By gubhenheim
Sep 1, 2008
  1. Hello,

    I am new to this website and from what i have read so far i think this is the place where i can get the most help.
    Recently I got the xp-anti-virus program on my computer. With that my google links have been redirected, and the iexplore.exe process made its way on my computer. I've downloaded and used AVG, SuperAntiSpyware, Ad-aware, Spybot to clean up some found trojans and malware. I also obtained Avast, but have yet to use.

    I have also used Malwarebytes and Hijack-This and provided the logs.
    I wanna know if there is anything else i should do to make sure my system is clean and if there is any other advice or tips anyone can give me.

    Thanks, the help is very very appreciated

    View attachment 35500

    View attachment 35501
  2. InsaneVr6

    InsaneVr6 TS Enthusiast Posts: 221

    You should be good if you used MalwareBytes to scan your computer and delete the files because the xp antivirus program is ALL Malware. I used it not too long ago on my other computer and there is not trace of anything wrong anywhere.
  3. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    back-door trojan?

    Thank You, now i know im headed in the right direction.
    However i am running into a snag, and this is open to anyone.
    I have run some scans both in Regular start-up and in Safe Mode, but two registries are keep showing up. I am pretty sure these are back door trojans or some hack modified my system so that they are installed at every start-up

    I've had some experience taking out a Vundo Trojan i had a while back, but this is totally out of my league.

    Can anyone help me out?

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Wow a lot of "Desktop Messenger" in HJT Log

    But a more concern is in the MBAM-Log
    Registry Values Infected:
    You needed to fix those entries, and also: O4 - HKCU\..\Run: [xrt_Shell] C:\Documents and Settings\Mark Agor\xrt_uutq.exe in HJT

    Actually try this also (I say also, because you need to do an updated Malware Scan again, and fix those registry entries)

    Please do this
    (Some members say they have already tried this in a reply; but later I find it has not been done!)
    The following not only resets all Internet Explorer's settings, but also removes all temp files, all extensions are disabled (toolbars, browser extensions, and Browser Helper Objects), and activeX controls are restored.

    How to use Reset Internet Explorer Settings (RIES)

    To use RIES in Internet Explorer 7, follow these steps:

    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

    Note for users who cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.
  5. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    Updated Info


    As of now, the two backdoor items have been removed via Malwarebytes
    and the reg hack has been fixed with HJT. How would i go around removing desktop messenger or is it fine as Is?

    As for RIES, I use mozilla and therefore do not have IE7. Should I download this new version anyway?
    I reset the settings via control panel, but i do not think it achieved the desired effect.
    Anyway, I assume you would like to see the new report.

    And Again, Thanks for the Help. THIS FORUM IS GREAT!
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Netware network
    Have a read here on that:

    Please run HJT again, and place a CheckMark next to all the BWPlugProtocol entries (the lines begins with O18)
    Then select Fix selected (Note there are many of them)

    Restart, and post yet another HJT log as an attachment
  7. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23

    Re-scan complete


    Thanks for the heads up on the Netware Network. I'm not sure I understand all of the technical jargon, but I get the feeling I need to check if I am running it before i get of it. I want to check in "Network Connections" but i don't know where to look from there.

    I deleted All of the 018 files and my system seeems to run fine.
    After this whole event, should i worry a "cracker" is on my system, or if my laptop is a zombie?
  8. Richardw9

    Richardw9 TS Rookie Posts: 127

    Please do not use the word hacker, the term is cracker. Hackers are the good guys
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    That looks a lot better :grinthumb

    Now that nwprovau.dll file

    I use the link, to the information, instead of just removing it, because I didn't knw if your network uses it or not.
    But if you are on a Home computer without Network to other computers then it is safe to remove, here's how:

    Download LSPFix

    Run it

    Tick the box "I know what I'm doing"

    Select (single click) on nwprovau.dll

    Select the [​IMG] arrows

    Select Finish

    Restart to confirm all is still Ok

  10. gubhenheim

    gubhenheim TS Rookie Topic Starter Posts: 23


    Regarding that nwprovau.dll,

    I've checked my connection properties, and i'm pretty sure my laptop is running netware components.
    I found: NWLink NetBios and NWLink IPX/SPX/NetBIOS Compatible Transport Protocal.
    Both their description mentioned "NetWare networks."

    I'll keep it in my system as long as I do not run into anymore problems.

    Thanks 4 all the help
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...