Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need New Intell32 & PSGuard Help... [RESOLVED]


  • This topic is locked This topic is locked

#121
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok before we start Go here and see if you can download the file Wininet.dll
Let me know

Edited by loophole, 06 September 2005 - 03:32 PM.

  • 0

Advertisements


#122
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...got the download. It's now sitting on my desktop. I'll unzip and extract when I receive the next set of instructions from you...thanks again:)
  • 0

#123
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...I went ahead and extracted it. I had to see if the download was successful. It was. A new "wininet.dll" now exists in it's own folder on my desktop. I haven't removed it yet. Everything looks fine:)

PS- I right clicked on the new wininet.dll and viewed properties, then dependencies. It looks clean. Nothing is attached to it and it's not being used by anything.
  • 0

#124
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK . Lets give it a go

Rename the file you downloaded to WININET.NEW... now copy that file to C:\WINDOWS\SYSTEM folder. Now instead of restarting your computer in Safe Mode... select instead Command Prompt... and do the following.

CD\WINDOWS\SYSTEM [ENTER]
REN WININET.DLL *.BCK [ENTER]
REN WININET.NEW *.DLL [ENTER]

Now restart your computer.

Ask any questions you dont understand before proceeding

Edited by loophole, 07 September 2005 - 10:45 PM.

  • 0

#125
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
:tazz:
  • 0

#126
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...cool deal! I got your instructions a-ok. Only thing is, should I do anything else immediately upon restarting my computer? That is, run any of the "fixing" programs such as AdAwareSE or anyting like that. Y'know, before going back online?

Just wondering if my pet malware will somehow reactivate, spring to life and corrupt my newly clean DLL upon returning to the internet? Or should I be fine and just simply report back to you with results immediately?

Just wanted to make sure...sorry to be such a pain...cause I'm really appreciating all the help...Thanks again:)
  • 0

#127
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Restart and run the smith.rem tool and post the results :tazz:
  • 0

#128
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...well, didn't quite work. I'll give you the run down step by step...:

First, when I changed the name of the NEW wininet.dll, the icon changed from a page with 2-gears to a page with the "windows" logo. Ok, cool. I sent it to the SYSTEM folder.

Went to COMMAND prompt. As I typed the commands and hit enter, it said more about "file in use". It didn't say "denied" but file in use nonetheless.

Anyways, I restarted and ran "SmitRem". Nothing took effect apparently. It still claimed "wininet.dll" is infected. Also, the renamed "wininet.new" is still in the SYSTEM folder as "windows page" icon.

For some reason, after the reboot, the PSGuard icons were altered like something had happened to them. They now just appear as little computer moniter screens, looking icons. Also, when I got back online to report...BAM! Intell32 has popped up and is grinding away on my computer. I'm sure because the PSGuard was somehow "messed" with. How dare me...!

Also, I happened to right click on the "Wininet.dll" icon and viewed it's dependencies. I have done this before. There are LOTS!
  • 0

#129
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...sorry...had a keypad freeze up...Intell32 I'm sure. Anyways...

I tried to hi-light all the dependencies so I could cut and paste for you. In the particular window they are in, it will not let me. So it will appear that I will have to copy each friggen one by hand. And there are a LOT! Most appear to be various ".EXE's".

This is just if you're interested as to what my Wininet.dll is doing.

I still have the original wininet.dll download from the dll-download website. So I can try this as many times as possible. If you wish, when I try it again, I'll copy and tell you exactly what the "command" prompt said while I was typing in the commands. Thanks again...I'll be back:)
  • 0

#130
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...tried it again anyways. Here's what it looked like:

C:\WINDOWS\DESKTOP>CD\WINDOWS\SYSTEM

C:\WINDOWS\SYSTEM>REN WININET.DLL *.BCK
Duplicate file name or file in use

C:\WINDOWS\SYSTEM>REN WININET.NEW *.DLL
Duplicate file name or file in use

C:\WINDOWS\SYSTEM>

-----------------------------------------

Well, thats what it looks like exactly after I type in all the commands.
Also, I went to the E-Trust scan website and scanned my entire Windows folder. Here's what came back if you're intersted and if it may help at all...

C:\Windows-Complete Folder (All infections located in: System Folder) 9-5-05
-------------------------------------------------------------------------

FILE INFECTION STATUS PATH
---- --------- ------ ----
kbrfp9cf2yyi5c.dll Win32.Startpage.IK infected C:\WINDOWS\SYSTEM\

00wwt1lw4h09.bak Win32.Startpage.IK infected C:\WINDOWS\SYSTEM\

do93br5hnilz89.dll Win32.Startpage.IK infected C:\WINDOWS\SYSTEM\

lnxude75hdobz8w.bak Win32.Startpage.IK infected C:\WINDOWS\SYSTEM\

MTC.dll Win32.Startpage.JS infected C:\WINDOWS\SYSTEM\

oleext.dll Win32.Alemod.I infected C:\WINDOWS\SYSTEM\

WININET.DLL Win32.Alemod.H infected C:\WINDOWS\SYSTEM\

intell32.exe Win32.Spudrag.C infected C:\WINDOWS\SYSTEM\
-----------------------------------------------------------------------------------------

Thanks again...:tazz:
  • 0

Advertisements


#131
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
I don't know what if any the following info can provide...I just thought I'd post what info I could find concerning my stinking Wininet.dll. Here's a list of ALL the dependencies listed and what little info I could find via Google.

I don't know for sure (at all really) if this many items should be present or not...

Wininet.dll Dependencies 9-8-05
-------------------------------
**ALL are located in the SYSTEM folder**
------------------------------------
Google Search:
--------------
CMSSSPXN.EXE - Nothing Found
STRMDLL.DLL - Media Player
HNETCFG.DLL - Security Component
IEPEERS.DLL - IE Peer Objects
WMNETMGR.DLL - Windows Media
MSEXCL40.DLL - MicroSoft Stuff
ZGL8.EXE - ***Possible Crap
SYSUPD1003.EXE - ***Possible Crap
WMVCORE.DLL - Windows Media Playback Auth.
MSVBVM60.DLL - Microsoft Visual Basic machine COM Player
TDC.OCX - ActiveX Control Modual
MFC42D.DLL - Microsoft Foundation Classes Library
SHDOC401.DLL - Library COM Functions
KJRQ49R.EXE - ***Possible Crap
MSLTUS40.DLL - Microsoft Lotus Unknown App.
KBRFP9CF2YYI5C.DLL - Nothing Found
MSIEFTP.DLL - Module Contains Interfaces Functions?
GEJD3L.EXE - ***Possible Crap
KDWVZ0.EXE - ***Possible Crap
DO93BR5HNILZ89.DLL - Nothing Found
WPWIZDLL.DLL - Dynamic Link Library?
MSREPL40.DLL - Jet Database?
FDA76.EXE - ***Possible Crap
MSPBDE40.DLL - Microsoft Stuff?
SENS.DLL - System Event Notification Service
DSU6.EXE - ***Possible Crap
IQZQA.EXE - ***Possible Crap
MSXBDE40.DLL - Microsoft Jet stuff; Unknown
MSDXM.OCX - Windows Media Player IE Plugin
MSNWEBQT.DLL - Unknown; Outdated MS stuff or Possible Crap
WEBPOST.DLL - Dynamic Link Library
WMIDX.OCX - Windows Media? Possible Crap?
MSPDOX35.DLL - Load Library? Possible Crap
DRMV2CLT.DLL - Windows Media?; Possible Crap
WMSTREAM.DLL - Windows Media?; Possible Crap
BROWSEUI.DLL - Windows Browser IE Component
DXMASF.DLL - Windows Media? Possible Crap?
DPNET.DLL - DirectPlay? Unknown App.
TKSRV98.EXE - ***Possible Crap
JXIMOD.EXE - ***Possible Crap
FFEWP.EXE - ***Possible Crap
MSXML2.DLL - Unknown MS Stuff
WINTDIST.EXE - ActiveX Stuff
ROBOEX32.DLL - WinHelp App.
WUV3IS.DLL - Windows Update Engine Library
CKCNV.EXE - Cookie Converter? Unknown App., Possible Crap?
CASINO.EXE - ***Possible Crap
MSINET.OCX - Microsoft Internet Transfer Control
MSSIGN32.DLL - Import Ordinal Hint Function Entry Point? Unknown?
MSLTUS35.DLL - MS Stuff; Unknown App? Possible Crap?
CRYPTNET.DLL - MS Windows App. Unknown Function
MSTEXT40.DLL - Unknown MS App.?
MSXML3.DLL - Unknown MS App.?
MSEXCH40.DLL - MS Jet? Unknown App.
RDXITBL.EXE - Nothing Found
-----------------------------------------

I told you it was a lot. This can't be right...?!
  • 0

#132
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ahhhhhhhhhhhh

certainly appear to be some bad files there.Im gonna ask around and see what I can find out. Are you gonna be online tonight?
  • 0

#133
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Yeah...that "list" has GOT to altered somehow...! I'm wondering if I should re-download all the important DLL's & EXE's and keep them in a file. Then wipe out everything on that list that I can find in my computer. And start over. Something like that anyways...maybe not that exactly...but something...

Yes, I should be on tonight. I'll keep monitoring...thanks:)
  • 0

#134
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
{ edited ]

Edited by loophole, 08 September 2005 - 06:24 PM.

  • 0

#135
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Can you scan your whole computer with E trust while I research this some more.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP