Hey guys i was somehow confused when i heard that, i can't beleive it i mean

Look my friend always used to suffer from his bad connection

he has 128k broadband

now he's almost getting the half of that, when he called his ISP ! they came to check his cables found nothing, check manything but nothing
so they told him this : " You have a kind of VIRUS that steal connection, by using it !! and it make ur connection low, and always disconnecting "

i really dont believe that coz it's impossible, i mean that guy have 0 virus he scan everyday, and has latest updates, he use anti spyware anti adware everything.

they said : "This type of virus cant be catched but such programs"
hehe what bullshit is this

so what would u think is this !!

while pinging we find manytimes a Request timed out !!

and i still believe that it's a problem with their network

BTW : WHen they were making the cables setup 5 months ago , the cabel was less than they need , so they attached another cable to the original one, by removing the outer rubber and attach the metal wires to each other, each one to its same one on the other side " but the connectiom 1st was cool until later on after 2 month


so after all u read ! anyone ever heard about such virus or program

cause i'm afraid to have such thing

and what may causes this, ELSE than a server troubles ??

is it the network cables and the hubs and switched and routers , or access points !! or what

the cable is comming from the roof of the building , and i think there is a switch ont he roof not an access point




thanks guyss in advance 

quote:

---

Originally posted by zaher1988
i really dont believe that coz it's impossible, i mean that guy have 0 virus he scan everyday, and has latest updates, he use anti spyware anti adware everything.

---

quote:

---

Originally posted by zaher1988
they said : "This type of virus cant be catched but such programs"
hehe what bullshit is this

---

And stripping a cable and attaching them together is not a good idea

There are special connectors for that, and if the cable is longer than 200 meters (which I don't think will be the case ), will cause packet dropping too

yes i know they should fix this attaching it's wrong and i discoverd it's in 2 places not one


and umm for u Millenium_edition, umm i told u i'm confused about that virus, i mean i nevered heard of it before so sure i dont know what i'm talking

sec please can u give me more info about those programs

thanks in advance

Probably a BOTNET, or maybe he just forgets random P2P (KaZaA, e2dk) programs open, which do eat ALOT of b/w.

http://www.grc.com/dos/grcdos.htm
have a fun read. it's basicly a program waiting on your pc waiting for what someone tells it to do. and someone is probably using it to attack a website using your computer (and thousands of others)

Well, what i think you're talking about is the virus/trojans/malwares/etc... wich spread theirself over the internet, this could be the reasons the conection is very slow and it's common also on dial-up users, i said this because i had this problem when i had dialup.

but guys i already told u, he scan his pc each day , using microsoft antyspy, and anti virus, and adware tools, and spyware tools, but still same, and they dont catch that thing.

also there is no kazza or any p2p program on the pc !!



sure no trojans or viruses

but i need to ask a question does antivirus catch botnet?

quote:

---

Originally posted by zaher1988
but guys i already told u, he scan his pc each day , using microsoft antyspy, and anti virus, and adware tools, and spyware tools,

---

and nothing !! 0 viruses 0 spyware 5 adwares but they are all deleted so at least this should work, but still samething happening

a dialer perhaps?

antivirus and antispy and adware  dont catch dialers??S

Look, Antiviruses don't find everything. They can't detect what they don't know about. So trust us, post a HijackThis log and we'll take a look at it.

I think someones ddosing or mabbe its that cable thing but as seg said i think its better if you post a hijackthis log (i was gonna go for a process's log )

Here You Go Guys

==========================================

Logfile of HijackThis v1.99.1
Scan saved at 10:03:44 AM, on 9/7/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\LogMeIn\LogMeIn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\internet explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AnalogX\Proxy\proxy.exe
D:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
D:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\Program Files\Common Files\GuruNet Shared\agtserv.exe
D:\Program Files\QuickWiz\EasyLingo\wdtspeak.exe
D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\DOCUME~1\ZAHER1~1\LOCALS~1\Temp\Rar$EX00.674\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defa...search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defa...tp://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defa...tp://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - d:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] D:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-D3QHT.exe" /REG
O4 - HKCU\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl...,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirector...oSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirector...oSwap/DigWXMSN.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/...0,0,20/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-...0,4561/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA56003-4DB2-45E5-B567-4C3DA8B211F2}: NameServer = 194.126.7.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: rainit - C:\WINDOWS\SYSTEM32\RAinit.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - D:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - D:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe


===========================================

And thx alot

quote:

---

Originally posted by zaher1988
C:\WINDOWS\System32\1XConfig.exe

---

quote:

---

Originally posted by zaher1988
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

---

quote:

---

Originally posted by zaher1988
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

---

quote:

---

Originally posted by zaher1988
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-D3QHT.exe" /REG

---

quote:

---

Originally posted by zaher1988
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

---

D:\Program Files\AnalogX\Proxy\proxy.exe

Trojan.AnalagX as found on google.

But symantec and mcaffee both have it on thier online definitions so I assume they should pick it up if thats his scanning engine?

quote:

---

Originally posted by YottabyteWIzard
quote:

Originally posted by zaher1988
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

---

quote:

---

Originally posted by ShawnZ

quote:

---

Originally posted by zaher1988
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

---

you know, you CAN check 'Do not open msconfig when windows starts' to that dialog you get when starting up...

---

quote:

---

Originally posted by Norma Jean
D:\Program Files\AnalogX\Proxy\proxy.exe

Trojan.AnalagX as found on google.

---

quote:

---

Originally posted by YottabyteWIzard


quote:

Originally posted by zaher1988
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

---

quote:

---

Originally posted by zaher1988
    quoteriginally posted by Norma Jean
    D:\Program Files\AnalogX\Proxy\proxy.exe

    Trojan.AnalagX as found on google.



analog proxy is a program is use as a proxy server coz i have 2 pcs at home .

but i have never heard before that it has trojans anyway i will unistall it coz i'm using now another proxy server

---

oh ok !!

no i mean i also have anologue  on my pc , and we also both have Mroute on our pcs! coz we need it to trasfere files to bluetooth mobiles !!


Still that question , how to delete the
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

Do you have a web tool bar installed?

Did you change the cable? Cables should not have makeshift connections like the one you mentioned.

Ping your gateway with a '-t' option and check how often you get a RTO and Relpy

Hey, all toolbars were removed!! u know we have antispyware and anti virus bla bla,

Sec for the cable , the engineers came and removed that makeshit attach, and the replaced it by a pin that enters directly to a new hub installed at the home!

and from the hub, we used premade cables to conect to the pcs.

this thing happend today!, we found a better improvement in the connection.

and about the ping!!it used to give like 5 RTO , and a bigger number of reply, then  2 RTO and ping! etc, now. it still give RTO but about oce each 10 minutes.

but what  concern us is that we made a connection speed test at AUDIT MY PC , and it says you have 156 kb download! which is gr8, i mean he has a 128 account!. but the problem is while browsing etc, u can't find the 128 kb performance. so really confusing !

thx again