Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help removing win fixer please

Started by jerichoy2j , Oct 17 2005 04:37 PM

  • Please log in to reply

#1
jerichoy2j
Posted 17 October 2005 - 04:37 PM

jerichoy2j

    Member

  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:38:31, on 17/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\iPod\Bin\iPodWatcher.exe
F:\Program Files\HHVcdV6Sys\VC6Play.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\iPod\Bin\iPodSrv.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\HHVcdV6Sys\VC6SecS.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\NewsLeecher\newsLeecher.exe
F:\Program Files\NewsLeecher\newsLeecher.exe
F:\WINDOWS\system32\LVComsX.exe
F:\Program Files\IncrediMail\bin\IncMail.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\Program Files\Logitech\Video\AlbumDB2.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://azkaar.8m.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - F:\WINDOWS\Cursors\vb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iPodWatcher] F:\Program Files\iPod\Bin\iPodWatcher.exe
O4 - HKLM\..\Run: [VC6Player] F:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://azkaar.8m.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093532981673
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0801CEBF-5500-47F2-9AD9-9149DD9326DA}: NameServer = 194.170.1.6,194.170.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{0801CEBF-5500-47F2-9AD9-9149DD9326DA}: NameServer = 194.170.1.6,194.170.1.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: vb - F:\WINDOWS\Cursors\vb.dll
O23 - Service: iPodSrv - Unknown owner - F:\Program Files\iPod\Bin\iPodSrv.exe
O23 - Service: SpywareCleanerService - Unknown owner - F:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - F:\Program Files\HHVcdV6Sys\VC6SecS.exe


any help appriciated
  • 0

Advertisements

#2
g2i2r4
Posted 18 October 2005 - 02:23 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome jerichoy2j to Geeks to Go!

Remove Spyware Cleaner
Move to Start > Settings > Control Panel
Double click Add/Remove Programs.
Within Add/Remove programs click the "Install/Uninstall" tab or click the "Change or Remove Programs" button.
Within this section you will see a listing of programs that are currently installed that support this feature. If the program I’m advising you to uninstall is listed within this list, highlight it and click the Add/Remove or uninstall option or button.

***

Please print these instructions out for use in Safe Mode.
Please note: your Antivirus program may prompt you to a malicious script trying to run. Allow the entire script once.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • F:\WINDOWS\Cursors\vb.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):F:\WINDOWS\Cursors\bv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - F:\WINDOWS\Cursors\vb.dll

    O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

    O20 - Winlogon Notify: vb - F:\WINDOWS\Cursors\vb.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
jerichoy2j
Posted 18 October 2005 - 04:39 PM

jerichoy2j

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was F:\WINDOWS\Cursors\vb.dll

The second filepath entered was f:\WINDOWS\Cursors\bv.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 180 'smss.exe'

Killing PID 784 'explorer.exe'
Killing PID 784 'explorer.exe'


Killing PID 252 'winlogon.exe'
Killing PID 252 'winlogon.exe'
Error 0x5 : Access is denied.

--------------------------------------------------------------------------------------

F:\WINDOWS\Cursors\vb.dll Deleted sucessfully.
f:\WINDOWS\Cursors\bv.* Deleted sucessfully.

Fixing Registry
-----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:49:01, on 18/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\iPod\Bin\iPodWatcher.exe
F:\Program Files\HHVcdV6Sys\VC6Play.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Messenger\msmsgs.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\Program Files\iPod\Bin\iPodSrv.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\HHVcdV6Sys\VC6SecS.exe
F:\PROGRA~1\INCRED~1\bin\IncMail.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Winamp\winamp.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://azkaar.8m.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iPodWatcher] F:\Program Files\iPod\Bin\iPodWatcher.exe
O4 - HKLM\..\Run: [VC6Player] F:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "F:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://azkaar.8m.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093532981673
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0801CEBF-5500-47F2-9AD9-9149DD9326DA}: NameServer = 194.170.1.6,194.170.1.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{0801CEBF-5500-47F2-9AD9-9149DD9326DA}: NameServer = 194.170.1.6,194.170.1.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: vb - F:\WINDOWS\Cursors\vb.dll (file missing)
O23 - Service: iPodSrv - Unknown owner - F:\Program Files\iPod\Bin\iPodSrv.exe
O23 - Service: SpywareCleanerService - Unknown owner - F:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - F:\Program Files\HHVcdV6Sys\VC6SecS.exe



Incident Status Location

Adware:adware/apropos No disinfected Windows Registry
Virus:Trojan Horse Disinfected C:\APPZ\backup data\DVD IT\Setup.exe
Adware:Adware/IST.ISTBar No disinfected C:\APPZ\mIRC_v6[1].16 (www.crack.cd).zip[rwd.exe]
Virus:Trj/Citifraud.A Disinfected C:\IncrediMail Data.cab[Deleted Items.imm][~0000127.~]
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\CxtPls.dll
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\pstub0\proxystub.dll
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[Beyond.class]
Virus:Trj/Agent.AJK Disinfected F:\WINDOWS\system32\pmnli.dll
Adware:Adware/eZula No disinfected F:\WINDOWS\system32\TOPSYS.EXE
Virus:W32/Gaobot.gen.worm No disinfected I:\HDTV EPISODES\windows_xp_sp2_keymaker.rar[windows_xp_sp2_keymaker.exe]

Incident Status Location

Adware:adware/apropos No disinfected Windows Registry
Virus:Trojan Horse Disinfected C:\APPZ\backup data\DVD IT\Setup.exe
Adware:Adware/IST.ISTBar No disinfected C:\APPZ\mIRC_v6[1].16 (www.crack.cd).zip[rwd.exe]
Virus:Trj/Citifraud.A Disinfected C:\IncrediMail Data.cab[Deleted Items.imm][~0000127.~]
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\CxtPls.dll
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\pstub0\proxystub.dll
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36ee7645-7a270cdd.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected F:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69741795-729be81e.zip[Beyond.class]
Virus:Trj/Agent.AJK Disinfected F:\WINDOWS\system32\pmnli.dll
Adware:Adware/eZula No disinfected F:\WINDOWS\system32\TOPSYS.EXE
Virus:W32/Gaobot.gen.worm No disinfected I:\HDTV EPISODES\windows_xp_sp2_keymaker.rar[windows_xp_sp2_keymaker.exe]
  • 0

#4
g2i2r4
Posted 19 October 2005 - 12:17 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please remove Spyware Cleaner!!!

Then, redo the HijackThis part.

***

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

***

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

***

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

***

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP