Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Geez, I got pwned.


  • Please log in to reply

#1
akashhhhhh

akashhhhhh

    New Member

  • Member
  • Pip
  • 2 posts
...

Edited by akashhhhhh, 07 November 2005 - 11:07 PM.

  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Yep you did get pwned :tazz: We'll fix you up though.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please run Notepad and copy the following text into a new file:

@ECHO OFF
cd %windir%
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Post the log from the scan here for me.

Then please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

-=jonnyrotten=- ;)
  • 0

#3
akashhhhhh

akashhhhhh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
...

Edited by akashhhhhh, 09 March 2006 - 04:11 AM.

  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Open up Hijack This and place a check in the box next to this entry:

O4 - HKLM\..\Run: [qmodozk] c:\windows\system32\mmdikg.exe

Now click the "Fix Checked" button.

Did you run the .bat file I showed you how to make in my earlier post? More importantly did you run it in "Safe Mode"? That file is what removes this entry:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Now we can try to remove it with hijack this all day long, but it will not work. Try copying the text again from the quote box in my earlier post and creating the remove.bat file again. Then reboot into Safe Mode and double click it. When finished reboot normally and post a new Hijack This log. You may want to just go through with all of the previous instructions again in the same order, but this time remove the 04 entry mentioned above with Hijack This first. Let me know how this goes :tazz:

-=jonnyrotten=- ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP