Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Seen My Problem Solved


  • Please log in to reply
7 replies to this topic

#1 bick

bick

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 05 January 2006 - 11:24 AM

hallo there,
this is probably a silly question, but i'll ask anyway.
While running a search for previous posts concerning my problem office. exe. I came across a solution and was wondering if i could try it out as well or whether the solution was more tailor made for this guys results of his hijack log. Here is the main part of the post concerning the solution.

"Hi, I'm pretty sure that this office.exe is a bad one too and related with the msupdater.exe.

The current formatting of your log makes it difficult to read, so in notepad:
On top, click Format >uncheck Word Wrap

* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".

Now copy the next bold:


C:\WINDOWS\system32\msupdater.exe
C:\WINDOWS\system32\msupdates.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe

Open 'file' in the killboxmenu on top and choose Paste from clipboard

Now you will see, this is pasted in the "Full Path of File to Delete"-field.
There's a little arrow (dropdown-arrow) next to that field.
If you expand it, these lines must be there together if the files are present!

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
When it asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.
Click No at the Pending Operations prompt.

Your computer must reboot now.

After reboot, check and fix next entries in hijackthis again:

O4 - HKLM\..\Run: [msupdater] msupdater.exe
O4 - HKLM\..\RunServices: [msupdater] msupdater.exe

Reboot once again and post a new hijackthislog."

The system was clean after, if wanted here is a link to the post
http://www.bleepingcomputer.com/forums/ind...topic=31779&hl=

Any help would be greatly appreciated. If its cool to carry out these actions i can do them rather than bother u all with my hijack this log

BC AdBot (Login to Remove)

 


#2 bick

bick
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 06 January 2006 - 03:54 PM

Anyone?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 PM

Posted 06 January 2006 - 04:48 PM

What exactly was you're problem. Then some one may be able to address`that issue, more precicely. The post seems to me a bit vague.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 bick

bick
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 06 January 2006 - 06:10 PM

Apologies if i was unclear boopme (i wrote the main details in my hijack this log, i must have assumed you all were psychic, seeing as you cant see that log :thumbsup:),
I have a 2 programs that start every time with windows boots. one in the applications tab of taskbar named 'set up', the other in the processes tab named 'office.exe'. set up is from the office.exe process.
I googled office.exe and according to this site it is a variant of the lovgate virus.
in fact ill paste in my intro to the hijack post


"Hallo helpers, i have a hijack this log below concerning this problem.
In the task manager under applications on every boot-up is the program 'set-up', which is attached to a process called 'office.exe'.
I googled this and saw that it is possibly linked to a lovgate variant, but using various methods including the stinger program from mcafee, (while disabling system restore as instructed), this program wasn't removed. i have Mcafee anti virus and mcafee personal firewall and they havent havent found it either, along with adaware and spybot(having updated both before running it).

I think this was installed when i downloaded a limewire pro set up from a torrent page. 2 of my friends have this problem and they installed the same program. In fact one of my friends tried removing it a while ago and his system couldnt start at all, he deleted the office.exe file,(i've read here that windows service pack 2 can interact badly with some malware causing this problem). So i have been reluctant to remove this file or the limewire install that i assume gave me this virus.
I would appreciate any help as i am completely stumped!
I have a MEDION P4 2.53GHz
512MB of RAM
Running XP Home edition version Service pack 1


That was my hijack post without the log, i hope it clarifies my original problem.
As yet its unanswered, i know about the backlog, so im not moaning.
But looking through a previous post concerning another user, he had the same problem, that was solved for him, by, as my previous post shows these actions, i'll paste in his solution;

"* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".

Now copy the next bold:


C:\WINDOWS\system32\msupdater.exe
C:\WINDOWS\system32\msupdates.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe

Open 'file' in the killboxmenu on top and choose Paste from clipboard

Now you will see, this is pasted in the "Full Path of File to Delete"-field.
There's a little arrow (dropdown-arrow) next to that field.
If you expand it, these lines must be there together if the files are present!

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
When it asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.
Click No at the Pending Operations prompt.

Your computer must reboot now.

After reboot, check and fix next entries in hijackthis again:

O4 - HKLM\..\Run: [msupdater] msupdater.exe
O4 - HKLM\..\RunServices: [msupdater] msupdater.exe"



My question was, do you or whoever :flowers: think this solution would work for me, i didn't want to do exactly the same thing in case our systems are slightly different. And this solution was only applicable to the guy who had posted his hijack this log. It may well be a silly question as im pretty new at this level of spyware/virus cleaning. I peaked at running spybot :trumpet:
Any help very much appreciated
Bick

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 PM

Posted 07 January 2006 - 02:26 AM

bick, Is your log posted to the HijackThis Logs and Analysis Forum HERE already?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bick

bick
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 07 January 2006 - 10:19 AM

yes i have posted a log in there, 5 days ago, as yet unanswered.
But rather than someone going through my log, i wondered whether the solution i found was a general solution that i could use, or a solution that was more specifically for that guys system.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 PM

Posted 07 January 2006 - 11:04 AM

Hi , the reason I asked is that the volunteers that go thru the many logs are doing so on a first in first out basis. Someone will be putting a lot of their time into solving your case. As I viewed the post I replied to to offer some help, I wanted to be sure we don't disrupt the process of repair. The HJT log expert that will reply to you soon is working on what you gave them . If we change anything before or during that process all their work is for naught. Please don not Change anything since you posted your HJT log. Each log is user specific. If we were to attempt to fix something here ,we could alter what they're planning to do . Hence when they reply the fix would be awry. See what I mean. So please be patient and the fix will come and then do exactly as instructed and it will work. I know you just want your PC back, we all do.
Hang in there :thumbsup:
the proceedure for an unansewered HJT posts is here

http://www.bleepingcomputer.com/forums/topic14717.html

Edited by boopme, 07 January 2006 - 11:11 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bick

bick
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 07 January 2006 - 11:23 AM

hi boopme,
I see exactly what you mean, I have been tempted to take the steps shown in the other guys post, and that was the motivation for this post. Now i am very glad i didn't.
Thanks for your replies it clarifies the situation for me
and i'll hang in there :thumbsup:
thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users