Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

c:/windows/temp/se.dll[RESOLVED]

Started by brammie_ltc , May 12 2005 07:13 AM

This topic is locked

#1
brammie_ltc

Posted 12 May 2005 - 07:13 AM

New Member

Member
5 posts

hi,
i'm needing some help fixing a trojan virus on a windows 98 se computer. i'm running AVG anti-virus, ad-aware and spybot but nothing seems to delete the virus completly. avg finds it when a pop up box comes up saying error loading c:/windows/temp/se.dll access is denied. then avg pops up saying it found a virus i clicked every option to get rid of it but nothing is deleteing it completly. then... i get another pop up on internet explorer of some ad like spy ware and junk. also when i open internet explorer the start page goes to about:blank and brings me to a search page. i'm all outta idea and really would like it if i got some help.. oh yeah i did the
do you suspect a malware (Spyware, Virus, Trojan) infection? Please start here.

nothing helped, you guys are my last hope :tazz:

#2
Metallica

Posted 12 May 2005 - 07:18 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Download and run About:Buster from:
http://www.majorgeek...wnload4289.html
It usually takes two runs to get cleaned.

Post a HijackThislog when you are done

Regards,

#3
brammie_ltc

Posted 12 May 2005 - 09:47 AM

New Member

Topic Starter
Member
5 posts

Tnx for youre help, the problem is fixed! :tazz:

Here is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 17:41:53, on 12-5-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\SPYWARE-PROGS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDSG.DLL
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {61D51660-90DC-11D9-A0ED-0050FCE5B46F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {61D51660-90DC-11D9-A0ED-0050FCE5B46F} - (no file) (HKCU)

Hope I did it correct..

#4
Metallica

Posted 12 May 2005 - 12:22 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Good job sofar, but I see some leftovers.

Download 'SpSeHjfix'. to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run CWShredder again - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Regards,

#5
brammie_ltc

Posted 13 May 2005 - 02:57 AM

New Member

Topic Starter
Member
5 posts

oke here is my SpSeHjfix-log:

(5-13-05 10:39:41) SPSeHjFix started v1.09
(5-13-05 10:39:41) OS: Win98SE A (4.10.67766446)
(5-13-05 10:39:41) Language: nederlands
(5-13-05 10:39:44) Disinfect started
(5-13-05 10:39:44) Bad-Dll(IEP): (not found)
(5-13-05 10:39:44) Bad-Dll(IEP) in BHO: (not found)
(5-13-05 10:39:44) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\HCHH.DLL

and my fresh HJT-log:

Logfile of HijackThis v1.99.1
Scan saved at 10:52:38, on 13-5-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\SPYWARE-PROGS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDSG.DLL
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {61D51660-90DC-11D9-A0ED-0050FCE5B46F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {61D51660-90DC-11D9-A0ED-0050FCE5B46F} - (no file) (HKCU)

#6
Metallica

Posted 13 May 2005 - 04:04 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

O9 - Extra button: Microsoft AntiSpyware helper - {61D51660-90DC-11D9-A0ED-0050FCE5B46F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {61D51660-90DC-11D9-A0ED-0050FCE5B46F} - (no file) (HKCU)

Then reboot and post a new log.

Regards,

#7
brammie_ltc

Posted 13 May 2005 - 05:04 AM

New Member

Topic Starter
Member
5 posts

New HJT-log:

Logfile of HijackThis v1.99.1
Scan saved at 12:59:55, on 13-5-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\SPYWARE-PROGS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDSG.DLL
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\SPYWAR~1\SPYWAR~1\TOOLS\IESDPB.DLL

Edited by brammie_ltc, 13 May 2005 - 05:05 AM.

#8
Metallica

Posted 13 May 2005 - 05:36 AM

Spyware Veteran

GeekU Moderator
33,101 posts

That looks like a clean log to me. :tazz:

Is your computer behaving as it should?

Please have a look at my site for some tips on how to remove and prevent spyware.

Regards,

#9
brammie_ltc

Posted 17 May 2005 - 07:33 AM

New Member

Topic Starter
Member
5 posts

Yes now my computer behaves as it should. :tazz:

Thanks for everything

#10
Metallica

Posted 17 May 2005 - 08:09 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.