bandolin opened this issue on Feb 21, 2005 ยท 54 posts
bandolin posted Mon, 21 February 2005 at 9:57 AM
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>
draculaz posted Mon, 21 February 2005 at 10:51 AM
hmmm... looks like a windows media player 10 spoof. go to start: run: and type msconfig and click on the startup tab. make a screenshot of that and post it. drac (what happens if you select the country and click go?)
drawbridgep posted Mon, 21 February 2005 at 10:53 AM
Is it an autodialler? I had one on my laptop that would try and dial out overy so often. Norton, Zonealarm, pest patrol and spysweeper couldn't find and remove it.
bandolin posted Mon, 21 February 2005 at 11:17 AM
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>bandolin posted Mon, 21 February 2005 at 11:19 AM
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>
Ardiva posted Mon, 21 February 2005 at 11:20 AM
bandolin posted Mon, 21 February 2005 at 11:20 AM
Here's No. 3. You know, it has always annoyed me that the text comes after the attachment. It should come first, no?
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>bandolin posted Mon, 21 February 2005 at 11:21 AM
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>
LordOfAcid posted Mon, 21 February 2005 at 11:22 AM
its an autodialer, you need to do a search for it and delete all files belonging to it. check in my computer/dialup networking for the main dialup file. Another thing you could try is running spybot, don't scan your system just have spybot open, reboot your computer and let spybot do a scan on boot up. sometimes you'll find it is the only way spybot can remove a dialer like that. drac if you select your country and click on go you will dial up an international XXX site which could cost heaps for the phone call.
bandolin posted Mon, 21 February 2005 at 11:24 AM
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>bandolin posted Mon, 21 February 2005 at 11:26 AM
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>draculaz posted Mon, 21 February 2005 at 11:26 AM
Attached Link: http://forums.techguy.org/archive/t-327616.html
I found newpop63.exe to be spyware. and yes, downloading spybot search and destroy would help. but check the link, find and download HijackThis, and do google searches for all the things in the startup list that you don't know about. it will tell you in most cases whether they're safe or not. drac
LordOfAcid posted Mon, 21 February 2005 at 11:27 AM
badolin, this may sound like a stupid question but i have to ask it. have you got any folders with porn sites in your favourates. something that appeared since you have had that dialer on your system.
bandolin posted Mon, 21 February 2005 at 11:28 AM
Ok LordOfAcid, how do I search for something I haven't got a name for? Please forgive me, I'm a PC newbie.
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>bandolin posted Mon, 21 February 2005 at 11:31 AM
I got news for you Drac, I don't know anything thats running in that msconfig window.
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>LordOfAcid posted Mon, 21 February 2005 at 11:33 AM
badolin, first place you need to check is in my computer/ dialup networking. if it isn't in there then some how we need to figure out its name. most times it is something like Ezula.exe I frigging hope it isn't that one
electroglyph posted Mon, 21 February 2005 at 11:33 AM
I'm assuming this is XP. Have you run update and SR2 yet? If you have open ports then the junk can be pushed onto your machine from another infected computer that found your IP.
bandolin posted Mon, 21 February 2005 at 11:36 AM
@LordOfAcid: I checked my favourites and I see no porn stuff.
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>draculaz posted Mon, 21 February 2005 at 11:36 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.html winole.exe is also spyware http://www.cybertechhelp.com/forums/archive/index.php/t-64168.html rspc seems to be a virus, the site contains fix jah.exe http://computercops.biz/postp461684.html ap9h4qmo http://www.superadblocker.com/spywaredisplay.html?id=1975 wsxsvc.exe http://www.liutilities.com/products/wintaskspro/processlibrary/wsxsvc/ don't know what euolwu is, but it shows up waaaay too many times. and there's no info for it on the net o_O but yeah. the threads should take you to the respective fixes, i'd suggest going into safe mode when applying patches/fixes, etc.
draculaz posted Mon, 21 February 2005 at 11:38 AM
oh, and uncheck that empty startup item. the one saying nothing. it's dodgy
Rochr posted Mon, 21 February 2005 at 11:43 AM
Attached Link: http://www.google.se/search?hl=sv&q=winole.exe&meta=
Damn man, you have a LOT in the startup. :) You may also want to check the "Autostart" folder and erase everything in it. ATT!!! The file "Winole.exe" looks like a Trojan and should be removed ASAP! Try the link, and check out the symantecURL to see how to remove it. OR, immidiately go to http://housecall.antivirus.com/housecall/start_frame.asp , and do a complete scan of your system.Rudolf Herczog
Digital Artist
www.rochr.com
Rochr posted Mon, 21 February 2005 at 11:44 AM
Damnit, Drac beat me to it... :)
Rudolf Herczog
Digital Artist
www.rochr.com
LordOfAcid posted Mon, 21 February 2005 at 11:47 AM
bandolin go to windowseuolwu and right click on it then click on properties. see if you can find out what it is or belongs to. check the date it was installed on your system, if you find it was before the dialer appeared then don't worry about it, if it was installed around the same time you found that dialler then untick it in the msconfig startup menu and give your computer a reboot and see if the dialler is gone. This is hard, i find it easier sitting at the computer to solve these little problems :)
bandolin posted Mon, 21 February 2005 at 11:47 AM
Dialup Networking? Is that in the control panels. Drac, you're scaring me. I thought I had protection out the ying yang before I even turned on my modem. And your telling I've been infected with all this stuff? How's that possible? I never have this kind of problems on my Mac. :-(
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>LordOfAcid posted Mon, 21 February 2005 at 11:51 AM
oh hang on you're on xp...ok xp user needed here....where is dialup networking on that system.
pakled posted Mon, 21 February 2005 at 11:51 AM
I don't know if XP has a processes tab (usually in the Task Manager, in Win 2k and NT), but you might also check that out. There's a site out there, don't remember the name, but it's either PC Cops or Computer Cops, that do a lot of good work, they use 'hijack this' (great program, but be careful what it asks you to delete; I lost my network card for a few minutes..;) and other programs. Good luck, and watch out for that junk on the internet..good luck.
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
LordOfAcid posted Mon, 21 February 2005 at 11:54 AM
badolin i run two firwalls, two anti-virus programs, 4 programs that scan for spyware/adware and malware(one you never want to get) on my computer. once ever week i get a virus or trojan/spyware. you can never be fully protected unless you stay off the intenet.
bandolin posted Mon, 21 February 2005 at 11:55 AM
You guys are giving me great help, but there are so many suggestions I'm getting dizzy. I don't know where to start. Damn man, you have a LOT in the startup. I'm new to XP, I thought that was normal. Right now I'm trying housecall.antivirus....
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>bandolin posted Mon, 21 February 2005 at 12:00 PM
You guys are giving me great help, but there are so many suggestions I'm getting dizzy. I don't know where to start. Damn man, you have a LOT in the startup. I'm new to XP, I thought that was normal. Right now I'm trying housecall.antivirus.... Ok, housecall ain't working. My machine is freezing up. Going for a restart, be back soon
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>Rochr posted Mon, 21 February 2005 at 12:02 PM
Alt+Ctrl+Delete brings up the processes tab. Housecall should be able to find at least some stuff to remove/fix, but then do like Drac said in post #12, do a google search for the processes and see what theyre good for. Keep in there Bandolin, you eventually will get the hang of it, and it wont be this troublesome.
Rudolf Herczog
Digital Artist
www.rochr.com
Rochr posted Mon, 21 February 2005 at 12:07 PM
Rudolf Herczog
Digital Artist
www.rochr.com
LordOfAcid posted Mon, 21 February 2005 at 12:08 PM
i can still remember the first virus i had on my poor little 486 dx266 it nearly killed me from shock. it was the CIH(Chernobyl) virus. i was even running an anti-virus program back then and that still didn't protect me against it.
draculaz posted Mon, 21 February 2005 at 12:10 PM
Erlik posted Mon, 21 February 2005 at 12:23 PM
The first thing you should kill is that msmsgs.exe. That's Windows Messenger. A hole in the head, that one. Servic.exe also looks verra suspicious cause it mimics services.exe and is not that. Yup. A worm. Kill. Winstat is a Trojan component. Kill. javavm is a part of mydoom virus. And there I thought why the hell you need to run Java Virtual Machine. adstatserv is a browser hijacker and might serve that pop up window. euolwu seems to be something completely new. It might not harmful, but I'd kill it just on principle. :-)= check other for suspicious names: http://www.liutilities.com/products/wintaskspro/processlibrary/ jusched is Java update scheduler. Kill, won't feel a thing. ctfmon, too. And open a folder in _windows Explorer, go to Tools -> View. Uncheck "Hide extensions for known file types". F&%$#$%"%&&(()()=? Microsoft and their dumb default decisions. Housecall might not run because a virus prevents it. Some viruses prevent the installation of antivirus programs, firewalls, and so on. Start Spybot's Teatimer after you clean the computer. It will usually prevent scum settling down in Registry. Download updates regularly. Run cleaning programs. Do not use Internet Explorer. Do not use Internet Explorer. Do not use...
-- erlik
Ardiva posted Mon, 21 February 2005 at 12:46 PM
Attached Link: http://www.mozilla.org/products/firefox/
Heed Erlik's advise on not using IE. I use Firefox and love it! Has prevented so many problems. :) http://www.mozilla.org/products/firefox/
GROINGRINDER posted Mon, 21 February 2005 at 12:49 PM
Where is the Spybot S and D Teatimer? I can find no way to get it to scan on startup. It must be started by manually hitting the scan button.
Ang25 posted Mon, 21 February 2005 at 12:52 PM
Rochr posted Mon, 21 February 2005 at 12:54 PM
Rudolf Herczog
Digital Artist
www.rochr.com
Erlik posted Mon, 21 February 2005 at 1:15 PM
-- erlik
GROINGRINDER posted Mon, 21 February 2005 at 2:16 PM
Erlik posted Mon, 21 February 2005 at 4:59 PM
There's no other version except the free one. First, download the new version: http://www.safer-networking.org/en/download/index.html Then find the advanced options. Or you can wait till tomorrow morning, my time, when I get to work. :-/ (It's midnight now.) And that screenshot of Rudy's is okay now. Go figure.
-- erlik
Rochr posted Mon, 21 February 2005 at 5:09 PM
Huh?
Rudolf Herczog
Digital Artist
www.rochr.com
pauljs75 posted Mon, 21 February 2005 at 5:43 PM
Attached Link: http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
Your friendly neighborhood Wings3D nut.
Also feel free to browse my freebies at ShareCG.
There might be something worth downloading.
gregsin posted Mon, 21 February 2005 at 7:30 PM
Attached Link: http://www.sysinfo.org/startupinfo.html
here;s a link to tell you about your startup programs, comes in handy once in awhile.
Wadus posted Mon, 21 February 2005 at 7:40 PM
Attached Link: http://www.answersthatwork.com/
You guys sure have a bunch of apps running in the background. Here is my msconfig screenie...
Quest posted Mon, 21 February 2005 at 9:28 PM
First, go to the Tech Support Guys web site and register (free registration) You must be registered to post.
Then go to the Spychecker site and download HijackThis ver. 1.99 (207kb).
Run HijackThis and save log to disk.
Then go back to Tech Support Guys and select the forum that represents your OS and create a post that best describes your problem and copy and paste your HijackThis log. Your log will be dissected by the tech people there and they will offer the best remedies and tips to your particular problem. They will tell you, not to remove anything until theyve had a chance to see the log. They are excellent!
matrixmode posted Tue, 22 February 2005 at 3:20 AM
These two sites have been very helpful to me. http://www.blackviper.com http://www.pcpitstop.com
"Simplicity is the ultimate sophistication." Leonardo da Vinci
bandolin posted Tue, 22 February 2005 at 8:25 AM
I don't know if anyone is still watching this thread, but I'm back on my Mac now. My PC has died. I'm currently in the process of finding out what all the processes are that are running on my machine.
<strong>bandolin</strong><br />
[Former 3DS Max forum coordinator]<br />
<br />
<a href="http://www.renderosity.com/homepage.php">Homepage</a> ||
<a href="http://www.renderosity.com/mod/sitemail/">SiteMail</a> ||
<a href="http://excalibur.renderosity.com/mod/gallery/browse.php?user_id=70375">
Gallery</a> || <a href="http://www.renderosity.com/mod/freestuff/index.php?username=bandolin">
Freestuff</a>
<p><em>Caution: just a hobbyist</em></p>Rochr posted Tue, 22 February 2005 at 9:38 AM
I would actually suggest formatting the disk and start with a clean install. That way, you can add the applications you want one by one and simultaneously remove anything unnesessary from startup and autostart. And make the internet the final step, once an antivirus and/or firewall is installed. Any PC stuff, drives/updates needed, can be dowloaded with the Mac and burnt on a CD.
Rudolf Herczog
Digital Artist
www.rochr.com
Gog posted Tue, 22 February 2005 at 10:26 AM
Did everyone notice the announcement on the address spoofing issue with firefox and opera (possibly Galleon too), only a minor security outage but one to be aware of.
----------
Toolset: Blender, GIMP, Indigo Render, LuxRender, TopMod, Knotplot, Ivy Gen, Plant Studio.
Ardiva posted Tue, 22 February 2005 at 10:27 AM
Gog posted Tue, 22 February 2005 at 10:34 AM
Attached Link: http://www.theregister.co.uk/2005/02/07/browsers_idn_spoofing/
I saw it here!, but a mail came round work too.Message edited on: 02/22/2005 10:35
----------
Toolset: Blender, GIMP, Indigo Render, LuxRender, TopMod, Knotplot, Ivy Gen, Plant Studio.
Erlik posted Tue, 22 February 2005 at 11:16 AM
Opera 8 beta seems to have that covered. :-)
-- erlik
pakled posted Tue, 22 February 2005 at 11:43 AM
thanks, hadn't checked up on the BOFH in awhile..;) good to know..at least we know Mozilla will be working on it faster that IEEE!!
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)