HELP pls Spyware etc. Desperate!! PLEASE

Alfonso_Skinarelli

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:31 AM, on 11/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

There are no service packs listed in your log for the Operating System yet appear installed for Internet Explorer. In my 4 years experience of helping folk to remove malware from their machines on internet forums this has nearly always indicated an unlicensed copy of XP. Unlicensed means you won't be able to install Service Pack 2 which is critical for your system's security.

At present you have several very nasty "visable" problems including a Vundo trojan and a backdoor information stealing trojan. Who knows what else is lurking beneath the surface or for how long they've been present considering the current stability of the machine. Without Service Pack 2 and approx 70 further critical updates, your machine will be regularly infected with malware like this.

My advice? Run the validation tool from Microsoft first and foremost:

Download MGADiag.exe to your desktop. Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool. Click the [Copy] button to copy the info to your clipboard. Then come back here and paste the info in your next reply.

If your Operating System isn't genuine, your course of action is simple. You'll have to bite the bullet and buy yourself a legit copy of XP. You can pick them up from online stores for as little as £50-60 these days.

froggy27_2

god that's a scary message... esp back stealing info.. i do my banking online does that affect it?????... let me know please so i can stop.It's true i've had few messages about not being about to update microsoft but left it to investigate at a later date.. seems i'm paying price now.. what do you mean not genuine? i've had this laptop for about 5 yrs now..that's the first time i have probs..
i've tried your link but he won't let me copy...and i've been rebooted twice so far...
thanks for your help....

Alfonso_Skinarelli

Do NOT use this machine for banking under any circumstances.

See HERE for further validation information.

You don't need to "copy" the info as such because the tool does that for you. Just run it, click the Copy button and return to this topic. Click the reply button, right click your mouse in the data entry window and select "paste" from the menu which appears.

See these articles as well please:

When Should I Re-Format? How Do I Re-Install?

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud.

froggy27_2

ok here goes... i'm slightly freaking out here... espcially with my banking..
the more i read about everything the less i understand i think.. it's been a horrible week of IT.........not for me:o
If i need to reinstall etc. is my laptop which is about 6yrs worth it????

Diagnostic Report (1.7.0062.0):

---

WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-YXRKT-8TG6W-2B7Q8
Windows Product Key Hash: RVvFciZMdQfJLyDpZteolhaqicQ=
Windows Product ID: 55274-640-0000356-23388
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {A95672C1-2590-44C1-9260-A46419113709}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.59.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A
Vista BRT Data-->
Grace Flag: N/A
Commit: N/A
Reboot Flag: N/A
ThreatID(s): N/A
Wgaer.exe Version: N/A, hr = 0x80070002
Wgaer.exe Signed By: N/A, hr = 0x80070002
Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2968-80070002_025D1FF3-171-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A95672C1-2590-44C1-9260-A46419113709}</UGUID><Version>1.7.0062.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2B7Q8</PKey><PID>55274-640-0000356-23388</PID><PIDType>1</PIDType><SID>S-1-5-21-1644491937-920026266-1343024091</SID><SYSTEM><Manufacturer>RM plc </Manufacturer><Model>CY25 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>CY25_1.13R.02</Version><SMBIOSVersion major="2" minor="31"/><Date>20030721******.******+***</Date></BIOS><HWID>E6DC3F07018400C2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="!!90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57659</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>

wakandem

I suggest you back up your documents insert the xp disk format the drive and reinstall windows.

If you have not got the xp disk then buy one if you have to.

Once installed go the mirosoft website and get all the updates.

Install virus protection & spyware protection & keep all these up to date.

You wouldn't leave your car on the street unlocked with the keys in it, a personal pc is no different

Alfonso_Skinarelli

It's not good news I'm afraid.

Two extracts from the report:

WGA Data-->
Validation Status: Blocked VLK

OGA Data-->
Office Status: 114 Blocked VLK 2

Both Windows and your Office Software have "Blocked Volume License Keys which means the disc they were installed from has been used too many times and subsequently blocked by M$ for misuse.

A new Operating System CD-ROM is your safest way forward I'm afraid.

http://www.microdirect.co.uk/ProductInfo.aspx?ProductID=15460&source=Kelkoo
http://www.ebuyer.com/product/114048

bookduck

no one going to mention to download Process Explorer, and if xp a dos box and type sfc /scannow to this person before he parts with his hard earned cash and reformats?

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
http://www.updatexp.com/scannow-sfc.html

froggy27_2

thanks for your time Alfonso... I had no idea...this laptop was given to me (well sold really) by a friend 5 yrs ago and i thought it was ok..........

could you do me a huge favour please.. and have a quick look on amazon uk and see which one best (and cheapest) to buy? i have few vouchers from this site and altho i hadn't planned to use them for this.. it would come handy....I had a look but there are so many i'm just not sure....

BUT if i put this disk.. will it DEFINATELY get rid of all those horrors you mentioned earlier on??????

thank you...

Donnie

bookduck wrote: »

no one going to mention to download Process Explorer, and if xp a dos box and type sfc /scannow to this person before he parts with his hard earned cash and reformats?

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
http://www.updatexp.com/scannow-sfc.html

No, because his installation is unlicenced, SP2 isn't installed and he has no disc.

Donnie

http://www.amazon.co.uk/Microsoft-Windows-Home-Inc-Service/dp/B000GWKNH2 £59.99

£9 cheaper with ebuyer.