Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

loadingwebsite.com, adopt.hotbar.com, pacimedia... [RESOLVED]


  • This topic is locked This topic is locked

#16
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The .cab file is 56 MB. I don't know if I can email something that large. It was attaching to the email and it was taking so long I thought it had frozen. I can try to leave it running, but I don't know how long it will take. What do you think? Any other way to get you guys that info? Is it supposed to be that big? Thanks, UKBiker!

Amy
  • 0

Advertisements


#17
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there amy, you could try zipping the cab file up, then sending it

UKBiker
  • 0

#18
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's the FindIt log:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is LOCAL DISK
Volume Serial Number is 07D0-0A0D
Directory of C:\WINDOWS\SYSTEM

MUNSSPC DLL 227,104 07-11-05 7:11p MUNSSPC.DLL
JDMD400 DLL 227,104 07-11-05 7:11p JDMD400.DLL
PFSPL DLL 227,104 07-11-05 7:11p PFSPL.DLL
MVXML4R DLL 227,104 07-11-05 7:11p mvxml4r.dll
QPV DLL 227,104 07-11-05 7:11p QPV.DLL
DBDIM700 DLL 227,104 07-11-05 7:11p DBDIM700.DLL
DALAY DLL 227,104 07-11-05 7:11p DALAY.DLL
SRRMDLL DLL 227,104 07-11-05 7:11p srrmdll.dll
MRXML3A DLL 227,104 07-11-05 7:11p MRXML3A.DLL
TVD32 DLL 227,104 07-11-05 7:11p TVD32.DLL
UJER EXE 227,104 07-11-05 7:11p UJER.EXE
JJSD400 DLL 227,104 07-11-05 7:11p JJSD400.DLL
DSNPUT8 DLL 227,104 07-11-05 7:11p DSNPUT8.DLL
PKCRT DLL 227,104 07-11-05 7:11p pkcrt.dll
DMNPUT8 DLL 227,104 07-11-05 7:11p DMNPUT8.DLL
ETBTEG DLL 227,104 07-11-05 7:11p ETBTEG.DLL
MKLTUS40 DLL 227,104 07-11-05 7:11p MKLTUS40.DLL
IAMFIL~1 DLL 227,104 07-11-05 7:11p iamfilter.dll
QCDIT DLL 227,104 07-11-05 7:11p QCDIT.DLL
SNCVRT32 DLL 227,104 07-11-05 7:11p Sncvrt32.dll
BWOWSELC DLL 227,104 07-11-05 7:11p BWOWSELC.DLL
SYNS DLL 227,104 07-11-05 7:11p SYNS.DLL
QDDIT DLL 227,104 07-11-05 7:11p QDDIT.DLL
SBNS DLL 227,104 07-11-05 7:11p SBNS.DLL
MLXML4R DLL 227,104 07-11-05 7:11p mlxml4r.dll
CKGWIZ DLL 227,104 07-11-05 7:11p CKGWIZ.DLL
LDRASP DLL 227,104 07-11-05 7:11p LDRASP.DLL
APLNDI DLL 227,104 07-11-05 7:11p aplndi.dll
OAFIL400 DLL 227,104 06-24-05 7:56p OAFIL400.DLL
WSASF DLL 227,104 06-24-05 7:56p WSASF.DLL
QJDIT DLL 227,104 06-24-05 7:56p QJDIT.DLL
OYBC32 DLL 227,104 06-24-05 7:56p OYBC32.DLL
VYB32 DLL 227,104 06-24-05 7:56p VYB32.DLL
LNRT DLL 227,104 06-24-05 7:56p LNRT.DLL
MISIP32 DLL 227,104 06-24-05 7:56p MISIP32.DLL
OSBCINT DLL 227,104 06-24-05 7:56p OSBCINT.DLL
DJNPUT8 DLL 227,104 06-24-05 7:56p DJNPUT8.DLL
JDEG1X32 DLL 227,104 06-24-05 7:56p JDEG1X32.DLL
HDINK DLL 227,104 06-24-05 7:56p HDINK.DLL
IHWPHBK DLL 227,104 06-24-05 7:56p IHWPHBK.DLL
MACRLREV DLL 227,104 06-24-05 7:56p macrlrev.dll
XLEVZH DLL 475 06-19-05 6:40p xlevzh.dll
SEELL DLL 226,080 06-16-05 9:16p SEELL.DLL
MUIDENT DLL 226,080 06-16-05 9:16p muident.dll
MZWSOSP DLL 226,080 06-16-05 9:16p MZWSOSP.DLL
MIIMSG DLL 226,080 06-16-05 9:16p miimsg.dll
OYTWA400 DLL 226,080 06-16-05 9:16p OYTWA400.DLL
USS16 DLL 226,080 06-16-05 9:16p USS16.DLL
ERENU DLL 226,592 05-14-05 11:04a erenu.dll
DRNPUT8 DLL 226,592 05-14-05 11:04a DRNPUT8.DLL
UIDMXFRM DLL 226,592 05-14-05 11:04a UIDMXFRM.DLL
ICIGN32 DLL 226,592 05-14-05 11:04a ICIGN32.DLL
DRDMOPRP DLL 226,592 05-14-05 11:04a DRDMOPRP.DLL
DXDMO DLL 226,592 05-14-05 11:04a DXDMO.DLL
QLDWIPES DLL 226,592 05-14-05 11:04a QLDWIPES.DLL
MOAWT DLL 226,592 05-14-05 11:04a MOAWT.DLL
PNSPL DLL 226,592 05-14-05 11:04a PNSPL.DLL
MLIDNTLD DLL 226,592 05-14-05 11:04a mlidntld.dll
VABLOCK DLL 226,592 05-14-05 11:04a vablock.dll
TLAPI DLL 226,592 05-14-05 11:04a TLAPI.DLL
MLISAM11 DLL 226,592 05-14-05 11:04a MLISAM11.DLL
RZASETUP DLL 226,592 05-14-05 11:04a RZASETUP.DLL
MMAFD DLL 226,592 05-14-05 11:04a MMAFD.DLL
WXHEXT DLL 226,592 05-14-05 11:04a wxhext.dll
RP3228_8 DLL 226,592 05-14-05 11:04a RP3228_8.DLL
WD32DLL DLL 226,592 05-14-05 11:04a WD32DLL.DLL
MIACM DLL 226,592 05-14-05 11:04a MIACM.DLL
OQESVR32 DLL 226,592 05-14-05 11:04a OQESVR32.DLL
AEI_VPAA DLL 226,592 05-14-05 11:04a AEI_VPAA.DLL
LGPCX11N DLL 226,592 05-14-05 11:04a lgpcx11n.dll
EZSHARED DLL 226,592 05-14-05 11:04a EZSHARED.DLL
DLSPDIB DLL 226,592 05-14-05 11:04a DLSPDIB.DLL
DWRAWEX DLL 227,104 04-03-05 1:37p DWRAWEX.DLL
DDDRM DLL 227,104 04-03-05 1:37p DDDRM.DLL
QKDWIPES DLL 227,104 04-03-05 1:37p QKDWIPES.DLL
DIDRM DLL 227,104 04-03-05 1:37p DIDRM.DLL
DDTRANS DLL 227,104 04-03-05 1:37p DDTRANS.DLL
DYDRM DLL 227,104 04-03-05 1:37p DYDRM.DLL
QGVD DLL 227,104 04-03-05 1:37p QGVD.DLL
DXDRAMP DLL 227,104 04-03-05 1:37p DXDRAMP.DLL
EMENU DLL 227,104 04-03-05 1:37p emenu.dll
WFNASPI DLL 227,104 04-03-05 1:37p WFNASPI.DLL
MWCAT32 DLL 227,104 04-03-05 1:37p MWCAT32.DLL
DDNPUT8 DLL 227,104 04-03-05 1:37p DDNPUT8.DLL
GGDEF DLL 227,104 04-03-05 1:37p GGDEF.DLL
CRMDLG32 DLL 227,104 04-03-05 1:37p CRMDLG32.DLL
GLDEF DLL 227,104 04-03-05 1:37p GLDEF.DLL
CQDIAL32 DLL 227,104 04-03-05 1:37p CQDIAL32.DLL
PNUSTAB DLL 227,104 04-03-05 1:37p PNUSTAB.DLL
LDPCD11N DLL 227,104 04-03-05 1:37p ldpcd11n.dll
DKDMOPRP DLL 227,104 04-03-05 1:37p DKDMOPRP.DLL
VPHELPER DLL 227,104 04-03-05 1:37p VPHELPER.DLL
LJDLL DLL 227,104 04-03-05 1:37p LJDLL.DLL
IFWDIAL DLL 227,104 04-03-05 1:37p IFWDIAL.DLL
DTDMOPRP DLL 227,104 04-03-05 1:37p DTDMOPRP.DLL
DNEML DLL 227,104 04-03-05 1:37p DNEML.DLL
OJGFS400 DLL 227,104 04-03-05 1:37p OJGFS400.DLL
IFMP DLL 227,104 04-03-05 1:37p IFMP.DLL
ULS16 DLL 227,104 04-03-05 1:37p ULS16.DLL
MTIDNTLD DLL 227,104 04-03-05 1:37p mtidntld.dll
IIETCLNT DLL 227,104 04-03-05 1:37p iietclnt.dll
LHDLL DLL 227,104 04-03-05 1:37p LHDLL.DLL
MYACM DLL 227,104 04-03-05 1:37p MYACM.DLL
DBLAY DLL 227,104 04-03-05 1:37p DBLAY.DLL
SKMSCRPT DLL 227,104 04-03-05 1:37p SKMSCRPT.DLL
NGNDS DLL 227,104 04-03-05 1:37p NGNDS.DLL
MKXOCI DLL 227,104 04-03-05 1:37p MKXOCI.DLL
ISDICDLL DLL 227,104 04-03-05 1:37p ISDICDLL.DLL
RSCLTCCM DLL 227,104 04-03-05 1:37p RSCLTCCM.DLL
UDBUI DLL 227,104 04-03-05 1:37p UDBUI.DLL
NBWMSDRM DLL 227,104 04-03-05 1:37p NBWMSDRM.DLL
ALRESX32 DLL 227,104 04-03-05 1:37p ALRESX32.DLL
PIBOLE32 DLL 227,104 04-03-05 1:37p Pibole32.dll
OZMREG DLL 227,104 04-03-05 1:37p OZMREG.DLL
IZSCLASS DLL 227,104 04-03-05 1:37p IZSCLASS.DLL
AVI2Q9AA DLL 227,104 04-03-05 1:37p AVI2Q9AA.DLL
MZXBDE40 DLL 227,104 04-03-05 1:37p MZXBDE40.DLL
CUDETRES DLL 227,104 04-03-05 1:37p CUDetres.dll
MNRD2X40 DLL 227,104 04-03-05 1:37p MNRD2X40.DLL
KWUSER DLL 227,104 04-03-05 1:37p KWUSER.DLL
IPWPHBK DLL 227,104 04-03-05 1:37p IPWPHBK.DLL
LIKODAK DLL 227,104 04-03-05 1:37p LIKODAK.DLL
DENMPNTW DLL 227,104 04-03-05 1:37p DENMPNTW.DLL
DJDRM DLL 227,104 04-03-05 1:37p DJDRM.DLL
PTPD DLL 227,104 04-03-05 1:37p PTPD.DLL
JRVACYPT DLL 227,104 04-03-05 1:37p JRVACYPT.DLL
QUGR DLL 227,104 04-03-05 1:37p QUGR.DLL
MUSIP32 DLL 227,104 04-03-05 1:37p MUSIP32.DLL
MHXBDE40 DLL 227,104 04-03-05 1:37p MHXBDE40.DLL
QRVD DLL 227,104 04-03-05 1:37p QRVD.DLL
BFOWSEWM DLL 227,104 04-03-05 1:37p BFOWSEWM.DLL
SRREAMCI DLL 227,104 04-03-05 1:37p SRREAMCI.DLL
DGLAY DLL 227,104 04-03-05 1:37p DGLAY.DLL
GYDEF DLL 227,104 04-03-05 1:37p GYDEF.DLL
WQCTHUNK DLL 227,104 04-03-05 1:37p WQCTHUNK.DLL
DYNPUT8 DLL 227,104 04-03-05 1:37p DYNPUT8.DLL
136 file(s) 30,641,083 bytes
0 dir(s) 8,462.73 MB free

------- Hidden Files in System Directory -------


Volume in drive C is LOCAL DISK
Volume Serial Number is 07D0-0A0D
Directory of C:\WINDOWS\SYSTEM

XLEVZH DLL 475 06-19-05 6:40p xlevzh.dll
6WW01 DLL 106 04-03-05 1:49p 6ww01.dll
CANONBJ GID 8,628 04-07-03 12:16a CANONBJ.GID
FOLDER HTT 23,155 10-13-00 4:56p folder.htt
DESKTOP INI 271 10-13-00 4:56p desktop.ini
5 file(s) 32,635 bytes
0 dir(s) 8,462.72 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1FA5050E-CCF6-A238-B9BE-E1D763BFCB88}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
munsspc.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
jdmd400.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
pfspl.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
mvxml4r.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
qpv.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
seell.dll Thu Jun 16 2005 9:16:10p ..S.R 226,080 220.78 K
oafil400.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
xlevzh.dll Sun Jun 19 2005 6:40:34p ..SH. 475 0.46 K
erenu.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
muident.dll Thu Jun 16 2005 9:16:10p ..S.R 226,080 220.78 K
wsasf.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
qjdit.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
oybc32.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
vyb32.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
lnrt.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
drnput8.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
uidmxfrm.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
icign32.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
drdmoprp.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
dxdmo.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
qldwipes.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
moawt.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
pnspl.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
mlidntld.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
vablock.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
tlapi.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
mlisam11.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
rzasetup.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
misip32.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
osbcint.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
djnput8.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
jdeg1x32.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
hdink.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
ihwphbk.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
mmafd.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
wxhext.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
rp3228_8.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
wd32dll.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
miacm.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
macrlrev.dll Fri Jun 24 2005 7:56:02p ..S.R 227,104 221.78 K
oqesvr32.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
aei_vpaa.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
lgpcx11n.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
ezshared.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
dlspdib.dll Sat May 14 2005 11:04:24a ..S.R 226,592 221.28 K
mzwsosp.dll Thu Jun 16 2005 9:16:10p ..S.R 226,080 220.78 K
miimsg.dll Thu Jun 16 2005 9:16:10p ..S.R 226,080 220.78 K
oytwa400.dll Thu Jun 16 2005 9:16:10p ..S.R 226,080 220.78 K
dbdim700.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
uss16.dll Thu Jun 16 2005 9:16:10p ..S.R 226,080 220.78 K
dalay.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
srrmdll.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
mrxml3a.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
tvd32.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
ujer.exe Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
jjsd400.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
dsnput8.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
pkcrt.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
dmnput8.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
etbteg.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
mkltus40.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
iamfil~1.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
qcdit.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
sncvrt32.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
bwowselc.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
syns.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
qddit.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
sbns.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
mlxml4r.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
ckgwiz.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
ldrasp.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K
aplndi.dll Mon Jul 11 2005 7:11:02p ..S.R 227,104 221.78 K

72 items found: 72 files, 0 directories.
Total of file sizes: 16,106,427 bytes 15.36 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.751: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.751: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
  • 0

#19
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Hi aep22 :tazz:

I apologize to ukbiker for stepping into this thread (I would not normally do this), but I am trying to figure out what is going wrong with that tool (I wrote it). The files look exactly like they should, and yet it is not finding them.

I don't need to see all of those files; a representative sample is fine. They should all be the same anyway. That way the cab file won't be 56 MB. Try running the Suspicious File Packer again and packing these files only:

C:\WINDOWS\SYSTEM\MUNSSPC.DLL
C:\WINDOWS\SYSTEM\JDMD400.DLL
C:\WINDOWS\SYSTEM\PFSPL.DLL
C:\WINDOWS\SYSTEM\mvxml4r.dll
C:\WINDOWS\SYSTEM\miimsg.dll
C:\WINDOWS\SYSTEM\erenu.dll
C:\WINDOWS\SYSTEM\xlevzh.dll
C:\WINDOWS\SYSTEM\UIDMXFRM.DLL
C:\WINDOWS\SYSTEM\DYNPUT8.DLL


Then can you send that to Swandog46[At]go[Dot]com?

Thank you so much. By doing this we will hopefully be able to help many people with the knowledge gained. ;)

In addition, under the l2m9xfix\backups folder, there should be a file called clsid.txt, about 350 KB large. Can you email me that file as well?

I'll take a look at these as soon as I get them and we'll see what we can do for you. Thanks :)
  • 0

#20
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Thank you; I got those files. I will look at them and try to figure out why the batch isn't working, and get back to you ASAP. :tazz:
  • 0

#21
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Actually, it seems the CAB file was removed from your email, because your email service provider does not permit you to send files with the extension .CAB.... do you have another email account you can send it from?

Edited by Swandog46, 06 August 2005 - 07:22 AM.

  • 0

#22
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok, I tried 2 more accounts and zipped the file as well -- maybe it will come through as a .zip file better than a .cab file! :tazz:
  • 0

#23
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Thank you! :tazz: I will check again for them.
  • 0

#24
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
I still don't have them :tazz:

I didn't even get the email this time. I cleaned out my inbox in case it was an overflow problem. Terribly sorry --- would you mind sending it once more? ;)

Thanks :)
  • 0

#25
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok, I just resent -- the .cab files just aren't sending on any of my accounts. The zip file looks like it might work. Sorry! :tazz:

I'm at work today -- have access to my email but not my home computer. So if you have other people to help, please go ahead. I'm not going to be able to do much from here! I'll be able to run/post anything else you need this evening.

;)
  • 0

Advertisements


#26
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Well, I really DID get the files this time --- thank you! :tazz:

I have to look them over and see what's going on, so I doubt I'll be back too much before you will. I'll see what I can learn by tonight. See you then! ;)
  • 0

#27
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
This is getting a little ridiculous :tazz:

The zip archive seems to be empty. You had tried to zip the CAB file? Is that what you were trying to do?

Let's see if there's a better way to do this. Could you pack the files in the CAB archive again, and then register at the CastleCops forums here:

http://castlecops.com/forums.html

Then, please start a New Topic in the "Unknown Files" forum there:

http://castlecops.co...nown_Files.html

and upload the CAB file. In that forum, anyone can upload but only Staff can download, so the forum is designed to be used to harvest samples of malicious files. It shouldn't stop you from freely uploading the cab file.

I am very sorry for all this trouble... ;)


Edit: in the title of your Topic at CastleCops, can you put: "for Swandog46" or something, so I know where to look? Thanks :)

Edited by Swandog46, 06 August 2005 - 02:41 PM.

  • 0

#28
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
:tazz:

No, *I* am sorry. I may not know how to get rid of this spyware, but I DO know how to upload and zip files! I don't know what's going on with this!

I'll upload to that site this evening and drop you a line when it's done. If THAT doesn't work, I guess I am just bringing my computer to you! ;)

Thanks again!
  • 0

#29
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok, I've posted to Castlecops... I posted twice -- once with the .cab file and once with another .zip file (I didn't see .cab on the list of accepted files, so I did the .zip as well).


Another fun pop-up I'm getting now is searc-h.com... just FYI...

Thanks!
  • 0

#30
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Thank you for bearing with us on this, Swandog actually wrote the programme we use to get rid of this infection and as this is the first time it has failed, we would really like to know why. If you are agreeable, I will just take a back seat here for the moment?

UKBiker
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP