• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
sean74

ORUX[^ad.dll bad or not?

3 posts in this topic

Helping my uncle out with a CWS About Blank issue and this is what I have found so far.

 

-Found a magj.dll that seemed suspicious so I renamed it magj.bak in case it's something I need to keep

-Notepad.exe was missing (not sure if the file was infected and he lost it due to an anti-virus program deleting it, or if it was just a hard drive issue.

-"fixed" everything that was suspicious using hijack this, rescanned and a file called ORUX[^ad.dll keeps popping back up.

 

Does anyone have any idea which variant I'm dealing with? And how I'd go about fixing it?

 

 

Oh might be worth mentioning that I ran hijack this while using remote assistance so that's why the remote assistance process is showing up.

 

Looking through the various running processes I couldn't identify anything as not belonging, but it definately seems like something is running somewhere.. any files that I should suspect of being compromised, or did I overlook something?

 

-Sean74

 

 

Logfile of HijackThis v1.98.0

Scan saved at 6:58:47 PM, on 7/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\RDSHOST.exe

C:\WINDOWS\system32\sessmgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

C:\WINDOWS\System32\rsvp.exe

C:\Documents and Settings\user\Desktop\Stuff\HijackThis.exe

 

O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\ORUX[^ad.dll

Edited by sean74

Share this post


Link to post
Share on other sites

Hello sean74

 

The log that you have posted is not complete.

 

Also you are running Hijackthis form a your desktop folder which is not recommended.

 

Do the following.

 

Create a new folder in your C: Drive

Name it C:\HJT or HijackThis.

 

Move HijackThis.exe to that new folder and run it from there.

Submit a complete log for review.

Share this post


Link to post
Share on other sites

Due to lack of response by the poster this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0