Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with hclean32.exe ntfsnlpa.exe tmp.hta [RESOLVED]


  • This topic is locked This topic is locked

#1
Rotor

Rotor

    New Member

  • Member
  • Pip
  • 7 posts
Hi!

I need some help with removing malware/spyware on my computer.
I had a trial of Webroot Spy Sweeper, that detected trojan-downloader-ruin and trojan-secdrop etc. Tried to clean it with several anti-spyware programs, without any luck.

The files where:
* hclean32.exe
* ntfsnlpa.exe
* rdsndin.exe

Also the Explorer and various programs hangs from time to time.

During my hunt for the solution i also found "tmp.hta" under c:\windows.
If I run Killbox to delete tmp.hta at reboot I get an error that says something like "The rename-during-reboot in the registry has been removed by an external process". So the thmp.hta remains.

I have generated some logs and hope you can help me to sort this out.
Here follows the Hijack Log. I also have attached a Silentrunner Logfile.

Best Regards
Daniel

Hijack LOG
------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:52:51, on 2005-09-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {F027301E-0E28-32BC-38D6-E95ED32F7AF8} - xwiz.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\system32\Bhoekort.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Apps\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Apps\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Apps\ICQPRO~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Apps\ZoneAlarmPro\zapro.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Apps\UltraVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards
O4 - HKLM\..\Run: [iTunesHelper] "C:\Apps\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\system32\hclean32.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Apps\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Startup: Anapod Manager.lnk = C:\Apps\Anapod Explorer\anamgr.exe
O4 - Startup: Monitor Apache Servers.lnk = C:\Program\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Startup: ServUDaemon.lnk = C:\Apps\Serv-U\ServUDaemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Apps\NikonView6\NkvMon.exe
O4 - Global Startup: Tray Monitor.lnk = C:\Apps\Serv-U\ServUTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Apps\ICQPRO~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Apps\ICQPRO~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Apps\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program\MySQL\MySQL.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Apps\WebDrive\wdservice.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Apps\UltraVNC\winvnc.exe" -service (file missing)
------------------------------------------------------------------
Attached File  Startup_Programs__ROTOR__2005_09_06_23.54.37.txt   15.43KB   60 downloads

Edited by Rotor, 06 September 2005 - 04:40 PM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
Rotor

Rotor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Sam!

I have been struggling with the malware a few days and found som different families (coolwebsearch, V2X etc). I think I have been able to clean alot of them, but I'm not sure all is gone.

Explorer.exe hangs every time I press "windows-button" + E

Anoter question: When monitoring my network ports I see connections to deploy.akamaitechnologies.com. Is that indication a maleware problem?

My fresh Hijacklog is here. Maybe hijack doesn't catch any malware entries anymore?

Logfile of HijackThis v1.99.1
Scan saved at 17:24:27, on 2005-09-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Apps\VPN Client\cvpnd.exe
C:\Program\Apache Group\Apache2\bin\Apache.exe
C:\Program\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program\Executive Software\Diskeeper\DkService.exe
C:\Apps\ewido\security suite\ewidoctrl.exe
C:\Apps\ewido\security suite\ewidoguard.exe
C:\Program\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Apps\WebDrive\wdservice.exe
C:\Apps\UltraVNC\winvnc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Apps\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Apps\ICQPRO~1\ICQ\ICQ.exe
C:\Apps\ZoneAlarmPro\zapro.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Java\jre1.5.0_03\bin\jusched.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\ekort\ekort.exe
C:\Apps\iTunes\iTunesHelper.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\Miranda IM\miranda32.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Apps\NikonView6\NkvMon.exe
C:\Apps\Anapod Explorer\anamgr.exe
C:\Program\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\cmd.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\system32\Bhoekort.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Apps\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Apps\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Apps\ICQPRO~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Apps\ZoneAlarmPro\zapro.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Apps\UltraVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards
O4 - HKLM\..\Run: [iTunesHelper] "C:\Apps\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Apps\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Startup: Anapod Manager.lnk = C:\Apps\Anapod Explorer\anamgr.exe
O4 - Startup: Monitor Apache Servers.lnk = C:\Program\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Startup: ServUDaemon.lnk = C:\Apps\Serv-U\ServUDaemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Apps\NikonView6\NkvMon.exe
O4 - Global Startup: Tray Monitor.lnk = C:\Apps\Serv-U\ServUTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Apps\ICQPRO~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Apps\ICQPRO~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Apps\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Apps\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Apps\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program\MySQL\MySQL.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Apps\WebDrive\wdservice.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Apps\UltraVNC\winvnc.exe" -service (file missing)
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's see what we can turn up.

Download and save backlight to your desktop. Doubleclick blbeta.exe, accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.
  • 0

#5
Rotor

Rotor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It said "No hidden items found".

Here's my Backlight log:

09/12/05 20:19:57 [Info]: BlackLight Engine 1.0.23 initialized
09/12/05 20:19:57 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/12/05 20:19:57 [Note]: 4019 0
09/12/05 20:19:57 [Note]: 4019 1
09/12/05 20:19:57 [Note]: 4019 2
09/12/05 20:19:57 [Note]: 4019 3
09/12/05 20:19:57 [Note]: 4019 4
09/12/05 20:19:57 [Note]: 4005 0
09/12/05 20:20:02 [Note]: 4006 0
09/12/05 20:20:02 [Note]: 4011 5716
09/12/05 20:20:03 [Note]: FSRAW library version 1.7.1011
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's good news!

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
Rotor

Rotor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Bingo! (or should I say bummer!)
Here we got some infected stuff. I don't know if every item is evil but some looks like bad ones.

What do you think Sam?

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, September 13, 2005 20:18:17
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/09/2005
Kaspersky Anti-Virus database records: 149117
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 176321
Number of viruses found: 23
Number of infected objects: 93
Number of suspicious objects: 3
Duration of the scan process: 7319 sec

Infected Object Name - Virus Name
C:\Apps\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06340000.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06400000.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06440000.VBN Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480000.VBN Infected: Exploit.HTML.IframeBof
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480001.VBN Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06540000.VBN Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06540001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06540001.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06540001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06540001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06540001.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\067C0000.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD80000.VBN Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE40000.VBN Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940000.VBN Infected: Backdoor.Win32.Robobot.w
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940001.VBN Infected: Backdoor.Win32.Robobot.w
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940002.VBN Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940003.VBN Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940004.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940005.VBN Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C980000.VBN Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C980001.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000.VBN Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0001.VBN Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0002.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA00000.VBN Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA00001.VBN Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA80000.VBN Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D900000.VBN Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980000.VBN Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980001.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980001.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980002.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D980003.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D9C0000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D9C0000.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D9C0000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D9C0000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D9C0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DA00000.VBN Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900000.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900001.VBN/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E900001.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Daniel\Lokala inställningar\Application Data\Identities\{D123F15B-8331-4ED4-8BFD-F8F0CE2C92C1}\Microsoft\Outlook Express\KTH Mail - Inkorgen.dbx/[From Jagdis@chaph.usc.edu][Date Wed, 20 Oct 2004 00:14:47 +0000]/html Infected: Trojan-Spy.HTML.Pcard.b
C:\Documents and Settings\Daniel\Lokala inställningar\Application Data\Identities\{D123F15B-8331-4ED4-8BFD-F8F0CE2C92C1}\Microsoft\Outlook Express\KTH Mail - Inkorgen.dbx/[From fabman@edcallahan.com][Date Tue, 26 Oct 2004 06:41:31 +0000]/html Infected: Trojan-Spy.HTML.Pcard.c
C:\Documents and Settings\Daniel\Lokala inställningar\Application Data\Identities\{D123F15B-8331-4ED4-8BFD-F8F0CE2C92C1}\Microsoft\Outlook Express\KTH Mail - Inkorgen.dbx Infected: Trojan-Spy.HTML.Pcard.c
D:\Backup\Daniel\Identities\{DB8A2C7C-0FF4-48A4-8BA6-AAF42DB605BA}\Microsoft\Outlook Express\KTH Mail - Borttaget (1).dbx/[From SunTrust <service@suntrust.com>][Date Mon, 13 Sep 2004 03:37:56 -0500]/html Suspicious: not-a-virus:PSWTool.HTML.Fraud.gen
D:\Backup\Daniel\Identities\{DB8A2C7C-0FF4-48A4-8BA6-AAF42DB605BA}\Microsoft\Outlook Express\KTH Mail - Borttaget (1).dbx Suspicious: not-a-virus:PSWTool.HTML.Fraud.gen
D:\Media D\- Program -\Rhino.Software.Serv-U.v5.2.0.0-RECOiL\rcrssu01.zip/RECOiL.rar/ServUSetup.exe/CHECKUPDATE.DLL Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\Media D\- Program -\Rhino.Software.Serv-U.v5.2.0.0-RECOiL\rcrssu01.zip/RECOiL.rar/ServUSetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\Media D\- Program -\Rhino.Software.Serv-U.v5.2.0.0-RECOiL\rcrssu01.zip/RECOiL.rar/ServUSetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\Media D\- Program -\Rhino.Software.Serv-U.v5.2.0.0-RECOiL\rcrssu01.zip/RECOiL.rar Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\Media D\- Program -\Rhino.Software.Serv-U.v5.2.0.0-RECOiL\rcrssu01.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\Media D\- Program -\Serv-U FTP 5.0 Corporate Cracked FULL\susetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.5000
D:\Media D\- Program -\Serv-U FTP 5.0 Corporate Cracked FULL\susetup.exe/SERVUTRAY.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
D:\Media D\- Program -\Serv-U FTP 5.0 Corporate Cracked FULL\susetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201
F:\Backup\Dell\Program_E.zip/Install/radmin21.zip/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
F:\Backup\Dell\Program_E.zip/Install/radmin21.zip/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
F:\Backup\Dell\Program_E.zip/Install/radmin21.zip/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Backup\Dell\Program_E.zip/Install/radmin21.zip/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Backup\Dell\Program_E.zip/Install/radmin21.zip/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Backup\Dell\Program_E.zip/Install/radmin21.zip Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Backup\Dell\Program_E.zip Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
F:\Install\- Program -\Remote Administrator 2.1\RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
F:\Install\- Program -\Remote Administrator 2.1\RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\radmin21.zip/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
F:\Install\- Program -\Remote Administrator 2.1\radmin21.zip/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20
F:\Install\- Program -\Remote Administrator 2.1\radmin21.zip/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\radmin21.zip/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\radmin21.zip/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\- Program -\Remote Administrator 2.1\radmin21.zip Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21
F:\Install\mIRC 6.14\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614
F:\Install\mIRC 6.14\mirc614.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614
F:\Install\vnc-4.0-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
F:\Install\vnc-4.0-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
F:\Install\vnc-4.0-x86_win32.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
F:\Install\vnc-4.0-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
F:\snd-spysweeper4.0.4build430.loader.exe/run.exe Infected: Trojan-Downloader.Win32.IstBar.is
F:\snd-spysweeper4.0.4build430.loader.exe Infected: Trojan-Downloader.Win32.IstBar.is

Scan process completed.
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Everything I see that's bad is already quarantined by Norton. I would go ahead and delete all off Norton's quarantined files.

But I don't see any signs of an active infection.
Are you having problems?
  • 0

#9
Rotor

Rotor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All Norton's quarantined files deleted!

The only problem is that Explorer.exe hangs every time I press "windows-button" + E. It wasn't a problem before the malware. But maybe there's time for a fresh Windows installation.

And the other concern is: When monitoring my network ports I see connections to deploy.akamaitechnologies.com. Nothing to worry about?

If nothing more looks suspicious, maybe I did a decent job cleaning and hunting the malware when it was really messing with my computer.

Edited by Rotor, 14 September 2005 - 01:29 AM.

  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Does explorer also hang up if you try to run it other ways?

Here's some info on akamai.
http://www.cs.washin...tul/akamai.html

Unless it's accompanied by problems I wouldn't worry about it.
  • 0

#11
Rotor

Rotor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Explorer hangs just when using "windows button" + E and clicking on "My Computer".
Direct link to "Explore" works.

Thanks for the link to "about akamai".
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That doesn't sound like it would be related to malware. If it loads just fine when you launch it using other methods then there's nothing wrong with explorer itself, just the shortcut method.
  • 0

#13
Rotor

Rotor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, thank you very much for your help Sam! :tazz:
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Glad to help out! :tazz:
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP