|
Posted by Berra on November 20, 2005, 11:20 am
If you were Registered and logged in, you could reply and use other advanced thread options
Now, I am done!
It was the file "msupdate32.dll" that was responsible.
Checking around a little in the net, I saw that there is a virus/trojan
using the "msupdate32.exe" version. I just killed the process, and all was
ok. Checking inside the file with Notepad, I could read the first url,
probably the master in the DDoS atack.
There also was the file "mspostsp.exe" with the samd date and timestamp:
also renamed. Also, I found it in the registery at the key:
[......\Winlogon\Notify\msupdate] "Dllname"="msupdate32.dll"...........
deleted!
I installed the ProcessExplorer in autostart. the I restarted with the
network connected. Whe I saw the first dns call from the computer in the
freeSCO firewall, I disconnected the LAN cable and let the machine work by
it self.
I took more that six hours before it was up and running!!! Then I could
easyli see wich process that was taking all the cpu!
Thanks for the help, David
/Bertil
>
> | Hi, I have been trying to find out why my Pentium
> | 1100MHz/1500MBram/40+120GBHDD is booting up sloooow 60 minutes.
> | This is only when I am online to the (freeSCO firewall and ADSL-modem).
When
> | I disconnect or shut down the ADSL-modem, it starts up ok.
> |
> | Checking the freeSCO:s message-log tells me something, like this:
>
> < snip >
>
>
> For non-viral malware...
>
> Please download, install and update the following software...
>
> * Ad-aware SE v1.06
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> * SpyBot Search and Destroy v1.4
> http://security.kolla.de/
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> I also suggest downloading, installing and updating BHODemon for any
Browser Helper Objects
> that may be on the PC.
>
> * BHODemon
> http://www.definitivesolutions.com/bhodemon.htm
>
> For viral malware...
>
> * Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web
site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
or you can
> download the files and perform a scan in Normal Mode. Once you have
downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file.
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
| 
XML site map