Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started out as malware..now it's ?


  • Please log in to reply
2 replies to this topic

#1 Bodhaiii

Bodhaiii

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 07 February 2009 - 12:18 PM

Hi! Thanks for putting up a site to help balance out all of the crap people put on the net!

I have a computer that is infected with something, but I can't find what it is. I found some files on it called "reader_s.exe" "winlogonn.exe" "csrssc.exe" "ntdll64.dll" "nt64dll.exe" "twext.exe" "ezkapxi.sys" "tfutdll.sys" "hs78k4rgf4d.dll", my hosts file points to some zief.pl place that keeps sending my browser to hell and back. I downloaded HJT and deleted everything that I could figure out, on my own, that wasn't supposed to be there. I still couldn't get it to work right so I reloaded WinXP. I keep my system files on a seperate partition but I think that may be messing me up right now. There has to be something else on the other partition that keeps reinfecting everything.

Is there anyway you can help me find out what is going on?

Thank you for your time and efforts!!

BC AdBot (Login to Remove)

 


#2 Bodhaiii

Bodhaiii
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 07 February 2009 - 12:59 PM

Looks like joyjocelyn has the same thing as I do. I should probably download the Malwarebytes and see if that helps me too.

#3 Bodhaiii

Bodhaiii
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 07 February 2009 - 02:34 PM

Found this listed on McAfee's site concerning the hosts files:

http://vil.mcafeesecurity.com/vil/content/v_154029.htm

I found the registry settings and deleted them. I didn't find any of the *.tmp files though.

*update*

Rebooted and the registry settings were back again, bummer.

Edited by Bodhaiii, 07 February 2009 - 02:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users