help for a friend

Ms-Pacman

hi can anyone help wirth n annoying computer problem.computer is on xp, had a recent problem with xp loading that got resolved but not sure how. I'm helping as she had problems connecting to msn messenger and wanted help but there is clearly other stuff going on.internet loads and connects for most webpages.xp firewall now switched on, no anti virus but rectifiying that now.running malware bytes at mo but nothing showing yet, howevr it let me download th softwqaare but not update it.same for windows update, it wwon't let me connect to update saying there is no connection yet various sites are connecting and I'm typing this so mr update is telling porkiesany ideas

Ms-Pacman

as an added note, I am trying to download avira and the website page says no internet connectionwhich makes me think a virus stopping it?

Ms-Pacman

ran malware bytes gort this
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 1
20/04/2009 12:00:46
mbam-log-2009-04-20 (12-00-46).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 88690
Time elapsed: 16 minute(s), 19 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0Files Infected: 3
Memory Processes Infected:
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Failed to unload process.
Memory Modules Infected No malicious items detected)
Registry Keys No malicious items detected)
Registry Values infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected No malicious items detected)
Folders Infected No malicious items detected)
Files Infected:C:\WINDOWS\system32\jubgh.dll (Worm.Downadup) -> Delete on reboot.C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\452BKPSF\pcxhz[1].gif (Worm.Downadup) -> Quarantined and deleted successfully.C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Delete on reboot.

macman

Sounds like you're certainly infected. Scan with Malwarebytes, post the log and someone on here will advise you.
You'll need to get rid of the infection before you can run the updates to Windows, it's blocking you. The same will happen with your new AV (what are you using)?

Ms-Pacman

at the moment she hasn't any avg just a 2003 norton that doesn't seem to be all there. it will not lket me download any anti virus from anywhere giving the no internet connection error message

Ms-Pacman

why is the log all mahed up? can't get it in a list

Ms-Pacman

Malwarebytes' Anti-Malware 1.36
Database version: 2014
Windows 5.1.2600 Service Pack 1
20/04/2009 12:22:40mbam-log-2009-04-20 (12-22-40).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 91768
Time elapsed: 16 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected No malicious items detected)
Memory Modules Infected No malicious items detected)
Registry Keys Infected No malicious items detected)
Registry Values Infected No malicious items detected)
Registry Data Items Infected No malicious items detected)
Folders Infected No malicious items detected)
Files Infected:C:\WINDOWS\cftmon32.exe (Backdoor.Bot) -> Delete on reboot.

Ms-Pacman

ok avira downloaded and updated, now scanning, found a fwe things already and 4 trojans. I guess its goodits finding them!

Ms-Pacman

avira results
C:\Avenger\cftmon32.exe [DETECTION] Is the TR/Poison.ymq Trojan
[NOTE] The file was moved to '4a60630b.qua'!

C:\Documents and Settings\isa\Local Settings\Temporary Internet Files\Content.IE5\4XUF4P2B\lol[1].exe [DETECTION] Is the TR/Poison.ymq Trojan
[NOTE] The file was moved to '4a586314.qua'!

C:\Documents and Settings\isa\Local Settings\Temporary Internet Files\Content.IE5\CXENKT2B\itunes[1].exe [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a616319.qua'!

C:\Documents and Settings\isa\Local Settings\Temporary Internet Files\Content.IE5\SHMJSDYR\loli[1].exe [DETECTION] Is the TR/Drop.Pexa.A Trojan
[NOTE] The file was moved to '4f56671d.qua'!

C:\DRIVERS\SNAPSYS\ntfliprt.exe [DETECTION] Contains recognition pattern of the W32/Virut.AT Windows virus
[NOTE] The file was moved to '4a526319.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP2\A0005062.exe [DETECTION] Is the TR/Poison.ymq Trojan
[NOTE] The file was moved to '4a1c62d5.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP2\A0005080.exe [DETECTION] Is the TR/Poison.ymq Trojan
[NOTE] The file was moved to '49418e56.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP2\A0005081.dll [DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4f136906.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP2\A0005089.exe [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a1c62d6.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP7\A0006128.exe [DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4f0d79b7.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP7\A0006129.exe [DETECTION] Contains recognition pattern of the WORM/Rbot.210944 worm
[NOTE] The file was moved to '4f0e41ff.qua'!

C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP7\A0006130.exe [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '4f0f4827.qua'!

End of the scan: 20 April 2009 12:55
Used time: 19:51 Minute(s)
The scan has been done completely.
2518 Scanned directories 104509 Files were scanned
23 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
1 files were deleted
0 Viruses and unwanted programs were repaired
20 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned 1
04484 Files not concerned
6135 Archives were scanned
2 Warnings
22 Notes
26072 Objects were scanned with rootkit scan
0 Hidden objects were found

aliEnRIK

Assuming your using NOTEPAD to copy and paste to. Goto FORMAT and UNTICK 'word wrap'

Ms-Pacman

updated sp2, now doing sp3