Psychotic Hacker in My System

Computing.Net > Forums > Windows XP > Psychotic Hacker in My System

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Psychotic Hacker in My System

Name: Bubba
Date: August 12, 2003 at 01:51:36 Pacific
OS: Windows XP Home Edition
CPU/Ram: 2.0Ghz/512Mb

Comment:

I just downloaded the Windows XP RPC security patch (32-bit edition; wasn't sure which one to get), and installed it on my machine. The sudden shutdowns seem to have stopped, but the hacker is still remotely logging on to my system, and by the looks of the temporary popups, trying to run some programs or something (I think one of them was telnet or an msdos double window looking thing; it appeared for only a half-second). I still can't use task manager, regedit, or msconfig. How else can I take care of the hacker and/or virus?

Sponsored Link

Ads by Google

Response Number 1

Name: Tom41
Date: August 12, 2003 at 01:58:36 Pacific

Reply:

It sounds like you have a W32.Spybot.worm infection as well.
Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!

Response Number 2

Name: Bubba
Date: August 12, 2003 at 02:25:37 Pacific

Reply:

Logfile of HijackThis v1.96.0
Scan saved at 3:22:53 AM, on 8/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\explorer32.exe
C:\WINDOWS\System32\QARMUIT.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\cmd.exe
c:\windows\system32\net.exe
c:\windows\system32\net1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\FixBlast.exe
C:\Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uschess.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SysExplore] C:\WINDOWS\System32\explorer32.exe
O4 - HKLM\..\Run: [windows sockets start up 32] QARMUIT.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: webdav.exe
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/patch/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8EF9120-2127-4407-8900-3EFCEF85D28F}: NameServer = 205.171.3.65 205.171.16.251

Response Number 3

Name: Bubba
Date: August 12, 2003 at 02:50:47 Pacific

Reply:

Can someone tell me what would happen if I deleted some of these allegedly corrupted files?

Response Number 4

Name: Bubba
Date: August 12, 2003 at 02:53:52 Pacific

Reply:

Me again. I'm curious...can I get the hacker in trouble by submitting information like this to msn?
The user BRT8890678@msn.net successfully established a connection to MSN Explorer using the device COM3.
I got that one from the event log.

Response Number 5

Name: Tom41
Date: August 12, 2003 at 03:17:28 Pacific

Reply:

Boot into safe mode and run HT. Check the following and click fix checked.
O4 - HKLM\..\Run: [SysExplore] C:\WINDOWS\System32\explorer32.exe
O4 - HKLM\..\Run: [windows sockets start up 32] QARMUIT.exe
O4 - Global Startup: webdav.exe
Delete:
explorer32.exe
QARMUIT.EXE
webdav.exe
Reboot to Windows and run an online scan. copy the report and paste it in a reply along with a fresh HT log.
RAV

the epson lx 300 11 printer connected to my system is not printing in dos m net1.exe mmc.exe mmc.exe virus sudden shutdown msn6.exe windows sockets initialization failed regedit msdos mmc.exe download .net exe packer	sudden shutdown rate my system sudden shutdowns system32/net.net net.exe net1.exe net1.exe net1.exe 0xc0000142 backweb-887648 net1.exe system32 net.net virus
See More

Sponsored Link

Ads by Google

svchost crash & blast...

embedded wav files

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: Psychotic Hacker in My System

hackers in my computer!!!!!!!!!

Summary

www.computing.net/answers/windows-xp/hackers-in-my-computer/15347.html

EXE file not running in my system

Summary

www.computing.net/answers/windows-xp/exe-file-not-running-in-my-system/153489.html

my system is not starting

Summary

www.computing.net/answers/windows-xp/my-system-is-not-starting-/144815.html

From the Geek Dictionary
iPhone - The smart phone that saved us all as well as the bottom line of both Apple ...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Desktop bigger than the screen

EXE files opening in IE 7 in Vista 64bit

video card

my video ram reduced

how to add text to PDF text file.

All Awaiting Reply

Tom's News
Google Launches Free Public DNS Service

UK Street May Be Named After Lara Croft

Universal to Release Blu-ray/DVD Combo Disc

Orangutan Takes Pics, Shares via Facebook

Man Suffocates Baby Over Gaming Marathon

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE