 ProcAddressHijack ?, What is ProcAddressHijack? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
  Nov 5 2009, 07:06 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 5-November 09 Member No.: 399,096  |
I am trying to fix toshiba laptop vista home premium 64 bit SP1. I ran AVZ and it shows in the result the following 3 lines in red (all 3 saying the same words but different numbers): Function user32.dll:intercepted, method ProcAddressHijack.GetProcAddress... =...... =...... and in the end: malicious software found 0, suspicions - 0 Malwarebyte , SuperAntispyware and Mcafee did not find anything, though. Is it a rootkit that has taken over the user32.dll of vista? My concern is: why AVZ shows that thing in RED? and then tells no malware found in the end. I'd appreciate if some knowledgeable geek will help me with this plz. thanks |
 |
 
|
|
Nov 7 2009, 09:21 PM
Post
#2
|
|
 Computer Masochist Group: Moderator Posts: 27,777 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
Welcome to BC
 We Need to check for Rootkits with RootRepeal
---------------------------------- Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High Also try: right-click on rootrepeal.exe and rename it to tatertot.scr ========================  Please download Win32kDiag.exe by AD and save it to your desktop. alternate download 1 alternate download 2
 Go to  > Run..., then copy and paste this command into the open box: cmdClick OK. At the command prompt C:\>, copy and paste the following command and press Enter: CODE DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt A file called log.txt should be created on your Desktop. Open that file and copy/paste the contents in your next reply. -------------------- Mark
 why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
on your desktop.
tab.
button.
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please. |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 15th March 2010 - 08:30 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.