Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have...


  • Please log in to reply
5 replies to this topic

#1 raksu

raksu

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 18 November 2004 - 03:08 AM

...that:
http://www.bleepingcomputer.com/forums/t/4210/how-to-remove-aboutblank-aboutnavigationfailure-sedll/

But I can't get rid of it. That instruction does not work or I am missing something...


1. Hidden files are visible

2. c:\regbackup created.

3. I run Registrar Lite

4. I enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows into the address field and press I enter on my keyboard. On the left side of the screen the Windows key is selected and highlighted purple.

5. With the Windows key highlighted I click on the File menu, and then I click on export.

6. I enter winkey.reg in the name field and change the Save as Type to Regedit4 standard .reg files (*.reg)

7. I change the Save in: dropdown menu to c:\regbackup

8. I press the Save button

9. With the Windows key highlighted again I click on the File menu, and then I click on export.

10. I enter Winkey.hiv in the name field and change the Save as Type to Regedt32/WinApi hive files (*.hiv,*.dat, *.*)

11. I change the Save in: dropdown menu to c:\regbackup

12. I press the Save button

13. When both backups are successfully saved, I right-click on the highlighted Windows key and I click on the rename option. I rename the Windows key to Windows1.

14. With Windows1 highlighted, I look in the right section and double-click on AppInit_DLLs and clear the text in the Value field. That is the dll I have seen previously. Cleared. I press Apply. The I press Ok.

15. I rename Windows1 back to Windows and exit the Registrar Lite.

16. I reboot my computer.

17 When I'm back at my desktop, I navigate to the c:\regback folder. Double-click on the winkey.reg file. When it prompts: if you would like to import/merge the data, I press the Yes button

18. I run Registrar Lite again

19. I enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows into the address field and I press enter on my keyboard. On the left side of the screen the Windows key is selected and highlighted purple.

20. While the Windows key is selected (highlighted purple/blue) in the left window, I click on File and then Import.

21. I browse to c:\regback and select the winkey.hiv file that I created earlier and I press the Open button. Then I press the OK button.

22. Now I double-click on the AppInit_DLLs key in the right section of the windows and clear the text in the Value field. That same dll was there again. Cleared. Then I press Apply, and then Ok.

23. I exit Registrar Lite

.
.
.
At which point that dll should be gone? Every time I start Registar Lite end check that AppInit_DLLs key value, it contains that dll. Have I done something wrong??

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:22 PM

Posted 18 November 2004 - 09:43 PM

Create a directory on your hardrive, to save HijackThis.exe, called c:\hijackthis. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Download the latest version, from here.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum. Do not fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

#3 raksu

raksu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 November 2004 - 04:54 AM

I have already done that all. I have HJT. I have posted its logfile to a Finnish HJT forum. They suggested me to try that advice. That is how I found my way to here to try that:
http://www.bleepingcomputer.com/forums/t/4210/how-to-remove-aboutblank-aboutnavigationfailure-sedll/

But I can't get rid of that dll file that is in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
And its AppInit_DLLs key value.

#4 Indrid_Cold

Indrid_Cold

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 19 November 2004 - 06:41 AM

Greetings raksu.

We need to see your HJT log before we will make any recommendations. Please do as Grinler advised and post your log in this thread so we may review it.

Also:

Please download DllCompare (CWS HiddenDLLFinder) HERE

Launch the program and click the "Run Locate.com" button.
Then click the "Compare" button (this will take a little while)
When it finishes click the "Make Log" button.

Please copy and paste the log in this thread using the ADD/REPLY button.
Hope is not a method.

ASAP Proud member since 2004
Alliance of Security Analysis Professionals

#5 raksu

raksu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 19 November 2004 - 11:25 AM

As I tols this is the problem. Here is what CWS HiddenDLLFinder finds:

* DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\kbdpfp.dll Sat 20 Mar 2004 9.47.48 A.... 21 504 21,00 K
________________________________________________

1 280 items found: 1 280 files, 0 directories.
Total of file sizes: 265 516 084 bytes 253,21 M

Administrator Account = True

--------------------End log---------------------

#6 Indrid_Cold

Indrid_Cold

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 19 November 2004 - 12:09 PM

Thank you for the DLLCompare Log raksu.

I await your HijackThis log so we may begin to clean things up.

Please note:
If you reboot your computer after having posted your DLLCompare log, you will need to run DLLCompare again and post a new log.

Edited by Indrid_Cold, 19 November 2004 - 12:14 PM.

Hope is not a method.

ASAP Proud member since 2004
Alliance of Security Analysis Professionals




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users