Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Broken links time and again
Register for a Free Account

[Fixed] Hijackthis! Logs - Broken links time and again posted in the Security & Safety forums; I have saved a text log of my Norton Internet Security history. Would it be relevant to post the entire log here? I would proceed with the instructions as followed ...

Advertisement
Advertisement

Reply
Scan your PC for Errors
Page 2 of 3 1 2 3
Old 11-04-2009   #8
Bronze Member
 
Join Date: Nov 2009
Posts: 14
PC Experience: Some Experience
Default Re: Broken links time and again
I have saved a text log of my Norton Internet Security history. Would it be relevant to post the entire log here? I would proceed with the instructions as followed if not for the scan error mentioned above.

Anway perhaps a history of my Resolved Security Risks could help:

Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name
1/11/2009 1:09 AM,High,Trojan Horse detected by Auto-Protect,Quarantined,Resolved - No Action,Auto-Protect,2009.10.31.004,109.2.2.4,Trojan Horse,Virus,File Based,Fully removed,
12/10/2009 6:49 PM,High,extra_uninst.exe detected by SONAR,Quarantined,Resolved - No Action,SONAR,2009.10.11.020,109.2.2.4,extra_uninst .exe,,File Based,Fully removed,
14/9/2009 7:10 PM,High,Infostealer.Gampass detected by Auto-Protect,Quarantined,Resolved - No Action,Auto-Protect,2009.09.13.019,109.2.0.124,Infostealer.Gam pass,Virus,File Based,Fully removed,
23/6/2009 11:15 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2009.06.22.033,,,Virus,,,c:\users\quanxian g\appdata\local\temp\rar$ex16.968\rld-aakg.exe
23/6/2009 11:13 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2009.06.22.033,,,Virus,,,d:\users\quanxian g\documents\games\ana\rld-aakg.exe
23/6/2009 11:12 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2009.06.22.033,,,Virus,,,c:\users\quanxian g\appdata\local\temp\rar$ex00.834\rld-aakg.exe
23/6/2009 11:12 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2009.06.22.033,,,Virus,,,d:\users\quanxian g\documents\games\ana\rld-aakg.exe
23/6/2009 11:11 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2009.06.22.033,,,Virus,,,c:\users\quanxian g\appdata\local\temp\rar$ex01.353\rld-aakg.exe

And the quarantine log:

Category: Quarantine
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State
1/11/2009 1:09 AM,High,Trojan Horse detected by Auto-Protect,Quarantined,Resolved - No Action,Auto-Protect,2009.10.31.004,109.2.2.4,Trojan Horse,Virus,File Based,Fully removed
14/9/2009 7:10 PM,High,Infostealer.Gampass detected by Auto-Protect,Quarantined,Resolved - No Action,Auto-Protect,2009.09.13.019,109.2.0.124,Infostealer.Gam pass,Virus,File Based,Fully removed

I have to sleep soon. I will check back on replies tomorrow. Thanks!

EDIT: Adding in some more just in case it's my firewall blocking the links or something (only the first few lines of the logs)

Category: Firewall - Activities
Date & Time,Severity,Activity,Status,Recommended Action,Category,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description
4/11/2009 10:23 PM,Info,"An instance of \"<path>C:\Users\Quanxiang\AppData\Local\Temp\b.ex e</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:21 PM,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.0.198, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:21 PM,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.0.198, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:21 PM,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.0.199, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:16 PM,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.0.199, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:16 PM,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.0.199, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:16 PM,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.0.199, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:15 PM,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.0.199, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
4/11/2009 10:14 PM,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.0.199, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,

Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Category,Risk Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
4/11/2009 6:59 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
4/11/2009 6:59 PM,Info,Intrusion Prevention is monitoring 1481 signatures. Driver version: 9.1.2.5,Detected,No Action Required,Intrusion Prevention,,,,,,
4/11/2009 6:59 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20091102.002,Detected,No Action Required,Intrusion Prevention,,,,,,
4/11/2009 11:37 AM,Info,Intrusion Prevention is monitoring 1481 signatures. Driver version: 9.1.2.5,Detected,No Action Required,Intrusion Prevention,,,,,,
4/11/2009 11:37 AM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20091102.002,Detected,No Action Required,Intrusion Prevention,,,,,,
4/11/2009 11:37 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
3/11/2009 10:52 PM,High,"An intrusion attempt by 174.36.195.3 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\USERS\QUANXIANG\APPD ATA\LOCAL\TEMP\B.EXE</path>",Blocked,No Action Required,,HTTP Acrobat PDF Suspicious File Download 3,"174.36.195.3, 8080",mette.servecounterstrike.com:8080/pics/ChangeLog.pdf,"JIAMIN-PC (192.168.0.197, 60094)",174.36.195.3,"TCP, http-proxy"
3/11/2009 5:28 PM,Info,Intrusion Prevention is monitoring 1481 signatures. Driver version: 9.1.2.5,Detected,No Action Required,Intrusion Prevention,,,,,,
Last edited by alqx; 11-04-2009 at 01:46 PM.
alqx is offline   Reply With Quote
Old 11-05-2009   #9
Bronze Member
 
Join Date: Nov 2009
Posts: 14
PC Experience: Some Experience
Default Re: Broken links time and again
Ok update from me. I tried the internet, loading quite a few links this morning (yeah my timezone is GMT +8) and I have been able to load pages properly. This is confusing me because I don't know what was the problem for the last to days and how it somehow shows no signs or being ever there right now and I don't know if it would occur again.

So doesn't anyone make any sense out of whatever I've posted earlier?
alqx is offline   Reply With Quote
Old 11-05-2009   #10
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,280
PC Experience: Elite PC Guru
Default Re: Broken links time and again
Just carry out the instructions in post #3 and we will help you.
__________________
  • An Australian Member of
My real name is Eddy
Pancake is online now   Reply With Quote
Old 11-05-2009   #11
Bronze Member
 
Join Date: Nov 2009
Posts: 14
PC Experience: Some Experience
Default Re: Broken links time and again
I did but the process was obstructed by the crash in RootRepeal. (Refer to previous posts)
alqx is offline   Reply With Quote
Old 11-05-2009   #12
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,280
PC Experience: Elite PC Guru
Default Re: Broken links time and again
Can you run those in post #3 in safe mode.
__________________
  • An Australian Member of
My real name is Eddy
Pancake is online now   Reply With Quote
Old 11-06-2009   #13
Bronze Member
 
Join Date: Nov 2009
Posts: 14
PC Experience: Some Experience
Default Re: Broken links time and again
[URGENT!]

Oh Gosh! HELP SOMEONE? Isn't anyone going to reply? Just because I can't follow the instructions I'm given due to a crash error that means nobody is going to help me?

Okay the situation is getting worse. My internet seems to be fine now but when I log in to MSN Messenger a wierd popup asks me to install a new version, options are Yes or No, then Buttons are OK and What's New. Clicking What's New opens a page but I quickly closed it. Clicking No does not log me in to MSN Messenger, that must be something wrong because I should be able to log in even if I don't install the newer version! And my got another security risk detected and it's named FakeAVGen or something, then my norton made me restart to "resolve" the risk I don't know if it's the malware doing something.

Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name
6/11/2009 7:46 PM,High,Trojan.FakeAV!gen detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2009.11.05.040,109.2.2.4,Trojan.FakeAV!gen ,Heuristic Virus,File Based,Fully removed,

I will try to do the later steps and skip the one I had problems with please help! And any advice to minimise the potential damage the malware (suspected) I have in the meantime? What about any other storage devices like my MP3 player? Please look at my previous posts, I have problems with one of the steps. But I will skip that and do the rest since nobody seems to bother just because I can't get the logs here.

[URGENT!]
alqx is offline   Reply With Quote
Old 11-06-2009   #14
Bronze Member
 
Join Date: Nov 2009
Posts: 14
PC Experience: Some Experience
Default Re: Broken links time and again
RootRepeal crashed in safe mode too. I will seek to carry out the others hopefully.
alqx is offline   Reply With Quote

Reply
Page 2 of 3 1 2 3

Bookmarks

Tags
broken, links, time
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Pending: links macca Windows XP/2000 1 08-14-2009 03:59 AM
Links Redirect - Certain page time out scrabble [Pending] HJT Logs 2 04-03-2009 06:08 AM
Pending: its broken but why? mr p Hard Drives 4 11-27-2008 12:36 PM
Links Starlite Internet Help 6 11-28-2007 06:33 PM
Conversation: Hi Guys - I may need IT help from time to time landofshadows Introduce Yourself 4 07-05-2005 11:10 PM

« ca yahoo anti-spyware from toolbar | Unknown Virus/Hijacker »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 11:31 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2