Please Hellp me, im getting hacked and spamed through my phoneline

X

XxMe_LoCoxX

Gawd
Joined
Apr 19, 2002
Messages
561
i need some hellp desperately, recently i just got back on line but sadly im on dial up, first day i got online with dial up my computer started acting really weird, i couldnt cut and paste anything or move any files maually any where, and every time i try to open a site like gmail, hotmail or any other site i get this command window ththat shuts down every window i have open, its some program called PSKill that says it killed the internet explorer and i get re-directed to two websites one is C:\WINNT\symantec.html and the other is C:\WINNT\update-sp3 or 5.html and this lil pop up window that says we strongly recomend you upgrade your micrrosoft internet explorer.

can some one please hellp me figure out what is goin on, i have tried to look for answers on google but every time i find something usefull the window gets shut down, i just recently installed IE 6 and SP4, i WAS runing a freshly installed coppy of Win 2k pro, i have the latest avg but it doesnt seem to pick up any viruses, and neither add aware or spyware blaster are picking up anything. please hellp me!!!

EDIT: i also tried installing the latest version of firefox but every time i do it tells me it coculd not initialize memory stream.
 
After googling, I have learned that PSKill is part of SysInternals. It's a process killer and is not detected as a virus or malware or anything of that sort, since it has a legitimate purpose (similar to the kill command in Linux to terminate a process).

However, there are trojan horses, which your AVs might not pick up, that will install this program.

Since I have no real idea how to start this...tell me, do you have a folder C:\Windows\System32\Qossrv ?
 
no, i dont have that folder on my system, how ever i do have a rar file that contains the pskill program and some symantec and windowsxp update stuff inside of it, i have allready deleated it and it just keeps on coming back.

the name of the rar file is 5864gw9k, it contains the files mentioned above. the path of the file is C:\5864gw9k

also o have other proceses that i can not kill, i even tried shuting down the explorer and deleating this files manually through the cmd window, but no luck.

currently unknown running proceses

mapi32.exe
netddeclnt.exe
cidaemon.exe
cisvc.exe

im used to being on cable, i havent had dial up in a verry long time so this proceses are unknown to me, and every time i do a google search for this to see what they are i get that pskill cmd window and the webpage im on gets re-directed to the symantec site or the windows xp update site, im guesing they are both fake websites so all i can do is close them. also i have several screen shots i have took of all this things but i dont know where to post them at and i since im on dial up it would probably take for ever to do so.
 
cisvc and cidaemon are the used in the Microsoft Indexing service (that indexes partitions for faster searches).

Mapi32 and netddeclnt are processes installed by the Codbot Worm/Trojan.

http://www.softpedia.com/get/Antivirus/F-Secure-F-Bot-cleaner-tool.shtml

Try that - it's supposed to remove all variants of codbot up to March 2005 versions.

Oh, and disable system restore before you do any of this.

Gah: i forgot that you're on dial up - that file's about 5 megs.

I'll keep searching for something that isn't so large.

Double edit: http://elamb.blogharbor.com/hacked/codbot.htm

Try that.
 
Indexing is not a harmful thing, but if you want to disable it...

Open my computer - for every hard drive partition, right click -> Properties -> uncheck "Allow Indexing service..." and apply to every folder/subfolder in the partition.

As for system restore, go to System properties (Right click my Computer -> Properties).

Go to System Restore tab, and check off "Turn off System Restore." Apply and restart.
 
thanks allot man, that seemed to do the trick on getting rid of the pskill and hijaked pages, i remember i got this once before, but the page hijacker i had redirected me to some EHTML page.
now im geting an error message about my paging file, i have allready set it and it wont take, i have it at 1024 mb, but it wont change from 20mb. i hope i didnt deleate nothing important with hijack this.
 
What's the error saying? And you're welcome. More fun to surf [H] instead of doing real work when I'm supposed to. ;)
 
Try Avast! anti-virus: http://www.avast.com, the personal edition of their software is free and it works pretty well from my experience.

Also, if things get really hairy, maybe see if you can download, burn, or purchase (http://www.linuxiso.org/) Knoppix, a CD-Bootable Linux distribution. This will allow you to boot up your PC into a user-friendly Linux distribution that will at least allow you to access the Internet without having your computer crash. These emergency CDs are always good to have around just in case. Plus, you can read your hard drive from within Linux and rescue files if needed. I also remember hearing about Linux-based virus scanners that are effective for Windows XP.
 
BillLeeLee said:
What's the error saying? And you're welcome. More fun to surf [H] instead of doing real work when I'm supposed to. ;)
Click to expand...


well, after i did the hijack this and cleaned out all that stuff i restarted and i got the error message that windows did not find a paging file and it had created one for me, so i went to look at the paging file (right click my documents>properties) and when it opens it it tells me windows has created a temporary paging file because of a problem that ocured with my paging configuration when i started my computer, (and as i am writing this i just got a low virtual memory error out of no where)
when i go to performance options it tells me the size of the current paging file is 20 mb but i have allready changed the initial and maximum size of the paging file both initial and maximum to 1024 (thats what i had it set to before) but its not picking it up.

i hate dial up so much, the current isp im using for dial up is msn, and i dont have any of the msn software installed, just a clean connection, but i cant beleive i got all this problems just from the first day i connected.

sorry, just had to vent a lil.
well, im gona restart again, i just changed it to 1024 again see if it takes it but i doubt it will.
 
well,after a looong borring afternoon at work i come home to find this pice of crap still wont take my paging file, god damn it, i dont want to format again, i just formated last month, f*ing dial up, screwed my pc to the shits, if it aint one thing its another. :(
 
You must log in or register to reply here.
Back
Top