this time round? You know you'll love
it :).

--
Jamin @ Home: Chester UK -

Re: Computer grinding toahalt

Chilly8 wrote:


> Well, DRM-protected streams require either WMP
> or Real Player to listen.


No. DRM-protected streams requires a virtual machine running a Windows
installation with horribly insecurity and misconfiguration, plus an audio
recording application in the host OS.

>> Or almost any stream-ripping tool.
>
> However, a change to the DMCA, made last year, now makes
> personal use of cracks illegal.


This is no crack. It is about using a computer as what it is: an universal
calculation machine. Just this fact alone disproves the claim of any kind of
protection.

> It is that change that makes it illegal for employer to try and
> figure out what is going on, if somoene is listening to a DRM-
> protected stream, as any attempt to crack the encryption is
> a felony crime in America, Sweden, and Britain.


Oh, so you enjoy spreading this bullshitty propaganda?

> It is now illegal to crack DRM for any reason, including monitoring
> of employees.


LOL? DRM is illegal and therefore doesn't enjoy any legal protection. Besid
ethat, we're talking about typical computers, where by definition no copy
protection scheme can exist at all.

Re: Computer grinding toahalt

"Wits End" wrote in message
news:Wits.End.2vxcrf@DoNotSpam.com...
>
> Recently, I have found that my laptop almost gives upon me - it takes an
> age to start up, seems to have something draining the memory, refuses to
> allow AdAware to update and generally slows down until it is virtually
> unusable. And it's getting worse!
>
> Can anyone suggest whether or not malware is the issue?
>

Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.

*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -

(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_L ogs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=17 0)
(http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d328 9dd877ab75a8220bff6&showforum=29)

Re: Computer grinding toahalt

Kayman wrote:
> "Wits End" wrote:
>> Recently, I have found that my laptop almost gives upon me - it takes
>> an age to start up, seems to have something draining the memory,
>> refuses to allow AdAware to update and generally slows down until it
>> is virtually unusable. And it's getting worse!
>>
>> Can anyone suggest whether or not malware is the issue?
>
> Once done > run HijackThis > save a scan log and post it to /any/ of
> the following (expert) forums for analysis.

Or he could not post the log to any of those forums and just use [1]
instead. However, I agree with @lf that the nameservers look really
fishy (the addresses belong to an ukrainian hosting company), so I
second the suggestion to flatten and rebuild the box.

[1] http://www.hijackthis.de/

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Computer grinding toahalt

"Sebastian G." wrote in message
news:5jejelF3tmh9vU1@mid.dfncis.de...



> LOL? DRM is illegal and therefore doesn't enjoy any legal protection.
> Besid ethat, we're talking about typical computers, where by definition no
> copy protection scheme can exist at all.

DRM is is legal, and is protected by the DMCA. Any attempt
to crack, sniff, or analise DRM, in the U.S., is illegal. As far as
the Feds are concerned DRM is protected under the DMCA.

Re: Computer grinding toahalt

"Jamin Davis" wrote in message
news:0qf9q4-85l.ln1@ID-307283.user.individual.net...
> Wits End wrote:
>
>> Yeah, I wondered. I didn't realise that just asking for help would
>> prompt that type of response. How helpful.
>
> I think a complete reinstall is your only option. And go easy on the
> add-ons, hey, why not try Linux this time round? You know you'll love
> it :).

Windows is a MUST for computing existence. The colleges
drum it into the students from day 1 that Bill Gates is GOD
when it comes to computing. You cannot do anything
without Windows.

Re: Computer grinding toahalt

"Chilly8" wrote in message
news:fata4u$dq3$1@aioe.org...
>
> "Sebastian G." wrote in message
> news:5jejelF3tmh9vU1@mid.dfncis.de...
>
>
>
>> LOL? DRM is illegal and therefore doesn't enjoy any legal protection.
>> Besid ethat, we're talking about typical computers, where by definition
>> no copy protection scheme can exist at all.
>
> DRM is is legal, and is protected by the DMCA. Any attempt
> to crack, sniff, or analise DRM, in the U.S., is illegal. As far as
> the Feds are concerned DRM is protected under the DMCA.
>

http://news.com.com/Linux+felon+forced+to+install+Windows/21 00-1030_3-6204348.html?tag=item

;-)

Re: Computer grinding toahalt

Chilly8 wrote:


> DRM is is legal,


DRM is about tricking the user to install a malicious software that
illegaliy enforces unlawful restrictions against the user. Clearly illegal.

> and is protected by the DMCA.


LOL? How should it? My sour gerkies aren't protected by the DCMA either.

Re: Computer grinding toahalt

"Sebastian G." wrote in message
news:5jf3v5F3t86knU1@mid.dfncis.de...
> Chilly8 wrote:
>
>
>> DRM is is legal,
>
>
> DRM is about tricking the user to install a malicious software that
> illegaliy enforces unlawful restrictions against the user. Clearly
> illegal.

The DMCA says otherwise. And also software license agrrements
say so. One thing that is slowing the migration to Vista is a
clause that says that you will activate the product and "assign"
it to a device, and not do anything like bomb your hard disk
and reinstall Vista every 30 days (like a lot of people do with
XP), or attempt to use any cracks, such as WPA_KILL. The
software agreement makes it legal, so its legal. The EULA
is a legally binding agreement, so Microsoft has the right to
impose its version of DRM on Vista users, becuase its
written into the agreement and enforceable under the
DMCA.

The DMCA and/or software EULAs make such practices
legal.

Of course, since you are in Germany, where the are is no
DMCA-like law (yet), you can circumvent DRM to your
hearts content, and the software the music companies cant
do anything about it, as long as its for your own personal use,'
but users in the U.S., U.K., Australia and Sweden ARE
subject to these laws, and Microsoft is ALLOWED to
enforce such agreements, BY LAW in those countries.

>
>> and is protected by the DMCA.
>
>
> LOL? How should it? My sour gerkies aren't protected by the DCMA either.

In the U.S, U.K, Australia, and Sweden, DRM is legal and protected
by DMCA-type laws.

Re: Computer grinding toahalt

Chilly8 wrote:

> "Sebastian G." wrote in message
> news:5jf3v5F3t86knU1@mid.dfncis.de...
>> Chilly8 wrote:
>>
>>
>>> DRM is is legal,
>>
>> DRM is about tricking the user to install a malicious software that
>> illegaliy enforces unlawful restrictions against the user. Clearly
>> illegal.
>
> The DMCA says otherwise.


The DCMA doesn't define DRM. Neither does it cover DRM.

> And also software license agrrements say so. [...]

> The software agreement makes it legal, so its legal.


You might want to ask a competent laywer...

>> LOL? How should it? My sour gerkies aren't protected by the DCMA either.
>
> In the U.S, U.K, Australia, and Sweden, DRM is legal and protected
> by DMCA-type laws.

DCMA-type laws cover copy protection schemes, not DRM.

Re: Computer grinding toahalt

Ansgar -59cobalt- Wiechers wrote:
....
> instead. However, I agree with @lf that the nameservers look really
> fishy (the addresses belong to an ukrainian hosting company), so I
> second the suggestion to flatten and rebuild the box.
....

I analysed logs like this one before, those nameservers are usually in
connection with trojan known as Zlob (it trick user by representing
itself as codec). But it doesn't have to be Zlob, it can be something
else as well.

Nameservers use DNS spoofing methods to redirect user usually on porn
advertising sites, but not every time, about 30% DNS resolves result in
redirection to porn advertising site. Also they redirect AV/antispyware
updates, if AV software uses DNS names instead of IP addresses update
is impossible.

He can try with SmithFraudFix, but IMHO that is lost battle. To flat and
rebulid the box is the only way to win.

HijackThis was obviously "tricked" by malware, since beside nameservers
there is nothing else (AV never clean everything there should be at
least registry keys point to missing files).

His box is compromised, and I don't doubt in that.

Re: Computer grinding toahalt

Thanks or the advice all. I had hoped for less dramatic action. Does
this mean that any banking etc could be compromised?


--
Wits End
------------------------------------------------------------ ------------
Wits End's Profile: http://forums.techarena.in/member.php?userid=30003
View this thread: http://forums.techarena.in/showthread.php?t=808299

http://forums.techarena.in

Re: Computer grinding toahalt

"Wits End" wrote in message
news:Wits.End.2vz7fl@DoNotSpam.com...
>
> Thanks or the advice all. I had hoped for less dramatic action. Does
> this mean that any banking etc could be compromised?
>
>
>

Don't those institutions ask you additional questions to verify your
credentials that only you would know to conduct a transaction, even after
you're able to logon to the site?

Now, a key logger could be running on the machine that can gather
information while you typed it --- no doubt.

But on the other hand, if a user is taken in the manner you're concerned
about, then the user was absolutely involved in his or her demise, like they
were directed to a site and gave the information up, because he or she got
an email requesting such information so that he or she could be taken, or
other such trickery. That's usually how it's going to happen.

But you can do some things to better protect yourself to reduce your attack
vector as much as possible.

http://www.claymania.com/safe-hex.html
http://labmice.techtarget.com/articles/winxpsecuritychecklis t.htm

Re: Computer grinding toahalt

Wits End wrote:
> Thanks or the advice all. I had hoped for less dramatic action. Does
> this mean that any banking etc could be compromised?

Yes.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Computer grinding toahalt

You were the one who said, that laws are only locally binding?

> The DMCA says otherwise. And also software license agrrements
> say so.

Most anglo-saxons license agreements fail miserably in
German environments (or environments with a similarily structured legal
system).


> XP), or attempt to use any cracks, such as WPA_KILL. The
> software agreement makes it legal, so its legal.

As long as it does not violate a law. And no, civilised countries
usually do not have case law, where not the lawyer with better
reasoning, but with the better library wins.

> The EULA
> is a legally binding agreement,

Over here usually not, since you only learn the details, after you
bought it. ("shrink wrap" license agreements in general are more than
tricky!)

>so Microsoft has the right to
> impose its version of DRM on Vista users, becuase its
> written into the agreement and enforceable under the
> DMCA.

Might be correct for the USofA.

> Of course, since you are in Germany, where the are is no
> DMCA-like law (yet),

There is, in fact, a comparable law.

>Sweden

Nice example, check your facts.

Cheers,
Jens

Re: Computer grinding toahalt

Mr. Arnold;3118943 Wrote:
> "Wits End" wrote in message
> news:Wits.End.2vz7fl@DoNotSpam.com...
> >
> > Thanks or the advice all. I had hoped for less dramatic action. Does
> > this mean that any banking etc could be compromised?
> >
> >
> >
>
> Don't those institutions ask you additional questions to verify your
> credentials that only you would know to conduct a transaction, even
> after
> you're able to logon to the site?
>
> Now, a key logger could be running on the machine that can gather
> information while you typed it --- no doubt.
>
> But on the other hand, if a user is taken in the manner you're
> concerned
> about, then the user was absolutely involved in his or her demise, like
> they
> were directed to a site and gave the information up, because he or she
> got
> an email requesting such information so that he or she could be taken,
> or
> other such trickery. That's usually how it's going to happen.
>
> But you can do some things to better protect yourself to reduce your
> attack
> vector as much as possible.
>
> http://www.claymania.com/safe-hex.html
> http://labmice.techtarget.com/articles/winxpsecuritychecklis t.htm

Thanks. I am careful not to get hit by those things - to the point
where I have argued with my bank when they legitimately ask for such
questions. However, I am holding off using any online payment until I
am certain.


--
Wits End
------------------------------------------------------------ ------------
Wits End's Profile: http://forums.techarena.in/member.php?userid=30003
View this thread: http://forums.techarena.in/showthread.php?t=808299

http://forums.techarena.in

Re: Computer grinding toahalt

"Sebastian G." wrote in message
news:5jf9pgF3rs896U1@mid.dfncis.de...
> Chilly8 wrote:


>> In the U.S, U.K, Australia, and Sweden, DRM is legal and protected
>> by DMCA-type laws.
>
> DCMA-type laws cover copy protection schemes, not DRM.

DRM is a form of copy protection and is, therefore, covered under
the DMCA, and is therefore legal.

Re: Computer grinding toahalt

Chilly8 wrote:

> "Sebastian G." wrote in message
> news:5jf9pgF3rs896U1@mid.dfncis.de...
>> Chilly8 wrote:
>
>
>>> In the U.S, U.K, Australia, and Sweden, DRM is legal and protected
>>> by DMCA-type laws.
>> DCMA-type laws cover copy protection schemes, not DRM.
>
> DRM is a form of copy protection


Says who? If it's implemented on a general purpose computer, this is
obviously wrong.

> and is, therefore, covered under the DMCA, and is therefore legal.

Being covered by some legal protection doesn't mean anything for illegal things.