Virus or not?

  • Thread starter Thread starter B&B Musmon
  • Start date Start date
B

B&B Musmon

Recently I have noticed that if I right click on a drive to get
information it takes several seconds for the menu to come up. In the
mean time there are several transmission via the net each time I do
this. If I turn the internet connection off, it works instantly.

I run Solo, Adware, Sypbot and CWShredder, although I have had other
recent problem that were taken care of by the above mentioned
software, this doesn't come up as a viurs.

I don't know that it is a virus, it is just strange, it is something
new and I don't ever remember this operation taking anytime at all,
sometimes it can be 10 seconds before I see the menu. And I have no
idea when that kind of operation would need internet.

Let me know if you have any ideas, thanks for the help

Barry
 
B&B Musmon said:
Recently I have noticed that if I right click on a drive to get
information it takes several seconds for the menu to come up. In the
mean time there are several transmission via the net each time I do
this. If I turn the internet connection off, it works instantly.

I run Solo, Adware, Sypbot and CWShredder, although I have had other
recent problem that were taken care of by the above mentioned
software, this doesn't come up as a viurs.

I don't know that it is a virus, it is just strange, it is something
new and I don't ever remember this operation taking anytime at all,
sometimes it can be 10 seconds before I see the menu. And I have no
idea when that kind of operation would need internet.

Let me know if you have any ideas, thanks for the help

Barry
Click to expand...
Try running HijackThis
http://www.spywareinfo.com/~merijn/downloads.html
-max

--
Programs that I use and recommend (all are free)
Many thanks to all the people who make these fine products!
Spybot Search and Destroy 1.3
http://www.safer-networking.org/
Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard
http://www.javacoolsoftware.com/spywareguard.html
Ad-Aware
http://www.lavasoftusa.com/
Sygate Personal Firewall
http://soho.sygate.com/products/spf_standard.htm
Avast! For Home
http://www.avast.com/i_idt_1016.html
Eraser 5.3
http://www.tolvanen.com/eraser/
CwShredder
http://www.majorgeeks.com/download4086.html
HijackThis
http://www.spychecker.com/program/hijackthis.html
Thunderbird
http://www.mozilla.org/products/thunderbird/
Firefox
http://www.mozilla.org/products/firefox/

This message is virus free as far I can tell
Change nomail.afraid.org to neo.rr.com so you can reply
(nomail.afraid.org has been set up specifically for
Use in Usenet. Feel free to use it yourself.)
 
Thanks Max,

I did run Hijack this upon your recommendation, not sure what i am
looking at, i did remove a few things I was sure I didn't need but as
far as the rest of them, I just don't know what i am looking at. I
have noticed that people do post their log, so I will do that maybe
someone will have a suggestion or two.

Thanks
Barry

Logfile of HijackThis v1.97.7
Scan saved at 4:38:13 AM, on 6/13/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\SRN MICRO\SOLOSENT.EXE
C:\PROGRAM FILES\SRN MICRO\SOLOCFG.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP PHOTOSMART\PHOTO SCANNER\HPI_AUTO.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AGENT\AGENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOWNLOAD\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3
O4 - HKLM\..\Run: [AUXXTRAY] au10setp.exe 3
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr]
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Shortcut to Connection to 9389999.lnk = ?
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk =
C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE
O4 - Startup: HP PhotoSmart Photo Scanner.lnk = C:\Program Files\HP
PhotoSmart\Photo Scanner\hpi_auto.exe
O12 - Plugin for .3dml: C:\Program Files\Flatland\NProver.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Thanks Max,

I did run Hijack this upon your recommendation, not sure what i am
looking at, i did remove a few things I was sure I didn't need but as
far as the rest of them, I just don't know what i am looking at. I
have noticed that people do post their log, so I will do that maybe
someone will have a suggestion or two.

Thanks
Barry
Click to expand...

I have two.

http://tomcoyote.org/forums/ipdl.php specializes in HJ log reviews.

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE can slow a
computer down as badly as most malware. Turn it off. This it taken
from a post by a valued usenet contributor Aftech.
~~~~~~~~
FindFast is a prog that indexes MS Office documents (reads them for
keywords, author and other parameters) with the general idea of making
Office docs easier to find and open. Unfortunately, FindFast is a
resource hog that, while making Office apps slightly more efficient,
destroys the efficiency of the rest of the system.

BTW, Microsoft Knowledge Base article #Q158705, says just taking
FindFast out of the startup group is not sufficient. Since it was there
indices were created and Office apps will continue to use them even
though they rapidly become outdated. Below is the proper procedure as
described by MS:

The correct way to disable Find Fast requires that you delete the Find
Fast index files. To do this, use the following steps:

On the Start menu, point to Settings, and then click Control Panel. In
the Control Panel window, double-click Find Fast. In the "Index for
documents in and below" list, click the first item. On the Index menu,
click Delete Index. In the Delete Index dialog box,click OK.

When you are prompted whether to delete the index, Click OK. Repeat
steps 3 and 4 until no more indices are listed. On the Index menu, click
Close And Stop. Then, click OK to stop Find Fast.

Then, do either of the following:

Remove the Microsoft Find Fast shortcut from the StartUp folder
(typically in the Windows folder in the Start Menu\Programs folder).

-or-

- Run the Microsoft Office 97 Setup program in maintenance mode, and
remove Find Fast.
~~~~~~~~~~

BoB
 
Ok, thanks. I did take findfast off, I haven't noticed any notable
changes in performance, but I suppose it wouldn't hurt. I still have
the old, goes out to the NET for some stupid reason when I right click
on a drive, very wierd. Sometime it can take 5 or more seconds before
it responds.
 
Ok, thanks. I did take findfast off, I haven't noticed any notable
changes in performance, but I suppose it wouldn't hurt. I still have
the old, goes out to the NET for some stupid reason when I right click
on a drive, very wierd. Sometime it can take 5 or more seconds before
it responds.
Click to expand...

I saw no mention of that problem when I reviewed my five years
of notes. For me, a right-click produces a menu of 14 items to
chose from, including properties at the bottom of the list. I
could detect no option on my list that would have anything to
do with going out to the net. The list that appears would vary
though on everyone's computer because half the selectable items
are pertinent to what I have installed.

However, at the bottom of my drive selections of A, C and D drives
I have [-\-]. Selecting this brings up Network Neighborhood and
shows one folder, Entire Network. When I attempt to open that
folder, I get an error msg, 'Unable to browse the network'. And
below that, "The network is not accessible. For more information
look in the help index at the topic Network Troubleshooter". I
click OK to remove the error msg.

This is how things appear in 'my' file manager, Total Commander
which I prefer over Explorer. Using Explorer, under Desktop|My
Computer|Network Neighborhood|Entire Network, I will get the same
error msg.

I get this error msg because I do not have a network on my computer.
Your network seeking may involve this general area but not being
a 'networker' myself, I know next to nothing about the subject.
Perhaps you can look into this aspect and start another thread
for additional assistance from the experts, depending on what you
find. I would advise however, that you start this new thread in the
microsoft.public.win98.gen_discussion NG where the MVP experts
hangout. And since this may not be virus related.

I would submit a HiJackThis report to the recommended forum prior
to starting another thread because that is liable to be their first
recommendation in order to establish just what is going on in your
computer.

Hope this gets you started in the right direction.

BoB

 
Thanks Bob for the insight. I do only have 9 items on that menu and
nothing that really looks suspicious. A very strange thing, indeed..
 
Back
Top