Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yellow Triangle With Exclamation Point On Task Bar...


  • Please log in to reply
2 replies to this topic

#1 david gonzo

david gonzo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 20 June 2007 - 03:38 PM

Hello,
I am running Windows XP with SP2 installed on a Dell Latitude D610 Laptop.


I was visiting a website the typical popup showed asking about security, etc. etc. I also noticed that as I did this the cursor was showing as if something was processing and then my computer rebooted by itself! After it started again the computer was showing that 99% of the cpu was being used and everything was at a crawl. I also noticed that a yellow triangle with an exclamation point in it was now in my task bar. Even in safe mode the triangle appears after about thirty minutes. I have also noticed web pages closing by themselves and when I was trying to download some of you guys fixes, they would start but then just terminate and disapear. I am familar with HJT and some of the other goodie applications. I just need help because this time this malware is quite the stubborn one...



I rebooted to Safe Mode and ran smit fraud. SmitFraud produced the following log: (I ran SmitFraud in SafeMode)

SmitFraudFix v2.195

Scan done at 15:32:01.09, Wed 06/20/2007
Run from C:\Documents and Settings\User1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process


hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\User1


C:\Documents and Settings\User1\Application Data


Start Menu





Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{42248C91-2117-477B-AC0E-C280556B1001}"="erucjtekiywa"

[HKEY_CLASSES_ROOT\CLSID\{42248C91-2117-477B-AC0E-C280556B1001}\InProcServer32]
@="C:\WINDOWS\system32\erucjtekiywa.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{42248C91-2117-477B-AC0E-C280556B1001}\InProcServer32]
@="C:\WINDOWS\system32\erucjtekiywa.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3578CC4F-0E1F-445E-8072-E78435C71001}"="licldhyepfwk"

[HKEY_CLASSES_ROOT\CLSID\{3578CC4F-0E1F-445E-8072-E78435C71001}\InProcServer32]
@="C:\WINDOWS\system32\licldhyepfwk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3578CC4F-0E1F-445E-8072-E78435C71001}\InProcServer32]
@="C:\WINDOWS\system32\licldhyepfwk.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{53B5F2B1-94DD-43E5-8187-EB4E31F00701}"="za"

[HKEY_CLASSES_ROOT\CLSID\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}\InProcServer32]
@="C:\WINDOWS\system32\d3acdb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}\InProcServer32]
@="C:\WINDOWS\system32\d3acdb.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS



Scanning for wininet.dll infection

BC AdBot (Login to Remove)

 


#2 david gonzo

david gonzo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 20 June 2007 - 03:41 PM

THis is too wierd: When I try and run HiJackthis it will not run it...It starts and then crashes. I have been expiriencing this with other applications.

#3 david gonzo

david gonzo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 20 June 2007 - 03:48 PM

I am noticing anytime that I try and download HJT or open a current file that I have it automatically shuts down the webpage and/or the program will not run...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users