Jump to content

Help!


Frosty
 Share

Recommended Posts

Sup cod

Just yesterday, had a small screen pop up that said "dwn," then another one followed saying "done." done isn't a good thing to have popup when you were just browsing the web.

Did my research, couldn't find anything related to windows poping up saying "dwn" or "done." Unplugged from internet and restarted, it came up on startup. Looked up the apps that startup and founnd a new one "zzb.exe" Norton, spybot, and adaware failed me. Searched the file, got it out of my windows folder, and it's all good.

Got "hijackthis" and deleted some other funny looking things that i hadn't seen before out of my startup. (bmbdnitu.exe, lhhmyile.exe) Couldn't find info on those 2 files on the web, i did find that zzb.exe is a hacker thing.

All the other things disappeared from my startup, but zzb.exe is still there, it's unchecked, but still there. Says it's in my System32 folder, but i've searched and looked myself and can't find the lil punk.

My questions:

Is zzb still a threat?

Have you heard of zzb, bmbdnitu, or lhhmyile, and what do they do?

Is hijackthis worth keeping, or is there a better program?

I've heard of a "blackice," that any good?

Here's a screenie of my startup

hacked.JPG

THANKS GUYS!!!

Link to comment
Share on other sites

Never heard of any of those.

Blackice is a Firewall I believe, I prefer Zone Alarm.

As far as not finding the file. In folder options under the "view" tab check the button to show hidden.

Link to comment
Share on other sites

run services.msc and search for anything unusal. that is if you're running 2000 or XP.

Also run regedit and search for that particular file within the registry enteries. at least that would tell you which program uses it.

As for black Ice. it's not bad, but if you are not real good with firewalls and configuring them, then you best bet would be to go with Symantec's or Zone Alarm. I use Zone Alarm Pro with web filtering, and couldn't be more happy with it. And Of course Zone Labs offers Zone Alarm free. you just have to pay for the Pro version.

Link to comment
Share on other sites

forgot to add, run Spybot's Search and Destroy, once it finds nasty files it will remove them, and if you can't remove it while Windows is running, it will remove it at next start up before Any DLL's and other executable's run. I also would recommend running Adaware.

Link to comment
Share on other sites

if you cant see the file even when you "show hidden" change background to black on that page

i have found sometimes hackers will write the files to appear with white text rather than black so they can hide right under your nose

may or may not be y you cant see the file

but that file has no meaning in winblows program it is not a needed file

Link to comment
Share on other sites

C:\WINDOWS\.jpi_cache\jar\1.0\top.jar-10e87814-4d9de947.zip=>Beyond.class infected: Trojan.Java.Femad.B

C:\WINDOWS\.jpi_cache\jar\1.0\top.jar-10e87814-4d9de947.zip=>Worker.class infected: Trojan.Java.Femad.B

I found these on my comp today. Any suggestion on how to get rid of them.

Link to comment
Share on other sites

default\Local Settings\Temporary Internet Files\Content.IE5\YH3WP4BQ\promo[1].htm infected: JS.Trojan.NoClose.B

C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\YH3WP4BQ\promo[1].htm unable to disinfect

C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\BBDZJL00\eicar[1].com infected: EICAR-Test-File (not a virus)

C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\BBDZJL00\eicar[1].com unable to disinfect

C:\Recycled\Dc2.com infected: EICAR-Test-File (not a virus)

Found these also. That my adaware did not get.

Link to comment
Share on other sites

Sorry for not getting on this sooner, mang. Here are some links to help you out:

FemadB

NoCloseB

Eicar

Link to comment
Share on other sites

Thanks for the links Gman, It took me 3 hours to do all that stuff but it worked.

Link to comment
Share on other sites

NP, man.

Link to comment
Share on other sites

Big_Balls,Mar 9 2004, 01:54 AM] Thanks for the links Gman, It took me 3 hours to do all that stuff but it worked.

Ouch. what virus scanner do you have?

Link to comment
Share on other sites

Now I have Nortons anti virus installed 2003 W/all up dates.

Link to comment
Share on other sites

Yeah I've tried 'em all and I still seem to go back to Norton eventually. Its caught to infected emails in the last 2 days. Damn NetskyD virus.

Somebody out there with my address has it.

Link to comment
Share on other sites

Its not me that keeps emailing you that virus ;)

Link to comment
Share on other sites

Big_Balls,Mar 10 2004, 10:24 PM] Its not me that keeps emailing you that virus ;)

I should hope not.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...