Edited by akashhhhhh, 07 November 2005 - 11:07 PM.
Geez, I got pwned.
#1
Posted 30 May 2005 - 01:09 PM
#2
Posted 30 May 2005 - 02:33 PM
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Please run Notepad and copy the following text into a new file:
Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".@ECHO OFF
cd %windir%
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
exit
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.
Then please run Ewido, and run a full scan. Post the log from the scan here for me.
Then please run HijackThis, click Scan, and check:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
Close all open windows except for HijackThis and click Fix Checked.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
-=jonnyrotten=-
#3
Posted 31 May 2005 - 03:13 PM
Edited by akashhhhhh, 09 March 2006 - 04:11 AM.
#4
Posted 31 May 2005 - 04:36 PM
O4 - HKLM\..\Run: [qmodozk] c:\windows\system32\mmdikg.exe
Now click the "Fix Checked" button.
Did you run the .bat file I showed you how to make in my earlier post? More importantly did you run it in "Safe Mode"? That file is what removes this entry:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
Now we can try to remove it with hijack this all day long, but it will not work. Try copying the text again from the quote box in my earlier post and creating the remove.bat file again. Then reboot into Safe Mode and double click it. When finished reboot normally and post a new Hijack This log. You may want to just go through with all of the previous instructions again in the same order, but this time remove the 04 entry mentioned above with Hijack This first. Let me know how this goes
-=jonnyrotten=-
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users