I need help to get rig of this virus![RESOLVED], se.dll |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
 Apr 14 2005, 09:49 AM
Post
#16
|
|
|
Member  Posts: 29 OS: 2000  |
Hi,
I've noticed that this seems to be a problem for many other people too! Could u please help me get rid of this stupid se.dll trojan! It sets my home page to about.blank and loads of pop-ups keep apearing! My antivirus recognises it but then says access denied.. please help me! thanks nick ps this is the log: Logfile of HijackThis v1.99.1 Scan saved at 17:14:24, on 14/04/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\S3tray.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe C:\WINNT\vsnpstd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINNT\system32\internat.exe C:\Documents and Settings\Administrator\Application Data\tscm.exe C:\WINNT\system32\alg.exe C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\temp3\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1BB42F7F-EB5A-4F33-A705-97B161852335} - C:\WINNT\system32\joea.dll O2 - BHO: (no name) - {225A2252-B6B4-C34D-BD1C-BFEEFFF7BBE8} - C:\WINNT\system32\kvfhve.dll O2 - BHO: (no name) - {235A2250-B6B6-B749-BD1F-CDEEFF86BB90} - C:\WINNT\system32\kvfhve.dll O2 - BHO: (no name) - {2630E63A-7D83-7A7B-8A29-5E27C396BFC2} - C:\WINNT\system32\oviuh.dll (file missing) O2 - BHO: (no name) - {A10D0315-99AF-CA02-F82A-BEC9ADB26E95} - C:\WINNT\system32\wrp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [S3TRAY] S3tray.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [ABRECEIVER] "C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe" O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Rtom] C:\Documents and Settings\Administrator\Application Data\tscm.exe O4 - HKCU\..\Run: [Nqwwqghi] C:\WINNT\system32\alg.exe O4 - Global Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.iframedollars.biz (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O18 - Filter: text/html - {983B0471-0DF7-44BB-9ACD-5312A2F1C698} - C:\WINNT\system32\joea.dll O18 - Filter: text/plain - {983B0471-0DF7-44BB-9ACD-5312A2F1C698} - C:\WINNT\system32\joea.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe This post has been edited by nicksantopaolo: Apr 14 2005, 10:15 AM |
 |
 
|
Posts in this topic
nicksantopaolo I need help to get rig of this virus![RESOLVED] Apr 14 2005, 09:49 AM
nicksantopaolo hi,
im really sorry but all that happens is when ... Apr 16 2005, 08:47 PM don77 Its not you Nick
Try this one
http://forums.net-i... Apr 16 2005, 09:01 PM nicksantopaolo hi,
it just says this:
PLEASE NOTE THAT ALL FILE... Apr 17 2005, 02:20 AM don77 Please run these two online scans. Make sure they... Apr 17 2005, 08:07 AM nicksantopaolo hi
it is still really bad! i cant even get in... Apr 17 2005, 01:54 PM don77 Hi Nick we will get it,
Did the online scans find ... Apr 17 2005, 02:41 PM nicksantopaolo Hi sorry about the delay,
I did the online scans ... Apr 21 2005, 03:03 PM don77 Nick did you get an error message when you ran Fin... Apr 21 2005, 10:11 PM nicksantopaolo hi
like before it comes up with the following:
... Apr 22 2005, 04:40 AM don77 Could you reboot to safe mode run a scan with HJT ... Apr 22 2005, 05:41 AM nicksantopaolo ok here u go:
Logfile of HijackThis v1.99.1
Scan ... Apr 22 2005, 07:29 AM ultragod Please refrain from replying to topics in the malw... Apr 22 2005, 12:42 PM don77 Hi there, and welcome to Geeks To Go!Download ... Apr 22 2005, 07:58 PM nicksantopaolo Hello,
Ok i have done that, however 'alg.exe... Apr 23 2005, 05:06 AM don77 Hi Nick,
Open HJT again please,
click on Config, a... Apr 23 2005, 11:00 AM nicksantopaolo Hi
I have restored the file however, in Active s... Apr 23 2005, 06:40 PM don77 Please Download
Silent Runners
Please create a fo... Apr 23 2005, 06:52 PM nicksantopaolo hi
i saved it but it just created an internet fil... Apr 23 2005, 06:58 PM don77 Go to your Desktop, right click, choose New, Folde... Apr 23 2005, 07:25 PM nicksantopaolo Ok great that worked fine:
"Silent Runners.v... Apr 23 2005, 07:30 PM don77 Hi Nick,
need you to do a couple things,
1 -
Dow... Apr 24 2005, 08:51 AM nicksantopaolo Hi
sorry about the delay, i've been away thi... Apr 29 2005, 12:00 PM don77 Hi Nick,
Please download ewido security suite it ... Apr 29 2005, 07:53 PM nicksantopaolo hi
ok here they are:
Logfile of HijackThis v1.99... Apr 29 2005, 09:24 PM don77 Download FindIt's.zip to your desktop: http://... Apr 29 2005, 11:18 PM nicksantopaolo hi
the link doesnt seem to work:
'http 404 -... Apr 30 2005, 03:24 AM don77 Download FindIt's.zip to your desktop: http://... Apr 30 2005, 08:55 PM nicksantopaolo Thanks that worked brilliant..
Hope this is right... May 1 2005, 04:23 AM don77 Nick are you still getting redirected ?
Everything... May 1 2005, 08:21 AM nicksantopaolo Hi,
I've tried loads of options and been to l... May 1 2005, 11:44 AM don77 Thats good news Nick,
QUOTEAs far as all the anti... May 1 2005, 12:50 PM nicksantopaolo Fantastic! I've got rid of all the relevan... May 1 2005, 02:50 PM don77 hpotdd01.exe =
http://www.liutilities.com/products... May 5 2005, 06:14 PM nicksantopaolo Brilliant!
Everything is working fine now... May 14 2005, 04:06 AM
don77 Since this issue appears to be resolved ... this T... May 14 2005, 08:34 AM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
12 / 1,722 | 25th April 2005 - 12:29 AM computersrstupid started - last by Daemon |
||||
|
6 / 357 | 26th August 2005 - 12:47 AM maxxx started - last by Excal |
|||||
|
9 / 456 | 17th August 2005 - 02:04 PM mlaw started - last by g2i2r4 |
|||||
|
0 / 223 | 9th June 2006 - 09:29 PM steven_a_messina started - last by steven_a_messina |
|||||
|
Time is now: 24th November 2009 - 03:10 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising