Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

repairs.dll reports in eiwdo


  • Please log in to reply

#1
soos

soos

    New Member

  • Member
  • Pip
  • 2 posts
I had a huge infestation of malware on my Win2000 server after a power outage and power supply failure. (Aurora, surf sidekick, a better internet, etc.). After following your instructions I think I finally have it clean except for a dll called repairs.dll. It is in the registry, system 32, and reports in Hijack this. I can't unregister it and delete it manually as "a dllunregisterserver entry point" is not found. Any help would be appreciated. (Thanks for all of the info on your site.)
  • 0

Advertisements


#2
soos

soos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:14:48 PM, on 9/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\tcpsvcs.exe
c:\program files\intel\servermanagement\bin\cli\dpcproxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
F:\Winnebago\elementary\ctsrvr.exe
F:\Winnebago\spectrumServer\ctsrvr.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\NetShield 2000\Mcshield.exe
C:\Program Files\Network Associates\NetShield 2000\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ni_nic.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
c:\program files\intel\servermanagement\bin\win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
c:\program files\intel\servermanagement\bin\basebrd.exe
c:\program files\intel\servermanagement\bin\Adaptec\iomgr.exe
c:\program files\intel\servermanagement\bin\ipsa.exe
c:\program files\intel\servermanagement\bin\lra.exe
c:\program files\intel\servermanagement\bin\sha.exe
c:\program files\intel\servermanagement\bin\Adaptec\ciodmi.exe
C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
\SERVER\netlogon\ImLua.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Network Associates\NetShield 2000\SHSTAT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Network Associates\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\NetShield 2000\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NCS.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1887215F-A373-45DE-8026-8562954E847C}: NameServer = 10.10.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NCS.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1887215F-A373-45DE-8026-8562954E847C}: NameServer = 10.10.10.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NCS.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{1887215F-A373-45DE-8026-8562954E847C}: NameServer = 10.10.10.2
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Network Associates Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Intel Baseboard Instrumentation (basebrd) - Unknown owner - c:\program files\intel\servermanagement\bin\basebrd.exe
O23 - Service: CIO Array Management Service (CIOArrayManagement) - Adaptec, Inc. - c:\program files\intel\servermanagement\bin\Adaptec\iomgr.exe
O23 - Service: Adaptec CIODMI (CIODMI) - Unknown owner - c:\program files\intel\servermanagement\bin\Adaptec\ciodmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISM DPC Proxy (DPCProxy) - Unknown owner - c:\program files\intel\servermanagement\bin\cli\dpcproxy.exe
O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: Intel EIF Agent (eif) - Unknown owner - c:\program files\intel\servermanagement\bin\eif.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: FairCom Server (ELEMENTARY) - Unknown owner - F:\Winnebago\elementary\ctsrvr.exe
O23 - Service: FairCom Server (SPECTRUM) - Unknown owner - F:\Winnebago\spectrumServer\ctsrvr.exe
O23 - Service: IP Synchronization Agent (ipsa) - Unknown owner - c:\program files\intel\servermanagement\bin\ipsa.exe
O23 - Service: Intel Local Response Agent (lra) - Unknown owner - c:\program files\intel\servermanagement\bin\lra.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\NetShield 2000\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\NetShield 2000\VsTskMgr.exe
O23 - Service: Intel Client Instrumentation for DMI (ni_nic) - Intel® Corporation - C:\WINNT\system32\ni_nic.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel Server Health Agent (sha) - Unknown owner - c:\program files\intel\servermanagement\bin\sha.exe
O23 - Service: Win32sl (win32sl) - Intel - c:\program files\intel\servermanagement\bin\win32sl.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP