Jump to content
Sign in to follow this  
petro 116th

[Solved]Got About Blank Again,

Recommended Posts

The two trojans that were not cleanable should be deleted manually.

 

Download the Pocket KillBox

Unzip the file to your desktop.

Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).

 

C:\WINNT\System32\apphj32.exe

C:\WINNT\System32\mslf32.exe

C:\WINNT\system32\vkbwag.dat

C:\WINNT\system32\vkbwag.exe

C:\WINNT\system32\wnim.dll

C:\WINNT\wnim.dll

 

Reboot afterwards if the files are successfully deleted.

 

If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.

 

Run the PurityScan uninstaller.

 

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

 

O2 - BHO: (no name) - {5E3CCC2F-DEE0-9814-E5DB-4738CCA6A835} - (no file)

 

O4 - HKLM\..\Run: [systems Restart] Rundll32.exe wnim.dll, DllRegisterServer

 

O15 - Trusted Zone: *.finefind.nettraffic2cash.biz

 

O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)

 

Reboot and post another log pease.

 

Whether you reformat or not is up to you. Make sure though that you have backed up all necessary documents and have all the drivers you need after :).

 

What problems are you still experiencing?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.0

Scan saved at 4:48:41 AM, on 2/14/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\nvsvc32.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\PcCtlCom.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\Tmntsrv.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\tmproxy.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\Trend Micro\Internet Security 2005\TmPfw.exe

C:\Program Files\PC Booster\PCBooster.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\TSC.EXE

C:\Documents and Settings\The petro\Desktop\HijackThis.exe

 

O2 - BHO: (no name) - {5E3CCC2F-DEE0-9814-E5DB-4738CCA6A835} - (no file)

O2 - BHO: (no name) - {BF9B3742-6909-98B1-88C4-81BD77AAE879} - C:\WINNT\msib32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\PCBooster.exe

O4 - HKLM\..\Run: [LtcyCfgApply] "C:\unzipped\LtcyCfg2-[guru3d]\LtcyCfg.exe" /a

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\Trend Micro\Internet Security 2005\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\Trend Micro\Internet Security 2005\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\Trend Micro\Internet Security 2005\TmPfw.exe

O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\Trend Micro\Internet Security 2005\tmproxy.exe

O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Got some new stuff :(

 

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

 

O2 - BHO: (no name) - {5E3CCC2F-DEE0-9814-E5DB-4738CCA6A835} - (no file)

O2 - BHO: (no name) - {BF9B3742-6909-98B1-88C4-81BD77AAE879} - C:\WINNT\msib32.dll

 

Go to http://bshagnasty.home.att.net/browsersettings.htm to change your browser security settings to a more secure setting that should help stop the installs.

Share this post


Link to post
Share on other sites

Well, here is the latest HJT log.

Before i post it though, here is something i would like to point out.

Every time i try to run housecall at the Trendmicro site, it will nor woork. It states that some kind of trojan was detected and not cleanable. Will try aagain and get the name if possible.

Logfile of HijackThis v1.99.0

Scan saved at 9:11:51 PM, on 2/14/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\nvsvc32.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\PcCtlCom.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\Tmntsrv.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\tmproxy.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\TmPfw.exe

C:\PROGRA~1\Trend Micro\Internet Security 2005\PccGuide.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\The petro\Desktop\HijackThis.exe

 

O2 - BHO: (no name) - {5E3CCC2F-DEE0-9814-E5DB-4738CCA6A835} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\Trend Micro\Internet Security 2005\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\Trend Micro\Internet Security 2005\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\Trend Micro\Internet Security 2005\TmPfw.exe

O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\Trend Micro\Internet Security 2005\tmproxy.exe

O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Try this scan at Panda and see if it can do the job.

 

Make sure you are logged on as Administrator.

Download the zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.

 

Reboot and post another log please.

fixme.zip

Share this post


Link to post
Share on other sites

Ok, i did everything, except i couldn't get the Panda scan to download.

I think along the way i deleted a file for my desktop or somewhere in WINNT which might have been a mistake.

So i am just reformatting that drive.

 

But i am applying the internet security settings with the link you have provided and now i do have a firewall and anti virus.

My ISP provides them both, so i now take advantage of it.

Thanks much for your time, energy and expertise Crunchie.

Marc :beer:

Edited by petro 116th

Share this post


Link to post
Share on other sites
Sign in to follow this  

×