Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

W32.Desktophijack, Trojan.Desktophijack.B [RESOLVED]


  • This topic is locked This topic is locked

#31
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
What OS does that other system have? and does it have SP1 if its XP?

Do you have access to a Windows XP Home (if thats what your computer is) SP1 computer?

your missing a very vital part of your OS. DO not reboot or you will lose explorer, I can empahise that enough.



Excal
  • 0

Advertisements


#32
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The other computer is Windows 98. So i dont have access to Windows XP Home.

Rich
  • 0

#33
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Yikes! Let me see if I can track on down for u.


Excal
  • 0

#34
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Rich,


There is 3 things we can do right now. I will give u the options.

1) Reboot - Windows is suppose to replace the file, my concern is you don't have one on your computer, so I don't know how this can work.

2) Try and install SP2, and see if it will put one in there. There is not certainty that this will work either.

3) http://www.dll-files...s.shtml?wininet go to this site, download a copy and put it in your system32 folder. then reboot. The only problem with this is I am unsure of what file size you had b4, so again, there is no certainty in this.

What do you think.

:tazz:

Excal
  • 0

#35
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Before we go any further, may I just ask a few questions?

I may sound very stupid here, but was is a SP1 and SP2?

With option 3, if i was to download a copy of the file, could I download it on another computer and load it onto the infected one by cd?

Incase it comes to it, what would happen if the whole computer was wiped if I rebooted the computer? Could I still use the computer by installing everything again? And would the virus go if that happened?

Thanks, Rich
  • 0

#36
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

I may sound very stupid here, but was is a SP1 and SP2?



Not a stupid question at all ;) SP1(service pack 1) and SP2(service pack 2) are updates to windows XP. You can tell what version you have by right clicking on my computer and going to properties.

With option 3, if i was to download a copy of the file, could I download it on another computer and load it onto the infected one by cd?


The prefered method would be getting a copy of Wininet.dll from another Windows XP SP1 computer.

Incase it comes to it, what would happen if the whole computer was wiped if I rebooted the computer? Could I still use the computer by installing everything again? And would the virus go if that happened?


Your computer wouldn't be wiped, what will happend is you will basically lose your desktop and mose likely connection. YOu won't have a start bar, your would have to do everything by using task manager by pressing ctr/alt/del.


Hope that helps you.

:tazz:

Excal
  • 0

#37
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Your computer wouldn't be wiped, what will happend is you will basically lose your desktop and mose likely connection. YOu won't have a start bar, your would have to do everything by using task manager by pressing ctr/alt/del.


If the above happened, how would I go about fixing it? Would it just be a case of re-installing everything again?

Cheers, rich
  • 0

#38
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
It all comes down to you needing a copy of Wininet.dll. Do you have your XP instlalation disK?

If you do you could try a sfc scan


Excal
  • 0

#39
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry about my lack off computer knowledge, but whats a sfc scan?

Cheers, rich
  • 0

#40
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
This is the directions for a SFC scan, but I am sure it will ask you for the installation disk during the scan.

The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

  • 0

Advertisements


#41
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I dont have an installation disk as my computer came pre installed with Windows XP. I am currently trying to get a copy of WININET.dll from another computer to put on to m infected computer. I will get back to you and tell you what is happening.

Cheers, Rich
  • 0

#42
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok rich, let me know.


Thanks,

:tazz:

Excal
  • 0

#43
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, ive got a copy of the file from a friend who has the same operating system and now the pc is working much better. I can get on the internet again so am posting from my computer, and everything seems to be working ok.

Cheers, rich
  • 0

#44
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Very nice!!

Let me see a fresh HiJackthis log to verify everything is allright.


Thanks,

Excal
  • 0

#45
Richie_CUFC31

Richie_CUFC31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi again, I will post a fresh HiJack This log below:


Logfile of HijackThis v1.99.1
Scan saved at 00:12:17, on 09/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4D6144A-16AD-4942-AE4E-0E5CE626526F}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Cheers, Rich
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP