Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't delete win.dll [RESOLVED]


  • This topic is locked This topic is locked

#1
rmprudente

rmprudente

    Member

  • Member
  • PipPip
  • 78 posts
Apparently win.dll is left on a computer infected with the seeker.k virus. I don't have any virus, I've checked several times. The only thing from that virus on my computer is win.dll. I did just buy this computer from a friend so it may have had the virus at some point, I don't really know. Anyway, I keep getting this Norton pop up saying it has detected a virus on the computer (backdoor.agent.b) But I've run the removal tool for it from norton and it says I don't have the virus. When I try deleting win.dll it says access denied, disk may be full or write protected or the file may be in use. I can't figure out what program may be using the file. I tried starting in safe mode to delete the file but I can't find the file when in safe mode. Every now and then the Norton pop up comes up and I can't ever close it. Sometimes it'll eventually close itself, sometimes I have to restart. Can someone help me figure this out? Here's my HJT log just in case you need it.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:43 PM, on 4/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ntkrec32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\newberos.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [oF4W32T] ntkrec32.exe
O4 - HKCU\..\Run: [Zov6RSftQ] newberos.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113676614203
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://service.pagoo...X/BMAXSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E068448-56E0-4004-824E-056E72A6066B}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by rmprudente, 21 April 2005 - 12:22 AM.

  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

O4 - HKLM\..\Run: [oF4W32T] ntkrec32.exe
O4 - HKCU\..\Run: [Zov6RSftQ] newberos.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c5.cab

Reboot into safe mode and delete:
C:\WINDOWS\System32\newberos.exe

Then surf to this site :
http://www.kaspersky.com/scanforvirus
and upload this file:
C:\WINDOWS\System32\ntkrec32.exe
Let me know the results along with a new HijackThis log.

Regards,

Pieter
  • 0

#3
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok, kaspersky.com says the file ( ntkrec32.exe) is infected with Trojan-Downloader.Win32.Apropo.aa but Norton isn't picking it up. I did a search and didn't really come up with anything about the virus. How do I get rid of it? Will the trial version of Kaspersky anti virus get rid of it? Also, today I've run AdAware, SpyBot search and destroy, and spy subtract and none picked it up.
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
We can delete it manually. From the name I'd guess it is the installer for Apropos adware: http://www3.ca.com/s...px?id=453082799

In HijackThis click Config > Misc Tools > Open Process Manager
Look for C:\WINDOWS\System32\ntkrec32.exe in the list and select it.
Then click Kill Process and click Back when it's done
In the Misc Tools creen select Delete a file on reboot and show it the way to
C:\WINDOWS\System32\ntkrec32.exe
Confirm you want to reboot when prompted.

After the reboot do another scan with HijackThis and post the logt.

Regards,

Pieter
  • 0

#5
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
It's not on the running processes list. What now?
  • 0

#6
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OK I'm a dork, didn't read everything. Anyway, the program wasn't actually running but I did have the file deleted on startup. Looks to be gone :tazz: Now, do I leave the win.dll file alone or try deleting it again? oh here's my newest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:09 PM, on 4/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113676614203
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E068448-56E0-4004-824E-056E72A6066B}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Your log is clean.

Find the win.dll rightclick it and rename it to wind.bag

Then leave it like that for a couple of days.
If your computer works without problems you can leave it like that (it's harmless anyway)
If it would make you feel better you can mail me a (preferably zipped) copy of that file and I'll see if I can find out what it is.
My address is pieterATwilderssecurity.org (replace AT with @)

If you are unable to rename it because the file is in use, you should send me a copy. That would mean it's still active and we need to know what it is.

Regards,

Pieter
  • 0

#8
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Couldn't rename win.dll, the norton pop up came up again and I couldn't email a copy of the file. It said the file either couldn't be found or couldn't be sent. This thing is getting very frustrating.
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Can you check the NAV log for that event.
We might learn something from that.

At least the full path to the file and what NAV thinks it is.

Regards,

Pieter
  • 0

#10
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok, Notron's activity log only shows this (repeatedly, LOL)
    K   p v a 2  t y " A Access to the file was denied.W M The file

C:\WINDOWS\system32\win.dll
is infected with the Backdoor.Agent.B virus. P C:\WINDOWS\system32\win.dll s YOUR-O0KWKW9JWC u Owner v Backdoor.Agent.B   K   p v a 2  t y  A Unable to repair this file.W M The file

Like I said, I've run the removal tool for that virus and it's not even on the computer.
  • 0

Advertisements


#11
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Oh man. I stumbled accross an antivirus site called Rav Antivirus. They do online scans, so I double checked that sys restore was disabled and did a scan. My results are scary. I think when I ran Norton Antivirus I probably forgot to disable sys restore, I'm not sure really. Any idea how to get rid of all this crud? Now I know why this computer was sold to me so cheap. grrrrrrrrr

Scan started at 4/20/2005 11:58:55 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\BLSnapshot(2).ini->ADS:uyxuv - TrojanDownloader:Win32/Agent.CD -> Infected
C:\WINDOWS\BLSnapshot(3).ini->ADS:uyxuv - TrojanDownloader:Win32/Agent.CD -> Infected
C:\WINDOWS\corelpf(2).lrs->ADS:wboij - TrojanProxy:Win32/Ranky.BG -> Infected
C:\WINDOWS\hpdj5100.hi2->ADS:vkqzw - TrojanDownloader:Win32/Agent.AN -> Infected
C:\WINDOWS\loadclean.exe - TrojanDownloader:Win32/Delf.CB -> Infected
C:\WINDOWS\wstamp.bin->ADS:iyctp - Trojan:Win32/Agent.BQ -> Infected
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ISTactivex.dll - TrojanDownloader:Win32/IstBar.FZ -> Infected
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ISTactivex.dll - TrojanDownloader:Win32/IstBar.FZ -> Infected
C:\WINDOWS\system32\iehagbaa.tmp - Trojan:Win32/StartPage.IX -> Infected
C:\WINDOWS\system32\jkbchma.dll - Trojan:Win32/Startpage.QR -> Infected
C:\WINDOWS\system32\lachhmaa.tmp - Trojan:Win32/Startpage.QR -> Infected
C:\WINDOWS\system32\lpzxczxct.exe - TrojanDownloader:Win32/Small.MY -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\iC.tmp - TrojanDownloader:Win32/Totalvel.A -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\q319243.com - TrojanDownloader:Win32/Agent.EW -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\sa3.tmp.exe->(UPXW) - TrojanDownloader:Win32/Small.JZ -> Suspicious
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\sa4.tmp.exe->(UPXW) - TrojanDownloader:Win32/Small.JZ -> Suspicious
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q6CD13SF\online[1].chm->/on-line.exe - TrojanDownloader:Win32/Agent.EW -> Infected

Scanned
============================
Objects: 74200
Directories: 5321
Archives: 18961
Size(Kb): -773706
Infected files: 15

Found
============================
Viruses found: 11
Suspicious files: 2
Disinfected files: 0
Mail files: 216
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Download http://computercops....rijn/adsspy.zip

Do a system scan and use it to delete these streams:

C:\WINDOWS\BLSnapshot(2).ini->ADS:uyxuv
C:\WINDOWS\BLSnapshot(3).ini->ADS:uyxuv
C:\WINDOWS\corelpf(2).lrs->ADS:wboij
C:\WINDOWS\hpdj5100.hi2->ADS:vkqzw
C:\WINDOWS\wstamp.bin->ADS:iyctp

Then download and run:
http://www.atribune....ads/KillBox.exe

copy the part in bold below to the clipboard:

C:\WINDOWS\loadclean.exe
C:\WINDOWS\system32\iehagbaa.tmp
C:\WINDOWS\system32\jkbchma.dll
C:\WINDOWS\system32\lachhmaa.tmp
C:\WINDOWS\system32\lpzxczxct.exe
C:\WINDOWS\system32\win.dll


Then in Killbox click File > Paste from Clipboard
Then press the Delete Files button (round red with white cross)

Download, install, and run CleanUp! to clean out all the temp folders.

That should take care of the lot.

Let me know.

Regards,

Pieter
  • 0

#13
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok did all that and everything but win.dll deleted fine. I just don't understand why that file won't delete. I even tried to delete it with Cleanup and it said it the file was in use and it would delete it on startup but it didn't work still.
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts

Ok did all that and everything but win.dll deleted fine. I just don't understand why that file won't delete. I even tried to delete it with Cleanup and it said it the file was in use and it would delete it on startup but it didn't work still.

View Post


OK It's official NAV is driving me nuts. :tazz:

Download and unzip this file: http://www.downloads...AboutBuster.zip
And download CWShredder from here http://www.intermute...r_download.html

Please take care of the following order of the things to do.

- Go offline (unplug if necessary)
- rightclick the NAV icon in the systray and choose to disable resident protection
- run AboutBuster
- if something is found run it again
- run CWShredder
- reboot

Check if NAV is running normally again and if win.dll still exists

Regards,

Pieter
  • 0

#15
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok ran About Buster 2 times here's the log:

Scanned at: 10:23:55 AM on: 4/21/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26


Removed Data Streams:
C:\WINDOWS\BLSnapshot.ini:esqxz
C:\WINDOWS\corelpf(2).lrs:xssst
C:\WINDOWS\corelpf(3).lrs:xssst


Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26


Removed Data Streams:
C:\WINDOWS\BLSnapshot.ini:esqxz
C:\WINDOWS\corelpf(2).lrs:xssst
C:\WINDOWS\corelpf(3).lrs:xssst


Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Error Removing! : C:\WINDOWS\System32\win.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!


CWShredder didn't come up with anything. I dl'd the trial version of Kaspersky Antivirus last night so I ran it today, it screwed up my computer. It did however find 19 viruses and delete 18 of them. When I restarted after that scan my computer froze up just before the taskbar loaded. So I restarted with the Norton disk. Surprise surprise Norton still didn't find anything. I was able to get back to windows though and slowly but surely I was able to uninstall Kaspersky, run Norton's WinDoctor and Disk Doctor, delete internet buildup, and now here I am. Oh and win.dll is still there. :/ Here's my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:12:50 PM, on 4/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113676614203
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E068448-56E0-4004-824E-056E72A6066B}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP