Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdooor.Small.eo,constant crashes and popups [CLOSED]


  • This topic is locked This topic is locked

#16
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

I've had a chance to analyse the WinPfind log and found two bad guys.

Please install Killbox by Option^Explicit.
  • Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
  • In the Killbox programme, select the Delete on Reboot option.
  • Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\SYSTEM32\Drahcyk1.xml
C:\WINDOWS\SYSTEM32\NewDrahcyu1.xml

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Any better?
  • 0

Advertisements


#17
vincent_mills

vincent_mills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Well pop ups have not stoped. And also I still can't see that "C:\\WINDOWS\System32" folder that used to be there? But if you don't have any answers to this then I'm fine anyways you've helped me out alot thanks.
  • 0

#18
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
I think that now is a good time to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

That might bring back your folder. For your pop-up, adjust your firewall (Sygate is good for this) so that nothing is allowed. Then one by one as the requests are made for permission, allow one at a time until the pop-ups start again. Then you'll know which programme is causing it.
  • 0

#19
vincent_mills

vincent_mills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi I unchecked my protected files thing and there it was all along:P But I used to be able to see it without having to view hidden protected files.. So yeah all my problem is are those pop ups and once I use my firewall I will get rid of them thanks for everything. Do you still have a list of those downloads I can download to help me be more protected in the future?
  • 0

#20
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Just scroll back in the thread. However, the Sygate firewall, which I definitely recommend for your pop-up problem can be found here: http://www.tucows.com/preview/213160

Edited by Crustyoldbloke, 27 October 2005 - 01:38 PM.

  • 0

#21
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP