Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingmsn.com process trying to access the internet
ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

#20511 28-Mar-2008 19:42
Send private message

Hi All,

I've had a scare with an msn virus and just want to check something.  I've installed Zonealarm just so I can see what's trying to access the internet.  msn.com is a process listed in task manager which is trying to access the internet.  I've never seen this process before.  Especially odd as I had uninstalled msn live when this was coming up.

Anything to be worried about?




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

Create new topic
ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #119743 30-Mar-2008 20:53
Send private message

Anyone?




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."



freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#119764 30-Mar-2008 22:05
Send private message

Can you find msn.com and check properties to see what's the signature for this file?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

manhinli
2483 posts

Uber Geek
+1 received by user: 4

Trusted

  #119776 30-Mar-2008 22:29
Send private message

Could be some kind of Trojan, never heard of "msn.com" before.

If "msn.com" is running as a process, Spybot S&D could come in handy as the Process List under the Advanced / Tools section lists what network ports it uses, what IP it's connected to, where the program is situated, and other program information like author and description.




Find me on Twitter!

I posted 1, 2 x 10^3 times!



ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #119777 30-Mar-2008 22:32
Send private message

Well, I did a search of windows for msn.com and got the following

a html file in my documents and settings (favourites) pointing to: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
and a file called msn.com-3785A040.pf  under windows/prefetch

I would expect my default browser to be accessing the internet, not an html documents.  My browser of choice is also Firefox and msn.com tries to access the internet when I don't have a browser open... or am I on a wild goose chase here? :)

I've deleted the above files for now to see if it makes any difference (msn.com trying to access the internet)




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #119780 30-Mar-2008 22:35
Send private message

Nope.. Still seeing it trying to access the internet.
Only programmes open are live messenger, firefox (open on geekzone) and thunderbird).

Here's what zonealarm is telling me...

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #119781 30-Mar-2008 22:39
Send private message

manhinli: Could be some kind of Trojan, never heard of "msn.com" before.

If "msn.com" is running as a process, Spybot S&D could come in handy as the Process List under the Advanced / Tools section lists what network ports it uses, what IP it's connected to, where the program is situated, and other program information like author and description.



  MD5: 403D87C7F9940A1532EE10E8B2247AD8
PID: 3648 (2464) C:\WINDOWS\msn.com
 size: 38400

Though there is no file in C:\WINDOWS called this...




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
manhinli
2483 posts

Uber Geek
+1 received by user: 4

Trusted

  #119782 30-Mar-2008 22:40
Send private message

A quick Google on the IP: 72.167.82.11 turned out to be a US company called GoDaddy.com, Inc.

Hmm...

ZoneAlarm says it is a program, so could you check out the process in Task Manager (or even better a Process List like Spybot and track down where it mysteriously comes from?)




Find me on Twitter!

I posted 1, 2 x 10^3 times!

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #119783 30-Mar-2008 22:46
Send private message

Well its sitting in task manager... but not sure what else task manager can tell me.

using 3,460K of ram..  its not to do with messenger because I've just shut that down and it's still present in the list.




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

manhinli
2483 posts

Uber Geek
+1 received by user: 4

Trusted

  #119785 30-Mar-2008 22:48
Send private message

Have you enabled the View Hidden Files option? (Though I doubt it... Laughing)

The best way I think to view files is to use CMD.exe... and use DIR (use dir /p for a page by page view, instead of a whole long list)



Hmm... scanned with Spybot yet?




Find me on Twitter!

I posted 1, 2 x 10^3 times!

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #119789 30-Mar-2008 23:19
Send private message

Yep. did a scan and it found virtumonde... and other cookies.

Did a reboot and a re-scan... virtumonde not showing now.. but still getting msn.com wanting net access..

This time to IP 168.215.74.5

Tracing route to dc1-c17-fc-netflame-cc.digitalriver.com [168.215.74.5]

Odd.. very odd.. I'm nearly at the point where I'm thinking of formatting and reinstalling!




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

tknz
182 posts

Master Geek
+1 received by user: 7


  #121036 4-Apr-2008 12:43
Send private message

THIS IS A VIRUS! and it is EXTREMELY annoying to get rid of, we have disable numerous accounts from the network of a client that we manage until onsite engineers have removed it from the PC's




------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Any views and ideas that I have expressed in my comments are my own, and do not represent my place of work.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#121038 4-Apr-2008 12:47
Send private message

Perhaps you could then share with the others what software finds and removes it?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

tknz
182 posts

Master Geek
+1 received by user: 7


  #121053 4-Apr-2008 13:25
Send private message

we submitted it to mcafee they had a dat for us in a copule of hours, i will copy threat log below of my personal machine - its been rather infectious, even today I have had stuff come up, you need to delete most by using command prompt on startup I just wrote a batch file to do it and ran the batch. - but all the files below originate from it. The thing you must take particular interest is the "newly created files" the virus it appears binds with lsass, and explorer, (you might notice explorer crashing from time to time) most of it is spyware. Definitions should arrive soon.

Time Module Object Name Threat Action User Information
4/04/2008 12:14:07 p.m. AMON file C:\WINDOWS\SYSTEM32\FRPFGHAT.DLL Win32/BHO.NCC trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:34:05 p.m. AMON file C:\WINDOWS\SYSTEM32\THVDOGNX.DLL Win32/BHO.NDF trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:33:33 p.m. AMON file C:\WINDOWS\SYSTEM32\MJQIGVNC.DLL Win32/BHO.NDF trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:33:29 p.m. AMON file C:\WINDOWS\SYSTEM32\OFELCJDY.DLL Win32/BHO.NDF trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:28:36 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) Event occurred at an attempt to access the file by the application: C:\Windows\Explorer.EXE.
2/04/2008 17:28:34 p.m. AMON file C:\WINDOWS\SYSTEM32\DMQDKWJL.DLL Win32/BHO.NDF trojan deleted Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:28:18 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:28:04 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:37 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:26 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:25 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:24 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:23 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:22 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:21 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:19 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:18 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:17 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:47 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:46 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:45 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:44 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:42 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:41 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:40 p.m. AMON file C:\WINDOWS\SYSTEM32\DMQDKWJL.DLL Win32/BHO.NDF trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:24:40 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:16 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:55 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:50 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:44 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:34 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application deleted (after the next restart) Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\ISB Utility\ISBMgr.exe.
2/04/2008 17:23:29 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:25 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:21 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:11 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:06 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:04 p.m. Kernel file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application Alert was generated during the system startup file check.
2/04/2008 17:23:01 p.m. Kernel file c:\windows\system32\urqngawx.dll Win32/Adware.Virtumonde.FP application Alert was generated during the system startup file check.
2/04/2008 17:23:01 p.m. Kernel file c:\windows\system32\dmqdkwjl.dll Win32/BHO.NDF trojan Alert was generated during the system startup file check.
2/04/2008 17:22:45 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\ISB Utility\ISBMgr.exe.
2/04/2008 17:22:44 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:43 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:42 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:40 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:39 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:36 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:36 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:36 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:36 p.m. Kernel file c:\windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Alert was generated during the system startup file check.
2/04/2008 17:22:35 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:35 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:35 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:33 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:30 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:29 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:29 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:28 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:28 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:27 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
1/04/2008 22:14:40 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\lvrtwvtc.dll Win32/TrojanDownloader.Agent.NWY trojan deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe.
1/04/2008 22:14:39 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAT4Q6W5\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe.
1/04/2008 10:36:20 a.m. Kernel file C:\Windows\explorer.exe quarantined
1/04/2008 10:34:24 a.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\csthtxqv.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
1/04/2008 10:34:20 a.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 22:10:14 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\cllxhmxe.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 22:10:08 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[2] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 21:23:28 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\brkpfsdc.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 21:23:21 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
30/03/2008 20:17:49 p.m. AMON file C:\Users\Tui Kapo\Downloads\Setup Files\IMG00231.JPG-live.messenger.com Win32/IRCBot.AEG trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe.
30/03/2008 19:26:54 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\gvifpfss.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\EXPLORER.exe. The file was moved to quarantine. You may close this window.
30/03/2008 19:26:52 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71GBS32N\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\EXPLORER.exe. The file was moved to quarantine. You may close this window.
30/03/2008 15:03:47 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\sxflrmbh.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\Explorer.EXE. The file was moved to quarantine. You may close this window.
30/03/2008 15:03:42 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\Explorer.EXE. The file was moved to quarantine. You may close this window.
29/03/2008 13:41:38 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71GBS32N\css4[1] Win32/Adware.Virtumonde application quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
29/03/2008 13:41:38 p.m. AMON file C:\Windows\system32\byXPIbax.dll Win32/Adware.Virtumonde application quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
28/03/2008 12:10:27 p.m. AMON file C:\WINDOWS\MSN.COM Win32/IRCBot.AEG trojan deleted Tui-Laptop6\Tui Kapo Event occurred when attempting to access the file.
28/03/2008 0:09:04 a.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\removalfile.bat Win32/Adware.Virtumonde application quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a newly created file. The file was moved to quarantine. You may close this window.




------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Any views and ideas that I have expressed in my comments are my own, and do not represent my place of work.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified
Trusted

  #121063 4-Apr-2008 13:49
Send private message

I fixed it on a temp basis by installing a firewall so it couldnt access the net.
Anyhow, my PC fault reared its ugly head again and corrupted windows so I had to reinstall windows again
(Third time in as many months).  PC then died again so its off back to ascent for diagnosis.

Dont believe the msn.com and the disk corruption issue are related.  Just a coincidence as the windows
corruption has been ongoing for the last couple of months.

Cheers,
Grant




 

 

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

 

As per the usual std disclaimer.. "All thoughts typed here are my own."

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright