User User name Password  
   
Tuesday 12.11.2024 / 08:39
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help with virus! i have tried everything!
Show topics
 
Forums
Forums
Need help with virus! I have tried everything!
  Jump to:
 
Posted Message
cjp6398
Newbie
_
6. January 2006 @ 10:26 _ Link to this message    Send private message to this user   
Logs below!

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 3:05:27 PM, on 1/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\gld.exe
C:\WINDOWS\System32\gld.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 7 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*htt...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*ht...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\gld.exe
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

end of log

windelf log:

************************
* WIN32DELFKIL LOGFILE *
************************


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
alt.exe

File(s) found in system32 folder
--------------------------------
browsela.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{31EE3286-D785-4E3F-95FC-51D00FDABC01} REG_SZ Master Browseui

Notify key
----------
subkey browsela is present!
Advertisement
_
__
cjp6398
Newbie
_
6. January 2006 @ 11:16 _ Link to this message    Send private message to this user   
Somebody help?
Jeanc1
Suspended permanently
_
6. January 2006 @ 11:26 _ Link to this message    Send private message to this user   
Your log shows :-
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll

You have to get this off your PC !

That is a leftover from EWIDO... ! Get the FREE Pocket Killbox here:- http://www.bleepingcomputer.com/files/killbox.php

Start it up.. and open C:\WINDOWS\system32\browsela.dll -- click and hold browsela.dll then slide it in the window of the KillBox

Tick Delete at next REBOOT --- Ok then

Reboot your Pc.. the critter will be gone.

Reset your homepage to wherever it was before.

This message has been edited since posting. Last time this message was edited on 6. January 2006 @ 11:29

cjp6398
Newbie
_
6. January 2006 @ 17:26 _ Link to this message    Send private message to this user   
I'm getting a blue screen on a normal boot up because it says windows can't find C:\windows\inet2001\winlogon.exe

Any ideas?
cjp6398
Newbie
_
6. January 2006 @ 17:31 _ Link to this message    Send private message to this user   
Kill box is saying pendingfilerename operations registry data removed by an external process.

What does this mean?
Advertisement
_
__
 
_
-kemisti-
AfterDawn Addict
_
7. January 2006 @ 00:50 _ Link to this message    Send private message to this user   
It means that file already deleted or something. That windelf log isn't complete. Send it again.

Also, fix these lines:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*htt...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*ht...
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\gld.exe
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - (no file)
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe

And delete these also with eg. Killbox same way as Jeanc1 already told you:

C:\WINDOWS\System32\gld.exe
C:\WINDOWS\alt.exe
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help with virus! i have tried everything!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork