HELP PLEASE !! Browser Problem

  • Thread starter Thread starter Shayne Robinson
  • Start date Start date
S

Shayne Robinson

Any help on this would be greatly appreciated
reboot the cablemodem. Restart both pc's. I don't think this problem
is malware related.
Click to expand...


I did that before I posted my plea for help.

Also ran Spybot S&D with no improvement and did a complete AV scan
with Norton AV 2005 (updated today)

Another suspicious thing, I tried a System Restore, and cannot go back
to before the problem started, i.e. no System Restore Point older than
48 hours is available.

We do have Mozilla installed on one PC, and that is also unable to
browse any web pages.
 
Shayne Robinson, 9/17/2005,
Any help on this would be greatly appreciated



I did that before I posted my plea for help.

Also ran Spybot S&D with no improvement and did a complete AV scan
with Norton AV 2005 (updated today)

Another suspicious thing, I tried a System Restore, and cannot go back
to before the problem started, i.e. no System Restore Point older than
48 hours is available.

We do have Mozilla installed on one PC, and that is also unable to
browse any web pages.
Click to expand...

Are there any error messages? Do you have a firewall blocking IE
perchance?
 
Shayne Robinson, 9/17/2005,


Are there any error messages? Do you have a firewall blocking IE
perchance?
Click to expand...

No error messages at all, only firewall is Win XP and I have tried
with that turned off too. Remember, this is happening on two PCs and
with Mozilla as well as IE
 
Any help on this would be greatly appreciated
Click to expand...
*************** REPLY SEPARATER ****************
Unfortunately, any Web Browser is a poor tool to test Internet Connectivity.
Try using the ping tool. Ping the web site you are trying to visit. This tests
both DNS functiionality and the availability of the server. But be aware that
certain sites (eg. MS & CNN) block pings. If you can connect, then look at the
transit times. If the transit times vary widely, then you may have a packet
loss problem.

J.A. Coutts
 
*************** REPLY SEPARATER ****************
Unfortunately, any Web Browser is a poor tool to test Internet Connectivity.
Try using the ping tool. Ping the web site you are trying to visit. This tests
both DNS functiionality and the availability of the server. But be aware that
certain sites (eg. MS & CNN) block pings. If you can connect, then look at the
transit times. If the transit times vary widely, then you may have a packet
loss problem.

J.A. Coutts
Click to expand...
ok, first ping is google.com

second ping is msn.com (Australia, might be ninemsn.com.au I think)

third ping is dell.com

fourth ping is thecouriermail.com.au (local newspaper)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Program Files\Common Files\Microsoft Shared\MSInfo>ping
64.233.187.99

Pinging 64.233.187.99 with 32 bytes of data:

Reply from 64.233.187.99: bytes=32 time=236ms TTL=240
Reply from 64.233.187.99: bytes=32 time=231ms TTL=240
Reply from 64.233.187.99: bytes=32 time=236ms TTL=240
Reply from 64.233.187.99: bytes=32 time=232ms TTL=240

Ping statistics for 64.233.187.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 231ms, Maximum = 236ms, Average = 233ms

C:\Program Files\Common Files\Microsoft Shared\MSInfo>ping
207.46.20.30

Pinging 207.46.20.30 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.20.30:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Common Files\Microsoft Shared\MSInfo>ping
143.166.224.178

Pinging 143.166.224.178 with 32 bytes of data:

Reply from 143.166.224.178: bytes=32 time=216ms TTL=235
Reply from 143.166.224.178: bytes=32 time=214ms TTL=235
Reply from 143.166.224.178: bytes=32 time=215ms TTL=235
Reply from 143.166.224.178: bytes=32 time=215ms TTL=235

Ping statistics for 143.166.224.178:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 214ms, Maximum = 216ms, Average = 215ms

C:\Program Files\Common Files\Microsoft Shared\MSInfo>ping
198.142.23.80

Pinging 198.142.23.80 with 32 bytes of data:

Reply from 198.142.23.80: bytes=32 time=22ms TTL=59
Reply from 198.142.23.80: bytes=32 time=21ms TTL=59
Reply from 198.142.23.80: bytes=32 time=21ms TTL=59
Reply from 198.142.23.80: bytes=32 time=25ms TTL=59

Ping statistics for 198.142.23.80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 25ms, Average = 22ms

C:\Program Files\Common Files\Microsoft Shared\MSInfo>
=====================================================================

This doesn't tell me a hell of a lot as to why the browser is unable
to open the web pages, and more specifically why three browsers on two
machines failed at the same time.

I can only guess that our systems have somehow been compromised by a
virus or trojan which has eluded my AV (Norton Anti Vrus 11.0.11.4)

I also turned Norton Internet Security off and tried to connect, but
no go.
 
This doesn't tell me a hell of a lot as to why the browser is unable
to open the web pages, and more specifically why three browsers on two
machines failed at the same time.

I can only guess that our systems have somehow been compromised by a
virus or trojan which has eluded my AV (Norton Anti Vrus 11.0.11.4)

I also turned Norton Internet Security off and tried to connect, but
no go.
Click to expand...
***************** REPLY SEPARATER *****************
What it tells you is that there does not appear to be a connectivity issue. The
transit times are long, but they are relatively consistent. It would appear
that you only have a problem over port 80, the http port. Just to confirm that,
choose one of the pings and add a -t option.

ping -t 64.233.187.99

After a page of these, you can stop it with a Control-c. There should be no
timeouts. After a fresh restart, enter the command:

netstat -an

This will show you all the ports on your machine that are in the listening
mode. Use the Alt-Tab to flip back to Windows and attempt to access a web page.
Now flip back to the Command Prompt and repeat the same command. If you were
able to contact the site in question, there should now be some port 80's in the
established mode or waiting for a timeout. The port your machine used to submit
the request should be connected to the same IP in the listening mode. This
tells you that the connection was made and the site at least attempted to
fulfill your request. If this is all satisfactory, then it has something to do
with the way your machine is handling the incoming data.

J.A. Coutts
 
***************** REPLY SEPARATER *****************
What it tells you is that there does not appear to be a connectivity issue. The
transit times are long, but they are relatively consistent. It would appear
that you only have a problem over port 80, the http port. Just to confirm that,
choose one of the pings and add a -t option.

ping -t 64.233.187.99

After a page of these, you can stop it with a Control-c. There should be no
timeouts. After a fresh restart, enter the command:

netstat -an

This will show you all the ports on your machine that are in the listening
mode. Use the Alt-Tab to flip back to Windows and attempt to access a web page.
Now flip back to the Command Prompt and repeat the same command. If you were
able to contact the site in question, there should now be some port 80's in the
established mode or waiting for a timeout. The port your machine used to submit
the request should be connected to the same IP in the listening mode. This
tells you that the connection was made and the site at least attempted to
fulfill your request. If this is all satisfactory, then it has something to do
with the way your machine is handling the incoming data.

J.A. Coutts
Click to expand...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Shayne Robinson>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:1055 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1041 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1053 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:1055 127.0.0.1:1025 ESTABLISHED
TCP 192.168.2.3:139 0.0.0.0:0 LISTENING
TCP 192.168.2.3:1054 208.172.158.221:80 SYN_SENT
TCP 192.168.2.3:1056 198.142.23.48:80 SYN_SENT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:9370 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.2.3:123 *:*
UDP 192.168.2.3:137 *:*
UDP 192.168.2.3:138 *:*
UDP 192.168.2.3:1900 *:*

C:\Documents and Settings\Shayne Robinson>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:1183 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:1195 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1041 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1183 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:1195 127.0.0.1:1025 ESTABLISHED
TCP 192.168.2.3:139 0.0.0.0:0 LISTENING
TCP 192.168.2.3:1072 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1081 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1087 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1091 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1093 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1095 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1099 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1101 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1103 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1105 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1107 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1109 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1111 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1115 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1117 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1119 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1121 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1123 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1125 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1127 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1132 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1139 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1141 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1145 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1149 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1151 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1153 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1157 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1161 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1165 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1167 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1169 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1171 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1177 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1179 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1181 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1184 207.46.253.157:80 SYN_SENT
TCP 192.168.2.3:1185 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1187 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1189 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1192 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1194 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1196 66.94.231.82:80 SYN_SENT
TCP 192.168.2.3:1198 209.133.111.196:21 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:9370 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1129 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.2.3:123 *:*
UDP 192.168.2.3:137 *:*
UDP 192.168.2.3:138 *:*
UDP 192.168.2.3:1900 *:*

C:\Documents and Settings\Shayne Robinson>
===================================================================

This is the result.

After the ping -t I re-booted

Then ran netstat -an

Then I attempted to log onto www.thecouriemail.com.au (198.142.23.55)
in IE

Then entered netstat -an again

hope thi smakes more sense to you than it does to me, I'm afraid that
although I do consider myself moderately computer literate, some of
this is right over my head.

But once again, I appreciate all the help I can get.
 
You did not tell us that were operating behind a NAT router. But that is not
the problem. Your computer has initiated multple FTP sessions with
[209.133.111.196] (reserved.mfnx.net). This IP is registered to:
---------------------------------------------
CustName: SPEEDERA,
Address: 4800 Great America Parkway
City: Santa Clara
StateProv: CA
PostalCode: 00000
Country: US
RegDate: 2004-03-23
Updated: 2004-03-23

NetRange: 209.133.111.192 - 209.133.111.255
---------------------------------------------------
I would say that you defintely have a problem of a viral nature.

J.A. Coutts
**************** REPLY SEPARATER ****************
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Shayne Robinson>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:1055 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1041 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1053 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:1055 127.0.0.1:1025 ESTABLISHED
TCP 192.168.2.3:139 0.0.0.0:0 LISTENING
TCP 192.168.2.3:1054 208.172.158.221:80 SYN_SENT
TCP 192.168.2.3:1056 198.142.23.48:80 SYN_SENT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:9370 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.2.3:123 *:*
UDP 192.168.2.3:137 *:*
UDP 192.168.2.3:138 *:*
UDP 192.168.2.3:1900 *:*

C:\Documents and Settings\Shayne Robinson>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:1183 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:1195 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1041 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1183 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:1195 127.0.0.1:1025 ESTABLISHED
TCP 192.168.2.3:139 0.0.0.0:0 LISTENING
TCP 192.168.2.3:1072 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1081 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1087 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1091 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1093 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1095 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1099 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1101 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1103 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1105 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1107 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1109 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1111 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1115 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1117 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1119 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1121 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1123 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1125 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1127 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1132 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1139 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1141 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1145 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1149 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1151 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1153 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1157 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1161 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1165 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1167 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1169 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1171 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1177 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1179 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1181 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1184 207.46.253.157:80 SYN_SENT
TCP 192.168.2.3:1185 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1187 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1189 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1192 209.133.111.196:21 TIME_WAIT
TCP 192.168.2.3:1194 209.133.111.196:21 ESTABLISHED
TCP 192.168.2.3:1196 66.94.231.82:80 SYN_SENT
TCP 192.168.2.3:1198 209.133.111.196:21 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:9370 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1129 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.2.3:123 *:*
UDP 192.168.2.3:137 *:*
UDP 192.168.2.3:138 *:*
UDP 192.168.2.3:1900 *:*

C:\Documents and Settings\Shayne Robinson>
===================================================================

This is the result.

After the ping -t I re-booted

Then ran netstat -an

Then I attempted to log onto www.thecouriemail.com.au (198.142.23.55)
in IE

Then entered netstat -an again

hope thi smakes more sense to you than it does to me, I'm afraid that
although I do consider myself moderately computer literate, some of
this is right over my head.

But once again, I appreciate all the help I can get.
Click to expand...
 
From: "John Coutts" <[email protected]>

| You did not tell us that were operating behind a NAT router. But that is not
| the problem. Your computer has initiated multple FTP sessions with
| [209.133.111.196] (reserved.mfnx.net). This IP is registered to:
| ---------------------------------------------
| CustName: SPEEDERA,
| Address: 4800 Great America Parkway
| City: Santa Clara
| StateProv: CA
| PostalCode: 00000
| Country: US
| RegDate: 2004-03-23
| Updated: 2004-03-23
|
| NetRange: 209.133.111.192 - 209.133.111.255
| ---------------------------------------------------
| I would say that you defintely have a problem of a viral nature.
|
| J.A. Coutts
| **************** REPLY SEPARATER ****************
| In article <[email protected]>,


Speedera is not really related to malware. Speedera is high speed clustered server service
for many computers who distribute updates. McAfee uses this in fact they use Speedera for
an FTP service providing a mirror to McAfee's FTP server -- ftp.nai.speedera.net Which
resolves to... 63.209.221.236

http://www.naukri.com/gpw/speedera/about.htm
 
There are too many links from your computer to the ftp of
209.133.111.196.I It is very unusually.I think your computer has been
broken in by hacker.And he/she is make use of your computer to attack
the ftp service of 209.133.111.196,like DDOS.Find the hack tools,and
delete it.Maybe it is the kernel-class backdoor,so anti-virus often
can't find it.
Let Security Expert help you.Run Security Expert,go to tools -> process
manage,find the backdoor process,and delete it.Then go to
tools->Autorun,find the startup program of the backdoor,and delete
it.The last,find the file of the backdoor in your computer,and delete
it.
Go to http://securityexpert.cnns.net/download/securityexpert.exe to
download the software.
You can make judgement of a suspicious process easily by this way:
1) Run Security Expert,click Security Tools->Process Manage
2) Choose "Hide windows' process" to help you to remove legitimate
process of system
3) Notice suspicious process with special color marked by Security
Expert
4) Notice whole route of the process is not in "program files"
5) If the process doesn't have information of companyname,the process
possible is a backdoor or a worm.
 
There are too many links from your computer to the ftp of
209.133.111.196.I It is very unusually.I think your computer has been
broken in by hacker.And he/she is make use of your computer to attack
the ftp service of 209.133.111.196,like DDOS.Find the hack tools,and
delete it.Maybe it is the kernel-class backdoor,so anti-virus often
can't find it.
Let Security Expert help you.Run Security Expert,go to tools -> process
manage,find the backdoor process,and delete it.Then go to
tools->Autorun,find the startup program of the backdoor,and delete
it.The last,find the file of the backdoor in your computer,and delete
it.
Go to http://securityexpert.cnns.net/download/securityexpert.exe to
download the software.
You can make judgement of a suspicious process easily by this way:
1) Run Security Expert,click Security Tools->Process Manage
2) Choose "Hide windows' process" to help you to remove legitimate
process of system
3) Notice suspicious process with special color marked by Security
Expert
4) Notice whole route of the process is not in "program files"
5) If the process doesn't have information of companyname,the process
possible is a backdoor or a worm.
Click to expand...

Thank you very much for th information, and the time you have taken to
offer advice

This is very much a "Catch 22" situation, as I cannot go to the site
you suggest and download Security Expert Tools, because my browser
will no open any web pages.

The only thing I can possible do is download from another computer to
CD and then try to transfer to my system.

I wonder if a "Hijack This" log would help someone identify any
malicious processes. I already have that tool..
 
From: <[email protected]>

| There are too many links from your computer to the ftp of
| 209.133.111.196.I It is very unusually.I think your computer has been
| broken in by hacker.And he/she is make use of your computer to attack
| the ftp service of 209.133.111.196,like DDOS.Find the hack tools,and
| delete it.Maybe it is the kernel-class backdoor,so anti-virus often
| can't find it.
| Let Security Expert help you.Run Security Expert,go to tools -> process
| manage,find the backdoor process,and delete it.Then go to
| tools->Autorun,find the startup program of the backdoor,and delete
| it.The last,find the file of the backdoor in your computer,and delete
| it.
| Go to http://securityexpert.cnns.net/download/securityexpert.exe to
| download the software.
| You can make judgement of a suspicious process easily by this way:
| 1) Run Security Expert,click Security Tools->Process Manage
| 2) Choose "Hide windows' process" to help you to remove legitimate
| process of system
| 3) Notice suspicious process with special color marked by Security
| Expert
| 4) Notice whole route of the process is not in "program files"
| 5) If the process doesn't have information of companyname,the process
| possible is a backdoor or a worm.

You jump to conclusions.

ftp://209.133.111.196/AVDEFS/norton_antivirus/

It looks to me like Symantec, just as McAfee does, uses Speedera to distribute updates via
their clustered high speed download services.
 
Thank you very much for th information, and the time you have taken to
offer advice

This is very much a "Catch 22" situation, as I cannot go to the site
you suggest and download Security Expert Tools, because my browser
will no open any web pages.

The only thing I can possible do is download from another computer to
CD and then try to transfer to my system.

I wonder if a "Hijack This" log would help someone identify any
malicious processes. I already have that tool..
Click to expand...
**************** REPLY SEPARATER *****************
Glad you asked because that is how I would handle your particular problem. I
use HiJackThis on every machine I work on to get rid of all the trash. You can
also try turning off the auto-update feature on your AV software.

J.A. Coutts
 
**************** REPLY SEPARATER *****************
Glad you asked because that is how I would handle your particular problem. I
use HiJackThis on every machine I work on to get rid of all the trash. You can
also try turning off the auto-update feature on your AV software.

J.A. Coutts
Click to expand...

Well, here it is

Logfile of HijackThis v1.97.5
Scan saved at 10:06:45 AM, on 20/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\unzipped\framxpro[1]\FreeRAM XP Pro 1.40.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\YCX\YankClip.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\DOCUME~1\SHAYNE~1\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://au.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;<local>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar -
{855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program
Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Adobe Acrobat
6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3448474F-2D74-50C8-AF0D-7DA401192A3E} - (no
file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -
C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4BD9653E-D4C7-454B-9151-A8517B84BA08} -
C:\PROGRA~1\BITBEA~1\ieplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program
Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program
Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe
Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe
-minimize
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe
p2esocks_1026.dll,InstantAccess
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\framxpro[1]\FreeRAM XP Pro
1.40.exe" -win
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe
-trayboot
O4 - Startup: FriendFinder Messenger.lnk = C:\Program
Files\FriendFinder Messenger\FriendFinder Messenger\FFIMC.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Startup: Yankee Clipper X.lnk = C:\Program Files\YCX\YankClip.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration
Utility.lnk = ?
O4 - Global Startup: Controller.LNK = C:\Program
Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: (e-mail address removed) = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer -
res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer -
res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) -
http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -
http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -
http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor
Class) -
http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1084675764843
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.com/turbo_lister/AU/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl
Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
http://www.napster.com/client/isetup.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4)
- http://www.drivershq.com/members/DD_v4_Member.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
 
From: "Shayne Robinson" <[email protected]>


|
| Well, here it is
|
| Logfile of HijackThis v1.97.5
| Scan saved at 10:06:45 AM, on 20/09/2005
| Platform: Windows XP SP2 (WinNT 5.01.2600)
| MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
|
| Running processes:

< HJT Log snipped >

Shayne:

This is NOT the best place to post a HJT Log.
In fact, the software you used is out of date. HJT is upto v1.99.1 Yours is v1.97.5 .

Download HJT v1.99.1 and post in an expert forum please.
http://www.majorgeeks.com/download3155.html

The following { borrowed from the alt.privacy.spyware News Group FAQ } are the *BEST*
places to post a HJT Log.

Appendix 2. Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5
 
Back
Top