chinese invaders

  canard 20:32 22 Jul 05
Locked

1 Yesterday this was what my PC started trying to contact non stop.

Completewhois.Com Whois Server, Version 0.91a25, compiled on Jul 11, 2005
Please see click here for command-line options
Use of this server and any information obtained here is allowed only
if you follow our policies at click here

[IPv4 whois information for 218.92.13.146 ]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms click here

inetnum: 218.92.13.144 - 218.92.13.147
netname: LIANYUNGANG-DH-XINYU-NETBAR
descr: Lianyungang donghai xinyu netbar
descr: Lianyungang City
descr: Jiangsu Province
country: CN
admin-c: CH451-AP
tech-c: ZB112-AP
changed: [email protected] 20020120
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-CHINANET-JS-LYG
source: APNIC

route: 218.92.0.0/16
descr: CHINANET jiangsu province network
country: CN
origin: AS23650
mnt-by: MAINT-CHINANET-JS
changed: [email protected] 20030414
source: APNIC

person: CHINANET-JS-LYG Hostmaster
address: No.1,South Road,LYG 222004
country: CN
phone: +86-518-5410055
fax-no: +86-518-5512612
e-mail: [email protected]
nic-hdl: CH451-AP
remarks: send anti-spam or abuse reports to [email protected]
remarks: or [email protected]
remarks: times in GMT+8
mnt-by: MAINT-CHINANET-JS-LYG
changed: [email protected] 20021213
source: APNIC

person: ZHANG BING
nic-hdl: ZB112-AP
e-mail: [email protected]
address: 23# xingfu road, lianyungang
phone: +86-518-7226390
country: CN
changed: [email protected] 20020120
mnt-by: MAINT-CHINANET-JS-LYG
source: APNIC



2 And this keeps scanning my ports

Completewhois.Com Whois Server, Version 0.91a25, compiled on Jul 11, 2005
Please see click here for command-line options
Use of this server and any information obtained here is allowed only
if you follow our policies at click here

[IPv4 whois information for 61.235.154.105 ]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms click here

inetnum: 61.232.0.0 - 61.237.255.255
netname: CRTC
country: CN
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE
changed: [email protected] 20030121
mnt-by: MAINT-CNNIC-AP
source: APNIC

person: LV QIANG
nic-hdl: LQ112-AP
e-mail: [email protected]
address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China
phone: +86-10-51890499
fax-no: +86-10-51890674
country: CN
changed: [email protected] 20050623
mnt-by: MAINT-CNNIC-AP
source: APNIC

Both are barred in Sygate and abuse complaint sent.
Virus, trojan, spyware scans have found nothing.
Any ideas on how to get rid of item 1?

  canard 21:03 22 Jul 05

Does hijack this log throw any light on prob?

Logfile of HijackThis v1.99.0
Scan saved at 20:56:30, on 22/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MYDOWNLOADS\HIJACKTHIS\HIJACKTH.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = click here
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - click here
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - click here
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - click here
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} (Java Plug-in 1.3.1_15) -

  stalion 21:06 22 Jul 05

hijack this logs now need to be posted here
click here

  canard 21:47 22 Jul 05

Hijack log now posted in correst place stalion.
But how to remove whatever it is sitting in my PC trying to go online nonstop?

  stalion 21:55 22 Jul 05

they will help you on the malaware forum please be patient
Regards

This thread is now locked and can not be replied to.

New Google phones UK release date | Pixel XL price, new features, specifications: Pixel X and…

1995-2015: How technology has changed the world in 20 years

iOS 10 troubleshooting tips: Simple fixes for the most common iOS 10 problems, from network…