Virus problems

M

Michael Rodgers

Hi,

My father just called with a Virus problem.

He went onto the internet with first enabling his firewall, which is
probably the issue. It's a freshly installed version of Windows XP Sp1, but
I think it has the Blaster Worm patch.

He first noticed it when browsing the web on his DSL connection - web pages
just stopped working. Kept getting a 'Page Cannot be Displayed'

He then found Norton Antivirus would not work, and neither would Task
Manager. The machine now will not connect to the internet, clicking the
dialup connection for DSL does nothing.

Ran Spybot S&D to check the process list instead of using Task Manager and
found the following odd processes:

seayop.exe
kslle.exe

Ran Spybot's search thing, it found:

Data Source Object Exploit

HKey_USERS\S-1-5- 18\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 19\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 20\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3

Then had a look at the processes scheduled to run at startup - and found the
following files along with what they 'claim' to be:

c:\Windows\system32\seayop.exe - Disk Defragmentor
nuamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player
c:\windows\system32\bwzceksx.exe - Windows Update
muamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player

Does anyone have any idea what is going on here on what
virus/worm/exploit/other nasty thing could possibly be?

Cheers!
 
N

null

Hi,

My father just called with a Virus problem.

He went onto the internet with first enabling his firewall, which is
probably the issue. It's a freshly installed version of Windows XP Sp1, but
I think it has the Blaster Worm patch.

He first noticed it when browsing the web on his DSL connection - web pages
just stopped working. Kept getting a 'Page Cannot be Displayed'

He then found Norton Antivirus would not work, and neither would Task
Manager. The machine now will not connect to the internet, clicking the
dialup connection for DSL does nothing.

Ran Spybot S&D to check the process list instead of using Task Manager and
found the following odd processes:

seayop.exe
kslle.exe

Ran Spybot's search thing, it found:

Data Source Object Exploit

HKey_USERS\S-1-5- 18\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 19\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3
HKey_USERS\S-1-5- 20\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings\Zones\0\1004!=w=3

Then had a look at the processes scheduled to run at startup - and found the
following files along with what they 'claim' to be:

c:\Windows\system32\seayop.exe - Disk Defragmentor
nuamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player
c:\windows\system32\bwzceksx.exe - Windows Update
muamgrd.exe - Microsoft Update
kslle.exe - Windows Media Player

Does anyone have any idea what is going on here on what
virus/worm/exploit/other nasty thing could possibly be?
Click to expand...

See my web site for the Escan AV Toolkit Utility. Update it and put
everything in c:\Downloads on a CD along with McAfee's Stinger:

http://vil.nai.com/vil/stinger/

and send him the CD.


Art
http://www.epix.net/~artnpeg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SpyBot detected DSO Exploit 2
internet shut down help!!!!!!!!! 1
Help please re Spybot S & D result 1
XP New User - spyware question 18
OT: Spybot Search And Distroy 2
DSO Exploit 5
DSO Exploit 1
HKeys DSO 3

Top