Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora AND SpySheriff-HELP I BEG YOU

Started by reidms , Jun 17 2005 08:57 PM

  • This topic is locked This topic is locked

#16
Trevuren
Posted 19 June 2005 - 07:47 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
It is running because I can see it among your running processes in your log. It may be constructed to be able to hide from the program. We will now do a general cleanup and see what's left over.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Now let's do some work on your log:

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Close all browser windows and RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [nitqvv] c:\winnt\system32\lcdroez.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} -
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe


Now with all the items selected, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.


Using Windows Explorer, locate the following files, and DELETE them (if they are present):

c:\winnt\system32\lcdroez.exe
C:\WINNT\system32\net.exe
C:\WINNT\system32\net1.exe
C:\WINNT\Nail.exe
C:\WINNT\systb.dll
C:\WINNT\wupdt.exe
C:\WINNT\svcproc.exe

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.

Regards,

Trevuren
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP