cant delete virus ntsrv.exe!! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 06-14-2005, 11:19 PM   #1 (permalink)
Monster Techie
 
Join Date: Apr 2005
Posts: 1,909
Send a message via AIM to jcortes
Default cant delete virus ntsrv.exe!!

i got a virus the other day and the way i know it is a virus is because when i start my it starts a process called ntsrv.exe and i kno it is eather a virus or spyware because i googled it and it said it was on 4 different sites. once i found that out i ran my ad-aware and zonealarm antivirus and it showed nothing and the proccess continued to run. i then tried to manually find it by searching for the filename and no luck there eather. i just need to stop this thing!!

any help would be great
__________________

__________________

AIM = jcortestechhelp
jcortes is offline  
Old 06-14-2005, 11:38 PM   #2 (permalink)
Member (again)
 
macdude425's Avatar
 
Join Date: Jan 2005
Location: Raul's Wild Kingdom...How 'bout that, huh?
Posts: 4,202
Send a message via AIM to macdude425 Send a message via Yahoo to macdude425
Default

Have you done all of this in Safe Mode?
__________________

__________________



Debian Support Forums!
macdude425 is offline  
Old 06-14-2005, 11:40 PM   #3 (permalink)
Monster Techie
 
Join Date: Apr 2005
Posts: 1,909
Send a message via AIM to jcortes
Default

no being in safemode wont make a difference it isnt even finding the file so i can delete it
__________________

AIM = jcortestechhelp
jcortes is offline  
Old 06-15-2005, 12:00 AM   #4 (permalink)
Ultra Techie
 
Join Date: May 2005
Location: Townsville, QLD
Posts: 670
Default

Spybot search and distroy should get the little SOB get the 1.3.1TX version please!
__________________
Linux Distro chooser

[
jakec is offline  
Old 06-15-2005, 12:13 AM   #5 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

SERVU-O TROJAN

did you turn the disable services first before deleting it

i believe this comes with services

but i would need to see a hjt log first to make sure

Please do this. Click here to download Hijack This. Save it to it’s own folder (not temporary files or the desktop). Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise

Lobos
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 06-15-2005, 04:52 AM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Quote:
Originally posted by jakec
Spybot search and distroy should get the little SOB get the 1.3.1TX version please!
No, version 1.4 RC-2
__________________
Osiris is offline  
Old 06-15-2005, 10:22 AM   #7 (permalink)
Monster Techie
 
Join Date: Apr 2005
Posts: 1,909
Send a message via AIM to jcortes
Default

ok i downloaded hijackthis and did a scan. the log is attached to this post.
Attached Files
File Type: txt scanlog.txt (4.8 KB, 33 views)
__________________

AIM = jcortestechhelp
jcortes is offline  
Old 06-15-2005, 02:39 PM   #8 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

Post it like this or copy and paste the text
__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 06-15-2005, 04:09 PM   #9 (permalink)
Monster Techie
 
Join Date: Apr 2005
Posts: 1,909
Send a message via AIM to jcortes
Default

it doesnt fit all of it
__________________

AIM = jcortestechhelp
jcortes is offline  
Old 06-15-2005, 07:44 PM   #10 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

here you go

Logfile of HijackThis v1.99.1
Scan saved at 7:17:19 AM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\system\driver\csrss.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jonathan_2\My Documents\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________

__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:39 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.