Code Red again

  vinnyo123 16:16 23 Jul 2004

I recently had AVG find code Red on my machine and it put it in the vault but everytime I run AVG it keeps finding it. Now should I worry or try to track it down and remove it.(AVG file server version) Win 2k server with IIS running,sygate personal firewall.


  stalion 16:22 23 Jul 2004

try here click here

  vinnyo123 16:38 23 Jul 2004

dont see any sign of nasties(code red) can someone confirm.Logfile of HijackThis v1.98.0
Scan saved at 11:25:47 AM, on 7/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Sygate\SPF\smc.exe
C:\Documents and Settings\Administrator\My Documents\vinny\applications\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PCADVISE.VOLITO123.COM
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B87CD85-EC4C-4D75-BCCD-6B0B6D9F6AC2}: NameServer =,,
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3BF55DB-86F9-4174-8072-8984276ABDD0}: NameServer =,,
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B87CD85-EC4C-4D75-BCCD-6B0B6D9F6AC2}: NameServer =,,
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B87CD85-EC4C-4D75-BCCD-6B0B6D9F6AC2}: NameServer =,,

stalion I have tried a different patch form MS
Q300972,but said i had a newer version I'll look into this one thanks.

  vinnyo123 02:42 24 Jul 2004

just an update on my suituation.I ran NAV code red remover,and spyhunter,trojanremover,cwshredder,ran a scan with pccillen,panda,hijack this,fixcodered,retinacodered,and none off them find anything,but soon as I run AVG presto its there.Do you think I should keep trying or move on????

  vinnyo123 14:49 24 Jul 2004

any one ? where are the regulars vacation (LOL)


  jonnytub 14:52 24 Jul 2004

have u tried the delete, sys restore reboot method ?

  stalion 14:56 24 Jul 2004

have you tried this click here

  vinnyo123 15:39 24 Jul 2004

system restore, believe it or not just set up(format) PC went on internet without firewall to get updates (MS) and download firewall.Just my luck got virus quickly IIS. (and they say don't be paranoid LOL ).So I guess I have no restore point to go to.

stalion gonna check that site now and I'll post back. I have ran all the other checks and they came up empty only AVG is detecting code red. Do you think it could be a bug in AVG or maybe it is just detecting DOS attacks and alerting me .Dunno but something is fishy.I am not getting any unusual systems yet PC has been up for two days now.

Thanks I'll post back after taht scan(scanning now)

  vinnyo123 16:39 24 Jul 2004

well add that one to the list also it found nothing.Now how can all this companies find nothing and only AVG sees Code Red.(hope I didn't wast my money) Something is not right here.

Anymore advise onthis will be greatly appreciated.

"long days and nights"

  vinnyo123 14:57 26 Jul 2004

Ok might sound simple, but where is system restore in WIN 2K server.Gonna try to disable it and run some tools.

  vinnyo123 20:01 28 Jul 2004

well actually I did a reformat and went step by step this time installed ALL programs and patches first(firewall,anti-virus,code red patch)and installed IIS after all patches.I did this before even going onto WAN.Now system is clean and should be protected well enough. I guess that window Of minutes going onto net to download patches and firewall was enough time for Code Red to enter my PC. So much for not be to paronoid.Thanks again for all your help.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment créer, modifier et réinitialiser un compte Apple ?