Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BLANK WHITE SCREEN PLEASE HELP!

Started by viper72 , Jul 25 2005 05:40 AM

  • Please log in to reply

#1
viper72
Posted 25 July 2005 - 05:40 AM

viper72

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I had these funny message popup and i installed "shootthemessenger" program which stopped the messages coming up, and know i cannot reply to any emails or compose an email. When u go reply, all you get is a BLANK WHITE SCREEN and at the bottom status bar says done.
I have even unstalled the 'shootthemessenger' and the popup are gone but still getting blank white screen. so not sure if 'shootthemessenger' had any implication on this problem or there is some other gremilns hiding in my pc.
I have ran 'cleanup40', 'CWShredder', 'Adware'. Cannot ran norton as the Internet explorer is only version 5, and norton requires IE6.

it has been couple of weeks now and i can not reply to my business emails so need help desperately. Thanking you

this is my hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 4:40:06 PM, on 7/23/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\enbiei.exe
C:\WINNT\loadqm.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Cookie Muncher\cookiem.exe
C:\Program Files\ZoneAlarm\zonealarm.exe
C:\Documents and Settings\Mike Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clear.net.nz/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Cookie Muncher.lnk = C:\Program Files\Cookie Muncher\cookiem.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
  • 0

Advertisements

#2
rambro
Posted 06 August 2005 - 01:11 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear viper72, :tazz:

Welcome to the Geeks to Go forums.

We are currently studying your log. ;)
  • 0

#3
rambro
Posted 06 August 2005 - 01:23 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear viper72, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Your computer is infected with the W32.Blaster.F.Worm virus.

W32.Blaster.F.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP computers. While Windows NT and Windows 2003 Servers are vulnerable to this exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the Enbiei.exe file into the %Windir%\System32 folder, and then execute it.

W32.Blaster.F.Worm does not have a mass-mailing functionality.


Please download and run the Symantec removal tool for the W32.Blaster.F.Worm virus at the following link: http://securityrespo...ter.f.worm.html.

Please restart your computer.
******************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Then please run the Panda scan here: http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows 2000

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide file extensions for known file types.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Delete the following file/files marked in blue (if they exist):

C:\WINNT\System32\enbiei.exe

Finally, go to the Start Menu, click "Run", and in the window type cleanmgr. This will run the System Cleanup program. Make sure the box next to "Temporary files" is checked, and then click "OK".

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. ;)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP