trojan or something?

hi, i'm new here. did a search on the whazit-**** and found this great forum here and had several other problems solved as well.

i have downloaded hijackthis, spybot s&d, advanced adminstration tools (glocksoft), anti-trojan through the recommendations of the posters here and personally i have nav2003 and thecleaner (moosoft).

major problems like whazit has been cleared and a couple of trojan has been removed. somehow i still think my pc is still infected with some kinda thing that changes my mIRC ident each time i reconnects. personally i think is some kinda trojan or backdoor but none of the wares could detect it. and each time my pc boots up, there is this winsck that runs automatically and closes in a second. there is nothing in my startup and there isnt this winsck thing previously.

can anyone help me with my 2 problems?

 

OK the winsck.ocx is a normal ActiveX control, not to be confused with "winsock.dll" which is the windows socket.

The winsck is needed by some applications especially like ICQ IRC etc. Were you to delete this file a couple of these or other programs would cease to function.

Delete the winsock however and all internet on that computer would cease to function.

There is a difference between the 2, "SO" don't tinker with the winsock.

That said, you never gave your OS. Win95/98, ME etc?

So let me know what version of windows and we will proceed.

You may want to look at this:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.synrg.html

NOTE this refers to winsck.oc "s" which should not exist on your computer.

mike

 

i still dont get what you meant. i did not delete any of those winsock.* or winocx.* files, practically why i am still able to use my internet posting to this forum now. hijackthis somehow removed plenty of startups items but the winocx popup occured before i had hijackthis. i got no idea if this winocx problem is related to my mIRC problem.
anyway i'm using win2K. there wasnt so much virus/trojan problem when i was using winME except for systematic errors.
anyone? advice please. thanks.

 

OK!

All I was trying to say is

Don't mess with these 2 files winsck.ocx and winsock.dll.

In you last message you mention winocx.* . You did not mention this before nor did I. Do you have some by this name and if so I don't recognize it and I am familiar with most windows system files.

As to your statement;

quote
anyway i'm using win2K. there wasnt so much virus/trojan problem when i was using winME except for systematic errors
unquote

OS 98, ME, 2K or XP has nothing to do with getting viri. It is where you go, what disks you use, who sends you email and which ones you open and of course the virus scanner.

But nothing to do with the OS.

I also told you that you should not have a winsck.ocs.

So I repeat.

You may want to look at this:

http://securityresponse.symantec.co...door.synrg.html

NOTE this refers to winsck.oc "s" which should not exist on your computer.

So now that I know the OS here are some things to do for your problem.

If you think there is a problem with Mirc then download but do not install the latest IRC if you must have it.

Then download and install BUT DO NOT RUN the following programs. They will be run in safe mode.

RegScrubXP http://www.majorgeeks.com/download.php?det=2048
NOTE: W2K and XP only!
Select RegScrub finds problems and remove all it finds.

RegSeeker http://www.hoverdesk.net/freeware.htm

HiJackThis http://www.tomcoyote.org/hjt/
Scan and clean only things to do with Whatzit Mirc etc. Warning be sure.

Then boot to safe mode

Then uninstall Mirc completely. Save all your contacts and etc first.
After uninstall do a disk search for mirc and delete all the uninstall missed. Do not reinstall for a day or two to see if all is well in general.

Next:
Configure CleanMgr to max settings
Go to Start-Run and type

cleanmgr /sageset:1
The above need only be ran once (these settings will be remembered as the default until another sageset is ran).

It will present a menu select all except compress, then

Go to Start-Run and type

cleanmgr /sagerun:1
As long as /sageset above has been ran on this computer from now on the /sagerun is the only thing that needs to run.

Then in this order

HiJackThis

RegScrub

RegSeeker
in RegSeeker first choose "Clean registry" and delete all it finds.
then choose "Find in Registry" and
type
mirc

delete all it finds.

Reboot to normal mode.

Good luck.

mike

 

ok i'll try the downloads when i get home from school later on.

can i have the full symantec link? when i click/dclick it, it doesnt seem to open it well.

 

hey mflynn thanks for your help. problems fixed but still got some doubts about some files i see in taskmanger and registry keys when i run the wares you told me.
i'll post in the win2000 thread.

 

Realix

Run HiJackThis

Click config, then click Misc Tools, then click Generate startup list.

While this list is on screen copy it and paste it back to us and we can advise.

mike