Jump to content


Photo

FindnFix problem


  • Please log in to reply
7 replies to this topic

#1 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 22 July 2004 - 08:55 PM

I've down loaded 'FindnFix' to my destop its location is in C:\Documents and
settings.

I'am infected with 'about-blank' and I want to be prepaired when I am offered
help in removing it.

I'am able to extract 'findnfix' from my desk top icon and open the fille.
when I double click on the '!LOG.BAT!' folder it will open and start to log my
system and adding information to some txt files that "FindnFix' created.

Then after 3 mins. or so I get a message box that says C:\Windows\System\
Cmd.exe not a vallid Win32 application.

I hope someone can help to get 'FindnFix' to work for me.

Thanks in Advance

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 22 July 2004 - 09:01 PM

Don't attempt to use it until a qualified helper suggests it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 27 July 2004 - 06:17 PM

I think my computer settings are incorrect.
Any folder that ends in'.txt' can't be open. I get 'not a valid Win32 application'

Any advice will be greatly appreciated

#4 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 27 July 2004 - 06:24 PM

I think my computer settings are incorrect.
Any folder that ends in'.txt' can't be open. I get 'not a valid Win32 application'

There are no "folders" that end with "txt" so I assume you meant "files" ... :scratchhead:

Is your notepad.exe hijacked?
That's likely the reason!
Check all copies in Windows, System32 folder and Dllcache folder
and replace the missing/corrupted.

If no luck and you are using XP, you can download the original 'notepad_xp' from the 'FINDnFIX page' in my signature, unzip and replace the corrupted copies.

I've down loaded 'FindnFix' to my
destop its location is in C:\Documents and settings.

I'am able to extract 'findnfix' from my desk top icon
and open the fille

The location of the extracted FINDnFIX' should be no other than
"Drive"\FINDnfix.. (c:\FINDnFIX\)
It will NOT function from any other location/path!
If you dragged any files out of it, it's more likely useless!

Edited by freeatlast, 27 July 2004 - 06:29 PM.

Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#5 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 27 July 2004 - 06:30 PM

CNM thank you for your reply. For some reason I was not able to see your post
until I posted a reply to my original post.

I will wait for a helper per your post.

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 July 2004 - 06:43 PM

Freeatlast is the finest helper you could find. :D
Do whatever she says. She is the one who wrote FindnFix and she is an Expert.
Right up above your last post.

Generally you won't see new posts until you refresh your screen, so do that often.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 27 July 2004 - 07:02 PM

Do whatever she says. 

That could be dangerous! ... Posted Image


( ;) )
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image

#8 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 28 July 2004 - 08:33 PM

CNM I have read and studied many of your posts and FreeatLast posts in all topics on this forum. I am very impressed with the knowledge and skill you both
demonstrate.

Freeatlast I down loaded 'notepad.exe' from your sig. I forgot that I deleted it some time ago. I have 'wordpad' that I assumed replaced it.
I have uninstalled 'FindnFix' for the time being will wait for further instruction.
I had copied an infected file to the 'Junkxxx' file/folder in 'FindnFix'.
I then ran AVG 6.0 with current updates. It found the infected file 'Trojan horse
BackDoor.Agent.BA' in the 'Junkxxx" file/follder. AVG could not repair or move
the trojan to its 'vault'.
I then ran on line scan from 'trendmicro' it found the same infection, and a additional virus in the 'system restore' on my comput.
I re-ran AVG and this time it found both 'infections'. It now was able to put both infections in its 'vault'.
My comput has been clean from 'about-blank' since 7/26/04. I've not 'time travel' yet to see if it will be back. I look forward to your counsel. Thanks in advance.


Logfile of HijackThis v1.98.0
Scan saved at 5:45:55 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\FDIW\UpdtChk.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dennis.D218HS31\My Documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farme...ctiveX/smsx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA76530-0D15-4308-A686-BCE1AC903AEC}: NameServer = 12.152.176.3,12.32.70.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7AA335F-0880-46A9-8BBA-5060A960267D}: NameServer = 12.152.176.3,12.32.7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button