Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfield Victim again[RESOLVED]


  • This topic is locked This topic is locked

#16
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
also tried typing the following in DOS

del C:\"Program Files"\"Search Maid"\*.*
del C:\"Program Files"\"Virtual Maid"\*.*
del C:\Windows\System32\"Log Files"\*.*
del C:\"Program Files"\"Security IGuard"\*.*

Now it says "Path not found" after each line. Does that mean the folders are not present?

Edited by roamer, 24 April 2005 - 01:55 AM.

  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Spaces and long path names :tazz:

Man. I have forgotten more then I have learned since then it seems.

Try this one, but check first that no others folders will get deleted because of the abbreviations:
For example if a folder C:\Program Files\searchall would exist, that would get deleted instead of "Search Maid", so be carefull.


@ ECHO off
del C:\Progra~1\Search~1\*.*
del C:\Progra~1\Virtua~1\*.*
del C:\Windows\System\LogFil~1\*.*
del C:\Progra~1\Securi~1\*.*


Sorry about this mess.

Regards,

Pieter
  • 0

#18
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
No problem! Thanks for being so patient... :tazz:

Anyway... did what you prescribed, and got "Path not found" again.
  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
:tazz:

Can you try this one and let me know what happens?


cd\
cd C:\Progra~1\Search~1
del /Q /F *.*


Regards,

Pieter
  • 0

#20
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Invalid directory
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Can you try this command in your DOS prompt?

dir C:\Progra~1

Let me know.

Regards,

Pieter
  • 0

#22
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Yep, got 57 dir(s)... none looks suspicious...
  • 0

#23
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
OK next step (trying to figure out why it goes wrong)

dir C:\Progra~1\Search~1

Regards,

Pieter
  • 0

#24
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
File not found
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
But the folder C:\Program Files\Search Maid exists, right?

Regards,

Pieter
  • 0

Advertisements


#26
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
No. Not that I know of. Doesn't see it on my Explorer.
  • 0

#27
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Aha. You do have hidden files showing, right?

http://www.xtra.co.n...1916458,00.html

Regards,

Pieter
  • 0

#28
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Yes. I have hidden files showing. Only a few files are recently modified though. Under Program Files, there's a dubious-looking hidden folder SysAI. In Windows/System32, there's also a hidden param32.dll... Wonder if they're anything malicious?

Edited by roamer, 24 April 2005 - 06:05 AM.

  • 0

#29
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Can you check if the other folders we tried to remove are already gone as well?

If so post a new HijackThis log.
If not, let me know which are still there.

Regards,

Pieter
  • 0

#30
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The other files are not there too...

By the way, I modified the previous post, in case you didn't see it: I have hidden files showing. Only a few files are recently modified though. Under Program Files, there's a dubious-looking hidden but empty folder SysAI. In Windows/System32, there's also a hidden param32.dll... Wonder if they're anything malicious?

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:08:04 PM, on 4/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard....des/cabs/si.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendste...emailimport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Edited by roamer, 24 April 2005 - 06:15 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP