Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Cant remove repairs.dll

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 3 posts
Have one dll that ewido keeps seeing as trojan highjacker. I cant fix it. Please help. Oh yeah, bazooka keeps telling me about exploit ebs.f**k-access.com, cant fix that either.

Logfile of HijackThis v1.99.1
Scan saved at 7:35:27 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = -access.com/index.phtml?source=app]http://www.kephyr.com/spywarescanner/libra...html?source=app
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

Edited by PartySizeNuts, 08 September 2005 - 08:06 PM.

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
i found a topic about removing repairs.dll, trying that, still dont know what the exploit is
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
1. Download RegLite from here

2. REBOOT into Safe Mode

3. Open Reglite and Copy&Paste the bold text below into the Address Bar and hit Enter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

4. In the smaller left hand pane-> Right Click the Windows folder (Highlighted in Blue)
Select Rename-> Rename it to Windoz-> Hit Enter

5. In the larger right hand pane-> locate and double click AppInit_DLLs
Under Value-> Remove(Delete)-> repairs.dll

6. Open the Search Assistant (Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by every box under Advanced options

7. Under All Files and Folders, enter this into the text box:

Delete any exact matches

8. Restart and Open Reglite again
Locate the folder you renamed to Windoz
Rename it again,back to Windows.

9. Have HijackThis fix this entry (if its still there):

O20 - AppInit_DLLs: repairs.dll

these were the instruction Trevuren gave on a different post. Doesnt work for me. the part about searching for repairs.dll i cant get to. every time i try to open search in safe mode i get a pop up window that says "COMMON SHELL""I need ResXX\Mcshield.dll" and the search window doesnt work. i am at a loss now for what to do.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP