Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

M comp is Infected?


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Legend,


Apparently the big infection is gone, now we must take care of the smaller ones.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Now let's do some work on your log:

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Close all browser windows and RUN HijackThis.
. Click the SCAN button to produce a log.
. Click the Config button located in the lower right hand corner of the HijackThis window.
. When the new screen opens, find and click the Miscellaneous Tools button.
. Then choose the Open Process Manager button.
. From the list of processes, hilight the following items by clicking them, ONE AT A TIME, then DELETE them by clicking the KILL button:

C:\WINDOWS\TFPDENC.EXE
C:\WINDOWS\QDNYDLL.EXE
C:\WINDOWS\system32\svphost.exe


Once all items have been KILLED, click the Back button which will return you to the HijackThis main window. Now place a check mark beside each one of the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [TFPDENC] C:\WINDOWS\TFPDENC.EXE
O4 - HKLM\..\Run: [QDNYDLL] C:\WINDOWS\QDNYDLL.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


Now with all the items selected, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.


Using Windows Explorer, locate the following files and DELETE them (if they are present):

C:\WINDOWS\TFPDENC.EXE
C:\WINDOWS\QDNYDLL.EXE
C:\WINDOWS\system32\svphost.exe
scvvhost.exe

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.

Regards,

Trevuren

  • 0

Advertisements


#17
Legend

Legend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
is there somthing still wrong with mah comp is it still infected?
  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Legeng,

Please send me a fresh HJT log and I will be able to answer your question.
Better get it to me today, if possible for I am leaving for a week


Trevuren
  • 0

#19
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
TO ADMINISTRATION

This topic is closed due to inactivity. Should the original poster need it reopened, please contact a staff member.

Trevuren
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP