Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can anyone please help me with HIJACKTHIS LOG?!


  • Please log in to reply

#16
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Correct :tazz:
  • 0

Advertisements


#17
wandy_lee

wandy_lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
;) I'm BACK~~ :tazz:

The scanned report as follow:

Scan started at 07/05/2005 12:08:34 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\system32\drivers\delprot.sys - VirTool:WinNT/Ispro.B -> Infected

Scanned
============================
Objects: 37057
Directories: 2443
Archives: 914
Size(Kb): -2088480
Infected files: 1

Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0
Mail files: 374

Thank you~~ ;)
  • 0

#18
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Welcome back :tazz:
  • Download Pocket Killbox from. Here
  • Paste the full file path (C:\WINDOWS\system32\drivers\delprot.sys ) in the box
  • click on Delete on Reboot.
  • Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes"
  • Run another scan with RAV and post back what it finds please.
    Let us know how you make out

  • 0

#19
wandy_lee

wandy_lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
This is the report.. ;)

Scan started at 09/05/2005 9:47:35 AM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\system32\drivers\delprot.sys - VirTool:WinNT/Ispro.B -> Infected

Scanned
============================
Objects: 37534
Directories: 2445
Archives: 916
Size(Kb): -2087308
Infected files: 1

Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0
Mail files: 376


:tazz: The virus is still active..... ;)
  • 0

#20
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Reboot to SAFE MODE and search for the following

C:\WINDOWS\system32\drivers\delprot.sys

If found delete it, Please let me know if you find it,

Run another scan with ActiveScan please, Make sure you check the 'Disinfect automatically' option in Active scan
  • 0

#21
wandy_lee

wandy_lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
;) I found the "C:\WINDOWS\system32\drivers\delprot.sys " in the Safe Mode~~
and deleted it..!! :tazz:

now I am doing the Active Scan~~be back soon~~ ;)

IM BACK~~

The report as follow:

Incident Status Location

Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[ddtmsft.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[dhghelp.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[dprpsetu.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[e6202gfmg62a2.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[en60l1jm1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[fplq0335e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[fvsrch.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[gktext.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[gp6sl3j71.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[gp8ul3l91.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[hN23msp.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[iawdial.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[jtr4079qe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[l44qleh51h4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[lnbmp90n.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[mvrul9991.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[n4l8le3u1h.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[o2840clqefqe0.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[r4p80e7ueh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\User\Desktop\l2mfix\backup.zip[t0r8la9u1d.dll]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\ceres.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Temp\upd201.exe

Edited by wandy_lee, 09 May 2005 - 06:19 PM.

  • 0

#22
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good job!

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\CERES.DLL 
C:\WINDOWS\deskbar.ini 
C:\WINDOWS\ceres.dll 
C:\WINDOWS\delprot.ini 
C:\WINDOWS\deskbar.ini 
C:\WINDOWS\Temp\upd201.exe  

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.


Let me know is nortons still finding any problems ?
  • 0

#23
wandy_lee

wandy_lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
:tazz: NO MORE VIRUS~~~~Norton scanned...no virus~~~ ;) ;) You're the best!! Thank you very much~~~
  • 0

#24
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Your very welcome wandy_lee

How is it running ?
Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0

#25
wandy_lee

wandy_lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
One more problem here~~
The window firewall is not turned on, not able to turn on, thats why the spyware, adware & viruses can just sneak into my com..actually, not sneak in.. :tazz: but just upload stuff into my com and start havin fun with it...

Any idea how to turn on the window fire wall at all?? ;)
  • 0

Advertisements


#26
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Here you go
http://www.microsoft...p2_wfintro.mspx
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP