Need help with virus! I have tried everything!

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Saturday 23.11.2024 / 03:20

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help with virus! i have tried everything!

Browse by topic

Forums

Start a new thread

Need help with virus! I have tried everything!

Jump to:

Posted

Message

cjp6398

Newbie

6. January 2006 @ 10:26

Link to this message

Logs below!

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 3:05:27 PM, on 1/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\gld.exe
C:\WINDOWS\System32\gld.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 7 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*htt...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*ht...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\gld.exe
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

end of log

windelf log:

************************
* WIN32DELFKIL LOGFILE *
************************

BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
alt.exe

File(s) found in system32 folder
--------------------------------
browsela.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{31EE3286-D785-4E3F-95FC-51D00FDABC01} REG_SZ Master Browseui

Notify key
----------
subkey browsela is present!

[ + quote]

cjp6398

Newbie

6. January 2006 @ 11:16

Link to this message

Somebody help?

[ + quote]

Jeanc1

Suspended permanently

6. January 2006 @ 11:26

Link to this message

Your log shows :-
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll

You have to get this off your PC !

That is a leftover from EWIDO... ! Get the FREE Pocket Killbox here:- http://www.bleepingcomputer.com/files/killbox.php

Start it up.. and open C:\WINDOWS\system32\browsela.dll -- click and hold browsela.dll then slide it in the window of the KillBox

Tick Delete at next REBOOT --- Ok then

Reboot your Pc.. the critter will be gone.

Reset your homepage to wherever it was before.

[ + quote]

This message has been edited since posting. Last time this message was edited on 6. January 2006 @ 11:29

cjp6398

Newbie

6. January 2006 @ 17:26

Link to this message

I'm getting a blue screen on a normal boot up because it says windows can't find C:\windows\inet2001\winlogon.exe

Any ideas?

[ + quote]

cjp6398

Newbie

6. January 2006 @ 17:31

Link to this message

Kill box is saying pendingfilerename operations registry data removed by an external process.

What does this mean?

[ + quote]

-kemisti-

AfterDawn Addict

7. January 2006 @ 00:50

Link to this message

It means that file already deleted or something. That windelf log isn't complete. Send it again.

Also, fix these lines:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*htt...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*ht...
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\gld.exe
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - (no file)
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe

And delete these also with eg. Killbox same way as Jeanc1 already told you:

C:\WINDOWS\System32\gld.exe
C:\WINDOWS\alt.exe

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help with virus! i have tried everything!


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.