Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spy sheriff deleted wininet.dll [CLOSED]


  • This topic is locked This topic is locked

#16
el bastardos

el bastardos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
done.
  • 0

Advertisements


#17
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Now to see if that copy is infected. For that reason, I need you to submit it to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

F:\Windows\System32\wininet.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Regards,

Trevuren

  • 0

#18
el bastardos

el bastardos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
done. explorer still not working
  • 0

#19
el bastardos

el bastardos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thanks for your help i really apreciate it.
  • 0

#20
el bastardos

el bastardos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Service load:
0% 100%
File: wininet.dll
Status:
OK
MD5 642cfef8525339fb83f2a1909898eaab
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing
  • 0

#21
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Did you remember to REBOOT your system before trying Internet Explorer?
2. What browser are you currently using?


Trevuren
  • 0

#22
el bastardos

el bastardos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
yes i did reboot it. i ama currently using mozilla fire fox.
  • 0

#23
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Here is a very comprehensive article on how to repair IE by Microsoft

I hope it helps.

Trevuren
  • 0

#24
el bastardos

el bastardos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i have followed the instructions but it states that internet explorer has been detected so it can't continue
  • 0

#25
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Well when we are finished cleaning your system, I recommend you consult with our Windows software Forum to resolve this issue. My specialty is Malware.

I will be back with directions for cleaning your system shortly.

Trevuren
  • 0

Advertisements


#26
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:

O4 - HKLM\..\Run: [PSGuard spyware remover] F:\Program Files\PSGuard\PSGuard.exe
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe


Using Windows Explorer, please locate and DELETE the following files/folders (with all their content), if they are still present:

F:\Program Files\PSGuard


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Let me know if any problems persist.

Regards,

Trevuren

  • 0

#27
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP