# computer wont stop sending bytes!



## Beamer_nm (Aug 19, 2003)

when i logon to my server my computer starts sending bytes and it doesnt stop. It is up to 10 million and counting. I cannot figure out what it is sending or how to stop it from sending. anybody know what is happening? i barely made it this far to post this message cause the bytes being sent are taking up so much room. Please, Please, Please someone help me!


----------



## Beamer_nm (Aug 19, 2003)

Oh ya, My computer is a Dell Dimension desktop running windows ME with an intel celeron processor. Thanks for any input.


----------



## NiteHawk (Mar 9, 2003)

Let's have a look at what is causing it.

Go to http://tomcoyote.org/hjt/ and download HiJackThis. Use Winzip to unzip it, then install and run it. To run, click the Scan button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. _IF you happen to be using a proxy server, please mention it in your post._ Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the baddies that may be in there.


----------



## Beamer_nm (Aug 19, 2003)

Logfile of HijackThis v1.96.4
Scan saved at 12:57:04 AM, on 9/5/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\MSMGT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\IAMSAD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Netpenny, Inc.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\SYSTEM\STOPZILLABHO.DLL
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORY METER\MEMORYMETER.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [STOPzilla] C:\PROGRAM FILES\STOPZILLA!\STOPZILLA.EXE /autorun
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe
O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.EXE
O4 - HKLM\..\Run: [SysCfg32] iexplore.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\KAZAA\MY SHARED FOLDER\NETDETECTIVE_8_2002 (1)1ST.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [NAV Auto Update] IAMSAD.EXE
O4 - HKLM\..\RunServices: [SysCfg32] iexplore.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\RunOnce: [NAV Auto Update] IAMSAD.EXE
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Dell Home (HKCU)
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/NSupd9x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37605.2497453704
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} - http://pak02.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.1.0.2.5.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/turbo.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/payload2.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.300 - http://63.102.226.240:8000/Java/cfs40300.cab
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.totalvelocity.com/SpeedBlaster2/SpeedBlasterT_2.1.1.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 169.254.255.196


----------



## NiteHawk (Mar 9, 2003)

Home networking??

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 169.254.255.196


----------



## NiteHawk (Mar 9, 2003)

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.
*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORY METER\MEMORYMETER.EXE
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\Attune_ce.exe

O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.EXE
O4 - HKLM\..\Run: [Microsoft Tray] C:\KAZAA\MY SHARED FOLDER\NETDETECTIVE_8_2002 (1)1ST.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background

O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/NSupd9x.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://stream10k.redhotnetworks.com/cabs/videox.cab

O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.totalvelocity.com/SpeedB...sterT_2.1.1.cab
*

Reboot

Now download Spybot - Search & Destroy  (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks


----------



## NiteHawk (Mar 9, 2003)

Let's see what your outbound net traffic is once you have done all of the above.


----------



## Beamer_nm (Aug 19, 2003)

i do not have a home network, just this single computer.


----------



## NiteHawk (Mar 9, 2003)

Let's add this to the list, in that case

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 169.254.255.196

169.254.255.196 to the best of my knowledge is a reserved private address for use only on local subnets.

It doesn't look right being there.


----------



## Beamer_nm (Aug 19, 2003)

okay in the first thread i babbled about how my computer sends bytes of information when i connect to the internet..... Nitehawk was nice enough to walk me through a few solutions and unfortunately my computer was so overwhelmed with whatever the hell it was trying to send nonstop, that i couldnt even get to the tech guy webpage! So in a desperate attempt to fix my situation, i went into my c: drive and started deleting files. I ended up deleting everything that the computer would let me delete, afterwards i rebooted with my windows millenium edition cd rom and reinstalled windows ME. Then i simply made a new internet connection and the problem was solved! Unfortunately, all the files that i couldnt save to disk were lost in the mix. So, ill have to start over with my trusty Kazaa Media Desktop to get all the games and files i had downloaded! Thanks for the help Nitehawk, and this time i think i will download the Spybot Search and Destroy BEFORE my computer stops doing what i tell it to do!!! Again, thanks for the help! This forum is now closed.


----------



## NiteHawk (Mar 9, 2003)

Sorry to hear you had to reload.
If you must use Kazaa, look into kazaalite....no spyware in the lite version
Be very careful of what you d/l it could very well be that Kazaa is that got you into this problem in the first place.

Also, if you don't already have the, install a good antivirus product and a good firewall.

Good Luck


----------



## generic916 (Sep 25, 2003)

Hello all, I am new here only by the mere fact that I, too, have been hit by the Iamsad.exe virus. Two things alerted me to this.
1. my antivirus warned me a file I downloaded using Kazaa Lite is infected (and kept warning me until I ran the antivirus to clean my whole hard drive), and 
2. Zone Alarm asked me if I wanted to grant Internet and Server access to iamsad.exe.

I ran the antivirus, and it "healed" the virus. Zone Alarm cranked down on it. I know what you mean about this pesky beast. Zone Alarm saved me because it tried over two hundred times to get Internet access in less than a minute. I can only imagine what it did with you, Beamer.

You can either get an eval copy of Zone Alarm and then pay for it if you like it, or, since you know of Kaaza, you may have other options. I use AVG Anti-Virus. It's free, but it does a good job of protecting me. I recommend both products to anyone with high-speed Internet. I am sorry you had to restore your system and lose some files. As something to keep in mind for the future, burn your files to CD. You machine may crash for any cause, and there is no reason you should risk losing your files.

Good Luck....Eric


----------



## Iron Oxide (Sep 25, 2003)

My computer is running slow and I went to my msconfig to see what was slowing it down. One of the items that I didn't know was WkDetect so I went to Google to find out what it was and it brought me to this site. I downloaded Hijackthis like the last guy and I have it saved. I was wondering do you also do XP systems or do I need to go to that thread ?


----------



## NiteHawk (Mar 9, 2003)

Your best bet would be to start a new thread in the Security forum and paste a copy of your HJT log into the post.
I'll keep an eye open for it.


----------



## generic916 (Sep 25, 2003)

Hi All, minor update. IAmSad.Exe has tried almost 3,000 times to get out to the internet including some IRC domains. Thanks Zone Alarm for preventing some crashes while I troubleshot this one.
My resolution was to search and delete any registry entries referring to IAmSad.exe. They were all buried under NAV Updates. Funny, I use AVG Anti-Virus. I hate Norton, and will never install it, but, it installed itself there. I found the file under c:\winnt\system32 folder. I am running Windows 2000 Advanced Server. I would expect Windows XP to have it under C:
\Windows\System32. I simply end-tasked to stop the exe, searched and deleted it and did the registry editor thing.
Things that did not work:
Spybot Search & Destroy did not detect it.
HiJackThis found it in the registry, but did not give me all instances of it to delete it (or upon reboot it recreated itself).
Spyware Blaster did not detect it at all.
SpyHunter (eval edition) does not have a "remove" option, so unless you buy it, it will only detect things. It found a lot of bad things, but it was useless for me.

I hope this thread helps you. This should be my last post on this subject. Once again, I did a search on Google and found this to be the only reference to the IAmSad.exe file. Once again, thanks for all of your help.

Eric


----------



## Tech_Guy_Bob (Oct 8, 2003)

I have posted a thread about how to get rid of iamsad.exe it took me a few minutes to figure out this viri but alas i have destroyed it.


----------



## ~Candy~ (Jan 27, 2001)

http://forums.techguy.org/t170406/s.html


----------

