Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows 2000 > RWinSocket: ttg.exe App. Error

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

RWinSocket: ttg.exe App. Error

Reply to Message Icon

Name: Wale A.
Date: October 7, 2003 at 19:32:51 Pacific
OS: Windows 2000 Professional
CPU/Ram: Celeron/256
Comment:

Everytime i shutdown my computer i get this error message: "RWinSocket: ttg.exe Application Error. Something also about memory referenced at some location - do you wish to terminate program". A very strange one indeed, and its getting pretty annoying. One thing i did realize though is that this message only started after i installed Visual C++ on my computer. So if anyone knows if something should be disabled or if something should be taken off, plz HELP!!



Sponsored Link
Ads by Google

Response Number 1
Name: Tom41
Date: October 8, 2003 at 02:34:26 Pacific
Reply:

Have you run an updated virus scan? It's possible that you have a Backdoor.Sumtax infection.
Go here and run an online virus scan:
RAV

If anything is found, copy the report and paste it in a reply along with a HijackThis log.

Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.

HijackThis!


0

Response Number 2
Name: Wale A
Date: October 8, 2003 at 15:38:29 Pacific
Reply:

THIS IS THE REPORT:
File: C:\Documents and Settings\Wale Anifowoshe\.jpi_cache\file\1.0\VerifierBug.class-6bd7446e-59c90187.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Wale Anifowoshe\Local Settings\Temp\Joi20.tmp
Virus: Win32/HLLP.Hantaner Status: Infected

File: C:\Documents and Settings\Wale Anifowoshe\Local Settings\Temp\Joi22.tmp
Virus: Win32/HLLP.Hantaner Status: Infected

File: C:\WINNT\system32\security\bin\abc2.dll
Virus: Backdoor:IRC/Cloner.O* Status: Infected

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->abc2.dll
Virus: Backdoor:IRC/Cloner.O* Status: Infected

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->secure.exe
Virus: Trojan:Win32/DelShare Status: Infected

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->setup.exe
Virus: Backdoor:Win32/Iroffer Status: Infected

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->syscfg32.exe->(FSGPE)
Virus: Backdoor:Win32/WinShell.5_0 Status: Infected

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->script1.ini
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->script2.ini
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->winnnt.exe
Virus: Win32/HLLW.SpyBot Status: Infected

File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->script.ini
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\security\bin\script.ini
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\security\bin\script1.ini
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\security\bin\script2.ini
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\security\bin\secure.exe
Virus: Trojan:Win32/DelShare Status: Infected

File: C:\WINNT\system32\security\bin\setup.exe
Virus: Backdoor:Win32/Iroffer Status: Infected

File: C:\WINNT\system32\security\bin\syscfg32.exe->(FSGPE)
Virus: Backdoor:Win32/WinShell.5_0 Status: Infected

File: C:\WINNT\system32\security\bin\winnnt.exe
Virus: Win32/HLLW.SpyBot Status: Infected

HERE IS THE HIJACK THIS:
Logfile of HijackThis v1.97.2
Scan saved at 6:35:20 PM, on 10/8/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\sistray.exe
C:\WINNT\System32\khooker.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\secure.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\mdll.exe
C:\winnt\system32\security\bin\secure.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\xscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\WALEAN~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldusa.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Winsock2] WINNNT.exe
O4 - HKLM\..\Run: [rundll134] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe
O4 - HKLM\..\Run: [rundll569] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\secure.exe C:\WINNT\SYSTEM32\SECURITY\BIN\X
O4 - HKLM\..\Run: [rundll777] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\mdll.exe
O4 - HKLM\..\Run: [rundll946] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\secure.bat
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Reboot.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.04.03&http://www.tagheuer.com/multimedia/3d_list.lbl
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37845.5480092593
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


0

Response Number 3
Name: Tom41
Date: October 8, 2003 at 16:15:53 Pacific
Reply:

Go here and download and run Process Explorer and end task (kill) on the following:

C:\WINNT\SYSTEM32\SECURITY\BIN\secure.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\mdll.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\xscan.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\secure.bat
C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe
C:\WINNT\SYSTEM32\SECURITY\BIN\X
WINNNT.EXE

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Then run HijackThis again and check the following items and click 'fix checked'.
After fixing, reboot to safe mode.

O4 - HKLM\..\Run: [Winsock2] WINNNT.exe
O4 - HKLM\..\Run: [rundll134] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe
O4 - HKLM\..\Run: [rundll569] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\secure.exe C:\WINNT\SYSTEM32\SECURITY\BIN\X
O4 - HKLM\..\Run: [rundll777] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\mdll.exe
O4 - HKLM\..\Run: [rundll946] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\secure.bat

Once in safe mode, delete all files listed in the Rav report.



0

Response Number 4
Name: Wale A
Date: October 8, 2003 at 19:52:52 Pacific
Reply:

Thanx a lot for the help, i did it all & for now everything seems to be working great.

thanx again!


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows 2000 Forum Home


Sponsored links
Ads by Google


Results for: RWinSocket: ttg.exe App. Error
Winword.exe - Application error www.computing.net/answers/windows-2000/winwordexe-application-error/46252.html

svhost.exe-Application error www.computing.net/answers/windows-2000/svhostexeapplication-error/50604.html

PIP.EXE application error www.computing.net/answers/windows-2000/pipexe-application-error/45233.html