[loophole]

sorry we cross posted .......no folder hmmmmm

[Advertisements]

Should I just scan the entire desktop...?

[totenkopff]

Should I just scan the entire desktop...?

[totenkopff]

Should I drag the item into a folder...because it's just on my desktop...it's not a "file" like as in a "folder looking" icon...should I make it one? Will show up then?

[loophole]

Lets just scan the desktop When done, make sure the box is check for wininet.dll and click cure and proceed with the directions

[totenkopff]

Cool...I will do it

[totenkopff]

Ok...looks like it's working...now...when I do your following instructions...should they be performed in Safe Mode...you didn't say...?

[loophole]

No safemode ...you need to be able to copy and paste from this page

[totenkopff]

Ok...doing it right now...back in a minute...

[loophole]

OK Let me know

[totenkopff]

Ok..completed all the final tasks...while still online. Here's my SmitRem & HJT logs...


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll INFECTED!!

---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:59:07 PM, on 9/3/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\NOTEPAD.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab

[totenkopff]

Just thought I'd add..if it means anything important...I now have a"wininet.dll" icon on my desktop. It's a page of paper with 2 gears on it...mean anything...also...I still have the "black box" open on my desktop that's labled "Finished Delete"...what do I do with these...?

[loophole]

Did the E trust cure the wininet file

[totenkopff]

I don't know...??? I just ran the "SmitRem" thing and apparently it claims it's still infected...? I posted above all that I know...I haven't restarted my computer for for of the "Intell32" returning...the AdAwareSE seemed to remove all the traces...but it ALWAYS did that...and then it would return upon restart...and return to internet...

I have no idea if it's fixed...but the above is my most recent findings...I guess I can restart and go back online and find out...BUT...

If it's there...it will take awhile to respond...while I await the Intell32 to re-load BACK into mt computer...

I don't blame you for calling a night...I'll be cool with that...I guess I'll repost again whenever...I know you have a life...I appreciate all that you have done...if you dont; have any further explainations...or new hints as to further actions tonight...just let me know...and I'll get back with you somehow tomorrow...will await your reply:)

[totenkopff]

Real quick...what do I do wth the "Wininet.dll" icon on my desktop...where should it go...?

[totenkopff]

Also...should I remove the following via HiJackThis...? Will this help at all?

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =


Some say get rid of it...?