• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
greenspleen

hijacker from hell. seriously. :-/

4 posts in this topic

honestly, this thing is fucking up my computer by slowing it down SIGNIFICANTLY, not allowing me to open any file-sharing programs, making every program take minutes (not like 1 minute, like 4 to 5 sometimes) to load, all webpages are directed to some weird search page, and every time i get to the page i want, i get a popup of search results from some bullshit thing. in addition, i get tons of popups, pretty much all the same (one is called "ifriends" and it's for some webcam thing, another is something like "only the best"). also, whenever i go to a page, words like "computer", "spyware", "forum" and other random things are underlined and have links that say "goto: ******" (insert the underlined word there).

 

i have tried EVERYTHING. and i mean EVERYTHING. to get rid of this mothertrucker. yet as soon as there's a glimmer of hope and the possibility that i might have gotten somewhere, THE STUPID BASTARD COMES BACK.

 

i have downloaded every imaginable freeware program, i have norton antivirus (a paid version) and i have run it about 5 times, and i've rebooted probably 30 times in the last 24 hours trying to take care of this thing. AND I DON'T EVEN KNOW HOW I GOT IT. one minute i'm researching flannery o'connor for an oral presentation, the next minute all of this crap happens.

 

posted below are my hijackthis log and my dllfix log. if there's any other information you need, please let me know, as i will do ANYTHING to get rid of this. it's finals week and this SUCKS.

 

thank you so much in advance for trying to help, and i know a lot of other people share my frustration because this thing seems to be spreading like wildfire and i haven't seen anyone on any forums who have gotten rid of it completely yet.

 

HIJACKTHIS LOG

 

Logfile of HijackThis v1.97.7

Scan saved at 11:12:20 AM, on 6/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\msmh.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\dsactrs.exe

C:\WINDOWS\system32\atlyd32.exe

C:\program files\aim\aim.exe

C:\Program Files\AWS\WeatherBug\Weather.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\rouupapi.exe

C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\GhostSurf\GhostSurf.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Zach\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xyhwr.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xyhwr.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xyhwr.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xyhwr.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xyhwr.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xyhwr.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0B869AF8-9D80-0087-0839-13928797B1D5} - C:\WINDOWS\appql.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [AutoLoaderwF7t1WdgVQaZ] "C:\WINDOWS\System32\dsactrs.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [atlyd32.exe] C:\WINDOWS\system32\atlyd32.exe

O4 - HKLM\..\Run: [wsoR3qg] dsactrs.exe

O4 - HKCU\..\Run: [AIM] C:\program files\aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [hB75RkMqO] rouupapi.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup

O4 - HKLM\..\RunOnce: [ipqa32.exe] C:\WINDOWS\system32\ipqa32.exe

O4 - HKLM\..\RunOnce: [msmh.exe] C:\WINDOWS\msmh.exe

O4 - HKLM\..\RunOnce: [d3qz32.exe] C:\WINDOWS\d3qz32.exe

O4 - HKLM\..\RunOnce: [sdkoc32.exe] C:\WINDOWS\system32\sdkoc32.exe

O4 - HKLM\..\RunOnce: [netam.exe] C:\WINDOWS\system32\netam.exe

O4 - HKLM\..\RunOnce: [mfcib32.exe] C:\WINDOWS\system32\mfcib32.exe

O4 - HKLM\..\RunOnce: [msrf32.exe] C:\WINDOWS\msrf32.exe

O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\system32\ipko.exe

O4 - HKLM\..\RunOnce: [neton32.exe] C:\WINDOWS\neton32.exe

O4 - HKLM\..\RunOnce: [iehb.exe] C:\WINDOWS\system32\iehb.exe

O4 - HKLM\..\RunOnce: [d3wa32.exe] C:\WINDOWS\system32\d3wa32.exe

O4 - HKLM\..\RunOnce: [ntse32.exe] C:\WINDOWS\ntse32.exe

O4 - HKLM\..\RunOnce: [d3zc32.exe] C:\WINDOWS\system32\d3zc32.exe

O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\iewa32.exe

O4 - HKLM\..\RunOnce: [msrp.exe] C:\WINDOWS\msrp.exe

O4 - HKLM\..\RunOnce: [d3dv.exe] C:\WINDOWS\d3dv.exe

O4 - HKLM\..\RunOnce: [ipjx32.exe] C:\WINDOWS\ipjx32.exe

O4 - HKLM\..\RunOnce: [netcd.exe] C:\WINDOWS\netcd.exe

O4 - HKLM\..\RunOnce: [apiqs.exe] C:\WINDOWS\apiqs.exe

O4 - HKLM\..\RunOnce: [javauo.exe] C:\WINDOWS\system32\javauo.exe

O4 - HKLM\..\RunOnce: [appfd32.exe] C:\WINDOWS\appfd32.exe

O4 - HKLM\..\RunOnce: [addmy.exe] C:\WINDOWS\addmy.exe

O4 - HKLM\..\RunOnce: [addaf.exe] C:\WINDOWS\system32\addaf.exe

O4 - HKLM\..\RunOnce: [apigs32.exe] C:\WINDOWS\apigs32.exe

O4 - HKLM\..\RunOnce: [atlfs.exe] C:\WINDOWS\atlfs.exe

O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\system32\javanw32.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html

O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html

O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html

O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html

O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html

O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: GhostSurf Privacy Center (HKLM)

O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

 

 

DLLFIX LOG

 

 

Thu 06/17/2004

11:13 AM

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (9CF6:ADA8) - FS:NTFS clusters:4k

Total: 79 990 812 672 [74G] - Free: 67 623 444 480 [63G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.1.2600.0 C:\WINDOWS\system32\notepad.exe

5.1.2600.0 C:\WINDOWS\notepad.exe

*Media Player version :

8.0.0.4487 C:\Program Files\Windows Media Player\wmplayer.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;

 

 

 

Locked or 'Suspect' file(s) found...

These may be other files that Dllfix doesnt target.

If not file is listed than Dllfix may not Help.

in this case please post the contents of Windows.txt to the appinit

entry can be checked. You will find it in the dllfix folder after findall completes.

 

 

Scanning for main Hijacker:

 

 

Dllfix must have the Hijackerfiles in system32 to fix properly.

If there are no protocal keys text/html and text/plain

then dllfix may not work. This fix targets this type Hijack Entry.

that keeps reoccuring with different filenames.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= res://C:\WINDOWS\System32\xxxxxx.dll/sp.html (obfuscated)

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B869AF8-9D80-0087-0839-13928797B1D5}]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

If error than registry may need to be restored from option 4.

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

 

Can't open Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

 

2 - The system cannot find the file specified.

Share this post


Link to post
Share on other sites

in addition, a run of "trojan hunter" found this. mind you, 48 hours ago i had no problems whatsoever on my computer and this search came up clean (as i do it every morning along with anti-virus) :-/

 

Registry scan

No suspicious entries found

Inifile scan

No suspicious entries found

Port scan

Port 5180/TCP is open (Matches Peeper.120. Port being used by process aim.exe/PID 2676) (Tell me more about port alerts...)

Memory scan

No trojans found in memory

File scan

Error: Directory not found: A:\

Warning: Unable to unpack UPX-packed file C:\System Volume Information\_restore{0D1DA2B6-EF62-41F9-B405-4F983DF345E5}\RP69\A0004838.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\System Volume Information\_restore{0D1DA2B6-EF62-41F9-B405-4F983DF345E5}\RP70\A0005078.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\addmy.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\apigs32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\apiqs.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\appfd32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\atlfs.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\crsd.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3dv.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3qz32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\iewa32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\ipjx32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\msmh.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\msrf32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\msrp.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\netcd.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\neton32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\ntse32.exe (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\addaf.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\addaf.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\atlyd32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\atlyd32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\d3wa32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\d3wa32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\d3zc32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\d3zc32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\iehb.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\iehb.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\iejn.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\iejn.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\ipko.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\ipko.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\ipqa32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\ipqa32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\javanw32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\javanw32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\javauo.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\javauo.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\mfcib32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\mfcib32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\netag32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\netag32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\netam.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\netam.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\rouupapi.exe (SDBot) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Warning: Unable to unpack UPX-packed file C:\WINDOWS\system32\sdkoc32.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\system32\sdkoc32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

Error: Directory not found: D:\

15 possible trojan files found

Share this post


Link to post
Share on other sites

i don't think my computer has much time left before i lose internet access completely from this thing.

 

it's gradually getting to everything and destroying any chance i have of fixing it. my computer response is the slowest it's ever been (eventhough it's a new computer) and my internet is just about dead.

 

if anyone knows anything i can do to get rid of this thing, please let me know immediatley. thanks.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0