Crlt Alt Delete WASNT working and b.exe was in backround

Status
Not open for further replies.

Technicalfault

Posts: 58   +1
My computer was acting kinda funny after a Download from a P2P server and I knew I had a worm from the start, I got some help from the people here and from another website and all seem's well now, But if anyone would be kind enough to take a small amount of time and review my HJT log for any strange lookin buggies, I would be very thankful!
 

Attachments

  • HJT.txt
    6.7 KB · Views: 7
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add/remove programme in your control panel, and uninstall anything to do with(if there).

C:\Program Files\Network Monitor

Close control panel.

Open your task manager. Click on the processes tab and end process for(if there).

netmon.exe
stub_113_4_0_4_0.exe

Close task manager.

Run HJT with no other programme open, and have HJT fix the following by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [qwmo] c:\stub_113_4_0_4_0.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6541E7-5753-4477-BB09-77704DAA70DB}: NameServer = 205.152.37.23 205.152.144.23 Only remove this entry, if it doesn`t belong to your ISP.

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SkFDT0IgQkxPU1NFUg\command.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Click on the fix checked button.

Close HJT.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Locate the above 023 services, double click on them and select stop if they are running. Set the startup type to disabled. Click apply/ok.

Locate and delete the following bold files(if there).

C:\Program Files\Network Monitor\netmon.exe
c:\stub_113_4_0_4_0.exe

Reboot into normal mode and turn system restore back on.

Regards Howard :)
 
Well I did everything you instructed, the only is that when I looked at my processes I saw 5 running svchost's...

made a HJT fresh log, im wondering if I have a repopulating virus...
 

Attachments

  • hijackthis.txt
    6.5 KB · Views: 5
alright, just making sure! I also just found out that rundll is a backdoor that isnt needed by my computer, made a System Restore point then Deleted it!
 
As clear as mud -

"Rundll32.exe is a executable which is neccessary for windows environment. It is always present in c:/windows/system32. It may also some times found in other places which must be a virus. In case of virus it's always in mix, upper and lower case letters combination. RunDLL32 is used to run DLLs as programs.This program is part of Windows, used to run program code in DLL files as if it were an actual program. Rundll32.exe loads and runs 32-bit DLLs.In XP it should not normally appear in the Task Manager,if it does it could be being used by malware...."
 
Fukurou said:
Well I did everything you instructed, the only is that when I looked at my processes I saw 5 running svchost's...

made a HJT fresh log, im wondering if I have a repopulating virus...

Your HJT log is clean.

Regards Howard :)
 
Status
Not open for further replies.
Back