Jump to content


Photo

CWS Variant reloading itself.


  • Please log in to reply
31 replies to this topic

#1 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 20 May 2004 - 10:33 PM

Hello Everyone, I have a problem with what I believe to be a CWS variant coming right back after i run CWShredder. I have ran the coolwebsearch smartkiller and it turns up nothing, but when I try to run Norton Anti-Virus, Spybot Search And Destroy, or HijackThis they all close after a few seconds. Also I don't know if it is this problem or another, but something messed up my Internet Connection on the infected computer so I am using a laptop connected to a wireless network. I ran HijackThis and quickly scanned and made a screenshot of the scan results but I'm not sure if that helps any. Well here is the shot..

Posted Image

Any help would be greatly appreciated.

-edit
Also I have read the FAQ and I have tried the things mentioned.

Edited by *Spyware_Sucks, 20 May 2004 - 10:37 PM.


#2 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 20 May 2004 - 11:15 PM

Regedit also closes within seconds..

#3 CFRTim

CFRTim

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 20 May 2004 - 11:57 PM

I have the same problem too. I can't get Hijackthis to run for more than a few seconds. I also can't even find the Hijackthis file in the directory where it used to be, or when I insert a CD where I also have the file. The only way I can run Hijackthis when computer is in safe mode, and only from the RUN command.
One suspect thing I see in your log is the "svhost.exe-sr -0" line. I have it also, and can't remove it; even if I do it with regedit, I erase it but it comes right back.
Good Luck, and let me know of any progress.

Tim

#4 cadaverlab

cadaverlab

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 21 May 2004 - 12:43 AM

c:\winnt\system32\wind.exe

reference this:
http://www.pestpatro.../wind_prank.asp

delete the file and the system process.

delete all of the bad R0 and R1 entries on your registry with hijackthis.

That's a good start.

#5 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 12:55 AM

To do this should i go into safe mode because regedit closes within seconds of opening along with hijackthis.

#6 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 11:58 AM

Okay, I have gone into safe mode and used HijackThis (which works :D) to remove wind.exe and svhost.exe. I do not know what to do next if someone could give me some more advice.


Thank you for time out of your day.

#7 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 12:39 PM

It would help a whole lot to fix this internet thing soon if possible. I ran LSP-Fix but it did not put anything in the remove section and it had only two things in the keep section. I'm wondering if that is relevant?

Thanks

#8 cadaverlab

cadaverlab

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 21 May 2004 - 12:53 PM

You have to delete the file too.

In safe mode, command prompt; type:

delete c:\winnt\system32\wind.exe

AND

delete c:\winnt\system\blank.html

AND

delete c:\winnt\svhost.exe

Then, run pest patrol, since you have that on your comp already.

Make sure that you've used hijackthis to remove the R0 and R1 entries.

Do all of the following, and reboot TWICE....

You want to reboot several times so that you can be sure to initiate whatever reinfection method is going on.

Then give me your new hijackthis log, even if everything is okay.

Hopefully this will work.

#9 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 01:04 PM

Ok I booted up into 'Safe Mode With Command Prompt' and i typed in
"delete c:\winnt\system32\wind.exe" and it came up with a problem saying "'delete' is not recognized as an internal or external command, operable program or batch file."

What should I do about this?

#10 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 01:39 PM

Also I had Spybot Search And Destroy but the trojan seemed to have uninstalled it from the computer along with hijackthis but luckily Hijackthis is small enough to transfer with a floppy disk. The trojan didn't touch Ad-Aware or PestPatrol though.

#11 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 21 May 2004 - 01:47 PM

just use
del

not delete



#12 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 02:08 PM

Ok it seemed to delete wind.exe and then it said that it "Could not find c:\winnt\system\blank.htm" or c:\winnt\svhost.exe, so i am guessing that HijackThis deleted svhost? I don't know about blank.htm

#13 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 21 May 2004 - 02:11 PM

post a hijackthislog. Do not use a screenshot. Hit scan. The scan button will turn to save log. save the log and notepad will open. Copy and paste the contents here.



#14 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 02:21 PM

I found that when HijackThis is named HijackThis then the program dissapears from where it was previously. So I had to retransfer the prgram with a floppy and renamed it HJT12.



Logfile of HijackThis v1.97.7
Scan saved at 2:17:00 PM, on 5/21/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\New Folder\HJT12.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~3\dpps2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BIRDSTOP] C:\PROGRA~1\PROGRA~1\Option deaf.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: PeerGuardian_1.99b_pr7.lnk = C:\Program Files\PeerGuardian_1.99pr7\PeerGuardian_1.99b_pr7.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx

#15 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 02:33 PM

I scanned the computer with PestPatrol which probably is not completely up-to-date but not far behind. It did not find anything! :D

-edit

whoops I forgot to restart twice before posting the hijackthis log. Tell me if I should post a fresh one.

Edited by *Spyware_Sucks, 21 May 2004 - 02:35 PM.


#16 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 03:11 PM

Im lost on what to do next if someone could help.

#17 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 04:31 PM

Ok when i go in the normal way, I can run Norton but to my luck the trial for it has gone out. So it looks like we got some of it out :D

#18 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 21 May 2004 - 06:22 PM

Well here is my hijackthis log after i rebooted a couple of times.


Logfile of HijackThis v1.97.7
Scan saved at 4:23:33 PM, on 5/21/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINNT\System32\hphmon04.exe
C:\PROGRA~1\PANICW~1\POP-UP~3\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PROGRA~1\Option deaf.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINNT\System32\HPHipm11.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\PeerGuardian_1.99pr7\PeerGuardian_1.99b_pr7.exe
C:\New Folder\HJT12.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~3\dpps2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BIRDSTOP] C:\PROGRA~1\PROGRA~1\Option deaf.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: PeerGuardian_1.99b_pr7.lnk = C:\Program Files\PeerGuardian_1.99pr7\PeerGuardian_1.99b_pr7.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...alls/yinstc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx


Any help will be GREATLY appreciated.

#19 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 22 May 2004 - 12:35 AM

GREAT News! The program WinsockFix has helped me regain internet on the infected machine! Hooorah!

#20 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 22 May 2004 - 10:50 AM

Well I am going out of town for a day but I will be back on monday. If someone could please look over my logs it would be great.

#21 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 22 May 2004 - 03:42 PM

bump, cya

#22 CFRTim

CFRTim

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 May 2004 - 04:13 PM

Sorry for the delay, but I was out of town . Anyway, I fix my problem by using the System Restore function of XP; and I restored my computer to 3 days before I was getting the problem. Now I can run Hijacktis and all other programs with no problem; and there is no sing of "svhost.exe" file anywhere on my computer. But
if you can't use System Restore, here is a fix I've got from someone else:

Start | Run (type) cmd (click Ok)
From The "Command Prompt" (type)

NET STOP HACKERDEFENDER100 (press Enter)

Note: (that's) NET<space>STOP<space>HACKERDEFENDER100

If successful you should see: (wait 30 sec.)

"The service is not responding to the control function."


See if "winunins.ini" exists and open in Notepad
Paste the contents of "winunins.ini" in your next post.

Good Luck

#23 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 24 May 2004 - 11:51 AM

Okay, I am using Windows 2000 so I do not have the system restore option.

When I tried to stop hackerdefender100 through those methods it showed an error that said "System Error 1060 occured. The specified service does not exist as an installed service."

Also when I went to Start\Search\For Files Or Folders in normal mode the computer froze up but I could still use ctrl + alt+ delete to restart. I found the .ini with safe mode so here is the contents.

[Hidden Table]
inatjoy.dll
motkrtin.dll
witadr.dll
winunins.exe
winunins.ini
svhost.exe
CWShredder*
HijackThis*
ProceXP*
Spybot*
msconfig*

[Root Processes]
svhost.exe
trj4j6js.exe
winunins.exe

[Hidden Services]
HackerDefender*

[Hidden RegKeys]
HackerDefender100
LEGACY_HACKERDEFENDER100
HackerDefenderDrv100
LEGACY_HACKERDEFENDERDRV100

[Hidden RegValues]

[Startup Run]
C:\WINNT\svhost.exe -sr -0

[Free Space]

[Hidden Ports]

[Settings]
Password=qweqwe
BackdoorShell=ddd.exe
FileMappingName=_.-=[PokuS]=-._
ServiceName=HackerDefender100
ServiceDisplayName=Windows System Uninstaller
ServiceDescription=Microsoft System Service
DriverName=HackerDefenderDrv100
DriverFileName=hxdefdrv.sys

[Comments]

#24 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 24 May 2004 - 11:59 AM

WOW After i made the post above in safe mode, when I rebooted in normal mode Spybot Search And Destroy And Hijack this appeared on the desktop again! When this malware infected my machine it hid Spybot and HJT from the desktop and Program files folder. So I wonder if the stop hackerdefender worked?

#25 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 25 May 2004 - 11:35 AM

bump?

#26 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 26 May 2004 - 05:33 PM

Help please? An error comes up usually about 30 mins after I have been using the infected computer saying explorer.exe has performed an illegal operation and will be shut down. Then it crashes the dektop and takes away the start button, dektop icons, everything except the open window. I have to log off then back on to restore them. Help please..

#27 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 26 May 2004 - 11:02 PM

Somebody!

#28 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 27 May 2004 - 10:13 AM

:(

#29 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 29 May 2004 - 11:51 PM

help help heeeeeeelpppppp!

#30 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 30 May 2004 - 03:05 PM

Please?

#31 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 30 May 2004 - 05:59 PM

If it is needed I will give you a fresh HijackThis Log if it will help

#32 *Spyware_Sucks

*Spyware_Sucks

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 06 June 2004 - 12:48 PM

Can anyone help me please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button