I´ve installed Avast antivirus two or three days ago…and my computer got very slow, So I decided to unistall Avast to see what was going on… after uninstall, I couldn´t access any webmail like yahoo and my messenger doesn´t conect too…
I already remove the entry key from regedit but the problem it still happening…
Does anybody knows what shoud I do to fix this situation?
First, I suggest you use an antivirus. avast is good and won’t slow your system that much if you set the Standard Shield settings to Normal level (not High).
To fully uninstall avast (AFTER using Control Panel > Add/Remove programs) you can run: Avast Uninstall.
avast should be blocking any connection as it is an antivirus not a firewall…
Which OS are you using? Is it up to date?
Do you use a firewall? Which one?
Do you have any other antivirus installed in your system?
Any other security programs that could interfere?
Maybe…
Can you post a screenshot of your email settings? Which program are you using to get and send mails?
Did you use Control Panel to uninstall avast? Did you try the uninstall tool I’ve posted before?
I´m not using local mailing, just webmail like Yahoo or Terra, So I don´t have any kind of email settings…
More than that, I removed the avast from Control Panel but it seens that avast keep some port or connection bloquead even after it has been desinstalled… Is that possible?
By the way, reading some posts in this forum I realized that it could be some avast settings, but, I don´t have any avast4.ini in my box anymore…!!!
I get the utility tool you sent the link and ran it… This aswclear removed some protection from avast remaining…
And I thought it would resolve the problem, but I restart my box and It keep the same problem…
I´m posting hijack log here, maybe it can help in some way…
Logfile of HijackThis v1.98.2
Scan saved at 19:37:24, on 11/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\ARQUIV~1\MSNMES~1\msgrapp.dll” (file missing)
The hijackthis log doesn’t seem complete, if it is then it’s the smallest I’ve seen.
The other point is your OS is way out of date, this leaves you vulnerable as many vulnerabilities that have been exploited have been patched. So you should urgently update your OS to SP2 plus latest updates after SP2.
I found that I have the port 1025 blackjack!!! It seems to be the responsible for all this troubles… It make sense? if does, how can I remove this blackjack?
Your Operating System is NOT "way-out-of-date"; it is
the same one I have . Definitely should NOT "upgrade"
to SP2 UNLESS you know you are malware-free, which
is unknown at this time.
You are using an "old"version of Hijackthis; should
uninstall it, then get the latest version at :
www.thespykiller.co.uk/files/HJTsetup.exe .
And a "short" log of HijackThis implies it is AFTER
using "SAFE MODE"; for posting HijackThis log, ALWAYS
run in "Normal" Mode if at all possible.
How do you know you have "port 1025 blackjack" ?
AND for the SECOND TIME, what antiSPYWARE or
antiTROJAN program(s) do you have on your computer ?
You are right, my hijack is quite old… I´m installing the new one you sent the link…
Unfortunatelly I didn´t have any antivirus or antispyware until I got this problem…, So now I have installed AVG antivirus here to help me on this …
I notice that my 1025 port was blackjack using a port scan utility… and in the same time I thought the process svchost.exe was struggling my computer… in another utility I discover that this process got the port 1025…
Logfile of HijackThis v1.99.1
Scan saved at 09:25:30, on 12/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\cmd.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Arquivos de programas\Grisoft\AVG Free\avgwb.dat
C:\Arquivos de programas\Grisoft\AVG Free\avgcc.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\ARQUIV~1\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing)
Simple fact, a true statement with SP2 being the current service pack and many other security updates since SP2 (effectively a collation towards SP3) Your OS and gmachado’s is ‘way out of date,’ fact.
As I said “this leaves you vulnerable as many vulnerabilities that have been exploited have been patched. So you should urgently update your OS to SP2 plus latest updates after SP2.” Urgently being the operative word, not right now, when your up to your a** in alligators the last thing on your mind is draining the swamp.
Not only the fact that with SP1 you can’t get the latest current version of IE 6 SP2 (which has many security updates), nor will you be able to get IE 7 or many other security updates that require you have SP2 installed, a statement of fact, your OS is out of date, your choice what to do about it.
I really understand that my OS is vulnerable… and I´ll update this as soon as I got it working fine again… I´m looking in the web how to release my port blackjacked, but I can´t find…
Can you explain me what is blackjacked? (I just know hijacked…
TCPview from www.sysinternals.com is a good application to discover which is connecting to what (port) in your computer.
As Spiritsongs said (How do you know you have “port 1025 blackjack” ?) you didn’t answer and I haven’t heard of this port ‘hijack’ rather than ‘blackjack’ ?
You still don’t appear to have a firewall and when you are suggesting you have some port hijacking an active firewall that can provide protection against unauthorised outbound internet connections is almost a must. Not only that if you are fighting any form of malware that connects to the internet as fast as you deal with something another could be taking its place.
You could also visit sysinternals.com and get TCPview which shows TCP connections, the process initiating it and also lists the ports they use. If the tool doesn’t give this information then I suggest you try it. The service svchost.exe is commonly used by many programs/processes, it is s service host, but importantly you need to ensure that it is the correct svchost.exe.