M
Michael Rodgers
Hi,
My father just called with a Virus problem.
He went onto the internet with first enabling his firewall, which is
probably the issue. It's a freshly installed version of Windows XP Sp1, but
I think it has the Blaster Worm patch.
He first noticed it when browsing the web on his DSL connection - web pages
just stopped working. Kept getting a 'Page Cannot be Displayed'
He then found Norton Antivirus would not work, and neither would Task
Manager. The machine now will not connect to the internet, clicking the
dialup connection for DSL does nothing.
Ran Spybot S&D to check the process list instead of using Task Manager and
found the following odd processes:
seayop.exe
kslle.exe
Ran Spybot's search thing, it found:
Data Source Object Exploit
HKey_USERS\S-1-5- 18\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 19\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 20\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
Then had a look at the processes scheduled to run at startup - and found the
following files along with what they 'claim' to be:
c:\Windows\system32\seayop.exe - Disk Defragmentor
nuamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player
c:\windows\system32\bwzceksx.exe - Windows Update
muamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player
Does anyone have any idea what is going on here on what
virus/worm/exploit/other nasty thing could possibly be?
Cheers!
My father just called with a Virus problem.
He went onto the internet with first enabling his firewall, which is
probably the issue. It's a freshly installed version of Windows XP Sp1, but
I think it has the Blaster Worm patch.
He first noticed it when browsing the web on his DSL connection - web pages
just stopped working. Kept getting a 'Page Cannot be Displayed'
He then found Norton Antivirus would not work, and neither would Task
Manager. The machine now will not connect to the internet, clicking the
dialup connection for DSL does nothing.
Ran Spybot S&D to check the process list instead of using Task Manager and
found the following odd processes:
seayop.exe
kslle.exe
Ran Spybot's search thing, it found:
Data Source Object Exploit
HKey_USERS\S-1-5- 18\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 19\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 20\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
Then had a look at the processes scheduled to run at startup - and found the
following files along with what they 'claim' to be:
c:\Windows\system32\seayop.exe - Disk Defragmentor
nuamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player
c:\windows\system32\bwzceksx.exe - Windows Update
muamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player
Does anyone have any idea what is going on here on what
virus/worm/exploit/other nasty thing could possibly be?
Cheers!