Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New infection: IE runs shdocnvt.dll


  • Please log in to reply

#1
arkflash

arkflash

    New Member

  • Member
  • Pip
  • 9 posts
My computer got slammed again (when will I learn not to arbitrarily surf & open stuff). Anyway, IE now comes up with:
res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm.

I can not reset the home page.
HELP
  • 0

Advertisements


#2
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts
That isnt the home page it states that you dont have internet connection.

What happened before the first experience of this ?
  • 0

#3
arkflash

arkflash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, as to how it happened, let's say I recommend that people do NOT traverse spunkysheets.com. :tazz: Anyway, the IE itself now presents a modified page with 'TNS' (in italicised PINK letters). I have internet connectivity, but renamed shdocnvt.dll so that the warningAPI.htm does NOT come up. I will post the exact url & verbage tonight (after renaming the dll back to it's original name).

Now, some observations, I can't logon to geekstogo from the workstation, it just gives me 'page not available.' Also, can't connect to the forums....so whatever this thing is, it selectively blocks the user from getting help.

Other sites are fine.....
  • 0

#4
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts
Have you done a virus scan because i suspect a virus of this.
  • 0

#5
arkflash

arkflash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Actually, this issue is pretty much documented in http://reviews.cnet....ssageID=1452753.

The solution: http://reviews.cnet....ssageID=1452772
ewido cleared it up.

Pretty new stuff in that the reported problem & solution were posted 10/2/05!

Just an quick update...ran Ewido, "Fast scan" since the infected file resides in windows\system32. The solution referenced above states to clean the files. Actual the option listed on finding an infection is "remove", but at the end of the scan, the files are cleaned (so remove means remove virus, not the file). Anyway this fixed the problem & I regained control over IE.
The culprit:
[1116] C:\WINDOWS\system32\svcnvt.exe -> TrojanDownloader.Delf.ks : Cleaned with backup

Edited by arkflash, 08 October 2005 - 06:25 AM.

  • 0

#6
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts
Looks like you could possibly have a malware infection.

You Must Read Before Posting A HijackThis Log

Please Post A HijackThis Log In The Malware Forum

If You Dont Know What HijackThis Is and Dont Know How To Use It Please See Before Posting A HijackThis Log

Please Follow All The Steps Carefully and Start Your Own Topic So That An Expert Can Come Along And Help You Out.

:tazz: Good Luck :)
  • 0

#7
arkflash

arkflash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Looks like I'm not alone -- others have already posted their hyjackthis logs -- what appears is:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm#IDxMS;230905; <--one entry, another log has shdocnvt.dll/blank.htm

I will check to see the virus that was 'deleted' by NAV tonight.

Also, see the following for a log entered today, and the response:
http://www.geekstogo...hl=shdocnvt.dll

Edited by arkflash, 03 October 2005 - 12:51 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP