|
|
 |
|
|
Pages: 1
Proxy Server Help Needed
(Click here to view the original thread with full colors/images)
Posted by: Operative47
Hello!
I got a couple of virus's yesterday which AVG Free Edition found and fixed them I think, but now everytime I connect to the interent with firefox it does so throught a proxy server which really slows me down. However When I go to the connection settings in firefox and change it back to "Direct connection to the Internet" my connection boosts in speed, but whenever I close firefox the proxy setting resets itself which is a real pain in the ass. I don't know if I still have the virus or if its just the remains of the ones I got? I couldn't find any info about the Trojan horse PSW.Generic2.A0K virus I had so I dont know if it's whats causing the problem and the Trojan horse Generic.QRX says nothing about changing my connection settings. So what going on and how do I fix the problem?
SPECS:
- Windows XP Home Edtion
- Firefox version 1.5.0.4
- AVG Free Edtion, version 7.1.0.381, Program version 7.1.394, virus base 268.9.9/382
- HijackThis verion 1.99.1
- Ad-Aware SE plus Build 1.06.r1
http://img429.imageshack.us/img429/9588/hjtbacup6dj.jpg
http://img473.imageshack.us/img473/6784/virus25fa.jpg
http://img127.imageshack.us/img127/118/proxy9qb.jpg
Posted by: kestrel1
On looking at the IP address for the proxy server through IE7, I get a warning about this possibly being a phishing site, so it looks like bad news.
Have you run 'msconfig' & ensured that nothing is running that shouldn't be.
Can you post a hijackthis log? it may help.
Posted by: Operative47
Ty for replying, I thought no one would answer. Here is my highjackthis log, and I'm not quite sure what should be running in msconfig startup or how to produce the list.
Logfile of HijackThis v1.99.1
Scan saved at 2:59:06 PM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ghostrecon.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.ca");
(C:\Documents and Settings\user\Application
Data\Mozilla\Profiles\default\hwmvzdjf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents
and Settings\user\Application
Data\Mozilla\Profiles\default\hwmvzdjf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper
Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program
Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
https://dthresam.dthr.ab.ca/dthrra/...ca32/ica32t.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ubisoft.com/dev/p...s/GSManager.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for
MetaFrame) - https://dthresam.dthr.ab.ca/dthrra/...en/CSGProxy.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper
Corporation\Diskeeper\DkService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Posted by: kestrel1
Do you use Citrix to logon to a remote network? there are a few entries relating to Citrix. If you use Citrix this should be normal.
Are you able to post the list of programs that are running at startup from the 'msconfig' list?
There may be something in there that is causing a problem.
Posted by: Operative47
I don't use Citrix and here is a list of the programs
http://img406.imageshack.us/img406/6136/untitled0gv.jpg
Posted by: kestrel1
If you don't use Citrix, I am a little concerned that there are the following two entries in your Hijackthis log:
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
https://dthresam.dthr.ab.ca/dthrra/...ca32/ica32t.exe
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for
MetaFrame) - https://dthresam.dthr.ab.ca/dthrra/...en/CSGProxy.cab
These both relate to Citrix Metaframe. However if you try to visit the links, neither file exists. However if you just go to the domain name: https://dthresam.dthr.ab.ca you are presented with a login screen. These may just be leftovers from something installed at some stage. If you do not recognise the above domain name I would be inclined to let Hijackthis delete the entries.
I cannot see anything to be concerned about in your system config list.
Have you installed Spybot S&D. This may pick up things that AdAware may have missed.
Try running CWShredder:
http://www.softpedia.com/get/Intern...WShredder.shtml
This may also find things.
Post back when you have tried the above.
|
|
|
|
|
