nikebee said:just a small update...
i haven't had any problems with this in the last 2 days now
shall keep this thread updated if i get any other issues
Any idea why?
Have you formatted again since the post - 30th Sep 2006 03:09 ?
Avast "Suspicious Message" Alerts
- Thread starter nikebee
- Start date
Any idea why?
Have you formatted again since the post - 30th Sep 2006 03:09 ?
Code:
TCP nik1:2029 forums.overclockers.co.uk:http ESTABLISHED
1932
[ashWebSv.exe]
TCP nik1:1985 spf2.us4.outblaze.com:smtp FIN_WAIT_1 1752
[ashMaiSv.exe]
TCP nik1:1519 218.184.232.72.reverse.layeredtech.com:http CLO
SE_WAIT 180
[winfwkw.exe]
TCP nik1:1725 suzie-q.systemtech-hosting.com:http CLOSE_WAIT
2216
[fifa07.exe]
TCP nik1:1752 localhost:12025 TIME_WAIT 0
TCP nik1:1797 localhost:12025 TIME_WAIT 0
TCP nik1:1802 localhost:12025 TIME_WAIT 0
TCP nik1:1808 localhost:12025 TIME_WAIT 0
TCP nik1:1836 localhost:12025 TIME_WAIT 0
TCP nik1:1846 localhost:12025 TIME_WAIT 0
TCP nik1:1908 localhost:12025 TIME_WAIT 0
TCP nik1:1910 localhost:12025 TIME_WAIT 0
TCP nik1:1912 localhost:12025 TIME_WAIT 0
TCP nik1:1916 localhost:12025 TIME_WAIT 0
TCP nik1:1918 localhost:12025 TIME_WAIT 0
TCP nik1:1920 localhost:12025 TIME_WAIT 0
TCP nik1:1923 localhost:12025 TIME_WAIT 0
TCP nik1:1928 localhost:12025 TIME_WAIT 0
TCP nik1:1930 localhost:12025 TIME_WAIT 0
TCP nik1:1932 localhost:12025 TIME_WAIT 0
TCP nik1:1934 localhost:12025 TIME_WAIT 0
TCP nik1:1936 localhost:12025 TIME_WAIT 0
TCP nik1:1940 localhost:12025 TIME_WAIT 0
TCP nik1:1942 localhost:12025 TIME_WAIT 0
TCP nik1:1944 localhost:12025 TIME_WAIT 0
TCP nik1:1948 localhost:12025 TIME_WAIT 0
TCP nik1:1950 localhost:12025 TIME_WAIT 0
TCP nik1:1952 localhost:12025 TIME_WAIT 0
TCP nik1:1956 localhost:12025 TIME_WAIT 0
TCP nik1:1960 localhost:12025 TIME_WAIT 0
TCP nik1:1962 localhost:12025 TIME_WAIT 0
TCP nik1:1964 localhost:12025 TIME_WAIT 0
TCP nik1:1966 localhost:12025 TIME_WAIT 0
TCP nik1:1968 localhost:12025 TIME_WAIT 0
TCP nik1:1974 localhost:12025 TIME_WAIT 0
TCP nik1:1976 localhost:12025 TIME_WAIT 0
TCP nik1:1978 localhost:12025 TIME_WAIT 0
TCP nik1:1980 localhost:12025 TIME_WAIT 0
TCP nik1:1984 localhost:12025 TIME_WAIT 0
TCP nik1:2020 localhost:12080 TIME_WAIT 0
TCP nik1:2022 localhost:12080 TIME_WAIT 0
TCP nik1:2030 localhost:12080 TIME_WAIT 0
TCP nik1:2032 localhost:12080 TIME_WAIT 0
TCP nik1:2050 localhost:12025 TIME_WAIT 0
TCP nik1:2052 localhost:12025 TIME_WAIT 0
TCP nik1:12025 localhost:1822 TIME_WAIT 0
TCP nik1:12025 localhost:1958 TIME_WAIT 0
TCP nik1:12025 localhost:1750 TIME_WAIT 0
TCP nik1:12025 localhost:1842 TIME_WAIT 0
TCP nik1:12025 localhost:1730 TIME_WAIT 0
TCP nik1:12025 localhost:1830 TIME_WAIT 0
TCP nik1:12025 localhost:1998 TIME_WAIT 0
TCP nik1:12025 localhost:1994 TIME_WAIT 0
TCP nik1:12025 localhost:2006 TIME_WAIT 0
TCP nik1:12025 localhost:1747 TIME_WAIT 0
TCP nik1:12025 localhost:1866 TIME_WAIT 0
TCP nik1:12025 localhost:1906 TIME_WAIT 0
TCP nik1:12025 localhost:1814 TIME_WAIT 0
TCP nik1:12025 localhost:1834 TIME_WAIT 0
TCP nik1:12025 localhost:1972 TIME_WAIT 0
TCP nik1:12025 localhost:1880 TIME_WAIT 0
TCP nik1:12025 localhost:1922 TIME_WAIT 0
TCP nik1:12025 localhost:1744 TIME_WAIT 0
TCP nik1:12025 localhost:1818 TIME_WAIT 0
TCP nik1:12025 localhost:1874 TIME_WAIT 0
TCP nik1:12025 localhost:1812 TIME_WAIT 0
TCP nik1:12025 localhost:1878 TIME_WAIT 0
TCP nik1:12025 localhost:1892 TIME_WAIT 0
TCP nik1:12025 localhost:1896 TIME_WAIT 0
TCP nik1:12025 localhost:1816 TIME_WAIT 0
TCP nik1:12025 localhost:1902 TIME_WAIT 0
TCP nik1:12025 localhost:2000 TIME_WAIT 0
TCP nik1:12025 localhost:1938 TIME_WAIT 0
TCP nik1:12025 localhost:1904 TIME_WAIT 0
TCP nik1:12025 localhost:1844 TIME_WAIT 0
TCP nik1:12025 localhost:1884 TIME_WAIT 0
TCP nik1:12025 localhost:1810 TIME_WAIT 0
TCP nik1:12025 localhost:2004 TIME_WAIT 0
TCP nik1:12025 localhost:1840 TIME_WAIT 0
TCP nik1:12025 localhost:1872 TIME_WAIT 0
TCP nik1:12025 localhost:1828 TIME_WAIT 0
TCP nik1:12025 localhost:1986 TIME_WAIT 0
TCP nik1:12025 localhost:1926 TIME_WAIT 0
TCP nik1:12025 localhost:2002 TIME_WAIT 0
TCP nik1:12025 localhost:1876 TIME_WAIT 0
TCP nik1:12025 localhost:1780 TIME_WAIT 0
TCP nik1:12025 localhost:1888 TIME_WAIT 0
TCP nik1:12025 localhost:1992 TIME_WAIT 0
TCP nik1:12025 localhost:1848 TIME_WAIT 0
TCP nik1:12025 localhost:1738 TIME_WAIT 0
TCP nik1:12025 localhost:1862 TIME_WAIT 0
TCP nik1:12025 localhost:1820 TIME_WAIT 0
TCP nik1:12025 localhost:1886 TIME_WAIT 0
TCP nik1:12025 localhost:1856 TIME_WAIT 0
TCP nik1:12025 localhost:1868 TIME_WAIT 0
TCP nik1:12025 localhost:1832 TIME_WAIT 0
TCP nik1:12025 localhost:1860 TIME_WAIT 0
TCP nik1:12025 localhost:1838 TIME_WAIT 0
TCP nik1:12025 localhost:1988 TIME_WAIT 0
TCP nik1:12025 localhost:1914 TIME_WAIT 0
TCP nik1:12025 localhost:1870 TIME_WAIT 0
TCP nik1:12025 localhost:1996 TIME_WAIT 0
TCP nik1:12025 localhost:1882 TIME_WAIT 0
TCP nik1:12025 localhost:1852 TIME_WAIT 0
TCP nik1:12025 localhost:1946 TIME_WAIT 0
TCP nik1:12025 localhost:1732 TIME_WAIT 0
TCP nik1:12025 localhost:1954 TIME_WAIT 0
TCP nik1:12025 localhost:1864 TIME_WAIT 0
TCP nik1:12025 localhost:1900 TIME_WAIT 0
TCP nik1:12025 localhost:1824 TIME_WAIT 0
TCP nik1:12025 localhost:1898 TIME_WAIT 0
TCP nik1:12025 localhost:1790 TIME_WAIT 0
TCP nik1:12025 localhost:1982 TIME_WAIT 0
TCP nik1:12025 localhost:1858 TIME_WAIT 0
TCP nik1:12025 localhost:1826 TIME_WAIT 0
TCP nik1:12025 localhost:1894 TIME_WAIT 0
TCP nik1:12025 localhost:1850 TIME_WAIT 0
TCP nik1:12025 localhost:1990 TIME_WAIT 0
TCP nik1:12025 localhost:1734 TIME_WAIT 0
TCP nik1:12025 localhost:1854 TIME_WAIT 0
TCP nik1:12025 localhost:1769 TIME_WAIT 0
TCP nik1:12025 localhost:1765 TIME_WAIT 0
TCP nik1:12025 localhost:1890 TIME_WAIT 0
TCP nik1:12025 localhost:1970 TIME_WAIT 0
TCP nik1:1799 mx.online.no:smtp TIME_WAIT 0
TCP nik1:1931 gateway4.delphi.com:smtp TIME_WAIT 0
TCP nik1:1935 mta-v3.level3.mail.vip.re2.yahoo.com:smtp TIME_
WAIT 0
TCP nik1:1945 gateway1.delphi.com:smtp TIME_WAIT 0
TCP nik1:1961 gateway2.delphi.com:smtp TIME_WAIT 0
TCP nik1:1963 smtp.us.dell.com:smtp TIME_WAIT 0
TCP nik1:1969 ps-smtp2.us.dell.com:smtp TIME_WAIT 0
TCP nik1:1977 gateway3.delphi.com:smtp TIME_WAIT 0
TCP nik1:1981 spf1.us4.outblaze.com:smtp TIME_WAIT 0
TCP nik1:2015 nf-in-f99.google.com:http TIME_WAIT 0
TCP nik1:2017 nf-in-f99.google.com:http TIME_WAIT 0
C:\Documents and Settings\nikebee>seems like its just started again randomly, two days of nothing and it starts up again
i've done nothing at all, only websites i've been on are AVForums, and here.
only things i've done on the pc are play fifa 07... and nothing on this install has come from the previous HDD
no, i haven't formatted and the pc has been in almost constant use over the weekend :-/ns400r said:
it has just basically started just after midnight.
i've put the random files being generated here
http://www.projectTTA.com/Temp.zip
password for the files is "oddfiles" if you get asked
edit:
the temp folder with them in has been blank all weekend, and now suddenly full with about 10 odd random generated files
bit of a bump
this is still on going.
as said, the pc was fine all weekend long and has just flaired up again this week.
i'm up to about 400+ sent in 15 minutes now.
has anyone checked the files?
more specifically ns400r, as you asked for them in an email you sent
this is still on going.
as said, the pc was fine all weekend long and has just flaired up again this week.
i'm up to about 400+ sent in 15 minutes now.
has anyone checked the files?
more specifically ns400r, as you asked for them in an email you sent
File look ok to me, no obvious signs of any infection but they do seem to be mass mailing !
Fifa07 keeps cropping up. Where is that from ?
Surely you must (or someone else must) be installing other software. Either from the internet or from CD's you already have.
Still looking...........
Fifa07 keeps cropping up. Where is that from ?
Surely you must (or someone else must) be installing other software. Either from the internet or from CD's you already have.
Still looking...........
i'm the only one that uses this machine.
i've installed Comodo Firewall as it recieved some decent recommendations from OcUK users.
i've found out that the randomly generated exe files are linked with randomly generated DLL files
win21950.dll
win36453.dll
for example
these files are attempting to modify programs that connect to the internet
i.e. Firefox, Windows Media Player 10 for example
Comodo pops up saying firefox wants to connect to the internet, but is using win21950.dll linked with a random exe (winhxvu.exe for example) file from my temp folder....
and connects through these services
i feel i'm closer to finding out what is causing it, but i'm still completely lost on the matter
i'll upload the DLLs if you want?
many thanks again for the help offered
edit:
don't think FIFA has anything to do with it, if it did i'm sure there would be a lot more people having problems like this.
i've installed Comodo Firewall as it recieved some decent recommendations from OcUK users.
i've found out that the randomly generated exe files are linked with randomly generated DLL files
win21950.dll
win36453.dll
for example
these files are attempting to modify programs that connect to the internet
i.e. Firefox, Windows Media Player 10 for example
Comodo pops up saying firefox wants to connect to the internet, but is using win21950.dll linked with a random exe (winhxvu.exe for example) file from my temp folder....
and connects through these services
i feel i'm closer to finding out what is causing it, but i'm still completely lost on the matter
i'll upload the DLLs if you want?
many thanks again for the help offered
edit:
don't think FIFA has anything to do with it, if it did i'm sure there would be a lot more people having problems like this.
Last edited:
Hi NikeBee,
The two files metioned in your HJT log are deffinitely virus related:
C:\DOCUME~1\nikebee\LOCALS~1\Temp\windxryc.exe
C:\DOCUME~1\nikebee\LOCALS~1\Temp\winkmcw.exe
Which virus is another question as you seem to have posted an incomplete HJT log file.
Please run HJT again and paste the full "un-editted" log and I will take a good look through it for you.
The two files metioned in your HJT log are deffinitely virus related:
C:\DOCUME~1\nikebee\LOCALS~1\Temp\windxryc.exe
C:\DOCUME~1\nikebee\LOCALS~1\Temp\winkmcw.exe
Which virus is another question as you seem to have posted an incomplete HJT log file.
Please run HJT again and paste the full "un-editted" log and I will take a good look through it for you.
Associate
- Joined
- 15 Jun 2006
- Posts
- 2,178
- Location
- Amsterdam
kaspersky anti hacker tells you which program is using what port etc...should be a trial version out
originally it was just the fifa demo, but now i own the full legit copy so doubt it would be that.ns400r said:
will upload the dll's once i get home from work tonight.
The_KiD said:
hmm i was pretty sure that it finished the scan and it did the log... hm... again i'll run that once i get home from work and do a repost of the log file.
just searched for it on their site, and it seems Kaspersky Anti-Hacker is no longer supported :-/dafloppyone said:
again thanks all for the help
strange, i let it run and then did ctrl+a,ctrl c, and ctrl+v into here.
still, can't do any harm running another.
i'll download it again tonight (since i've probably formatted 4 times since that post
) and run a scan and post the results.
still, can't do any harm running another.
i'll download it again tonight (since i've probably formatted 4 times since that post
) and run a scan and post the results.
hi, no sorry i've had a busy weekend and not really had a chance to fiddle with my pc that much.
problem still isn't sorted.
i'll bung the dll files up tonight if anyone cares to take a look at them.
one good thing has come out of this, comodo... i'm really like this firewall.
it actually changes depending on what files/programs are making other programs accessing the internet.
i.e. if firefox is going on the internet then thats fine, if some other program wants firefox to access the internet then it tells you (not had this with ZoneAlarm).
from what i've noticed, these dll and exe files are hijacking anything that goes onto the internet.
i've seen comodo being accessed by win***.exe or win***.dll, same goes for firefox, avast, internet explorer
in regards to my hijackthis not being complete and missing certain R0 or R1 sections. i read this, this morning
when i get back tonight i'll do more playing with it; run another scan of hijackthis, another set of virus/spyware scans and post those dlls... annoyingly i've got another (unrelated) problem with my router now
problem still isn't sorted.
i'll bung the dll files up tonight if anyone cares to take a look at them.
one good thing has come out of this, comodo... i'm really like this firewall.
it actually changes depending on what files/programs are making other programs accessing the internet.
i.e. if firefox is going on the internet then thats fine, if some other program wants firefox to access the internet then it tells you (not had this with ZoneAlarm).
from what i've noticed, these dll and exe files are hijacking anything that goes onto the internet.
i've seen comodo being accessed by win***.exe or win***.dll, same goes for firefox, avast, internet explorer
in regards to my hijackthis not being complete and missing certain R0 or R1 sections. i read this, this morning
since its a fresh install and i'm only using firefox, this might be why those were not in the log file?
when i get back tonight i'll do more playing with it; run another scan of hijackthis, another set of virus/spyware scans and post those dlls... annoyingly i've got another (unrelated) problem with my router now