Complicated ... maybe virus/trojan ... (crossposting)

  • Thread starter Thread starter Bob
  • Start date Start date
B

Bob

I posted the following message in the 24hourhelpdesk group ...
only relevant answer below ... I've run CWShredder and that said my
machine was clean ... haven't done HiJackThis yet ... have also
updated and rerun all the antivirus and trojan programs mentioned ...
they show nothing ...

Any ideas from this group as to what might have landed on my
machine?

---------------------------------------------------------------------------------------------------------------------------------

(This is my original posting.)
Bear with me on this ... Win98SE

Was online ... doing usual stuff ... saw a 'progress bar'
flash across the screen ... the sort of thing you get when downloading
or deleting files ... but too fast to see what it was.

Shut down everything in the SysTray except EZ-AV (real-time
protection was enabled) and ZoneAlarm.

Control-alt-delete showed nothing unusual running. Then tried "What's
Happening" to show running processes ... saw pstores.exe which I had
never noticed before ... but google shows it to probably be harmless.

Tried to reboot ... and among other things, Windows said that "Spyware
Remover" was not responding ... I don't have this on my machine (I
hope) and never did. But it sure was in memory.

Rebooted and ran updated EZ-AV, TDS-3, Stinger, Housecall,
Spybot, and Ad-Aware. Nothing found by any of those.

Reset all access in ZA to ask first ... then rebooted.

Now after after I'm up and online for a few minutes, ZA blocks
an attempt to send a packet out ... even though it's asking for every
other program, it doesn't ask on this attempt ... just logs it as "TCP
flags s)" with no program name shown ... most recent attempt was to
connect with server.bodhostdns2.com ... and the 'analysis' on the ZA
site is "ZoneAlarm has blocked an outgoing communication from your
computer to port 80 on a remote computer whose IP address is
66.98.212.46."

Anybody got any ideas here? None of the antivirus/antitrojan programs
I use show anything..

Sorry to be so long winded ... ... but I'm baffled and suspicious.

Thanks.
Click to expand...
---------------------------------------------------------------------------------------------------------------------------------

(This is the response in the other newsgroup)

Download and use the following:

CWShredder (CoolWebSearch remover)
http://www.spywareinfo.com/~merijn/cwschronicles.html
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

HijackThis
http://mjc1.com/mirror/hjt/

If your issue isn't resolved by the above steps, post the
full contents of the HijackThis log here.

---------------------------------------------------------------------------------------------------------------------------------
 
Bob said:
I posted the following message in the 24hourhelpdesk group ...
only relevant answer below ... I've run CWShredder and that said my
machine was clean ... haven't done HiJackThis yet ...
Click to expand...

Since they have welcomed you to post your HijackThis log
for them to analyze, I suggest that you do so. They will be
able to point out other things you have on your system that
you don't want or need also.

People are starting to depend too much on removal programs.
 
Back
Top