Does anyone know what the heck this was

[mattie]

Hi to all

Had a wee problem with my computer and was wondering if anyone had come
across it before a knew what virus started it, silly me did not export the
log files before restoring a image.
I did a scan with avast antivirus and it picked up somewhere in the region
of 10-15 infected files, I also did a scan with spyware doctor and it picked
up 188 infections.

The main worries with windows XP was that:
you could not turn of the comp as this had been disabled by the
administrator
the run command was missing
I could not use the system restore
an administrator password had been setup, so therefore I could not use the
windows disc to fix windows after avast and spyware doctor had done their
stuff

TIA for any help.

Mattie

 

[Malke]

mattie wrote:
> Hi to all
>
> Had a wee problem with my computer and was wondering if anyone had come
> across it before a knew what virus started it, silly me did not export
> the log files before restoring a image.
> I did a scan with avast antivirus and it picked up somewhere in the
> region of 10-15 infected files, I also did a scan with spyware doctor
> and it picked up 188 infections.
>
> The main worries with windows XP was that:
> you could not turn of the comp as this had been disabled by the
> administrator
> the run command was missing
> I could not use the system restore
> an administrator password had been setup, so therefore I could not use
> the windows disc to fix windows after avast and spyware doctor had done
> their stuff

I'm very sorry but there is no way for anyone to tell you with what your
computer was infected. Lots of malware will do similar things.

Refer to these malware removal steps to make sure you were thorough:

http://www.elephantboycomputers.com/page2.html#Removing_Malware


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[mattie]

"Malke" <notreally@invalid.invalid> wrote in message
news:%23PDf%23kb6HHA.5360@TK2MSFTNGP03.phx.gbl...
>
> I'm very sorry but there is no way for anyone to tell you with what your
> computer was infected. Lots of malware will do similar things.
>
> Refer to these malware removal steps to make sure you were thorough:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

Thanks for the link. Will have to spend a few days or maybe even weeks
reading, lots of useful information there and in the various links.

Mattie

 

[Milo \(MSPSS\)]

In addition to what malke added an option would be to manually to remove
such and assistance
can be provided for free by Microsoft Security ( 866 727 2338 ) US/CANADA
toll free and free support



"Malke" <notreally@invalid.invalid> wrote in message
news:%23PDf%23kb6HHA.5360@TK2MSFTNGP03.phx.gbl...
> mattie wrote:
>> Hi to all
>>
>> Had a wee problem with my computer and was wondering if anyone had come
>> across it before a knew what virus started it, silly me did not export
>> the log files before restoring a image.
>> I did a scan with avast antivirus and it picked up somewhere in the
>> region of 10-15 infected files, I also did a scan with spyware doctor and
>> it picked up 188 infections.
>>
>> The main worries with windows XP was that:
>> you could not turn of the comp as this had been disabled by the
>> administrator
>> the run command was missing
>> I could not use the system restore
>> an administrator password had been setup, so therefore I could not use
>> the windows disc to fix windows after avast and spyware doctor had done
>> their stuff
>
> I'm very sorry but there is no way for anyone to tell you with what your
> computer was infected. Lots of malware will do similar things.
>
> Refer to these malware removal steps to make sure you were thorough:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

 

[mattie]

Thanks but I retsored an image and did all the scans and everything seems to
be okay. Here is some IP addresses that people may want block. The
intresting one to me seems to be the one on sunday (why should they be
knocking on the back door on that port) as it was monday that everything
went crazy, so was there something lurking that avast and spyware doctor
didn't pick up on.


Sun, 2002-09-08 12:00:12 - Initialize LCP.
Sun, 2002-09-08 12:00:12 - LCP is allowed to come up.
Sun, 2002-09-08 12:00:30 - CHAP authentication success
Sun, 2002-09-08 12:01:35 - TCP Packet - Source:75.44.152.244,1375
Destination:192.168.0.2,30049
Sun, 2002-09-08 12:01:35 - TCP Packet - Source:75.44.152.244,1375
Destination:192.168.0.2,30049
Sun, 2002-09-08 12:01:38 - TCP Packet - Source:75.44.152.244,1375
Destination:192.168.0.2,30049
Sun, 2002-09-08 12:01:38 - TCP Packet - Source:75.44.152.244,1375
Destination:192.168.0.2,30049
Sun, 2002-09-08 12:01:44 - TCP Packet - Source:75.44.152.244,1375
Destination:192.168.0.2,30049
Sun, 2002-09-08 12:01:44 - TCP Packet - Source:75.44.152.244,1375
Destination:192.168.0.2,30049
Sun, 2002-09-08 12:04:53 - Send out NTP request to time-g.netgear.com
IP address: 75.44.152.244
Host name: adsl-75-44-152-244.dsl.hstntx.sbcglobal.net
75.44.152.244 is from United States(US) in region North America

Mon, 2007-08-27 18:03:02 - Receive NTP Reply from time-g.netgear.com
Mon, 2007-08-27 18:04:21 - TCP Packet - Source:201.160.137.78,20409
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:04:21 - TCP Packet - Source:201.160.137.78,20409
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:04:24 - TCP Packet - Source:201.160.137.78,20409
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:04:24 - TCP Packet - Source:201.160.137.78,20409
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:04:30 - TCP Packet - Source:201.160.137.78,20409
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:04:30 - TCP Packet - Source:201.160.137.78,20409
Destination:192.168.0.2,30049
IP address: 201.160.137.78
Host name: 201.160.137.78.cable.dyn.cableonline.com.mx
201.160.137.78 is from Mexico(MX) in region North America

Mon, 2007-08-27 18:05:44 - TCP Packet - Source:89.120.143.222,60106
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:05:44 - TCP Packet - Source:89.120.143.222,60106
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:05:47 - TCP Packet - Source:89.120.143.222,60106
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:05:47 - TCP Packet - Source:89.120.143.222,60106
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:05:53 - TCP Packet - Source:89.120.143.222,60106
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:05:53 - TCP Packet - Source:89.120.143.222,60106
Destination:192.168.0.2,30049
IP address: 89.120.143.222
No host name is associated with this IP address or no reverse lookup is
configured. Error:Host not found 89.120.143.222 is from Romania(RO) in
region Europe


Mon, 2007-08-27 18:06:38 - TCP Packet - Source:201.213.103.224,4265
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:06:38 - TCP Packet - Source:201.213.103.224,4265
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:06:41 - TCP Packet - Source:201.213.103.224,4265
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:06:41 - TCP Packet - Source:201.213.103.224,4265
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:06:47 - TCP Packet - Source:201.213.103.224,4265
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:06:47 - TCP Packet - Source:201.213.103.224,4265
Destination:192.168.0.2,30049
IP address: 201.213.103.224
Host name: 201-213-103-224.net.prima.net.ar
201.213.103.224 is from Argentina(AR) in region South America

Mon, 2007-08-27 18:07:06 - TCP Packet - Source:190.53.48.12,2209
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:07:06 - TCP Packet - Source:190.53.48.12,2209
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:07:09 - TCP Packet - Source:190.53.48.12,2209
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:07:09 - TCP Packet - Source:190.53.48.12,2209
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:07:15 - TCP Packet - Source:190.53.48.12,2209
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:07:15 - TCP Packet - Source:190.53.48.12,2209
Destination:192.168.0.2,30049
IP address: 190.53.48.12
Host name: ip-190-53-48-12.cablemodem.amnethn.com
190.53.48.12 is from El Salvador(SV) in region North America

Mon, 2007-08-27 18:09:59 - TCP Packet - Source:88.26.128.150,23259
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:09:59 - TCP Packet - Source:88.26.128.150,23259
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:02 - TCP Packet - Source:88.26.128.150,23259
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:02 - TCP Packet - Source:88.26.128.150,23259
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:08 - TCP Packet - Source:88.26.128.150,23259
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:08 - TCP Packet - Source:88.26.128.150,23259
Destination:192.168.0.2,30049
IP address: 88.26.128.150
Host name: 150.red-88-26-128.staticip.rima-tde.net
88.26.128.150 is from Spain(ES) in region Europe

Mon, 2007-08-27 18:10:11 - TCP Packet - Source:72.80.108.35,50356
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:11 - TCP Packet - Source:72.80.108.35,50356
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:14 - TCP Packet - Source:72.80.108.35,50356
Destination:192.168.0.2,30049
Mon, 2007-08-27 18:10:14 - TCP Packet - Source:72.80.108.35,50356
Destination:192.168.0.2,30049
IP address: 72.80.108.35
Host name: pool-72-80-108-35.nycmny.east.verizon.net
72.80.108.35 is from United States(US) in region North America

Regards
Mattie