Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.w32.ep problem + IE not working [RESOLVED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please RIGHT-CLICK: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid
PSGuard
AdwareDelete


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\zloader3.exe
C:\Windows\System32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\wp.bmp
C:\Windows\System32\perfcii.ini
C:\Windows\System32\oleadm.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\WINDOWS\system32\oleadm32.dll


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\LogFiles
C:\Program Files\Security IGuard
C:\Program Files\PSGuard
C:\Program Files\AdwareDelete

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED:

O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
O4 - HKLM\..\Run: [Logitech] Logitech.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [WSAConfiguration] ntguard32.exe
O4 - HKLM\..\RunServices: [win32] winhost.exe
O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
O4 - HKLM\..\RunServices: [Logitech] Logitech.exe
O4 - HKLM\..\RunServices: [WSAConfiguration] ntguard32.exe
O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE


Close HiJackThis.

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

C:\Program Files\MyWay <----- Full Folder

C:\WINDOWS\System32\phqghum.EXE
C:\WINDOWS\System32\combo.exe
C:\WINDOWS\System32\combop.exe
Logitech.exe
ntguard32.exe
winhost.exe
Locate these files without full path using the Windows Search Function


Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

Advertisements


#17
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
sorry for the hassle and thank again for your help

just to update, the problem started with the desktop wallpaper and the bloodhound, but now I have other issues that have appeared in the meantime, including:

- the start bar has virtually disappeared and is now completely white with no buttons on it (im restarting my computer by turning the power button off, i dunno if that's good or not)

- When the computer starts, sometimes it's very slow and doesn't work, so i have to restart it again several times until it works

- i have several popups (both internet popups and messages) that appear every once in a while

- my IE browser is very weird, with some buttons invisible

- etc.

Thanks again
  • 0

#18
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I get the same error message when double clicking smitfraud.reg
There is some kind of malware preventing me to run some programs.

Edited by Souss, 27 June 2005 - 05:13 PM.

  • 0

#19
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi souss,

Lets get to the basics.

Please boot in Safe Mode (without network connectivity).

Delete the files -

C:\WINDOWS\System32\phqghum.EXE
C:\WINDOWS\System32\combo.exe
C:\WINDOWS\System32\combop.exe
Logitech.exe
ntguard32.exe
winhost.exe

(locate the last three files using Windows Search funtion)

Reboot the PC.

See if the files you tried to delete have gone and tell me how it goes.
  • 0

#20
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
these files don't exist in my computer
they were probably deleted when I ran an online scan.
  • 0

#21
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of fltmgr.dll.
5. Select every instance of fltmgr.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.
  • 0

#22
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
there are no fltmgr.dll in the list

I have 4 files:

mswsock.dll
winrnr.dll
nwprovau.dll
rsvpsp.dll
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi souss,

looks like things are improving because of that online scan you did !!!

Can you post the scan report?? I would like to go through it and fix the mor severe of the items therein
  • 0

#24
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
let me clarify: I opened this thread before running any online scan. Over the past 5 days I have run several ones, including housecall and panda. I don't have the results, but I can run one again. Do you want me to run a scan again? and if yes which one?

Thanks
  • 0

#25
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hey souss,

Sure run an online scan !!! Makes my life easier :tazz:

Run a scan with Panda. Make sure to check the following box - Disinfect automatically.

Post back the scan report
  • 0

Advertisements


#26
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Tampabelle,

I was unable to open the scan report, so I attached it. Please let me know if there's any problem
Thanks

Attached Files


  • 0

#27
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Lets try this now. If you have any problems at any stage, make a note of it and let me know about it after completing the entire fix.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Open Ad-aware and do a full scan. Remove all it finds.
Now open Ewido Security Suite
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save Report
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot the PC into normal mode

Run Hijack This and post the fresh log here.
  • 0

#28
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I'm unable to extract smitrem or install the other programs, I still get the same error messages as before.
  • 0

#29
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,

Lets do this -

Put the Windows XP disk in your CD Drive.

go to the Run box on the Start Menu and type in: sfc /scannow and hit enter

This command will immediately initiate the Windows File Protection service to scan all protected files and make sure of their correctness, replacing any files that it finds with a problem.

A bos should appear to give an indication of how long the process is taking.

Let me know how it goes
  • 0

#30
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I dont have a start menu anymore it disappeared a while ago. How else can I go to "run"?

Edited by Souss, 28 June 2005 - 09:18 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP