|
|
|
re: spyware?
Tuesday, January 18, 2005 at 6:11 am
Windows XP Annoyances Discussion Forum
Posted by Falcon
(13489 messages posted)
Odd. Once again, the hijacker seems to be disappearing in pieces.
We'll just continue attacking it and see if it'll go away before trying more drastic
measures... :)
- Download the Pocket Killbox: http://www.bleepingcomputer.com/files/killbox.php
- Reboot to Safe Mode
- End these processes in Task Manager, if running:
- C:\WINDOWS\system32\ieng.exe
- C:\WINDOWS\ipwd32.exe
- C:\WINDOWS\System32\Vocaav.exe
- C:\WINDOWS\System32\HinEV5G.exe
- C:\WINDOWS\system32\Jel387h.exe
- WindowsUpdate72843[1].exe
- C:\WINDOWS\system32\netvn.exe
- Fix these with HijackThis:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {30C16827-1FE8-9C39-95A4-CA3E7FEC6A5D} - C:\WINDOWS\system32\sdkid32.dll
O4 - HKLM\..\Run: [5CL8NTE2LGG@XK] C:\WINDOWS\system32\Jel387h.exe
O4 - HKLM\..\Run: [ipwd32.exe] C:\WINDOWS\ipwd32.exe
O4 - HKLM\..\RunOnce: [ieng.exe] C:\WINDOWS\system32\ieng.exe
O4 - Startup: WindowsUpdate72843[1].exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\netvn.exe (file missing)
- Delete these files. Make sure hidden any system files are visible.
- C:\WINDOWS\system32\sdkid32.dll
- C:\WINDOWS\system32\ieng.exe
- C:\WINDOWS\ipwd32.exe
- C:\WINDOWS\System32\Vocaav.exe
- C:\WINDOWS\System32\HinEV5G.exe
- C:\WINDOWS\system32\Jel387h.exe
- WindowsUpdate72843[1].exe
- C:\WINDOWS\system32\netvn.exe
If you are unable to delete a file, try these simple steps to remove them:
- Rename the file, then delete it.
- Open the file in a text editor. Edit->Select All. Delete. Save. Close the
text editor. Right-click the file->
Properties->Check the "Read Only" box. Delete the file after a reboot.
- The KillBox
- Reboot normally and post another HijackThis log.
The Wereotter
- Written in response to:
- re: spyware? (Willie: Monday, January 17, 2005 at 10:46 pm)
Responses to this message:
 | re: spyware? (Willie: Tuesday, January 18, 2005 at 11:29 am) |
|
|
All messages in this thread [show all]
 | spyware? (meyer: Tue, Aug 3, 2004, 12:06 pm) |
 |  | | | | | | re: spyware? (Falcon: Tue, Jan 18, 2005, 6:11 am) |
| |
| |
Return to the Windows XP Discussion Forum
|
|
|
|
