Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack Log... Pls Help


  • This topic is locked This topic is locked
8 replies to this topic

#1 pawell

pawell

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 21 March 2006 - 07:46 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:37:40 AM, on 3/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Win32Update.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\win32update.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Pawel\My Documents\D0wnl0ads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win Update] C:\WINDOWS\System32\oleupdate.exe
O4 - HKLM\..\Run: [Win32 Update] C:\WINDOWS\System32\win32update.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: AntiVir Guard.lnk = C:\Program Files\AVPersonal\AVGNT.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A048BA-82FD-479F-AABE-7A5E577EEC32}: NameServer = 71.250.0.12 151.197.0.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: svchost - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

pls help... by the way gg-gadugadu is like aim but its for polacks, i am polish

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:38 PM

Posted 21 March 2006 - 09:48 AM

Hello and welcome.. :thumbsup:

Lets clear up your infections.

==

Click Start -> Run and type in:

services.msc

Click "OK".

In the services window find services (one-at-a-time); Performance True Type Font
Local Security Authority Subsystem Service
svchost


Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled" (For each of the services). Click Apply then "Ok". Exit the Services utility.

==

Next:

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

@echo off
sc delete svchost
sc delete PerfFont
sc delete lsass


Double-click on Removeservice.bat. A window will pop up and close. This is normal. Please reboot.

==

Once done:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\oleupdate.exe
    C:\WINDOWS\System32\win32update.exe
    C:\WINDOWS\lsass.exe
    C:\WINDOWS\System32\perfont.exe
    C:\WINDOWS\svchost.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Finally:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a fresh HijackThis log. :flowers:

Edited by Rawe, 21 March 2006 - 09:49 AM.

Hi there, stranger!

#3 pawell

pawell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 21 March 2006 - 03:01 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:23:35 PM, on 3/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Win32Update.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\win32update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Pawel\My Documents\D0wnl0ads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Win32 Update] C:\WINDOWS\System32\win32update.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: AntiVir Guard.lnk = C:\Program Files\AVPersonal\AVGNT.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A048BA-82FD-479F-AABE-7A5E577EEC32}: NameServer = 71.250.0.12 151.197.0.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\WINDOWS\fwnet64.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
O23 - Service: WinVideoDriver (WinVideo16) - Unknown owner - C:\WINDOWS\Win32Update.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)



and activescan


Incident Status Location


Incident Status Location

Adware:Adware/WUpd Not disinfected C:\WINDOWS\SYSTEM32\WIN32UPDATE.EXE
Adware:adware/superspider Not disinfected C:\WINDOWS\SYSTEM32\a.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard21.dat
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Virus:W32/Sdbot.GUR.worm Not disinfected C:\!KillBox\svchost.exe
Adware:Adware/WUpd Not disinfected C:\!KillBox\win32update.exe
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C58ZKFCX\181-update1[1].exe
Adware:Adware/WUpd Not disinfected C:\iexplorer.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Virus:W32/Sdbot.GUR.worm Not disinfected C:\WINDOWS\svchost(2).exe
Virus:W32/Sdbot.GUN.worm Not disinfected C:\WINDOWS\system32\a.exe
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\awvtq.dll
Virus:W32/Sdbot.FQE.worm Not disinfected C:\WINDOWS\system32\eraseme_65338.exe
Virus:W32/Sdbot.ftp Not disinfected C:\WINDOWS\system32\i
Virus:Trj/Mutech.E Not disinfected C:\WINDOWS\system32\wbem\wmiprvi.dll
Adware:Adware/WUpd Not disinfected C:\WINDOWS\system32\win32update.exe
Virus:W32/Sdbot.GUN.worm Not disinfected C:\WINDOWS\win32ssr.exe
Virus:Bck/Sdbot.GCN Not disinfected C:\WINDOWS\wkssvc.exe

Edited by pawell, 21 March 2006 - 07:24 PM.


#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:38 PM

Posted 22 March 2006 - 12:42 AM

Hi.. Lets continue. :thumbsup:

Not sure where you get these services..

Please do this..

Click Start -> Run and type in;

services.msc

Click "OK".

In the services window find services (one at-a-time); fwnet64
WinVideoDriver


Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled" (For each of the services). Click Apply then "Ok". Exit the Services utility.

==

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Fixservice.bat. to your desktop.

@echo off
sc delete fwnet
sc delete WinVideo16


Double-click on Fixservice.bat. A window will pop up and close. This is normal. Please reboot.

==

Run Killbox again:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\SYSTEM32\WIN32UPDATE.EXE
    C:\WINDOWS\SYSTEM32\a.exe
    C:\WINDOWS\keyboard21.dat
    C:\WINDOWS\NDNuninstall7_22.exe
    C:\iexplorer.exe
    C:\WINDOWS\NDNuninstall7_22.exe
    C:\WINDOWS\svchost(2).exe
    C:\WINDOWS\system32\actskn45.ocx
    C:\WINDOWS\system32\awvtq.dll
    C:\WINDOWS\system32\eraseme_65338.exe
    C:\WINDOWS\fwnet64.exe
    C:\WINDOWS\system32\wbem\wmiprvi.dll
    C:\WINDOWS\win32ssr.exe
    C:\WINDOWS\wkssvc.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Once rebooted, delete the following folder:

C:\WINDOWS\system32\i

Empty recycle bin.

==

Run a scan with HijackThis and check the following object for removal (if present):

O4 - HKLM\..\Run: [Win32 Update] C:\WINDOWS\System32\win32update.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED.

==

Post back with a fresh log and let me know how's the system running now. :flowers:
Hi there, stranger!

#5 pawell

pawell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 22 March 2006 - 07:26 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:25:12 AM, on 3/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pawel\My Documents\D0wnl0ads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: AntiVir Guard.lnk = C:\Program Files\AVPersonal\AVGNT.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A048BA-82FD-479F-AABE-7A5E577EEC32}: NameServer = 71.250.0.12 151.197.0.39
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

#6 pawell

pawell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 22 March 2006 - 07:30 AM

all this happened because last week, on wednesday my cousin came over because he wanted to skip school.. and he dled pbk( the perfect keylogger)
and i think thats where the viruses came from...
thanks for helping me :]]]]

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:38 PM

Posted 22 March 2006 - 09:06 AM

Hi.. Lets continue. :thumbsup:

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeit.bat. to your desktop.

@echo off
sc stop "Microsoft Windows Update Service"
sc delete "Windows Update Service"


Double-click on Removeit.bat. A window will pop up and close. This is normal. Please reboot.

==

Delete the following file after reboot if present:

C:\WINDOWS\services.exe

==

Next:

Create a folder on your desktop called Sysclean.

Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)

Unzip lptXXX.zip and you'll get a file lpt$vpn.XXX.

Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and double-click sysclean.com.
Check: "Automatically clean or delete detected files."
Click "Scan".
When the scan is finished, select: "View log".

Copy and paste this log in your next reply. :flowers:
Hi there, stranger!

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:38 PM

Posted 22 March 2006 - 09:11 AM

Could you also please post this:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post

Hi there, stranger!

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:38 PM

Posted 27 March 2006 - 07:29 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users