Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Explorer Problem

Started by kalaignar , May 27 2005 12:34 PM

  • Please log in to reply

#1
kalaignar
Posted 27 May 2005 - 12:34 PM

kalaignar

    Member

  • Member
  • PipPip
  • 21 posts
Hi Experts,

My system got some kind of virus, which crashed Explorer.exe, Iexplore.exe Now I get only blank desktop no status bar and startup panel. All I have is Task Manager (clt+alt+del). I can open application via Task manager.
I tried below steps after going through some of the forum messages

1. I tried with sfc /scannow It failed to bring up explorer back as well as iexplore

2. I tried the steps in http://www.geekstogo...udc-t17676.html

3. Even using Windows XP installation CD, I tried to Repair my system still not working

4. Also copied C:\program files\internet explore\iexplore.exe to C:\windows\system32

and renamed above copied iexplore.exe to explorer.exe

This also not working out. I found explorer.exe under c:\windows\system32 is created automatically. Even if you delete it is created automatically.

Note:- My control panel is also not working I tried to type 'control' in the task manager command line it says 'the path is not correct try using searching'

5. Here the result when I scanned my system using Norton Virus scan


***NOTE: Close this window to continue installing the product.***

=========================================================
===============PRE-INSTALL SCANNER RESULTS===============
=========================================================
Summary:
Scan finished at 11:57:18 PM on 5/26/2004.
Number of Files Scanned: 55624
Number of Infections Found: 3
Number of Files Repaired: 0
Number of Files Deleted: 3
Number of Files Left Infected: 0
=========================================================
Details:
C:\Documents and Settings\tekadm.SAPSRV\Local Settings\Temporary Internet Files\Content.IE5\8B5FIMFD\1[1].htm was infected with Bloodhound.Exploit.6. (DELETED)
C:\WINDOWS\system32\eliteuhe32.exe was infected with Bloodhound.W32.EP. (DELETED)
C:\WINDOWS\system32\ole32vbs.exe was infected with Bloodhound.W32.EP. (DELETED)
=========================================================


Here is hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 9:28:54 AM, on 5/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
c:\orant\bin\oracle80.exe
C:\orant\BIN\TNSLSNR80.EXE
C:\Program Files\Common Files\Panda
Software\PavShld\pavprsrv.exe
C:\Program Files\IntraPort Client\vpn5000service.exe
C:\WINDOWS\System32\taskmgr.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\InternetExplorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Search Bar =res://C:\WINDOWS\fwtdi.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Search Page =res://C:\WINDOWS\fwtdi.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\InternetExplorer\Search,SearchAssistant =res://C:\WINDOWS\fwtdi.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName =
O2 - BHO: Class -{6F4B23DA-F796-90AD-CDF9-FF9C25D11F73} -C:\WINDOWS\mfcbq.dll
O3 - Toolbar: &Radio -{8E718888-423F-11D2-876E-00A0C9082467} -C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\CommonFiles\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\ProgramFiles\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hfyybbki]c:\windows\system32\hfyybbki.exe
O4 - HKLM\..\Run: [jjq623op] C:\ProgramFiles\jjq623op\jjq623op.exe
O4 - HKLM\..\Run: [etbrun]C:\windows\system32\elitehai32.exe
O4 - HKLM\..\Run: [sys10-859017304]C:\WINDOWS\sys10-859017304.exe
O4 - HKLM\..\Run: [SystemCheck]C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [STOPzilla] C:\ProgramFiles\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [WindowsUpdate]C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [MSN Messenger]C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\ProgramFiles\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\ProgramFiles\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [ipyf32.exe]C:\WINDOWS\system32\ipyf32.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe/firstlogon
O4 - HKLM\..\RunServices: [CPQDFWAG]C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\ProgramFiles\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [sysmonnt]C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Aarr] C:\Documents andSettings\SAPServiceTEK\Application Data\ueol.exeO4 - Global Startup: Microsoft Office.lnk = C:\ProgramFiles\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -res://c:\programfiles\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -res://c:\programfiles\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page- res://c:\programfiles\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -res://c:\programfiles\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -res://c:\programfiles\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\InternetExplorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\InternetExplorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}(TDServer Control) -http://www.kumudam.com/wfplayer/tdserver.cabO16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -http://www.alwaysupdatednews.com/install/aun_0009.exe
O16 - DPF: {D05F33E0-3F75-11D3-A176-006008944486}(Audible Words Codec) -http://download.audible.com/AM36/awrdscdc.cabO20 - Winlogon Notify: STOPzilla -C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Network Security Service (NSS) (11Fßä#·ºÄÖ`I) - Unknown owner -C:\WINDOWS\system32\ntag32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Compaq Remote Diagnostics EnablingAgent (CpqDfwWebAgent) - Compaq Computer Corporation -C:\WINDOWS\Cpqdiag\Cpqdfwag.exeO23 - Service: iPod Service (iPodService) - AppleComputer, Inc. - C:\ProgramFiles\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - LexmarkInternational, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: OracleAgent80 - oracle -C:\orant\agentbin\DBSNMP.EXEO23 - Service: OracleClientCache80 - Unknown owner -:\orant\BIN\ONRSD80.EXE
O23 - Service: OracleDataGatherer - Unknown owner -C:\orant\bin\vppdc.exe
O23 - Service: OracleExtprocAgent - Unknown owner -C:\orant\BIN\EXTPROCT.EXE
O23 - Service: OracleServiceTEK - Oracle Corporation -c:\orant\bin\oracle80.exe
O23 - Service: OracleTNSListener80 - Unknown owner -C:\orant\BIN\TNSLSNR80.EXE
O23 - Service: Panda Process Protection Service(PavPrSrv) - Panda Software - C:\Program Files\CommonFiles\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAPOSCOL - Unknown owner -C:\usr\sap\TEK\sys\exe\run\SAPOSCOL.EXE
O23 - Service: SAPTEK_00 - SAP AG -C:\usr\sap\TEK\sys\exe\run\SAPSTARTSRV.EXE
O23 - Service: Symantec Network Drivers Service(SNDSrvc) - Symantec Corporation - C:\ProgramFiles\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: VPN 5000 Service 1.00.00(VPN5000Service) - Unknown owner - C:\ProgramFiles\IntraPort Client\vpn5000service.exe
O23 - Service: ZESOFT - Unknown owner -C:\WINDOWS\zeta.exe (file missing)

Above log is also available as file

Please help, I am struggling lot to get it fixed. I appreciate if some one fix for me.

Attached Files


  • 0

Advertisements

#2
gerryf
Posted 27 May 2005 - 12:40 PM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
You are still infected with malware

Please go to the malware forum in my signature and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty, then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0

#3
kalaignar
Posted 27 May 2005 - 01:05 PM

kalaignar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi gerryf

Can You please send me the link for malware removal instruction under your name.

I searched for your id under malware could not found one.

Thanks
Kalai.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP