Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I have a virus

Started by black04rex , May 28 2006 09:22 PM

  • Please log in to reply
8 replies to this topic

#1 black04rex

black04rex

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 28 May 2006 - 09:22 PM

I cant open Hijack this or msconfig in normal mode in safe mode i can open hijack this.....bit defender
informed me that file was infected with generic.qhost

here is my hijack this log....please help

Logfile of HijackThis v1.99.1
Scan saved at 10:09:01 PM, on 28/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\nadz\Desktop\Computer Maintenance\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GigaRangeApp] "C:\Program Files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe" /S
O4 - Startup: csrss.lnk = ?
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135150856598
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay10...ex/HMAtchmt.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Advertisements

Register to Remove

#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 28 May 2006 - 09:32 PM

Welcome to the forum. :wavey:

Please download/unzip this:

Registry Search by Bobbi Flekman

<Double-click> on regsearch.exe, and search for this:

csrss.exe

It may take a while to run, so be patient. When finished, the search results will appear in your text editor,

Paste the contents of the results into your next post.
:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 black04rex

black04rex

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 29 May 2006 - 05:36 PM

Hello thank you for the quick reply i did as you asked here are the results..... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 29/05/2006 6:31:13 PM for strings: ; 'csrss.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems] ; Contents of value: ; %systemroot%\system32\csrss.exe objectdirectory=\windows sharedsection=1024,3072,512 windows=on subsystemtype=windows serverdll=basesrv,1 serverdll=winsrv:userserverdllinitialization,3 serverdll=winsrv:conserverdllinitialization,2 profilecontrol=off maxrequestthreads=16 "Windows"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,63,73,72,73,73,2e,65,78,65,20,4f,62,6a,65,63,74,44,69,72,65,63,74,6f,\ 72,79,3d,5c,57,69,6e,64,6f,77,73,20,53,68,61,72,65,64,53,65,63,74,69,6f,6e,\ 3d,31,30,32,34,2c,33,30,37,32,2c,35,31,32,20,57,69,6e,64,6f,77,73,3d,4f,6e,\ 20,53,75,62,53,79,73,74,65,6d,54,79,70,65,3d,57,69,6e,64,6f,77,73,20,53,65,\ 72,76,65,72,44,6c,6c,3d,62,61,73,65,73,72,76,2c,31,20,53,65,72,76,65,72,44,\ 6c,6c,3d,77,69,6e,73,72,76,3a,55,73,65,72,53,65,72,76,65,72,44,6c,6c,49,6e,\ 69,74,69,61,6c,69,7a,61,74,69,6f,6e,2c,33,20,53,65,72,76,65,72,44,6c,6c,3d,\ 77,69,6e,73,72,76,3a,43,6f,6e,53,65,72,76,65,72,44,6c,6c,49,6e,69,74,69,61,\ 6c,69,7a,61,74,69,6f,6e,2c,32,20,50,72,6f,66,69,6c,65,43,6f,6e,74,72,6f,6c,\ 3d,4f,66,66,20,4d,61,78,52,65,71,75,65,73,74,54,68,72,65,61,64,73,3d,31,36,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs] "csrss.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SubSystems] ; Contents of value: ; %systemroot%\system32\csrss.exe objectdirectory=\windows sharedsection=1024,3072,512 windows=on subsystemtype=windows serverdll=basesrv,1 serverdll=winsrv:userserverdllinitialization,3 serverdll=winsrv:conserverdllinitialization,2 profilecontrol=off maxrequestthreads=16 "Windows"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,63,73,72,73,73,2e,65,78,65,20,4f,62,6a,65,63,74,44,69,72,65,63,74,6f,\ 72,79,3d,5c,57,69,6e,64,6f,77,73,20,53,68,61,72,65,64,53,65,63,74,69,6f,6e,\ 3d,31,30,32,34,2c,33,30,37,32,2c,35,31,32,20,57,69,6e,64,6f,77,73,3d,4f,6e,\ 20,53,75,62,53,79,73,74,65,6d,54,79,70,65,3d,57,69,6e,64,6f,77,73,20,53,65,\ 72,76,65,72,44,6c,6c,3d,62,61,73,65,73,72,76,2c,31,20,53,65,72,76,65,72,44,\ 6c,6c,3d,77,69,6e,73,72,76,3a,55,73,65,72,53,65,72,76,65,72,44,6c,6c,49,6e,\ 69,74,69,61,6c,69,7a,61,74,69,6f,6e,2c,33,20,53,65,72,76,65,72,44,6c,6c,3d,\ 77,69,6e,73,72,76,3a,43,6f,6e,53,65,72,76,65,72,44,6c,6c,49,6e,69,74,69,61,\ 6c,69,7a,61,74,69,6f,6e,2c,32,20,50,72,6f,66,69,6c,65,43,6f,6e,74,72,6f,6c,\ 3d,4f,66,66,20,4d,61,78,52,65,71,75,65,73,74,54,68,72,65,61,64,73,3d,31,36,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\SysProcs] "csrss.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\SubSystems] ; Contents of value: ; %systemroot%\system32\csrss.exe objectdirectory=\windows sharedsection=1024,3072,512 windows=on subsystemtype=windows serverdll=basesrv,1 serverdll=winsrv:userserverdllinitialization,3 serverdll=winsrv:conserverdllinitialization,2 profilecontrol=off maxrequestthreads=16 "Windows"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,63,73,72,73,73,2e,65,78,65,20,4f,62,6a,65,63,74,44,69,72,65,63,74,6f,\ 72,79,3d,5c,57,69,6e,64,6f,77,73,20,53,68,61,72,65,64,53,65,63,74,69,6f,6e,\ 3d,31,30,32,34,2c,33,30,37,32,2c,35,31,32,20,57,69,6e,64,6f,77,73,3d,4f,6e,\ 20,53,75,62,53,79,73,74,65,6d,54,79,70,65,3d,57,69,6e,64,6f,77,73,20,53,65,\ 72,76,65,72,44,6c,6c,3d,62,61,73,65,73,72,76,2c,31,20,53,65,72,76,65,72,44,\ 6c,6c,3d,77,69,6e,73,72,76,3a,55,73,65,72,53,65,72,76,65,72,44,6c,6c,49,6e,\ 69,74,69,61,6c,69,7a,61,74,69,6f,6e,2c,33,20,53,65,72,76,65,72,44,6c,6c,3d,\ 77,69,6e,73,72,76,3a,43,6f,6e,53,65,72,76,65,72,44,6c,6c,49,6e,69,74,69,61,\ 6c,69,7a,61,74,69,6f,6e,2c,32,20,50,72,6f,66,69,6c,65,43,6f,6e,74,72,6f,6c,\ 3d,4f,66,66,20,4d,61,78,52,65,71,75,65,73,74,54,68,72,65,61,64,73,3d,31,36,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Terminal Server\SysProcs] "csrss.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] ; Contents of value: ; %systemroot%\system32\csrss.exe objectdirectory=\windows sharedsection=1024,3072,512 windows=on subsystemtype=windows serverdll=basesrv,1 serverdll=winsrv:userserverdllinitialization,3 serverdll=winsrv:conserverdllinitialization,2 profilecontrol=off maxrequestthreads=16 "Windows"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,63,73,72,73,73,2e,65,78,65,20,4f,62,6a,65,63,74,44,69,72,65,63,74,6f,\ 72,79,3d,5c,57,69,6e,64,6f,77,73,20,53,68,61,72,65,64,53,65,63,74,69,6f,6e,\ 3d,31,30,32,34,2c,33,30,37,32,2c,35,31,32,20,57,69,6e,64,6f,77,73,3d,4f,6e,\ 20,53,75,62,53,79,73,74,65,6d,54,79,70,65,3d,57,69,6e,64,6f,77,73,20,53,65,\ 72,76,65,72,44,6c,6c,3d,62,61,73,65,73,72,76,2c,31,20,53,65,72,76,65,72,44,\ 6c,6c,3d,77,69,6e,73,72,76,3a,55,73,65,72,53,65,72,76,65,72,44,6c,6c,49,6e,\ 69,74,69,61,6c,69,7a,61,74,69,6f,6e,2c,33,20,53,65,72,76,65,72,44,6c,6c,3d,\ 77,69,6e,73,72,76,3a,43,6f,6e,53,65,72,76,65,72,44,6c,6c,49,6e,69,74,69,61,\ 6c,69,7a,61,74,69,6f,6e,2c,32,20,50,72,6f,66,69,6c,65,43,6f,6e,74,72,6f,6c,\ 3d,4f,66,66,20,4d,61,78,52,65,71,75,65,73,74,54,68,72,65,61,64,73,3d,31,36,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs] "csrss.exe"=dword:00000000 [HKEY_USERS\S-1-5-21-2106517767-2154702590-596957751-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\WINDOWS\\system32\\avyibnz\\csrss.exe"="csrss" ; End Of The Log...

#4 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 29 May 2006 - 07:44 PM

Please download MsnVirRem.zip
and save it to your desktop.

Once in place, right click the zip file, and extract the files to your desktop.

DO NOT RUN ANYTHING YET

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

In the new MsnVirRem folder, that you should have on your desktop, double click MsnVir.bat and let it run its course. A DOS window should pop up, Let it run until it disappears.

It will take time.

After it disappears, reboot back into normal mode, and post a fresh HijackThis Log.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#5 black04rex

black04rex

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 31 May 2006 - 09:35 PM

Hello....Your link does not work...says that file is corrupted......

#6 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 01 June 2006 - 04:56 AM

Copy and paste the contents of the quote box below into notepad.

Save it as file name: "fixme.reg" (not including the quotes). Save as file type: *All files* and save it on your Desktop.

REGEDIT4

[HKEY_USERS\S-1-5-21-2106517767-2154702590-596957751-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\system32\\avyibnz\\csrss.exe"=-


Then, locate fixme.reg on your desktop and <double-click> it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".

Reboot and post a new HijackThis! log.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#7 black04rex

black04rex

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 June 2006 - 12:10 PM

I did what you said here is the new hijack this log....


Logfile of HijackThis v1.99.1
Scan saved at 1:05:40 PM, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\nadz\Desktop\Computer Maintenance\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GigaRangeApp] "C:\Program Files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe" /S
O4 - Startup: csrss.lnk = ?
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135150856598
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay10...ex/HMAtchmt.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#8 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 01 June 2006 - 06:16 PM

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

O4 - Startup: csrss.lnk = ?

Then click "Fix checked".

Reboot in "safe" mode.

Find and delete:

C:\WINDOWS\system32\avyibnz <--- FOLDER

Some malware files may be "hidden".
Be sure to show hidden files when looking for these file(s) and/or folder(s).

Reboot in normal mode and "copy/paste" a new HijackThis! log file into this thread. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#9 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 June 2006 - 09:59 PM

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·