HELP!!!!!

Justin

Senior member
Oct 9, 1999
295
0
0
My cousins computer is going completely whack, and it seems like it is probably a virus.. whenever you try to type something in either IE or MSN Explorer.. something takes over control of the computer/keyboard, and what appears to be what someone elses typing is written to the textbox, form field, address bar - whatever has focus on this computer. I've tried McAfee anti-virus, as well as most of the trojan removers on download.com but none of them find anything. I don't see anything really suspicious in either his startup or services tabs in msconfig, though I did disable the ones that seemed even slightly suspicious to no avail. Also tried system restore from a week ago when the comp was fine but had no effect. Also, File/Print sharing is off. Here is a list of open ports ala netstat -a:




<< <I>Active Connections
Proto Local Address Foreign Address State
TCP cx417534-a:epmap cx417534-a:0 LISTENING
TCP cx417534-a:microsoft-ds cx417534-a:0 LISTENING
TCP cx417534-a:1025 cx417534-a:0 LISTENING
TCP cx417534-a:1028 cx417534-a:0 LISTENING
TCP cx417534-a:1029 cx417534-a:0 LISTENING
TCP cx417534-a:3008 cx417534-a:0 LISTENING
TCP cx417534-a:3260 cx417534-a:0 LISTENING
TCP cx417534-a:3261 cx417534-a:0 LISTENING
TCP cx417534-a:3262 cx417534-a:0 LISTENING
TCP cx417534-a:3263 cx417534-a:0 LISTENING
TCP cx417534-a:3264 cx417534-a:0 LISTENING
TCP cx417534-a:5000 cx417534-a:0 LISTENING
TCP cx417534-a:9420 cx417534-a:0 LISTENING
TCP cx417534-a:9421 cx417534-a:0 LISTENING
TCP cx417534-a:netbios-ssn cx417534-a:0 LISTENING
TCP cx417534-a:1028 cn.redswoosh.com:http ESTABLISHED
TCP cx417534-a:3008 msgr-ns27.msgr.hotmail.com:1863 ESTABLISHED
TCP cx417534-a:3098 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3099 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3100 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3102 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3103 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3104 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3106 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3107 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3108 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3109 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3110 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3111 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3112 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3113 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3114 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3115 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3116 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3117 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3118 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3119 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3120 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3122 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3123 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3124 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3125 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3126 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3127 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3128 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3129 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3131 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3132 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3133 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3134 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3135 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3136 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3137 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3138 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3139 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3140 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3141 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3142 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3143 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3144 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3145 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3146 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3147 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3148 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3149 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3150 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3151 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3152 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3153 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3154 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3155 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3156 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3157 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3158 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3159 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3160 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3161 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3162 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3163 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3164 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3165 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3166 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3167 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3168 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3169 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3170 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3171 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3172 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3173 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3174 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3175 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3176 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3177 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3178 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3179 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3180 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3181 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3182 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3183 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3185 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3186 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3187 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3188 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3189 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3190 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3191 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3192 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3193 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3194 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3195 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3196 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3197 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3198 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3199 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3200 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3201 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3202 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3203 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3204 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3205 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3206 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3207 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3208 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3209 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3210 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3211 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3212 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3213 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3214 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3215 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3216 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3217 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3218 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3219 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3220 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3221 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3222 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3223 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3224 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3225 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3226 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3227 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3228 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3229 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3230 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3231 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3232 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3233 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3234 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3235 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3236 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3237 ibucp-vip-m.blue.aol.com:5190 TIME_WAIT
TCP cx417534-a:3243 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3245 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3251 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3252 66.28.104.11:http TIME_WAIT
TCP cx417534-a:3260 adsl-63-192-213-64.dsl.snfc21.pacbell.net:1242 CLOSE_WAIT
TCP cx417534-a:3261 pool-138-89-135-29.mad.east.verizon.net:3805 CLOSE_WAIT
TCP cx417534-a:3262 adsl-63-192-213-64.dsl.snfc21.pacbell.net:1244 CLOSE_WAIT
TCP cx417534-a:3263 216.160.91.171:9420 CLOSE_WAIT
TCP cx417534-a:3264 216.160.91.171:9420 CLOSE_WAIT
TCP cx417534-a:3001 cx417534-a:0 LISTENING
TCP cx417534-a:3002 cx417534-a:0 LISTENING
TCP cx417534-a:3003 cx417534-a:0 LISTENING
TCP cx417534-a:3255 localhost:9421 TIME_WAIT
TCP cx417534-a:9421 localhost:3253 TIME_WAIT
TCP cx417534-a:9421 localhost:3256 TIME_WAIT
TCP cx417534-a:9421 localhost:3257 TIME_WAIT
TCP cx417534-a:9421 localhost:3258 TIME_WAIT
UDP cx417534-a:epmap *:*
UDP cx417534-a:microsoft-ds *:*
UDP cx417534-a:isakmp *:*
UDP cx417534-a:1026 *:*
UDP cx417534-a:3004 *:*
UDP cx417534-a:3022 *:*
UDP cx417534-a:ntp *:*
UDP cx417534-a:netbios-ns *:*
UDP cx417534-a:netbios-dgm *:*
UDP cx417534-a:1900 *:*
UDP cx417534-a:ntp *:*
UDP cx417534-a:1900 *:*
UDP cx417534-a:2234 *:*
</I>>>



Seems obvious something isn't right but I cant pinpoint what.. If anyone knows whats up and how to fix it please reply ASAP! The computer is a 1.4G Tbird w/ XP Home Ed.
 

Justin

Senior member
Oct 9, 1999
295
0
0
here's an example of what it typed...
"
In . Instead, there's been the they're going in that case that the O. N. H. is a very large she now in the top of day and the reason in the war. Called stain is the and she were "and the that the commons and see if in in "
^^ thats what it does, and i didnt touch a single keynew ,
HHEEEEEELLLLLLPPPPP!!!!!!!!


And here's a more readable list of those open ports...

http://www.webhosthound.com/blah.txt