Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wininet.dll Infected


  • Please log in to reply
7 replies to this topic

#1 mjmondry20

mjmondry20

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 November 2005 - 01:37 AM

The other day I noticed I had PS guard downloaded on my computer. I tried to uninstall manually but of course it came right back as soon as I connected to the internet. I ran smitrem and it stated that wininet.dll was infected. Any suggestions would be great.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:22 AM, on 11/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: @Home - {66834EE0-333E-11D8-9E86-0010B567C549} - http://www/ (file missing) (HKCU)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab


smitRem log file
version 2.7

by noahdfear


Windows 98 [Version 4.10.2222]


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~






~~~~ wininet.dll ~~~~

wininet.dll INFECTED!! :thumbsup:



PLEASE HELP

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:55 AM

Posted 27 November 2005 - 04:57 AM

I ran smitrem and it stated that wininet.dll was infected


The smitrem tool would have fixed it i imagine.

David

#3 mjmondry20

mjmondry20
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 November 2005 - 11:47 AM

You would think so but it did not. All it says is go to Panda so it can fix it, but Panda just runs a scan without disinfecting it.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:55 AM

Posted 27 November 2005 - 11:55 AM

Can you post the Panda Scan Log here

David

#5 mjmondry20

mjmondry20
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 November 2005 - 02:31 PM

Active Scan Report

Incident Status Location

Adware:Adware/PsGuard Not disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:Adware/Startpage.AJF Not disinfected C:\WINDOWS\SYSTEM32\shdocnvt.dll

#6 mjmondry20

mjmondry20
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 November 2005 - 07:19 PM

Jotti's malware scan 2.99-TRANSITION_TO_3.00

File to upload & scan:
Service
Service load: 0% 100%

File: oleext.dll
Status: INFECTED/MALWARE
MD5 aa6a2f89d2c689a166358686b8068995
Packers detected: -
Scanner results
AntiVir Found Trojan/Small.EV.262
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic.DNZ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.Popuper
F-Prot Antivirus Found nothing
Fortinet Found W32/Small.EV-tr
Kaspersky Anti-Virus Found Trojan.Win32.Small.ev
NOD32 Found nothing
Norman Virus Control Found W32/Smalldrp.FEX
UNA Found Trojan.Win32.Small
VBA32 Found Embedded.Trojan-Downloader.Win32.Small.vu (probable variant)

#7 mjmondry20

mjmondry20
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 November 2005 - 10:43 PM

Rebooted in Safe Mode,

Uninstalled psguard,

Deleted psguard.exe and anything else associated w/ psguard under search,

Deleted oleext.dll,

And everything seems to be ok.

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:55 AM

Posted 30 November 2005 - 03:47 PM

Did you delete this?

C:\WINDOWS\SYSTEM32\shdocnvt.dll

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users