Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with se.dll


  • Please log in to reply
1 reply to this topic

#1 Escalade_GT

Escalade_GT

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 February 2005 - 11:34 PM

This thing is horrible. Many thanks to anybody that can help.
Here's my logfile:


Logfile of HijackThis v1.99.1
Scan saved at 10:33:20 PM, on 2/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Serv-U\ServUAdmin.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\FlashFXP\flashfxp.exe
C:\Program Files\Serv-U\ServUAdmin.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Hax0r\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O18 - Filter: text/html - {AA161CBC-0C91-416E-8292-3E62A9BF67B0} - C:\WINDOWS\System32\hphkoc.dll

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 AM

Posted 24 February 2005 - 12:22 AM

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

And press enter. You will now be presented with new information in the bottom right and left sections and on the right section, the name AppInit_DLLs should be highlighted. Double-click on the AppInit_DLLs entry and copy and paste the text found in the value field in your next reply to this post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users