skywatcher

dear best techie, i have been having huge problems in the last weeks and as a result i have reinstalled windows 2000p three times but keep getting loads of trojans. i think one problem may be that there was a very small gap between getting web connected and installing avast again and also possibly that i forgot on opne occasion to update windows 2000 to service pack 4. i also keep getting the restore.fix pop up box. can anyone help? any help greatly appreciated. my hijack this log is as follows. thanks in advance, malcolm Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:44:02, on 21

my win2000p computer has got trojans and backdoor bots again. i removed 2 of 3 from my machine but it could not touch the third. i have run a hijack this log. if anyone can help with a suggestion as to what i can try i would be very grateful. thanks. malcolm log follows... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:19:13, on 04/05/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.e

my computer has started getting very uppity and running slow. i run win2000p and this is my hijackthis log................ thanks for any help offered, sky Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:07:28, on 03/04/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WI

all done! there were losts of nasties in there. here is the log. thanks, malcolm Malwarebytes' Anti-Malware 1.34 Database version: 1799 Windows 5.0.2195 Service Pack 4 24/02/2009 22:22:18 mbam-log-2009-02-24 (22-22-18).txt Scan type: Quick Scan Objects scanned: 71169 Time elapsed: 7 minute(s), 39 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 21 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 16 Memory Processes Infected: C:\WINNT\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully. C

i forgot to apply email notification so this is just to add that for if or when someone is able to look at my post. thanks. malcolm

hi sarah, thanks for your message. just to remind you in case you are looking at this a while later. you helped with a previous problem, and you thought that my computer would always be vulnerable as it runs win2000p. it was clean for a month or more with just the occasional warning bubble, but the last few days they have become more frequent and this evening i got quite an avalanche of them. so here is my hijack this log. thanks in advance, malcolm log follows..................... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:10:09, on 14/02/2009 Platform: Windows 2000 SP4 (WinNT

hello again sarah, i have followed your suggestions and the log is posted below. thanks again! best regards, malcolm log follows.... Malwarebytes' Anti-Malware 1.33 Database version: 1656 Windows 5.0.2195 Service Pack 4 15/01/2009 23:51:11 mbam-log-2009-01-15 (23-51-11).txt Scan type: Quick Scan Objects scanned: 61614 Time elapsed: 11 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) M

hi there, i was very kindly helped with a serious problem by sarahw recently and i have just been getting some trojan horse messages from avast so i have run another hijack this log to ask if i still have a problem. any help would be very gratefully acknowledged! thanks in advance, malcolm log follows Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:00:25, on 14/01/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.

hi sarah, thanks again and this is really my last question! i have added the sunbelt firewall and followed a number of suggestions from your list and jason's site, and some from pc offensive to make my computer run quicker, but my computer is actually running slower in fact it is dawdling a bit now. can you suggest anything obvious i might have changed in all this that might have had that effect? i did follow jason's advice of setting active x for prompt, but i was getting so many prompts that i have set that back to accept. i know that really i should buy a new computer, but at this point in

hi sarah, it all seems remarkably clean and clear now. i looked at your general advice page with the links which was very useful thanks and i used several. i have been confused about the firewall status of my computer for quite a while however. i think it comes from having had the virgin firewall previously (which i am not sure but i do not think is still on it). it never had an icon in the tray or any visible sign. and i periodically get (not last few days) warning pop ups in the bottom of the screen about this or that trying to access my computer and being blocked so i have thought maybe i

hi sarah, i have given it a couple of days to make sure, but i am not getting any of the old problems at the moment and long may it continue! thanks a million for your perseverence and invaluable help, i really appreciate it. best regards, malcolm

i think i have done that - let me know if you get it ok as i have never posted zip or any other files this way. thanks, malcolm

hi sarah. all done and log below. my operating system is 2000p by the way. thanks, malcolm ComboFix 09-01-05.05 - Administrator 06/01/2009 11:45:25.5 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1023.542 [GMT 0:00] Running from: c:\documents and settings\Administrator.SARAH\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report

hi sarah, further to my post above avast ran a boot check and found about five trojans which i deleted although one of them i had to leave as it could not be deleted or moved etc. i then ran combofix and during this avast popped up another trojan warning which again i could not delete and i had to click "no action". here is the log file. were you expecting this? thanks again for your persistence with this problem, malcolm combofix logfile follows.... ComboFix 09-01-05.03 - Administrator 05/01/2009 23:09:20.4 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1023.684 [GM

hi sarah, scan done. a few things came up as below and the scan log is below that. whilst combofix scanning an avast warning came up saying a trojan horse had been found and saying the following malware name - win32:Patched-IT [Trj] file name - C:\WINNT\system32\svchost.exe if i clicked the delete button the warning dialogue box just popped up again and again so in order ot proceed i had to click "no action" and delete on reboot. another thing was that combofix popped up several boxes toward end of scan saying i chose not to restore original windows files do i want to keep these non original