res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm.
I can not reset the home page.
HELP
New infection: IE runs shdocnvt.dll
Started by
arkflash
, Oct 03 2005 07:29 AM
#1
Posted 03 October 2005 - 07:29 AM
arkflash
-
- Member
-
- 9 posts
New Member
res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm.
I can not reset the home page.
HELP
#2
Posted 03 October 2005 - 08:15 AM
cleverboy12
-
- Member
-
- 687 posts
Member
That isnt the home page it states that you dont have internet connection.
What happened before the first experience of this ?
What happened before the first experience of this ?
#3
Posted 03 October 2005 - 09:38 AM
arkflash
- Topic Starter
-
- Member
-
- 9 posts
New Member
Well, as to how it happened, let's say I recommend that people do NOT traverse spunkysheets.com. 
Anyway, the IE itself now presents a modified page with 'TNS' (in italicised PINK letters). I have internet connectivity, but renamed shdocnvt.dll so that the warningAPI.htm does NOT come up. I will post the exact url & verbage tonight (after renaming the dll back to it's original name).
Now, some observations, I can't logon to geekstogo from the workstation, it just gives me 'page not available.' Also, can't connect to the forums....so whatever this thing is, it selectively blocks the user from getting help.
Other sites are fine.....
Anyway, the IE itself now presents a modified page with 'TNS' (in italicised PINK letters). I have internet connectivity, but renamed shdocnvt.dll so that the warningAPI.htm does NOT come up. I will post the exact url & verbage tonight (after renaming the dll back to it's original name).Now, some observations, I can't logon to geekstogo from the workstation, it just gives me 'page not available.' Also, can't connect to the forums....so whatever this thing is, it selectively blocks the user from getting help.
Other sites are fine.....
#4
Posted 03 October 2005 - 09:55 AM
cleverboy12
-
- Member
-
- 687 posts
Member
Have you done a virus scan because i suspect a virus of this.
#5
Posted 03 October 2005 - 10:41 AM
arkflash
- Topic Starter
-
- Member
-
- 9 posts
New Member
Actually, this issue is pretty much documented in http://reviews.cnet....ssageID=1452753.
The solution: http://reviews.cnet....ssageID=1452772
ewido cleared it up.
Pretty new stuff in that the reported problem & solution were posted 10/2/05!
Just an quick update...ran Ewido, "Fast scan" since the infected file resides in windows\system32. The solution referenced above states to clean the files. Actual the option listed on finding an infection is "remove", but at the end of the scan, the files are cleaned (so remove means remove virus, not the file). Anyway this fixed the problem & I regained control over IE.
The culprit:
[1116] C:\WINDOWS\system32\svcnvt.exe -> TrojanDownloader.Delf.ks : Cleaned with backup
The solution: http://reviews.cnet....ssageID=1452772
ewido cleared it up.
Pretty new stuff in that the reported problem & solution were posted 10/2/05!
Just an quick update...ran Ewido, "Fast scan" since the infected file resides in windows\system32. The solution referenced above states to clean the files. Actual the option listed on finding an infection is "remove", but at the end of the scan, the files are cleaned (so remove means remove virus, not the file). Anyway this fixed the problem & I regained control over IE.
The culprit:
[1116] C:\WINDOWS\system32\svcnvt.exe -> TrojanDownloader.Delf.ks : Cleaned with backup
Edited by arkflash, 08 October 2005 - 06:25 AM.
#6
Posted 03 October 2005 - 12:15 PM
cleverboy12
-
- Member
-
- 687 posts
Member
Looks like you could possibly have a malware infection.
You Must Read Before Posting A HijackThis Log
Please Post A HijackThis Log In The Malware Forum
If You Dont Know What HijackThis Is and Dont Know How To Use It Please See Before Posting A HijackThis Log
Please Follow All The Steps Carefully and Start Your Own Topic So That An Expert Can Come Along And Help You Out.
Good Luck
You Must Read Before Posting A HijackThis Log
Please Post A HijackThis Log In The Malware Forum
If You Dont Know What HijackThis Is and Dont Know How To Use It Please See Before Posting A HijackThis Log
Please Follow All The Steps Carefully and Start Your Own Topic So That An Expert Can Come Along And Help You Out.
Good Luck
#7
Posted 03 October 2005 - 12:37 PM
arkflash
- Topic Starter
-
- Member
-
- 9 posts
New Member
Looks like I'm not alone -- others have already posted their hyjackthis logs -- what appears is:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm#IDxMS;230905; <--one entry, another log has shdocnvt.dll/blank.htm
I will check to see the virus that was 'deleted' by NAV tonight.
Also, see the following for a log entered today, and the response:
http://www.geekstogo...hl=shdocnvt.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm#IDxMS;230905; <--one entry, another log has shdocnvt.dll/blank.htm
I will check to see the virus that was 'deleted' by NAV tonight.
Also, see the following for a log entered today, and the response:
http://www.geekstogo...hl=shdocnvt.dll
Edited by arkflash, 03 October 2005 - 12:51 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
