pras0x84 Posted July 27, 2008 Report Share Posted July 27, 2008 lately my utorrent has been acting weird. I tried v1.7.7 and even v1.8 RC6. At the time of installation its working good. i can add downloads and start downloading stuff. After some time, say in hours, it refuses to start when double clicked. Besides, other softwares like Flash Movie player v1.4, v1.5 and Magic Iso v5.3 are failing to load. Failing in the sense, the mouse pointer turns busy for less than a sec and then nothing happens. I dont know why this is happening. I have done formatting and fresh loading of OS as a last resort but it couldnt help too. Iam not using any antivirus software and iam sure that its not cus of virus. I don know what further information could help you guys to help me. Please ask me if u would like to know anything.I searched the forum and came up with this.Backup settings.dat in Start > Run > %appdata%\uTorrent, then delete settings.dat and settings.dat.old and reconfigure µTorrent.I had to test this yet. Maybe the next time my utorrent crashes. But can anyone explain why those 2 other software fail to load along with utorrent ?----------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 5:43:20 PM, on 7/27/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ping.exeC:\Program Files\HijackThis\HijackThis.exeO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{77AEA8D2-A98B-49F0-831B-F0AC34F622EB}: NameServer = 172.16.11.1,202.56.250.7,202.63.100.2,202.56.250.6O17 - HKLM\System\CS1\Services\Tcpip\..\{77AEA8D2-A98B-49F0-831B-F0AC34F622EB}: NameServer = 172.16.11.1,202.56.250.7,202.63.100.2,202.56.250.6O17 - HKLM\System\CS2\Services\Tcpip\..\{77AEA8D2-A98B-49F0-831B-F0AC34F622EB}: NameServer = 172.16.11.1,202.56.250.7,202.63.100.2,202.56.250.6O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)------------------------------------------------------------------------- Link to comment Share on other sites More sharing options...
Firon Posted July 27, 2008 Report Share Posted July 27, 2008 Post a HijackThis log, though something's clearly messed up on your system. Link to comment Share on other sites More sharing options...
Switeck Posted July 27, 2008 Report Share Posted July 27, 2008 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllHostiles, I'm sure of it! Link to comment Share on other sites More sharing options...
pras0x84 Posted July 27, 2008 Author Report Share Posted July 27, 2008 Iam new to this HijackThis thing. Thanx for pointing out the hostiles in the first place. Can you tell how to deal with them? what to do now ? Link to comment Share on other sites More sharing options...
DescentJS Posted July 27, 2008 Report Share Posted July 27, 2008 I had a problem similar to this. But it wasn't caused by hostile software. It was a usb flash drive that I had left connected to the computer when I rebooted. Removing the drive solved the problem instantly. The problem has not reappeared even when the drive has been reconnected, so it was probably the rebooting while connected. Link to comment Share on other sites More sharing options...
pras0x84 Posted July 30, 2008 Author Report Share Posted July 30, 2008 I think i have found the reason. The reason is latest version of Flashget. When ever i opened flashget, the installed utorrent wouldnt work. Don know what is the cause. I guess it has to do something with flashget now supporting bittorrent. Now i have uninstalled the Flashget, and have been using utorrent ever since. Its working awesome. Think i have to shift to someother flashget look alike software cus its killing utorrent. Link to comment Share on other sites More sharing options...
Firon Posted July 30, 2008 Report Share Posted July 30, 2008 You could probably just configure Flashget to not take associations for .torrents. Link to comment Share on other sites More sharing options...
pras0x84 Posted July 30, 2008 Author Report Share Posted July 30, 2008 No if its just the association of Flashget to .torrent files i would have done it a long while ago. Even after resetting association for .torrent in Flashget, utorrent still continued to collapse or say not load at all for double click. Hope you guys understand what iam talkin bout. Thanx for all those who cared to help me. Its good to be here. Link to comment Share on other sites More sharing options...
Firon Posted July 30, 2008 Report Share Posted July 30, 2008 But did you also make utorrent retake associations afterwards? Link to comment Share on other sites More sharing options...
pras0x84 Posted August 2, 2008 Author Report Share Posted August 2, 2008 Finally i had found out why utorrent fails. Its virus with name svchost.exe (created at C:\Windows). Its running itself as a service when entered into the system. As its common for windows to run many instances of svchost.exe (originally at C:\Windows\System32), it looks unsuspicious. It took sometime to discover that the file contents of utorrent.exe are changing as the time passes. Thats why it works when installed for sometime. Later when the file is tampered, it stops working. I have also observed that this svchost.exe (virus) is overwriting the contents of the programs executed on windows at random tailoring it with its own code. The file size may seem same but the checksums before and after attack fails to match. I have used ProcessMoniter from sysinternals to know which process is overwriting this utorrent. Took sometime to catch the svchost.exe (virus). The infected or overwritten utorrent now contains the virus within itself. The next time if somehow i managed to clean virus from memory, and if i start utorrent, utorrent reinfects my pc with a copy of svchost.exe present within itself and quit immediately. Interesting thing with this virus is that .. if i somehow clear the virus from memory again .. and reexecute the utorrent, utorrent which was modified earlier, that which isnt working, is not infecting this time. I personally think that the virus isolates itself from the program it resides in once it gets into memory. This still invalidates the host (infected) program. I havent noticed all this because of the name and nature of svchost.exe. Many instances of it run under normal circumstances. I have used many executable files on my drive ever since it got infected. Each and everytime i run a program, iam making it get infected. Days passed and almost 40% of software that i had on my disk were infected just because i ran them once or twice while my pc is infected with this new svchost.exe. Every such infected programs carry a copy of this infected svchost.exe. I have tried to scan the infected file but the scanners are not good at locating it. When it detaches from the host exe and copies itself as svchost.exe, then the spyware softwares are able to identify it. So beware people. Now iam taking precautions. I got my utorrent back. All those days with out it was a nightmare !! utorrent rocks !! By the way, for all those who had shown concern, thank you very much !! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.