What is the name of this virus ?

  • Thread starter Thread starter Chrissssss
  • Start date Start date
C

Chrissssss

I'm running Windows ME with Norton AV (regularly updated) and ZoneAlarm
firewall and I've recently changed to broadband. Since broadband, I've been
infested with various virus's all at once. The main symptoms include:

a.. My home page has been changed and cannot be reset.
b.. Computer keeps trying to connect to Internet.
c.. Media Player opens on startup (it didn't before) but refuses to run.
Some of the rogue files named are as follows:

Firewall stopped this dialling out:

Winmm64.exe
Norton halted computer when this was found:

C/windows/system32/PEntorsy.exe (now deleted)
Norton found these after scanning:

C/program files/Norton/quarantine/portal/5aob7cc3.exe (now deleted)

C/windows/system32/orhhSPsy.exe (now deleted)

C/windows/system32/nhs-hhors-.exe

Does anyone know the name of this virus and why Norton let it in? Also can I
fix it easily?

Any help appreciated. Chris
 
Chrissssss said:
I'm running Windows ME with Norton AV (regularly updated) and ZoneAlarm
firewall and I've recently changed to broadband. Since broadband, I've been
infested with various virus's all at once. The main symptoms include:

a.. My home page has been changed and cannot be reset.
b.. Computer keeps trying to connect to Internet.
c.. Media Player opens on startup (it didn't before) but refuses to run.
Some of the rogue files named are as follows:

Firewall stopped this dialling out:

Winmm64.exe
Norton halted computer when this was found:

C/windows/system32/PEntorsy.exe (now deleted)
Norton found these after scanning:

C/program files/Norton/quarantine/portal/5aob7cc3.exe (now deleted)

C/windows/system32/orhhSPsy.exe (now deleted)

C/windows/system32/nhs-hhors-.exe

Does anyone know the name of this virus and why Norton let it in? Also can I
fix it easily?

Any help appreciated. Chris
Click to expand...

A quick search through Google shows that you were actually infected with
spyware, not a virus. You should run Spybot Search and Destroy, and if that
doesn't get rid of it all you may have to manually removed some of it. You
could use HiJackThis to create a log that you can submit at the
security-forums.com, and they would be able to identify the remaining
spyware.
 
On that special day, Chrissssss, ([email protected]) said...
a.. My home page has been changed and cannot be reset.
Click to expand...

For heavens' sake, use some browser that is NOT the Internet Explorer.

See here why:
http://computercops.biz/postp70828.html (CWSchronicles seem to not more
exist?)

Try HijackThis! from www.tomcoyote.org, and apply it. Use
http://computercops.biz/HijackThis.html
to analyze the results. Edit the registry.

And then, don't use IE any longer. If you are missing your favourites
(else named bookmarks), you can transfer them to Mozilla/Firefox and
Opera.

http://forums.mozillazine.org/viewtopic.php?t=100288


Gabriele Neukam

(e-mail address removed)
 
Chrissssss said:
I'm running Windows ME with Norton AV (regularly updated) and ZoneAlarm
firewall and I've recently changed to broadband. Since broadband, I've been
infested with various virus's all at once. The main symptoms include:

a.. My home page has been changed and cannot be reset.
b.. Computer keeps trying to connect to Internet.
c.. Media Player opens on startup (it didn't before) but refuses to run.
Some of the rogue files named are as follows:

Firewall stopped this dialling out:

Winmm64.exe
Norton halted computer when this was found:

C/windows/system32/PEntorsy.exe (now deleted)
Norton found these after scanning:

C/program files/Norton/quarantine/portal/5aob7cc3.exe (now deleted)

C/windows/system32/orhhSPsy.exe (now deleted)

C/windows/system32/nhs-hhors-.exe

Does anyone know the name of this virus and why Norton let it in? Also can I
fix it easily?

Any help appreciated. Chris
Click to expand...

It really sounds like a spyware problem and Norton doesn't usually do
much for that.
The free program called SpywareBlaster prevents much spy-adware from
even getting on your PC.
You should also install, update and regularly run the following two
free programs:
AdAware
Spybot
 
Thanks to all but Ive tried Adaware & spybot.
Norton says I have a backdoor trojan.
Media Player wont work.
Word will not open.
Norton keeps stopping my computer when it finds new files.
Surely this can't be spyware?

Chrissssssssss
 
Chrissssss said:
Thanks to all but Ive tried Adaware & spybot.
Norton says I have a backdoor trojan.
Media Player wont work.
Word will not open.
Norton keeps stopping my computer when it finds new files.
Surely this can't be spyware?

Chrissssssssss
Click to expand...

Yup it is. Spyware incorporates trojans into the mix, that is why Norton
detected it after it was installed.

Rick
 
Thanks to all but Ive tried Adaware & spybot.
Norton says I have a backdoor trojan.
Media Player wont work.
Word will not open.
Norton keeps stopping my computer when it finds new files.
Surely this can't be spyware?

Chrissssssssss
Click to expand...
************** REPLY SEPARATER ****************
Sounds like you have a backdoor trojan at work, and it sounds like a job for
HiJackThis. As long as the back door is open, you will continue to have many
problems, until it gets to the point that the computer will hardly run. I once
found 480 virus's at work (mostly Bots) on a machine, and the only way I could
run HiJackThis was to physically disconnect from the Internet. Once HiJackThis
disabled the worst offenders, then I could run the anti-virus program. The
alternative is a clean install.

And don't be surprised that when you disable the worst offenders that some
things don't work. On another machine, NAV would not run after the clean up
because one of the many viruses has disabled it.

J.A. Coutts
 
As well as using your anti-virus and spyware/adware scanners, you could also
make use of your HOSTS file.
An up-to-date hosts file can be downloaded here:

http://webpages.charter.net/hpguru/hosts/hosts.html

Instructions for installing this file are included in the .zip file. It
lists known bad domains and advert servers etc. Sites that are listed on the
Hosts file will not be accessible as it loops back to your localhost
address, also it will prevent adverts and other rubbish from appearing from
these sites when viewing web pages. You can also add your own bad domains
using a standard text editor.

HTH

Russ.
 
Instructions for installing this file are included in the .zip file.
It lists known bad domains and advert servers etc. Sites that are
listed on the Hosts file will not be accessible as it loops back to
your localhost address, also it will prevent adverts and other rubbish
from appearing from these sites when viewing web pages. You can also
add your own bad domains using a standard text editor.
Click to expand...

Two things:

Make the hosts file read only... keeping in mind that legit programs might
need to add something to the file in the future, and you will have to
copy/paste certain things from the original file to the new one..
(probably says this in the documentation)

If you use apache or another web server, you might have to change
127.0.0.1 to 127.0.0.2 so it wont interfere with the server. It might be
an IE only thing, but it always gave me a site not found error while
apache was running, until I changed the numbers.
 
Back
Top