Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

smitRem - runthis.bat


  • This topic is locked This topic is locked

#16
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Taylor

Originally, this post mentioned a Wininet.dll problem, and i feel that locating the programme protecting your registry has moved us away from the real issue, so I'd like to tackle that next and see what the outcome is.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please open the trial version of Ewido Security Suite, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop and post in to me in your reply.
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.
  • 0

Advertisements


#17
phoam

phoam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
It's great to see you're sticking with me to get this solved. Thank you.

I'm set to begin the process except for the Panda Scan. I fail to see anywhere on their site to download Panda ActiveScan. The online scan will not operate due to needing "Internet Explorer 5.0 or higher". I'm currently using Mozilla. All other areas are set to go.

One note I should make, before your initial reply I searched the web for solutions. One suggested downloading a clean copy of wininet.dll, changing the name of the original/infected copy, deleting it, and placing the new/clean wininet.dll in the WINNT folder. So that has been done.
  • 0

#18
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Taylor

I have seen no evidence of any problem associated with Wininet.dll. I am assuming that your problems are due to malware, but your HJT log is clean.

My understanding of your problems is that your wallpaper is not functioning correctly and that your MSIE is stuck in some state of upgrade and not responding.

How am I doing?

We could look towards Reg hacks for wallpaper and a complete renewal of MSIE if you still want it (I never launch it although a programme uses it due to it being embedded).

I have been visiting on-line scanning sites for FF use. Please use this one in replacement of Pandascan.

Trend Micro

Let's just see what that reveals.
  • 0

#19
phoam

phoam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Just wanted to post an update that I'm still working with the issues. I will post results when I have performed all steps.
  • 0

#20
phoam

phoam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Desktop Repair: Unchecking the Securities box fixed the wallpaper.

Internet Explorer Null: I can't solve this issue. It will not let me repair it through the normal windows updates, so I'm stuck on this one.

On start up, my Program Files folder appears on the screen. I'm unable to detect what is making it pop up. Ad-Aware SE continues to show MRU lists on each scan.
  • 0

#21
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Taylor

Just a quick suggestion. If Windows boots abnormally (On start up, my Program Files folder appears on the screen), then that instruction must be coming from somewhere and the Winini is favourite.

First suggestion, on booting keep trapping F8 and select "Enable Boot Logging". You should then be able to see the instruction on screen for your program folder to appear, which might be a clue to the cause.

Second suggestion, try System File Check go to Run > type "sfc /scannow" ( without the quotes and note the space after sfc ) have your windows instalation disk available in case sfc needs to replace any damaged files.

This may not be a malware problem.

Hope this helps




"Edit,
As there has been no reply from the original poster this topic is now closed,
Should you have any further problems please create a new Topic,

Thanks "

Edited by Crustyoldbloke, 04 August 2005 - 02:40 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP