# MSN Blocks the wesite......



## ANNR (Jun 6, 2005)

HI
   I uses MSN and I was not able to goto this site http://www.btchina.net/  On the botton left of the MSN window it says website found then it gives me a page saying HTTP Error 403 - Forbidden.  The site itself is fine because I can go there with Mozilla Firefox without a problem.  Anybody know why? How can I fix that?


----------



## Byteman (Jun 6, 2005)

In IE, goto Tools, Internet Options, Security tab, click you Restricted sites (big red circle), and the Sites button.  From there you can take out the site that your having a problem with.

Edit: but it's prob blocked for a reason...


----------



## ANNR (Jun 6, 2005)

Here is another problem about the Messanger.  Every time I sign into the MSN there in my WIndows Tack Manager there is always two Msn messengers.  One is called msmsgs.exe and the other is called Msnmsgr.exe  I think one of them may be windows messanger, not sure.  Is that how the MSN messanger is or can I just delete one of them?  How can I delete them?

and also I have never saw this before it is called eEBSvx.exe, SPBBCSvc.exe, ccSetMgr.exe, Winlogon.EXE (is the winlogon the one that shows the users when the window is awake after the monitor is when to sleep and turned on agian when moving the mouse? how can I disable it) anybody know what it is? how can I delete it if it is not needed.


----------



## ANNR (Jun 6, 2005)

Edit" (deleted By the way)There is nothing under restricted site section when I opened it.  No site are restricted... Kind weird. I wonderwhy


----------



## Byteman (Jun 6, 2005)

There are a few viruses out there that mask their filenames to msnmsgr.exe, please follow the steps in the sticky , then post back with your results.   We'll take care of other stuff after that.


----------



## ANNR (Jun 6, 2005)

I am doing the Panda Active Scan right now.  I have the Addware and the Spybot, and Paied version of Spysweeper and NIS2005.  Theres is a addware or spy ware called, something like Abetterinternet.  SPybot wan unable to fix it and the SPySweeper can't do it eighter. NIS2005 Can't even find it and it is the same with Addware.  I will do the Sticky and report back later.  It will take some time.


 EDIT-I went PCmagazine and read the reveiw on the Panda it has 4 out of 5 starts but It is kind of weak on the spy and adware part.  Forgot the date of the reveiw, but it did say that panda is going to change it's adware spyware detection thing. do you know have they updated it yet? Is there a stand alone Spy/addware program from panda? I don't want change the intire internet security since Norton has the upper hand when comes to firewall and antivirus. and yes NIS eats memory like we drink water and yes it slows my computer down, for example with out the NIS2005 My computer's start up time is about 1.5Min and it is morthan 3Min with NIS2005 Installed.


----------



## Byteman (Jun 6, 2005)

Panda does viruses well, not spyware that well. You'll find when the antivirus makers try to get into spyware, they're kind of late in the game and don't do as well.  After your done with the scans, post a hijackthis log, and we'll get what's left over.


----------



## Geoff (Jun 6, 2005)

I has msn once before, what you can do on msn is have the master account (usually the adult) can set sites that they dont want their child going to, so it would give an error message.  Thats why u see it there and not on mozilla.


----------



## ANNR (Jun 9, 2005)

Sorry.  

I got lucky the past two days, caught on a flue so was out for couple of days.

any way.  here is a scan Results from Panda and Spysweeper, (I also used other spyware programs but the result is the same, I decided to use the result from SPySweeper because it has more details.)  http://www.freewebs.com/imagetemp/spysweeper.htm (The image didn't show up when I do the  thing so here is the link.  It is the same one I posted from another thread befor but the result is the same so I just used it agian.

Had no idea when i deleted the result from the panda online scan. Any way I will do the scan agian and post the result later.


----------



## Byteman (Jun 9, 2005)

ANNR, Read post#27 of this thread . Buzz1927 gives you instructions for your infection, follow it and post back.


----------



## ANNR (Jun 9, 2005)

Result from Panda.  

Incident:    Adware:Adware/SaveNow                  Status:  No disinfected                        Location :Windows Registry                                                                                                                                                                                                                                                                                                                                                                  


I tried the instruction given by Buzz1927 but for somereason I just can't seems to get rit of it.  sorry not sure but do you mean this one? I tried everything for safe mode to ...... and I still can't fix it.  Can it be that it is already gone but the spyware programs that I used is just reporting faults date (waht I mean is that it is gone but the programs didn'tknow it so it is reportting it but can't fix it because it is already gone.)


----------



## Byteman (Jun 9, 2005)

no, not that one.  read my last post and follow the link, then go to post#27 of that link.

Edit: oopps, sorry buzz, posted same time.


----------



## Buzz1927 (Jun 9, 2005)

ANNR
The logs you posted won't cause the problems you're getting. Download Mwav, check "drive" then "scan". When the scan finishes, post the lower pane of the log (the entries should finish with "Action taken- No action taken".)


----------



## Buzz1927 (Jun 9, 2005)

Byteman, I cleaned the Nail infection off here a couple of weeks ago, I think Spysweeper is flagging the remnants of it.
Tread here.


----------



## Byteman (Jun 9, 2005)

that figures, (I cleaned a machine last night: ad-aware took off 67, spybot a few leftovers, MS took of 4 more, then spysweeper found 366 traces the others didn't, go figure)


----------



## ANNR (Jun 9, 2005)

Byteman said:
			
		

> that figures, (I cleaned a machine last night: ad-aware took off 67, spybot a few leftovers, MS took of 4 more, then spysweeper found 366 traces the others didn't, go figure)



I was thinking that too, but i was not sure.

Buzz

Thanks for all the help. with out you I don't even know that thing in my computer is called nail...


Byteman

Thanks.  I Done Buzz's instruction once before and also did a clean up.  Mabe I did something wrong because That Abetterinternet thing just keeps comeing back.  I will run Buzz's instuction agian.  I will also post a log too.


----------



## ANNR (Jun 9, 2005)

I run Buzz's instruction over agian but found nothing. 
here is the log file.

Logfile of HijackThis v1.99.1
Scan saved at 6:29:13 PM, on 6/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ShuFen Li\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tokyotosho.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://officeint.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1116646956498
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


----------



## Buzz1927 (Jun 9, 2005)

ANNR.
Can you follow the instructions in post #13 and post the Mwav log.


----------



## Byteman (Jun 9, 2005)

You're log is clean from malware.  Did you run the Mwave like Buzz suggested?

Edit: Sorry buzz, post same time, it's yours from here on in.


----------



## ANNR (Jun 10, 2005)

I downloaded the Mwave but I don't know how to open it. 

here is a screen shot of the file that I unziped and the the ones in red EDIT-[] /EIDTis the one that i clicked on.  the one with the fly when it is clicked a window pops up for like .5 second and it is gone.


----------



## Buzz1927 (Jun 10, 2005)

The one with the fly is what you want. Didn't it run straight off when you unzipped it? Download it again to the desktop, when you double-click it it should run automatically.


----------

