Crono sent me this program, avb.exe or something simmulair, he said it was a movie about all your bases belong to us or something.
He had to try sending it sevral times before it would actually send (this was via msn messenger)
The file was over 2,000 kb and less than 3,000 kb if I remember correctly. I opened the file straight after he sent it, forgetting to virus scan it first.
Then I closed it and maxamized my virus scanner, I scanned the program and it said no viruses found. Then my virus scanner closed without me doing anything. After, I checked my firewall log and less than a minute after I opened it, it closed the window.

I scanned my computer for viruses (via a windows os) and it said none found, then I tried it in safe mode and still none found, I enabled it so it would scan even regulair files, still none found.

I got an error when I rebooted saying something about something I forget what trying to write to system.ini if I remember rightly. It was a dos warning. It had the choices stop, continue and exclude. I pressed s for stop and it booted into windows, still the problem persisted, then I tried exclude, still the problem persisted.
I restarted again and I didnt get the warning again, but I still have the problem, and the internet is going slower than usual.

I have also seen some suspicious hostnames in my firewall log.

Got any ideas how to fix this or something? Help much appreciated!

I think I fixed it by closing stuff before they loaded.
EDIT: yeah has to be right, it happened again.
These unsual programs showed in groups:
stuff that dissipear when its finished loading:
kept comming back when I closed it and then I it had another copy.
cmdnist (I dnno this is probably a system file)
statemgr (I dont like the name)
Rundll32
Pchschd
Tcaudiag
wmiexe
defalert
Instaccess
Registerdrophandler
Kernal32
Ssdpsrv
Autochk

stuff that stays:
Ndect (something to do with the internet?)
Loadqm (admits its not responding when I click on it and close it)
Realplay (when I close this and im trying to disconnect from the internet and its not responding, it responds again)
Service (firewall stuff?)
Winmgmt (huh?)

And when I start in safemode, I never have the virus problem. I dont know how to tell if the stuff in msconfig is good or bad. Crono told me he got the program off a website (it was the exe version) and that he watched the movie on the website.

Why don't you ask Crono? He sent you the program. From the looks of it though, (suspicious firewall activity and writing to system.ini), he may have sent you a trojan.

It might look like you have it fixed, but check your startup configuration (Start->Run, and type "msconfig") for anything suspicious.

Anyways, how old are the definitions on your virus scanner? A virus scanner is useless against new viruses unless you have up-to-date definitions. Virus scanner software companies offer update subscriptions for a nominal charge (like $5 per year) but it is well worth it to keep your computer protected from viruses. If the problem is actually a trojan, a virus scanner will be able to detect it unless it is homemade or something (which I doubt that Crono could do).

Purposely putting anything malicious on someones computer is illegal, so if you are sure it is a trojan (or any other kind of malicious program) you should go to his ISP and report it.

What Link says is accurate. I would recommend two pieces of software if you are getting a firewall and trojan remover.

The first is ZoneAlarm Free (www.zonealarm.com) which you should never be without. It is a definitely 10 on a scale of 1 to 10.

The second is Trojan Cleaner (use the free 30 day trial at www.moosoft.com) which will help detect and remove a Trojan if you have one. Sometimes, it can alert constantly and is more and more helpful the higher your technical knowledge is.

Cr0n0 is really not the kind of person who would do this, in my opinion, but be safe and download these immediately. If it detects something, find out who the sender's ISP is and report them to abuse@. Make sure to include their account name, specific info, and a chatlog if possible.

Good luck,
Trafton

EDIT: Roseta, while I'm not sure if you trust me enough, private messaging me the firewall log or emailing it to me at traftonofjj2@yahoo.com would be very helpful. Please do not post this here, as I want to protect the security of innocent people that your computer may have connected with for various reasons.

The only one suspicous looking out of those is Kernal32

Everything else is pretty much Windows stuff.

For those people who know, it is kernel, not kernal, so that is likely the trojan or whatever. I seem to recall the name Kernal from somewhere. The kernel is basically the core of the operating system, and it would not be loaded as a program through the registry.

I would recommend disabling Kernal32 in msconfig immediately. Also get the program Trafton mentioned and scan for trojans.

Never mind Didnt Read Above Reply good.

I seem to have gotten rid of it though regedit and safemode with cronos help, hopefully

Roseta, please still scan your computer for trojans anyway. Stuff like that is programmed to linger, so it might be gone now but could come back sometime.

I will..

Yay! I got ZoneAlarm Pro and it seems to be messing with some websties. I sometimes see weird text in my browser instead of HTML page. One more problem was that whether I used it JCF wouldn't recognise me. I have to login again and again. It's annoying.

Quote:

Originally posted by Overlord
Yay! I got ZoneAlarm Pro and it seems to be messing with some websties. I sometimes see weird text in my browser instead of HTML page. One more problem was that whether I used it JCF wouldn't recognise me. I have to login again and again. It's annoying.

That's because ZoneAlarm is stopping you from getting any cookies. Disable that option for the www.jazz2online.com domain and it should work again.

How? I couldn't find any option like that.
Bleh! This firewall sometimes slows down my PC. Last time I noticed that my PC clock was 30 minutes off.

Um, when you set it as HIGH or midle it blocks Cookies Just set it low when you are Browsing trough JCF Oh and USE NAV2002/3

The program didnt find any trojans.

don't disable kernel or kernel32

they are normal windows stuff

Quote:

Originally posted by atesoRJOL
I seem to have gotten rid of it though regedit and safemode with cronos help, hopefully

Buddy u had a virus that messed with your Master Boot Records!
*Had W32.Klez.H@MM A while ago and is STILL smarting from that*
Good luck preventing that from happening again...
Tis ture, u need updated def.! W/o its useless! Some viruses will disable your AV program (KLEZ!!!) so becareful opening crud!

Quote:

Originally posted by scatman
don't disable kernel or kernel32

they are normal windows stuff

Notice my post:

Quote:

For those people who know, it is kernel, not kernal, so that is likely the trojan or whatever. I seem to recall the name Kernal from somewhere. The kernel is basically the core of the operating system, and it would not be loaded as a program through the registry.

I told her to disable Kernal. Kernel32\Kernel is not loaded through the registry\msconfig and does not show up on the Ctrl+Alt+Del list.