Jump to content


Photo

hijacker from hell. seriously. :-/


  • Please log in to reply
3 replies to this topic

#1 greenspleen

greenspleen

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 17 June 2004 - 10:14 AM

honestly, this thing is fucking up my computer by slowing it down SIGNIFICANTLY, not allowing me to open any file-sharing programs, making every program take minutes (not like 1 minute, like 4 to 5 sometimes) to load, all webpages are directed to some weird search page, and every time i get to the page i want, i get a popup of search results from some bullshit thing. in addition, i get tons of popups, pretty much all the same (one is called "ifriends" and it's for some webcam thing, another is something like "only the best"). also, whenever i go to a page, words like "computer", "spyware", "forum" and other random things are underlined and have links that say "goto: ******" (insert the underlined word there).

i have tried EVERYTHING. and i mean EVERYTHING. to get rid of this mothertrucker. yet as soon as there's a glimmer of hope and the possibility that i might have gotten somewhere, THE STUPID BASTARD COMES BACK.

i have downloaded every imaginable freeware program, i have norton antivirus (a paid version) and i have run it about 5 times, and i've rebooted probably 30 times in the last 24 hours trying to take care of this thing. AND I DON'T EVEN KNOW HOW I GOT IT. one minute i'm researching flannery o'connor for an oral presentation, the next minute all of this crap happens.

posted below are my hijackthis log and my dllfix log. if there's any other information you need, please let me know, as i will do ANYTHING to get rid of this. it's finals week and this SUCKS.

thank you so much in advance for trying to help, and i know a lot of other people share my frustration because this thing seems to be spreading like wildfire and i haven't seen anyone on any forums who have gotten rid of it completely yet.

HIJACKTHIS LOG

Logfile of HijackThis v1.97.7
Scan saved at 11:12:20 AM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\msmh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dsactrs.exe
C:\WINDOWS\system32\atlyd32.exe
C:\program files\aim\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rouupapi.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\GhostSurf\GhostSurf.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zach\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xyhwr.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xyhwr.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xyhwr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xyhwr.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xyhwr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xyhwr.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B869AF8-9D80-0087-0839-13928797B1D5} - C:\WINDOWS\appql.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AutoLoaderwF7t1WdgVQaZ] "C:\WINDOWS\System32\dsactrs.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [atlyd32.exe] C:\WINDOWS\system32\atlyd32.exe
O4 - HKLM\..\Run: [wsoR3qg] dsactrs.exe
O4 - HKCU\..\Run: [AIM] C:\program files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [hB75RkMqO] rouupapi.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKLM\..\RunOnce: [ipqa32.exe] C:\WINDOWS\system32\ipqa32.exe
O4 - HKLM\..\RunOnce: [msmh.exe] C:\WINDOWS\msmh.exe
O4 - HKLM\..\RunOnce: [d3qz32.exe] C:\WINDOWS\d3qz32.exe
O4 - HKLM\..\RunOnce: [sdkoc32.exe] C:\WINDOWS\system32\sdkoc32.exe
O4 - HKLM\..\RunOnce: [netam.exe] C:\WINDOWS\system32\netam.exe
O4 - HKLM\..\RunOnce: [mfcib32.exe] C:\WINDOWS\system32\mfcib32.exe
O4 - HKLM\..\RunOnce: [msrf32.exe] C:\WINDOWS\msrf32.exe
O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\system32\ipko.exe
O4 - HKLM\..\RunOnce: [neton32.exe] C:\WINDOWS\neton32.exe
O4 - HKLM\..\RunOnce: [iehb.exe] C:\WINDOWS\system32\iehb.exe
O4 - HKLM\..\RunOnce: [d3wa32.exe] C:\WINDOWS\system32\d3wa32.exe
O4 - HKLM\..\RunOnce: [ntse32.exe] C:\WINDOWS\ntse32.exe
O4 - HKLM\..\RunOnce: [d3zc32.exe] C:\WINDOWS\system32\d3zc32.exe
O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\iewa32.exe
O4 - HKLM\..\RunOnce: [msrp.exe] C:\WINDOWS\msrp.exe
O4 - HKLM\..\RunOnce: [d3dv.exe] C:\WINDOWS\d3dv.exe
O4 - HKLM\..\RunOnce: [ipjx32.exe] C:\WINDOWS\ipjx32.exe
O4 - HKLM\..\RunOnce: [netcd.exe] C:\WINDOWS\netcd.exe
O4 - HKLM\..\RunOnce: [apiqs.exe] C:\WINDOWS\apiqs.exe
O4 - HKLM\..\RunOnce: [javauo.exe] C:\WINDOWS\system32\javauo.exe
O4 - HKLM\..\RunOnce: [appfd32.exe] C:\WINDOWS\appfd32.exe
O4 - HKLM\..\RunOnce: [addmy.exe] C:\WINDOWS\addmy.exe
O4 - HKLM\..\RunOnce: [addaf.exe] C:\WINDOWS\system32\addaf.exe
O4 - HKLM\..\RunOnce: [apigs32.exe] C:\WINDOWS\apigs32.exe
O4 - HKLM\..\RunOnce: [atlfs.exe] C:\WINDOWS\atlfs.exe
O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\system32\javanw32.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra button: GhostSurf Privacy Center (HKLM)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe


DLLFIX LOG


Thu 06/17/2004
11:13 AM

System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (9CF6:ADA8) - FS:NTFS clusters:4k
Total: 79 990 812 672 [74G] - Free: 67 623 444 480 [63G]


*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\system32\notepad.exe
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
8.0.0.4487 C:\Program Files\Windows Media Player\wmplayer.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;



Locked or 'Suspect' file(s) found...
These may be other files that Dllfix doesnt target.
If not file is listed than Dllfix may not Help.
in this case please post the contents of Windows.txt to the appinit
entry can be checked. You will find it in the dllfix folder after findall completes.


Scanning for main Hijacker:


Dllfix must have the Hijackerfiles in system32 to fix properly.
If there are no protocal keys text/html and text/plain
then dllfix may not work. This fix targets this type Hijack Entry.
that keeps reoccuring with different filenames.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
= res://C:\WINDOWS\System32\xxxxxx.dll/sp.html (obfuscated)
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B869AF8-9D80-0087-0839-13928797B1D5}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key:

If error than registry may need to be restored from option 4.

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

2 - The system cannot find the file specified.


#2 greenspleen

greenspleen

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 17 June 2004 - 10:38 AM

in addition, a run of "trojan hunter" found this. mind you, 48 hours ago i had no problems whatsoever on my computer and this search came up clean (as i do it every morning along with anti-virus) :-/

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
Port 5180/TCP is open (Matches Peeper.120. Port being used by process aim.exe/PID 2676) (Tell me more about port alerts...)
Memory scan
No trojans found in memory
File scan
Error: Directory not found: A:\
Warning: Unable to unpack UPX-packed file C:\System Volume Information\_restore{0D1DA2B6-EF62-41F9-B405-4F983DF345E5}\RP69\A0004838.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\System Volume Information\_restore{0D1DA2B6-EF62-41F9-B405-4F983DF345E5}\RP70\A0005078.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\addmy.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\apigs32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\apiqs.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\appfd32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\atlfs.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\crsd.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3dv.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3qz32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\iewa32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ipjx32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msmh.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msrf32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msrp.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\netcd.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\neton32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ntse32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\addaf.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\addaf.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\atlyd32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\atlyd32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\d3wa32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\d3wa32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\d3zc32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\d3zc32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\iehb.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\iehb.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\iejn.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\iejn.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\ipko.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\ipko.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\ipqa32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\ipqa32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\javanw32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\javanw32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\javauo.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\javauo.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\mfcib32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\mfcib32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\netag32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\netag32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\netam.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\netam.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\rouupapi.exe (SDBot) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\sdkoc32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\sdkoc32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Error: Directory not found: D:\
15 possible trojan files found

#3 greenspleen

greenspleen

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 17 June 2004 - 11:21 AM

i don't think my computer has much time left before i lose internet access completely from this thing.

it's gradually getting to everything and destroying any chance i have of fixing it. my computer response is the slowest it's ever been (eventhough it's a new computer) and my internet is just about dead.

if anyone knows anything i can do to get rid of this thing, please let me know immediatley. thanks.

#4 Vulcano

Vulcano

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 17 June 2004 - 05:13 PM

You got this:

http://www.spywarein...?showtopic=7447

Isn't it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button