TechSpot

Found artm_new.dll but can't remove HJT log attached

By pafindr
Sep 23, 2006
  1. Hello
    I'm having trouble getting rid of the artm_new.dll
    I know that it's in c:\documents and settings\all users\documents\settings but I can't get in there to remove it. The folder don't seem to exsist.
    I'm running XP Pro SP2
    I've used Ewido, Ad-aware, Spyware Blaster, Spybot, and have PCcillin for virus protection. Thanks for your help
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Rename HIjackThis.exe to HijackThis1991.exe and post a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of pafindr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. pafindr

    pafindr TS Rookie Topic Starter

    new HJT log

    Looks clean!!! :)

    Thanks a lot for your help!!!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of pafindr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. pafindr

    pafindr TS Rookie Topic Starter

    It's Baaaack!!!

    Why did it come back? I haven't downloaded anything. :(
    Is there something hidden that is recreating it?
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your latest HJT log is still clean.

    Can you please tell me what you mean by it comes back?

    I need the exact filepath to whatever it is you`re talking about.

    Regards Howard :)
     
  7. pafindr

    pafindr TS Rookie Topic Starter

    oops wrong file

    Here's the new log
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    plus I found a few bad files.
    Services.exe, lsass.exe, win.exe. When I run Ewido I keep coming up with Trojans;
    Trojans.small, Dropper.Agent.apb, Adware.DeluxwCommunications
     

    Attached Files:

  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The C:\WINDOWS\SYSTEM32\WgaLogon.dll file is perfectly legit. It`s the new Windows genuine advantage software.

    Your HJT log is clean.

    Please post a fresh Ewido log.

    Regards Howard :)
     
  9. pafindr

    pafindr TS Rookie Topic Starter

    Ummmm. I just did another scan and now it's clean. HMM.. Odd..
    Thanks anyway :)
     
  10. pafindr

    pafindr TS Rookie Topic Starter

    One more problem. It's started a little after I got hit with the artm_new.dll. Internet Explorer 7 will not load any pages. The error I get is:

    Internet Explorer cannot display the webpage
    Most likely causes:
    You are not connected to the Internet.
    The website is encountering problems.
    There might be a typing error in the address.

    What you can try:
    Check your Internet connection. Try visiting another website to make sure you are connected.

    Retype the address.

    Go back to the previous page.

    More information

    This problem can be caused by a variety of issues, including:

    Internet connectivity has been lost.
    The website is temporarily unavailable.
    The Domain Name Server (DNS) is not reachable.
    The Domain Name Server (DNS) does not have a listing for the website's domain.
    If this is an HTTPS (secure) address, click tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

    I was getting help at the microsoft web site but they seem to be stumped. The thread is
    http://www.microsoft.com/communitie...&p=1&mid=25ea7db9-be6d-46ed-8e55-ddffc6c16d17
    I would appreciate help with this
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The only suggestion I have is uninstall IE7 and go back to IE6. See if that helps.

    You could also try using Firefox and see what happens.

    Regards Howard :)
     
  12. pafindr

    pafindr TS Rookie Topic Starter

    I tried uninstalling IE7 but it didn't work.
    I have Opera and it works fine. I tried FireFox and it also works. Everything but IE is in working order.
    I checked and rechecked for viruses or spyware, everything looks clean.

    Any clue?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sounds to me like some of your OS files might have been damaged.

    Try doing a Windows repair as per this thread HERE. If that doesn`t help, I`m out of ideas.

    Regards Howard :)

    This thread is for the use of pafindr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. pafindr

    pafindr TS Rookie Topic Starter

    Hey!!!!
    I got it working again. I found that it was under the deny list in my firewall so I just allowed it and BOOM it started working.
    Thanks a lot for your help I really appreciate all your help with this.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...