Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.desktophijack virus [RESOLVED]


  • This topic is locked This topic is locked

#31
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
  • Download the following self-extracting file smitRem.exe and save the file to your DESKTOP.
    • Double click the Smitrem.exe icon on your Desktop.
    • Then click Run>Start and a Smitrem folder will apear on your desktop also.
  • REBOOT your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
  • Open the smitRem folder
    • Double click the RunThis.bat file to start the tool.
    • Follow the prompts on screen.
    • Wait for the tool to complete and disk cleanup to finish.
    • It will produce a log called smitfiles.txt log
  • REBOOT your system into Normal Mode

  • Post the contents of the smitfiles.txt log into this thread.
Regards,

Trevuren

  • 0

Advertisements


#32
bhayden21

bhayden21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Not sure if I didn't let the program run long enough? I only got a shudder.txt in my smitrem folder. When I ran the smitrem it said that the wininet.dll file is infected, but couldn't find any good file to replace the infected one with. Here is the shudder file:

Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD ---------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD

HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGuard

Deleting ShudderLTD ----------


Checking if HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD is still present ------

Deleting leftovers in registry ------

leftovers deleted!
  • 0

#33
bhayden21

bhayden21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Sorry Trevuren....found the smitfiles.txt log. Here you go:

smitRem log file
version 2.3

by noahdfear

The current date is: Mon 09/12/2005
The current time is: 20:17:46.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :)


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :tazz: Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ dllcache\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll ~~~~


~~~~ KB890923\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll ~~~~


~~~~ KB867282\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll ~~~~


~~~~ KB883939\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\ServicePackFiles\i386\wininet.dll ~~~~


~~~~ C:\WINDOWS\ServicePackFiles\i386\wininet.dll not present! ~~~~

~~~ A good copy of wininet.dll was not found. Look for more locations. ~~~
  • 0

#34
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
It wants to be nasty with us. So be it.

The problem is you do not have a replacement for this file on your system so we will create one.

1. Locate wininet.dll in your system folder.

2. Right-click to copy it (make sure you don't cut it!), then paste it onto the desktop.

3. . Please download the 30-day free trial of Kaspersky anti virus
  • Install the program
  • Run the definition update module.
  • Scan your whole system.
  • When it gets to wininet.dll on your desktop, MAKE SURE that it doesn't get deleted, just cleaned
  • When finished, REBOOT your system
4. Once it's cleaned, Rename wininet.dll in the system folder to wininet.old,

5. Finally copy the clean one off the desktop and paste it into the system folder.


Regards,

Trevuren

  • 0

#35
bhayden21

bhayden21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Oh oh - when I try to paste the wininet.dll file to my desktop is gives me an error: Cannot copy wininet, access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.
  • 0

#36
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Try it in Safe Mode then

Regards,

Trevuren

  • 0

#37
bhayden21

bhayden21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
My computer was super slow last night, so I didn't get a chance to post. I cleaned the wininet.dll file on my desktop with Kaspersky and it said no dangerous objects found. When I tried to rename the wininet.dll in the system folder, it wouldn't let me change the name of the file. Should I do this in safe mode?

I also scanned the system wininet.dll file with Kaspersky and it also said no dangerous objects found. Hmmm. Thanks again for all of your help and patience!
  • 0

#38
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. As you suggested, try renaming the file in Safe Mode.

2. If successfull, then copy the "good" wininet.dll file into the system32 folder.

3. Then reboot.

4. Post comments, thanks

Regards,

Trevuren

  • 0

#39
bhayden21

bhayden21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Trevuren, Just wanted to let you know that I am going to replace the hard drive in my computer. It was running so slow last week that I couldn't do anything, and then it just completely quit on me. Hopefully the new hard drive will fix everything!

Thanks again for all of your great help, I learned so much! Beth
  • 0

#40
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Good Luck with your new drive


Trevuren
  • 0

Advertisements


#41
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP