Crlt Alt Delete WASNT working and b.exe was in backround

By Fukurou
Mar 6, 2006
Topic Status:
Not open for further replies.
  1. My computer was acting kinda funny after a Download from a P2P server and I knew I had a worm from the start, I got some help from the people here and from another website and all seem's well now, But if anyone would be kind enough to take a small amount of time and review my HJT log for any strange lookin buggies, I would be very thankful!

    Attached Files:

    • HJT.txt
      File size:
      6.7 KB
      Views:
      7
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Go to add/remove programme in your control panel, and uninstall anything to do with(if there).

    C:\Program Files\Network Monitor

    Close control panel.

    Open your task manager. Click on the processes tab and end process for(if there).

    netmon.exe
    stub_113_4_0_4_0.exe

    Close task manager.

    Run HJT with no other programme open, and have HJT fix the following by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [qwmo] c:\stub_113_4_0_4_0.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6541E7-5753-4477-BB09-77704DAA70DB}: NameServer = 205.152.37.23 205.152.144.23 Only remove this entry, if it doesn`t belong to your ISP.

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SkFDT0IgQkxPU1NFUg\command.exe (file missing)

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Locate the above 023 services, double click on them and select stop if they are running. Set the startup type to disabled. Click apply/ok.

    Locate and delete the following bold files(if there).

    C:\Program Files\Network Monitor\netmon.exe
    c:\stub_113_4_0_4_0.exe

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
  3. Fukurou

    Fukurou Newcomer, in training Topic Starter Posts: 60

    Well I did everything you instructed, the only is that when I looked at my processes I saw 5 running svchost's...

    made a HJT fresh log, im wondering if I have a repopulating virus...

    Attached Files:

  4. Peddant

    Peddant Newcomer, in training Posts: 1,644

    5 svchosts is normal.You`ll have to ask Microsoft why it`s normal.
  5. Fukurou

    Fukurou Newcomer, in training Topic Starter Posts: 60

    alright, just making sure! I also just found out that rundll is a backdoor that isnt needed by my computer, made a System Restore point then Deleted it!
  6. Peddant

    Peddant Newcomer, in training Posts: 1,644

    As clear as mud -

    "Rundll32.exe is a executable which is neccessary for windows environment. It is always present in c:/windows/system32. It may also some times found in other places which must be a virus. In case of virus it's always in mix, upper and lower case letters combination. RunDLL32 is used to run DLLs as programs.This program is part of Windows, used to run program code in DLL files as if it were an actual program. Rundll32.exe loads and runs 32-bit DLLs.In XP it should not normally appear in the Task Manager,if it does it could be being used by malware...."
  7. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is clean.

    Regards Howard :)
  8. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,574

    Sure couldn't hurt to stop some of those programs from running at startup though. :p
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.