[freebird53]

All of those programs did show up in HiJack This and i followed your instructions on the uninstall and delete. All except the hibcdfu file. Now, I am working on my computer and transferring all of this over to the other one. Will it be ok for me to just c&p what you just sent to a disc and transfer it over to the other computer?

[Advertisements]

Can I do this without going into safe mode?...I've had to do everything else that way.

[freebird53]

Can I do this without going into safe mode?...I've had to do everything else that way.

[g2i2r4]

That will do just fine.

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINNT\System32\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here.

***

Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.

Edited by g2i2r4, 26 June 2005 - 03:30 PM.

[freebird53]

Ok, but I want to tell you something that happened during all of the things that went on yesterday. I have never used Windows 2000 so I'm not sure what is normal in that OS. When I couldn't log on as Administrator on Friday night (it kept telling me my password was incorrect and I know it wasnt), I left it and when I came back and finally got Windows to come back up, I have a window now that pops up asking me to press CTRL ALT DEL before I can put the password to log on. That was not happening before. Is this something in Windows 2000?

[g2i2r4]

I don't know to be honest.
I take it it's not your computer then? Does the owner recognise this behaviour?

[freebird53]

Ok, I'm confused...go to that site on the computer I'm trying to fix?

[g2i2r4]

Yep

[freebird53]

No, it's a friends and they didn't have a virus scanner or firewall on it and let their son download all of these files from Kazaa on his business computer.....so I was trying to help them out.....sheeshhhhhhh....won't do that again

[g2i2r4]

[freebird53]

OK,...I'm going to do step 1 first....I'm a little leary of logging in here on that computer though because some of the viruses record keystrokes from what I've read

[freebird53]

will be back in a few when I'm done....thanks...will let ya know when I'm here

[freebird53]

Ok, here are the results from the scan. That file I found was not wininet.dll Everything was in caps like WININET.DLL and the scan was almost 100% when it stalled. this is what the page said.

Last file scanned at least one scanner reported something about: Backdoor.Win32.Codbot.ag in dhcpclient.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web BackDoor.IRC.Moto
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Codbot.ag
NOD32 X
Norman Virus Control X
VBA32 X




This is the report from the wininet.bat file:

Directory of C:\WINNT\$NtServicePackUninstall$

07/22/2002 03:05p 461,584 wininet.dll
1 File(s) 461,584 bytes

Directory of C:\WINNT\$NtUninstallSP2SRP1$

05/08/2001 08:00a 467,728 wininet.dll
1 File(s) 467,728 bytes

Directory of C:\WINNT\ServicePackFiles\i386

06/19/2003 03:05p 466,704 wininet.dll
1 File(s) 466,704 bytes

Directory of C:\WINNT\system32

08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes

Directory of C:\WINNT\system32\dllcache

08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes

[freebird53]

Hmmmm....now thats strange....when it was scanning I wrote down the viruses it said it had detected previously and they were these (not the ones I just posted)

These are what I wrote down :
Win32.Trojan.KillFiles.u in update.exe
Win32:Trojan-gen.{u}
Trojan.W32.Msbook
Win32.Trojan.KillFiles.u

[g2i2r4]

Well, that scan didn't work. These are result for a scan done on another file.

Try this one please.
http://www.virustota...h/index_en.html

[freebird53]

ok...i'll try but after a few minutes online everything seems to freeze