TechSpot

Is this worth fixing or should I reload

By froehle
Dec 7, 2005
  1. A friend brought me her computer. It wouldn't boot.
    From safe mode, I reloaded the video drivers.
    Added 512MB ram because the system was toooooo slow to do anything.
    Ran Trend Housecall using the Java version,
    the ActiveX version hung
    it deleted bunches of viruses
    Ran Adaware SE from safe mode and it deleted 152 more things
    rebooted to regular mode Norton 2005 found Vundo in ssttr.dll
    what good is this it can't get rid of it.
    I did by looking on the boards and found a message telling me to download
    something that got rid of it.
    Norton found 4 other adware files... it couldn't get rid of them either.
    I installed spybot 1.4 and it found lots of other things which I deleted.

    I updated the video drivers from Microsoft update and nothing worked again...
    I went to ndivia and got their drivers ... turned off Norton Antivirus before loading ... now the video seems to work.

    Ran HiJack this and think it still has lots of stuff on it.

    Is it worth fixing ... if so how

    Thanks in advance,
    Paul
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    I'd say it is worth fixing, if only to learn from the process. Of course the "simpler" method would be to reinstall the whole OS.

    I'd uninstall unneeded applications and disable unneeded services, for starters. But to be honest, it's been years since I've personally dealt with a virus-filled computer.

    You could start by posting the HijackThis log here.
     
  3. PanicX

    PanicX TechSpot Ambassador Posts: 669

    While I like Mictlantecuhtli's point of view. It's really in the end users best interest to reinstall the machine. At that level of (Norton :rolleyes: ) infestation, its unlikely that any amount of repairs will put the machine on par with a fresh install.

    The only advantage of fixing this machine would be to maintain current user settings and prevent possible loss of data in the reinstall. However if you make a good backup, then it shouldn't really be an issue.
     
  4. froehle

    froehle TS Rookie Topic Starter

    I thought I included the hijackthis.txt

    Sory, I forgot to hit the upload button after setting the file name?
     
  5. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Kill this:

    C:\WINDOWS\system32\8E8B8E9191939.exe

    Fix these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

    O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
    O2 - BHO: BHO Class - {FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA} - C:\WINDOWS\system32\SecureServicePack2.dll

    O4 - HKLM\..\Run: [T] C:\documents and settings\lori jachec\local settings\temp\T.exe
    O4 - HKLM\..\Run: [o0AeRDN1] C:\windows\system32\o0AeRDN1.exe
    O4 - HKLM\..\Run: [nkl.exe] c:\windows\system32\nkl.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Cyf0o.exe
    O4 - HKLM\..\Run: [System service67] C:\WINDOWS\etb\pokapoka67.exe
    O4 - HKLM\..\Run: [DDDADDE0E0E2DFE] 8E8B8E9191939.exe
    O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
    O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c2.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
     
  6. froehle

    froehle TS Rookie Topic Starter

    Do you think the system is OK now

    I followed your instructions, rebooted, and here are the results.

    Where can I find out how to decide what to delete on my own?

    Does Hijackthis eliminate the files when it does the fix?

    Do you know if it is safe to eliminate AOL version 9 from an XP home system?
    I have had to reload several windows 98 machines when someone eliminated AOL. It took out IExplorer but doesn't clean the registry. I couldn't reload IE or Netscape because they were there, but I couldn't start them because they weren't.

    Should I delete the items in O9 that say (no file)? Were they deleted by Adaware or spybot?

    Thanks for your help,
    Paul
     
  7. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Do a web search on the dll / application names if they don't look familiar to you. I can't really give any specific advice on how to learn which files are legitimate and which aren't. You might learn it over the years...

    No, as far as I know.

    I don't know anything about AOL.

    Most likely they were.

    Here is a little HJT tutorial.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...