Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.desktophijack virus (wininet.dll)


  • Please log in to reply

#1
ryomatic

ryomatic

    New Member

  • Member
  • Pip
  • 5 posts
Hi everyone. I'm having all sorts of trouble ridding my system running Windows 98SE of the w32.desktophijack virus. McAfee's site said that Norton could clean the wininet.dll... it cannot. I've run through all the steps suggested on this site. I've ran adawareSE, TrojanHunter, SpyBotS&D, the online virusscan, Norton Antivirus, the WCD Shredder, and on and on. Also I have followed the directions posted by greyknight to try to rid my system of this virus (using SmiteREM)... but it has not worked.

A few things to note are that panda scan can identify some things that most cannot...but it has no option to remove them or fix them. Also, I've noticed that my norton real time scan always detects the wininet.dll infection whenever I run adaware... maybe something is going on here? Anyways... I will post my HJT log and see what you guys can come up with... I'm seriously thinking of throwing up the white flag and reformatting!

Thanks for any help.

-Ryan
  • 0

Advertisements


#2
ryomatic

ryomatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:13:50 PM, on 8/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
D:\PROGRAM FILES\MCAFEE FIREWALL\CPD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\MCAFEE FIREWALL\CPD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\ICQ\ICQ.EXE
C:\WINDOWS\SYSTEM\INTELL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Window Shades - {B5B57F4F-EFA5-11D4-A971-444553540000} - D:\PROGRA~1\WINDOW~1\WINDOW~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\SYSTEM\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\RunServices: [McAfee Firewall] "D:\PROGRAM FILES\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServicesOnce: [CleanIEDAT] \xen\clean9xdat.bat
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: xenclean 9x.bat
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://learn.sdstate...12A/ScriptX.cab
O16 - DPF: {BD346F41-52BB-11D6-873F-0004AC28D799} (WebpHMeter.TechnologyBasedLabs) - http://learn.sdstate...abs/phmeter.cab
O16 - DPF: {D5277CD5-A7F1-11D6-8743-9162B7216474} (VSG1.TechnologyBasedLabs) - http://learn.sdstate...tr/cabs/VSG.CAB
O16 - DPF: {BD346EA1-52BB-11D6-873F-0004AC28D799} (MolecularGeometry.TechnologyBasedLabs) - http://learn.sdstate...cabs/molgeo.cab
O16 - DPF: {BD346E3F-52BB-11D6-873F-0004AC28D799} (LabTechniques.TechnologyBasedLabs) - http://learn.sdstate.../techniques.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {BD34716B-52BB-11D6-873F-0004AC28D799} (SpecLab.TechnologyBasedLabs) - http://learn.sdstate...pectroscopy.cab
O16 - DPF: {9FD82800-52A6-11D6-873F-825E3BF38072} (GasLab.TechnologyBasedLabs) - http://learn.sdstate.../cabs/gases.cab
O16 - DPF: {C4712F16-5263-11D6-873F-995E98353173} (ThermChem.TechnologyBasedLabs) - http://learn.sdstate...mochemistry.cab
O16 - DPF: {C47130A4-5263-11D6-873F-995E98353173} (Chromat.TechnologyBasedLabs) - http://learn.sdstate...abs/chromat.cab
O16 - DPF: {C47131A2-5263-11D6-873F-995E98353173} (ColligProp.TechnologyBasedLabs) - http://learn.sdstate...eproperties.cab
O16 - DPF: {54D0BF3A-FA81-11D6-874A-F9F469F1D476} (EquilCon.TechnologyBasedLabs) - http://learn.sdstate...iumconstant.cab
O16 - DPF: {F49EEA0A-6E84-11D6-8740-98249CA57959} (Borax.TechnologyBasedLabs) - http://learn.sdstate.../cabs/borax.cab
O16 - DPF: {EA4E41D4-52BA-11D6-873F-0004AC28D799} (JobsLaw.TechnologyBasedLabs) - http://learn.sdstate...r/cabs/jobs.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {687589B8-1501-11D7-8685-E0D0A4FE9926} (ScientificObs.TechnologyBasedLabs) - http://learn.sdstate...bservations.CAB
O16 - DPF: {83420F81-0005-11D7-874A-AF75C5156375} (WeakAcid.TechnologyBasedLabs) - http://learn.sdstate...idTitration.CAB
O16 - DPF: {EA4E42EE-52BA-11D6-873F-0004AC28D799} (KspProject.TechnologyBasedLabs) - http://learn.sdstate...tr/cabs/Ksp.CAB
O16 - DPF: {C4712FE4-5263-11D6-873F-995E98353173} (Bromothymol.TechnologyBasedLabs) - http://learn.sdstate...Bromothymol.CAB
O16 - DPF: {77F2F812-0004-11D7-874A-AF75C5156375} (CopperLab.TechnologyBasedLabs) - http://learn.sdstate...erChemistry.CAB
O16 - DPF: {C471329D-5263-11D6-873F-995E98353173} (Electrochem.TechnologyBasedLabs) - http://learn.sdstate...rochemistry.CAB
O16 - DPF: {EA4E4258-52BA-11D6-873F-0004AC28D799} (KineticsLab.TechnologyBasedLabs) - http://learn.sdstate...bs/Kinetics.CAB
O16 - DPF: {74DA02DF-0005-11D7-874A-AF75C5156375} (Water.TechnologyBasedLabs) - http://learn.sdstate...ontaminants.CAB
O16 - DPF: {BD346F15-52BB-11D6-873F-0004AC28D799} (OrganicCompds.TechnologyBasedLabs) - http://learn.sdstate...abs/Organic.CAB
O16 - DPF: {261D269B-0005-11D7-874A-AF75C5156375} (RedoxTitrationLab.TechnologyBasedLabs) - http://learn.sdstate...oxTitration.CAB
O16 - DPF: {BD346FB4-52BB-11D6-873F-0004AC28D799} (Photosyn.TechnologyBasedLabs) - http://learn.sdstate...bs/Photosyn.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#3
ryomatic

ryomatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Take a look at this event logged in my internet history... do you think this has something to do with the virus? I noticed this right after I had rebooted and checked my e-mail.

http://64.4.61.250/c...d990bf6548fab1e
  • 0

#4
ryomatic

ryomatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well either the virus or myself ruined my computers chances of being fixed... I tried to replace my wininet.dll in dos and somehow managed to delete some important start up files... I'm getting a new computer anyways... so don't worry about this anymore! Thanks if anyone spent any time to try to help me, I appreciate it... If anyone would suggest to me some nice hardware for a new computer I'd appreciate it... I'm kind of behind on all the new equipment and such...but I have like 1500$ to spend and I want to build my own... I know I want a 64-bit processor (AMD) and a nice video card... already have a moniter and speakers. So any suggestions would be nice... thanks!

-Ryan
  • 0

#5
ryomatic

ryomatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok... since noone has replied to any of my posts... I feel lonely and sad. But that's ok cuz I got help purchasing my computer. I'm going to have a dual core 3400 AMD processor with a nvidia 6800 video card. Everything looks good I'm going to order it today!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP