Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c:\windows\inf\unregmp2.exe


  • Please log in to reply
3 replies to this topic

#1 jamiem

jamiem

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 12 March 2005 - 07:03 AM

Hi,

I am trying to run my anti virus software and it is getting stuck on c:\windows\inf\unregmp2.exe - I have ran spybot S&D and Adaware 6 with no avail.

Some other free scans i have performed are still showing a trojan.

Please Help.

Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 11:55:02, on 12/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetIntelligence Home\LiteClient.exe
C:\WINDOWS\system32\srvmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\NetIntelligence Home\LiteClientAM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetIntelligence Home\AMMon.exe
C:\program files\Mozilla Firefox\firefox.exe
C:\program files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NIHomeAM] "C:\Program Files\NetIntelligence Home\LiteClientAM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\NetIntelligence\NetIntelligence Anti-Virus\kav.exe /minimize
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nihlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nihlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nihlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nihlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\NetIntelligence\NetIntelligence Anti-Virus\kavsvc.exe
O23 - Service: NetIntelligence Home Client (NILiteClient) - iomart Ltd - C:\Program Files\NetIntelligence Home\LiteClient.exe
O23 - Service: Service Monitor (ServiceMonitor) - Unknown owner - C:\WINDOWS\system32\srvmon.exe


Mod Edit: This has been moved to a more appropriate Forum.

Edited by scarlett, 12 March 2005 - 07:58 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:43 AM

Posted 12 March 2005 - 04:53 PM

I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory:

c:\windows\system32\nihlsp.dll

To copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder and rename submit.zip to yourmembername.zip (for example grinler.zip). If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com/submit-malware.php fill in the required fields, and browse to the file. Then click on the Send File button.

#3 jamiem

jamiem
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 12 March 2005 - 09:06 PM

Hi Grinler,

I have submitted the folder requested.

I appreciate your help!

Thanks again,

Jamie

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:43 AM

Posted 13 March 2005 - 01:07 AM

That file is ok .... i do not see anything else thats really a problem. This one:

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


i would advise you to fix as its currently unsure.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users