Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

T-Spy.html.Smitfraud progress [RESOLVED]


  • This topic is locked This topic is locked

#31
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Good news, I finally completed a reinstall of IE6 and it works fine now. Should I attempt an active scan now?
  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Oh I am so glad to hear that!

Yes, please run ActiveScan now :tazz:
  • 0

#33
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Great! Yes that make two of us...I'll save the log and post it. I was wondering...what do you suggest in place of History kill and the pop up blocker? Also, what do you think will work best to clean up .dll and .vxd errors?

Also, I have a different system that's down right now; It's a P4, 925XE, 1GB DDR2 running XP SVC Pack2. I never put it online because it's for digital recording and I never wanted to have any problems like the one I HAD (Thanks 2U) with this one. Well...I went online to check an email really quickly and got right off. When I started back up, I got the "NTLDR is missing" during the boot and the hard reset command. What do you think?

Edited by peacemaker05, 08 June 2005 - 11:23 PM.

  • 0

#34
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I will post my recommendations for keeping your system clean once we're done cleaning it. A really good free pop-up blocker (I use it on my ME machine) is the Google toolbar. It's awesome :tazz:

What kind of vxd and dll errors are you receiving?

Edited by bananafanafo, 08 June 2005 - 11:20 PM.

  • 0

#35
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I get a vxd error after startup...it may be connected to an infected program component that I had to remove from the system. I'll reboot and make a note and repost that error along with the active scan log.

The other errors were connected to the setup.exe for IE6, now that it's installed I don't think it to be an issue any longer. It was the Run Time error I mentioned in post #12. Be back with the active scan results. You're an angel, thanks again!!!

Edited by peacemaker05, 08 June 2005 - 11:55 PM.

  • 0

#36
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yes, please, I definitely want to see that error message...what program component did you remove?
  • 0

#37
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay...the scan found five issues that could not be removed, the log is bellow. The VXD error message we spoke about earlier is HLDDRV.VXD (Not sure which component I uninstalled would give me this error, but I only removed old applications that I wasn't using, nothing major at all.)

On startup after the main boot sequence just before Windows opens up I get the following DOS error message: Cannot find the device file that may be needed to run Windows or a Windows application. SYSTEM.INI reffers to this device file but the device no longer exists HLDDRV.VXD

Here's the Active Scan result log...

Incident Status Location

Adware:Adware/Adsmart No disinfected C:\WINDOWS\sys???.exe
Adware:Adware/IGuard No disinfected Windows Registry
Virus:Application/Eblaster No disinfected Windows Registry
Adware:Adware/BlueScreenWarningNo disinfected Windows Registry
Virus:Application/Eblaster No disinfected C:\WINDOWS\SYSTEM\wmsemod.dll
Adware:Adware/Adsmart No disinfected C:\WINDOWS\SYSMON.EXE

Edited by peacemaker05, 09 June 2005 - 01:54 AM.

  • 0

#38
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First, please go to Start > Run and type

msconfig

Click on the System.ini tab

Click the plus signs and see if you can find that HLDDRV.VXD in there, let me know what it's under, but don't do anything with it.

I need you to delete these files:

C:\WINDOWS\SYSTEM\wmsemod.dll
C:\WINDOWS\SYSMON.EXE

Look and see if you can find this one, if there isn't one with actual ??? in it, give me the of any files that start with sys followed by 3 letters.exe

C:\WINDOWS\sys???.exe

Edited by bananafanafo, 09 June 2005 - 02:05 AM.

  • 0

#39
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay,

I clicked on the System.ini tab and searched all the processes by clicking on the expander icons (the +'s) but I did not find that DLDDRV.DXV device component.

I found and "deleted" sent to the (recycle bin) the following malicious entries:

1) SYSMON.EXE
2) wmsemod.dll


Now, on the sys???.exe issue...the only two files I saw with a suffix following sys-but preceeding .exe were found in the WINDOWS\SYSTEM folder and they are

1) Sysedit.exe
2) Systray.exe

I did not see anything remotely close in the WINDOWS folder, and did nothing to these devices.

Edited by peacemaker05, 09 June 2005 - 02:38 AM.

  • 0

#40
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Then I don't know why ActiveScan "found" that file if it isn't there lol That's fine!

The HLDDRV.VXD has to be in system.ini because system.ini is trying to load it...
  • 0

Advertisements


#41
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to go to Start > Run type:

system.ini

Click OK

Copy and paste what's in the notepad here (I think this will work on a 98...)
  • 0

#42
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay...

[boot]
oemfonts.fon=vgaoem.fon
shell=Explorer.exe
system.drv=system.drv
drivers=mmsystem.dll power.drv
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=mouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv

[keyboard]
keyboard.dll=
oemansi.bin=
subtype=
type=4
  • 0

#43
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
hmm I don't know why it says boot...

Go to Start > Run type

regedit

click to highlight "My Computer" on the left-side. Go up to "Edit > Find" and put this in there:

HLDDRV.VXD

Let me know the location where it's found.

Edited by bananafanafo, 09 June 2005 - 03:03 AM.

  • 0

#44
peacemaker05

peacemaker05

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay...

[windows]
load=
run=
NullPort=None
device=hp officejet v series,hpodj907,DOT4_001

[Desktop]
Wallpaper=C:\WP.BMP
TileWallpaper=0
WallpaperStyle=0
Pattern=(None)

[intl]
iCountry=1
ICurrDigits=2
iCurrency=0
iDate=0
iDigits=2
iLZero=1
iMeasure=1
iNegCurr=0
iTime=0
iTLZero=0
  • 0

#45
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start > Run type

regedit

click to highlight "My Computer" on the left-side. Go up to "Edit > Find" and put this in there:

HLDDRV.VXD

Let me know the location where it's found.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP